
(Nov-2023) Get professional help from our CISM Dumps PDF
Give You Free Regular Updates on CISM Exam Questions
The CISM certification exam is an essential tool for IT professionals who are responsible for managing and overseeing information security programs. It demonstrates that the individual has the necessary expertise to develop and implement effective information security strategies. Certified Information Security Manager certification provides numerous benefits, including a competitive advantage in the job market, access to a global network of professionals, and the ability to stay up-to-date with the latest trends and best practices.
NEW QUESTION # 226
An audit has determined that employee use of personal mobile devices to access the company email system is resulting in confidential data leakage. The information security manager's FIRST course of action should be to:
- A. isolate the mobile devices on the network for further investigation.
- B. treat the situation as a new risk and update the security risk register.
- C. implement a data leakage prevention tool to stem further loss.
- D. treat the situation as a security incident to determine appropriate response.
Answer: D
NEW QUESTION # 227
Which of the following should be an information security manager's MOST important concern to ensure admissibility of information security evidence from cyber crimes?
- A. Efficiency of the forensics team
- B. Forensics contractors
- C. Tools used for evidence analysis
- D. Chain of custody
Answer: D
Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
NEW QUESTION # 228
After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?
- A. Conducting a postmortem assessment
- B. Calculating cost of the incident
- C. Performing am impact analysis
- D. Preserving the evidence
Answer: C
NEW QUESTION # 229
Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
- A. Activate the business continuity plan (BCP).
- B. Inform senior management.
- C. Update the business impact assessment.
- D. Categorize incidents by the value of the affected asset.
Answer: D
NEW QUESTION # 230
Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:
- A. they prevent modification of application source code
- B. web services require unique forensic evidence
- C. web services are prone to attacks.
- D. they recognize web application protocols.
Answer: D
NEW QUESTION # 231
During the security review of a legacy business application, it was discovered that sensitive client data is not encrypted in storage, which does not comply with the organization's information security policy. Which of the following would be the information security manager's BEST course of action?
- A. Determine the cost of encryption and discuss with the application owner.
- B. Implement encryption on client data.
- C. Analyze compensating controls and assess the associated risk.
- D. Report the noncompliance to senior management.
Answer: C
NEW QUESTION # 232
Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
- A. Product documentation
- B. Ease of installation
- C. System overhead
- D. Available support
Answer: C
Explanation:
Monitoring products can impose a significant impact ON system overhead for servers and networks. Product documentation, telephone support and ease of installation, while all important, would be secondary.
NEW QUESTION # 233
Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?
- A. Grant authorization to individual systems as required with the approval of information security management.
- B. Require managers of new hires be responsible for account setup and access during employee orientation.
- C. Embed the authorization and creation of accounts with HR onboarding procedures.
- D. Adopt a standard template of access levels for all employees to be enacted upon hiring.
Answer: C
NEW QUESTION # 234
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
- A. Violation log reports produced
- B. Penetration attempts investigated
- C. Violation log entries
- D. Frequency of corrective actions taken
Answer: B
Explanation:
Explanation/Reference:
Explanation:
The most useful metric is one that measures the degree to which complete follow-through has taken place.
The quantity of reports, entries on reports and the frequency of corrective actions are not indicative of whether or not investigative action was taken.
NEW QUESTION # 235
Which of the following is MOST critical for an effective information security governance framework?
- A. The CIO is accountable for the information security program.
- B. The information security program is continually monitored.
- C. Information security policies are reviewed on a regular basis.
- D. Board members are committed to the information security program
Answer: D
NEW QUESTION # 236
Which of the following is the BEST reason to perform a business impact analysis (BIA)?
- A. To help determine the current state of risk
- B. To analyze the effect on the business
- C. To budget appropriately for needed controls
- D. To satisfy regulatory requirements
Answer: A
Explanation:
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
The BIA is included as part of the process to determine the current state of risk and helps determine the acceptable levels of response from impacts and the current level of response, leading to a gap analysis.
Budgeting appropriately may come as a result, but is not the reason to perform the analysis. Performing an analysis may satisfy regulatory requirements, bill is not the reason to perform one. Analyzing the effect on the business is part of the process, but one must also determine the needs or acceptable effect or response.
NEW QUESTION # 237
What is the PRIMARY objective of a post-event review in incident response?
- A. Improve the response process
- B. Preserve forensic data
- C. Adjust budget provisioning
- D. Ensure the incident is fully documented
Answer: A
Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
The primary objective is to find any weakness in the current process and improve it. The other choices are all secondary.
NEW QUESTION # 238
Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?
- A. Performing a risk assessment
- B. Defining job roles
- C. Identifying data owners
- D. Establishing data retention policies
Answer: C
Explanation:
Explanation/Reference:
Explanation:
Identifying the data owners is the first step, and is essential to implementing data classification. Defining job roles is not relevant. Performing a risk assessment is important, but will require the participation of data owners (who must first be identified). Establishing data retention policies may occur after data have been classified.
NEW QUESTION # 239
Which of the following is the MOST effective way for an Information security manager to ensure that security is incorporated into an organization's project development processes?
- A. Integrate organization's security requirements into project management.
- B. Participate in project initiation, approval, and funding.
- C. Conduct security reviews during design, testing and implementation
- D. Develop good communications with the project management office
Answer: A
NEW QUESTION # 240
Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?
- A. Increased influence of security management
- B. Improved accountability to shareholders
- C. Consistent execution of information security strategy
- D. Optimized information security resources
Answer: B
NEW QUESTION # 241
A test plan to validate the security controls of a new system should be developed during which phase of the project?
- A. Design
- B. Testing
- C. Initiation
- D. Development
Answer: A
Explanation:
Explanation/Reference:
Explanation:
In the design phase, security checkpoints are defined and a test plan is developed. The testing phase is too late since the system has already been developed and is in production testing. In the initiation phase, the basic security objective of the project is acknowledged. Development is the coding phase and is too late to consider test plans.
NEW QUESTION # 242
An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?
- A. Improper authorization
- B. Inadequate authentication
- C. Lack of availability
- D. Lack of accountability
Answer: D
Explanation:
The greatest concern with the situation of privileged employee access requests to production servers being approved but not logged is the lack of accountability, which means the inability to trace or verify the actions and decisions of the privileged users. Lack of accountability can lead to security risks such as unauthorized changes, data breaches, fraud, or misuse of privileges. Logging user actions is a key component of privileged access management (PAM), which helps to monitor, detect, and prevent unauthorized privileged access to critical resources. The other options, such as lack of availability, improper authorization, or inadequate authentication, are not directly related to the situation of not logging user actions. Reference:
https://www.microsoft.com/en-us/security/business/security-101/what-is-privileged-access-management-pam
https://www.ekransystem.com/en/blog/privileged-user-monitoring-best-practices
https://www.beyondtrust.com/resources/glossary/privileged-access-management-pam
NEW QUESTION # 243
Which of the following is MOST effective in preventing security weaknesses in operating systems?
- A. Patch management
- B. Change management
- C. Security baselines
- D. Configuration management
Answer: A
Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Patch management corrects discovered weaknesses by applying a correction (a patch) to the original program code. Change management controls the process of introducing changes to systems. Security baselines provide minimum recommended settings. Configuration management controls the updates to the production environment.
NEW QUESTION # 244
Which of the following defines the triggers within a business continuity plan (BCP)?
- A. Gap analysis
- B. Information security policy
- C. Needs of the organization
- D. Disaster recovery plan (DRP)
Answer: B
NEW QUESTION # 245
Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?
- A. Untrained service desk personnel may be a cause of security incidents.
- B. The service desk provides information to prioritize systems recovery based on user demand
- C. Service desk personnel have information on how to resolve common systems issues
- D. The service desk provides a source for the identification of security incidents.
Answer: D
NEW QUESTION # 246
Which of the following BEST demonstrates the maturity of an information security monitoring program?
- A. Risk scenarios are regularly entered into a risk register.
- B. The information security program was introduced with a thorough business case.
- C. Senior management regularly reviews security standards.
- D. Information security key risk indicators (KRls) are tied to business operations.
Answer: D
NEW QUESTION # 247
In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:
- A. implement role-based access control in the application.
- B. enforce manual procedures ensuring separation of conflicting duties.
- C. ensure access to individual functions can be granted to individual users only.
- D. create service accounts that can only be used by authorized team members.
Answer: A
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Role-based access control is the best way to implement appropriate segregation of duties. Roles will have to be defined once and then the user could be changed from one role to another without redefining the content of the role each time. Access to individual functions will not ensure appropriate segregation of duties. Giving a user access to all functions and implementing, in parallel, a manual procedure ensuring segregation of duties is not an effective method, and would be difficult to enforce and monitor. Creating service accounts that can be used by authorized team members would not provide any help unless their roles are properly segregated.
NEW QUESTION # 248
......
The benefit in Obtaining the CISM Exam Certification
- CISM can likewise offer a profession jump as an advancement by separating candidates from different people who are not CISM confirmed
- Candidates with this certification for the best part they earn 47.54% higher pay.
- A internationally accepted as the characteristic of excellence for the IS audit professional.
- Allows candidate capability in IS audit, control and security profession.
- CISM supports candidate knowledge and experience in the assigned region and shows their capacity for responding to any challenge.
Achieve the CISM Exam Best Results with Help from ISACA Certified Experts: https://www.dumpsreview.com/CISM-exam-dumps-review.html
Provide CISM Practice Test Engine for Preparation: https://drive.google.com/open?id=1wq_4n3GE4K4IQzEcJzzW6jVTJRLjENQC

