Online CISM Test Brain Dump Question and Test Engine [Q548-Q570]

Share

Online CISM Test Brain Dump Question and Test Engine

Real ISACA CISM Exam Dumps with Correct 1340 Questions and Answers


ISACA Certified Information Security Manager CISM Exam

ISACA Certified Information Security Manager CISM Exam is related to Certified Information Security Manager CISM certification. This CISM Exam validates the ability to maintain and establish an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. Candidate must have the ability to manage information risk appropriately and program resources are managed responsibly. It also deals with the ability to ensure that organizational goals and objectives are supported by the information security program communicate managements directives and guide the development of standards, procedures, and guidelines and develop business cases to support investments in information security. Security Managers Industry Leaders and Industry Practitioners usually hold or pursue this certification and you can expect the same job roles after completion of this certification.

 

NEW QUESTION 548
What should be an organization's concern when evaluating an Infrastructure as a Service (IaaS) cloud computing model for an e-Commerce application?

  • A. Where the application resides
  • B. Application ownership
  • C. Internal audit requirements
  • D. Availability of provider's services

Answer: D

 

NEW QUESTION 549
Which of the following features of a library control software package would protect against unauthorized updating of source code?

  • A. Release-to-release comparison of source code
  • B. Access controls for source libraries
  • C. Required approvals at each life cycle step
  • D. Date and time stamping of source and object code

Answer: B

Explanation:
Section: MIXED QUESTIONS

 

NEW QUESTION 550
Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?

  • A. Benchmarking against industry peers
  • B. Prioritization of action plans
  • C. Identification of threats and vulnerabilities
  • D. Validation of current capabilities

Answer: D

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE

 

NEW QUESTION 551
Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?

  • A. Run a patch management scan to discover which patches are missing from each machine.
  • B. Establish a risk-based assessment process for prioritizing patch implementation.
  • C. Create a regression test plan to ensure business operation is not interrupted.
  • D. Cross-reference all missing patches to establish the date each patch was introduced.

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT

 

NEW QUESTION 552
In which cloud model does the cloud service buyer assume the MOST security responsibility?

  • A. Platform as a Service (PaaS)
  • B. Infrastructure as a Service (laaS)
  • C. Software as a Service (SaaS)
  • D. Disaster Recovery as a Service (DRaasS)

Answer: A

 

NEW QUESTION 553
Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?

  • A. Seek policy buy-in from business stakeholders.
  • B. Implement an authentication and authorization system.
  • C. Promote awareness of the policy among employees.
  • D. Identify relevant information security frameworks for adoption.

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation

 

NEW QUESTION 554
Which of the following is the BEST reason to initiate a reassessment of current risk?

  • A. Certification requirements
  • B. A recent security incident
  • C. Changes to security personnel
  • D. Follow-up to an audit report

Answer: B

Explanation:
Section: INFORMATION RISK MANAGEMENT

 

NEW QUESTION 555
Which of the following is the MOST important reason for an organization to develop an information security governance program?

  • A. Monitoring of security incidents
  • B. Compliance with audit requirements
  • C. Creation of tactical solutions
  • D. Establishment of accountability

Answer: B

 

NEW QUESTION 556
Which of the following is the MOST relevant risk factor to an organization when employees use social media?

  • A. Social media can be used to gather intelligence for attacks.
  • B. Social media increases the velocity of risk and the threat capacity.
  • C. Social media offers a platform that can host cyber-attacks.
  • D. Social media can be accessed from multiple locations.

Answer: A

 

NEW QUESTION 557
Which of the following tools is MOST appropriate for determining how long a security project will take to implement?

  • A. Waterfall chart
  • B. Critical path
  • C. Rapid Application Development (RAD)
  • D. Gantt chart

Answer: B

Explanation:
Explanation/Reference:
Explanation:
The critical path method is most effective for determining how long a project will take. A waterfall chart is used to understand the flow of one process into another. A Gantt chart facilitates the proper estimation and allocation of resources. The Rapid Application Development (RAD) method is used as an aid to facilitate and expedite systems development.

 

NEW QUESTION 558
Labeling information according to its security classification:

  • A. reduces the number and type of countermeasures required.
  • B. enhances the likelihood of people handling information securely.
  • C. reduces the need to identify baseline controls for each classification.
  • D. affects the consequences if information is handled insecurely.

Answer: D

 

NEW QUESTION 559
Which of the following is the BEST way to ensure that responses to incidents in high-risk areas of the business are carried out in an organized manner?

  • A. Periodic testing of the incident response plan
  • B. Role differentiation in the incident response plan
  • C. Management approval of the incident response plan
  • D. Appropriate communication of the incident response plan

Answer: A

 

NEW QUESTION 560
The MOST important function of a risk management program is to:

  • A. maximize the sum of all annualized loss expectancies (ALEs).
  • B. quantify overall risk.
  • C. eliminate inherent risk.
  • D. minimize residual risk.

Answer: D

Explanation:
Explanation
A risk management program should minimize the amount of risk that cannot be otherwise eliminated or transferred; this is the residual risk to the organization. Quantifying overall risk is important but not as critical as the end result. Eliminating inherent risk is virtually impossible. Maximizing the sum of all ALEs is actually the opposite of what is desirable.

 

NEW QUESTION 561
Which of the following is the MOST important objective of testing a security incident response plan?

  • A. Ensure the thoroughness of the response plan
  • B. Validate the business impact analysis
  • C. Verify the response assumptions are valid
  • D. Confirm that systems are recovered in the proper order

Answer: A

 

NEW QUESTION 562
An organization must meet rigorous breach reporting standards in order to comply with regulatory requirements. Which of the following is the BEST way to minimize the organization's financial exposure if a service provider experiences a breach?

  • A. Review the reporting requirements and processes contained in the provider's policies.
  • B. Require the provider to comply with organization's information security policy.
  • C. Verify the provider has automated reporting processes in place.
  • D. Include the reporting requirements in the provider contract.

Answer: D

 

NEW QUESTION 563
To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:

  • A. conduct regular user awareness sessions.
  • B. perform penetration tests.
  • C. evaluate a balanced business scorecard.
  • D. revise the information security program.

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
The balanced business scorecard can track the effectiveness of how an organization executes it information security strategy and determine areas of improvement. Revising the information security program may be a solution, but is not the best solution to improve alignment of the information security objectives. User awareness is just one of the areas the organization must track through the balanced business scorecard.
Performing penetration tests does not affect alignment with information security objectives.

 

NEW QUESTION 564
A critical component of a continuous improvement program for information security is:

  • A. measuring processes and providing feedback.
  • B. developing a service level agreement (SLA) for security.
  • C. tying corporate security standards to a recognized international standard.
  • D. ensuring regulatory compliance.

Answer: A

Explanation:
If an organization is unable to take measurements that will improve the level of its safety program. then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.

 

NEW QUESTION 565
In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?

  • A. Implementing on-screen masking of passwords
  • B. Increasing the frequency of password changes
  • C. Requiring that passwords be kept strictly confidential
  • D. Conducting periodic security awareness programs

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Social engineering can best be mitigated through periodic security awareness training for users who may be the target of such an attempt. Implementing on-screen masking of passwords and increasing the frequency of password changes are desirable, but these will not be effective in reducing the likelihood of a successful social engineering attack. Requiring that passwords be kept secret in security policies is a good control but is not as effective as periodic security awareness programs that will alert users of the dangers posed by social engineering.

 

NEW QUESTION 566
Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?

  • A. Key risk indicator (KRD setup to security management processes
  • B. Continuous monitoring of the return on security investment (ROSD
  • C. Continuous risk reduction
  • D. Continuous analysis, monitoring and feedback

Answer: D

Explanation:
Explanation
To improve the governance framework and achieve a higher level of maturity, an organization needs to conduct continuous analysis, monitoring and feedback compared to the current state of maturity. Return on security investment (ROSD may show the performance result of the security-related activities; however, the result is interpreted in terms of money and extends to multiple facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction would demonstrate the effectiveness of the security governance framework, but does not indicate a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.

 

NEW QUESTION 567
Security audit reviews should PRIMARILY:

  • A. ensure that controls operate as required.
  • B. ensure controls are technologically current.
  • C. focus on preventive controls.
  • D. ensure that controls are cost-effective.

Answer: A

Explanation:
The primary objective of a security review or audit should be to provide assurance on the adequacy of security controls. Reviews should focus on all forms of control, not just on preventive control. Cost-effectiveness and technological currency are important but not as critical.

 

NEW QUESTION 568
Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?

  • A. Better adherence to policies
  • B. More savings in total operating costs
  • C. Better alignment to business unit needs
  • D. More uniformity in quality of service

Answer: C

Explanation:
Explanation
Decentralization of information security management generally results in better alignment to business unit needs. It is generally more expensive to administer due to the lack of economies of scale. Uniformity in quality of service tends to vary from unit to unit.

 

NEW QUESTION 569
Which of the following are the MOST important individuals to include as members of an information security steering committee?

  • A. Cross-section of end users and IT professionals
  • B. IT management and key business process owners
  • C. Direct reports to the chief information officer
  • D. Internal audit and corporate legal departments

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Security steering committees provide a forum for management to express its opinion and take some ownership in the decision making process. It is imperative that business process owners be included in this process.
None of the other choices includes input by business process owners.

 

NEW QUESTION 570
......


There are many types of study materials offered by ISACA, which are available in English, Japanese, Spanish, and Chinese. You can find training videos and eBooks. Thus, you can go for the following guides that are available on Amazon to learn the exam topics:

  • CISM Review Manual.
  • CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition by Peter H. Gregory;

The vendor also offers virtual instructor-led training, on-site courses, online review courses, and a lot of other resources. Attending an online course a week or two before the exam can also be beneficial. It is intended solely to prepare you for the test and the instructors may sometimes point to the topics you should pay attention to. After its completion, you will have the CISM Self-Assessment exam with 75 questions that will show you how much you are prepared for the actual test. If you have done this assessment well, then you do not have to be worried about the real exam. The online course covers all the objectives and offers you plenty of interactive workbooks, case study activities, and interactive modules.

 

Valid CISM Test Answers & ISACA CISM Exam PDF: https://www.exams-boost.com/CISM-valid-materials.html

ISACA CISM Certification Real 2021 Mock Exam: https://drive.google.com/open?id=15Pl9HXTcVXfTxFwCWbtNJ1PSzyb0xCYe