FREE Certified Information Security Manager (CISM) General Questions and Answers

Question 1

For a significant proposed purchase and new procedure for an organization, a risk assessment and business impact analysis (BIA) have been finished.
The business department manager and the information security manager debate about who will be in charge of assessing the outcomes and identified risks.
Which of the following would be the information security manager's BEST course of action?

Accepted Answer

Review of the risk assessment with executive management for final input

Answer

Acceptance of the information security manager’s decision on the risk to the corporation

Answer

Acceptance of the business manager’s decision on the risk to the corporation

Answer

Create a new risk assessment and BIA to resolve the disagreement

Question 2

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Accepted Answer

Senior Management

Answer

The security Officer

Answer

The custodian

Answer

The end user

Question 3

Unusual server communication between internal and external parties may be observed to:

Accepted Answer

Record the trace of advanced persistent threats

Answer

Evaluate the process resiliency of server operations

Answer

Support a nonrepudiation framework in e-commerce

Answer

Verify the effectiveness of an intrusion detection system

Question 4

What authentication technique stops authentication replay?

Accepted Answer

Challenge/response mechanism

Answer

Password hash implementation

Answer

Hypertext Transfer Protocol basic authentication

Answer

Wired equivalent privacy encryption usage

Question 5

IT risk management initiatives are MOST successful when they:

Accepted Answer

Integrated within business processes

Answer

Conducted by the IT department

Answer

Treated as distinct process

Answer

Communicated to all employees

Question 6

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

Accepted Answer

Install a honeypot on the network

Answer

Establish minimum security baselines

Answer

Perform periodic penetration testing

Answer

Implement vendor default settings

Question 7

Which of the following poses the BIGGEST risk to an enterprise resource planning (ERP) system's security?

Accepted Answer

Operating system security patches have not been applied

Answer

Network traffic is through a single switch

Answer

User ad hoc reporting is not logged

Answer

Database security defaults ti ERP settings