Certified Information Security Manager (CISM)

FREE Certified Information Security Manager (CISM) General Questions and Answers

Unusual server communication between internal and external parties may be observed to:

Evaluate the process resiliency of server operations

Record the trace of advanced persistent threats

Support a nonrepudiation framework in e-commerce

Verify the effectiveness of an intrusion detection system

Correct! Wrong!

The most important feature of target attacks as seen in advanced persistent threats is that malware secretly sends information back to a command and control server. Therefore, monitoring of outbound server communications that do not follow predefined routes will be the best control to detect such security events.

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

Establish minimum security baselines

Perform periodic penetration testing

Install a honeypot on the network

Implement vendor default settings

Correct! Wrong!

For a significant proposed purchase and new procedure for an organization, a risk assessment and business impact analysis (BIA) have been finished. The business department manager and the information security manager debate about who will be in charge of assessing the outcomes and identified risks. Which of the following would be the information security manager's BEST course of action?

Acceptance of the information security manager’s decision on the risk to the corporation

Acceptance of the business manager’s decision on the risk to the corporation

Create a new risk assessment and BIA to resolve the disagreement

Review of the risk assessment with executive management for final input

Correct! Wrong!

Executive management will be in the best position to consider the big picture and the trade-offs between security and functionality in the entire organization.

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Senior Management

The security Officer

The custodian

The end user

Correct! Wrong!

Routine administration of all aspects of security is delegated, but top management must retain overall accountability.

IT risk management initiatives are MOST successful when they:

Conducted by the IT department

Treated as distinct process

Communicated to all employees

Integrated within business processes

Correct! Wrong!

Which of the following poses the BIGGEST risk to an enterprise resource planning (ERP) system's security?

Network traffic is through a single switch

User ad hoc reporting is not logged

Database security defaults ti ERP settings

Operating system security patches have not been applied

Correct! Wrong!

What authentication technique stops authentication replay?

Challenge/response mechanism

Password hash implementation

Hypertext Transfer Protocol basic authentication

Wired equivalent privacy encryption usage

Correct! Wrong!

FREE Certified Information Security Manager (CISM) General Questions and Answers

Unusual server communication between internal and external parties may be observed to:

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

IT risk management initiatives are MOST successful when they:

Which of the following poses the BIGGEST risk to an enterprise resource planning (ERP) system's security?

What authentication technique stops authentication replay?

Related Post