FREE Certified Information Security Manager (CISM) General Questions and Answers

Question 1

For a significant proposed purchase and new procedure for an organization, a risk assessment and business impact analysis (BIA) have been finished. The business department manager and the information security manager debate about who will be in charge of assessing the outcomes and identified risks. Which of the following would be the information security manager's BEST course of action?

Accepted Answer

Review of the risk assessment with executive management for final input

Answer

Executive management will be in the best position to consider the big picture and the trade-offs between security and functionality in the entire organization.

Question 2

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Accepted Answer

Senior Management

Answer

Routine administration of all aspects of security is delegated, but top management must retain overall accountability.

Question 3

Unusual server communication between internal and external parties may be observed to:

Accepted Answer

Record the trace of advanced persistent threats

Answer

The most important feature of target attacks as seen in advanced persistent threats is that malware secretly sends information back to a command and control server. Therefore, monitoring of outbound server communications that do not follow predefined routes will be the best control to detect such security events.

Question 4

What authentication technique stops authentication replay?

Accepted Answer

Challenge/response mechanism

Question 5

IT risk management initiatives are MOST successful when they:

Accepted Answer

Integrated within business processes

CISM - Certified Information Security Manager Practice Test

CISM - Certified Information Security Manager Practice Test

FREE Certified Information Security Manager (CISM) General Questions and Answers