FREE Certified Information Security Manager (CISM) ISACA Questions and Answers

Question 1

The following conditions lead to the MOST successful IT risk management activities:

Accepted Answer

Integrated within business processes

Answer

Conducted by the IT department

Answer

Treated as a distinct process

Answer

Communicated to all employees

Question 2

For a significant proposed purchase and new procedure for an organization, a risk assessment and business impact analysis (BIA) have been finished. The business department manager and the information security manager debate about who will be in charge of assessing the outcomes and identified risks.

Which of the following would be the information security manager's BEST course of action?

Accepted Answer

Review of the risk assessment with executive management for final input

Answer

Acceptance of the information security manager’s decision on the risk to the corporation

Answer

Acceptance of the business manager’s decision on the risk to the corporation

Answer

Create a new risk assessment and BIA to resolve the disagreement

Question 3

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Accepted Answer

Senior management

Answer

The security officer

Answer

The custodian

Answer

The end user

Question 4

It is possible to monitor unusual server traffic between internal and external parties to:

Accepted Answer

Record the trace of advanced persistent threats

Answer

Evaluate the process resiliency of server operations

Answer

Support a nonrepudiation framework in e-commerce

Answer

Verify the effectiveness of an intrusion detection system

Question 5

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

Accepted Answer

Install a honeypot on the network

Answer

Establish minimum security baselines

Answer

Perform periodic penetration testing

Answer

Implement vendor default settings

Question 6

A security manager examines the logs of numerous devices to ascertain how a security breach on the business network happened.

Which of the following BEST makes it easier to compare and analyze these logs?

Accepted Answer

Time server

Answer

Domain name server

Answer

Database server

Answer

Proxy server

Question 7

What authentication technique stops authentication replay?

Accepted Answer

Challenge/response mechanism

Answer

Password hash implementation

Answer

Hypertext Transfer Protocol basic authentication

Answer

Wired equivalent privacy encryption usage