Certified Information Security Manager (CISM)

FREE Certified Information Security Manager (CISM) ISACA Questions and Answers

A security manager examines the logs of numerous devices to ascertain how a security breach on the business network happened.

Which of the following BEST makes it easier to compare and analyze these logs?

Domain name server

Database server

Proxy server

Time server

Correct! Wrong!

The following conditions lead to the MOST successful IT risk management activities:

Conducted by the IT department

Treated as a distinct process

Integrated within business processes

Communicated to all employees

Correct! Wrong!

Effective IT-related risk management activities are most effective when they are integrated within business processes.

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

Establish minimum security baselines

Perform periodic penetration testing

Install a honeypot on the network

Implement vendor default settings

Correct! Wrong!

What authentication technique stops authentication replay?

Challenge/response mechanism

Password hash implementation

Hypertext Transfer Protocol basic authentication

Wired equivalent privacy encryption usage

Correct! Wrong!

The challenge/response mechanism is an authentication method that effectively prevents authentication replay attacks.

For a significant proposed purchase and new procedure for an organization, a risk assessment and business impact analysis (BIA) have been finished. The business department manager and the information security manager debate about who will be in charge of assessing the outcomes and identified risks.

Which of the following would be the information security manager's BEST course of action?

Acceptance of the information security manager’s decision on the risk to the corporation

Acceptance of the business manager’s decision on the risk to the corporation

Create a new risk assessment and BIA to resolve the disagreement

Review of the risk assessment with executive management for final input

Correct! Wrong!

The best approach for the information security manager in this situation would be to review the risk assessment with executive management for final input.

It is possible to monitor unusual server traffic between internal and external parties to:

Evaluate the process resiliency of server operations

Record the trace of advanced persistent threats

Support a nonrepudiation framework in e-commerce

Verify the effectiveness of an intrusion detection system

Correct! Wrong!

Monitoring abnormal server communication from inside the organization to external parties can serve the purpose of recording the trace of advanced persistent threats (APTs).

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Senior management

The security officer

The custodian

The end user

Correct! Wrong!

Senior management is accountable for ensuring that information is categorized and that specific protective measures are taken. As the highest level of management within an organization, senior management holds the ultimate responsibility for information security and the protection of organizational assets. This includes establishing policies and procedures for information classification and ensuring that appropriate protective measures are implemented.

FREE Certified Information Security Manager (CISM) ISACA Questions and Answers

A security manager examines the logs of numerous devices to ascertain how a security breach on the business network happened. Which of the following BEST makes it easier to compare and analyze these logs?

The following conditions lead to the MOST successful IT risk management activities:

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

What authentication technique stops authentication replay?

It is possible to monitor unusual server traffic between internal and external parties to:

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Related Post

A security manager examines the logs of numerous devices to ascertain how a security breach on the business network happened.

Which of the following BEST makes it easier to compare and analyze these logs?