Certified Information Security Manager (CISM)

FREE Certified Information Security Manager (CISM) ISACA Questions and Answers

0%

For a significant proposed purchase and new procedure for an organization, a risk assessment and business impact analysis (BIA) have been finished. The business department manager and the information security manager debate about who will be in charge of assessing the outcomes and identified risks.

Which of the following would be the information security manager's BEST course of action?

Correct! Wrong!

The best approach for the information security manager in this situation would be to review the risk assessment with executive management for final input.

A security manager examines the logs of numerous devices to ascertain how a security breach on the business network happened.

Which of the following BEST makes it easier to compare and analyze these logs?

Correct! Wrong!

Who is responsible for making sure that data is categorized and that particular security precautions are taken?

Correct! Wrong!

Senior management is accountable for ensuring that information is categorized and that specific protective measures are taken. As the highest level of management within an organization, senior management holds the ultimate responsibility for information security and the protection of organizational assets. This includes establishing policies and procedures for information classification and ensuring that appropriate protective measures are implemented.

Which of the following is the BEST technique to catch an intruder who breaks into a network without doing any damage?

Correct! Wrong!

What authentication technique stops authentication replay?

Correct! Wrong!

The challenge/response mechanism is an authentication method that effectively prevents authentication replay attacks.

It is possible to monitor unusual server traffic between internal and external parties to:

Correct! Wrong!

Monitoring abnormal server communication from inside the organization to external parties can serve the purpose of recording the trace of advanced persistent threats (APTs).

The following conditions lead to the MOST successful IT risk management activities:

Correct! Wrong!

Effective IT-related risk management activities are most effective when they are integrated within business processes.