CISM Final Assessment 1

A software vendor has announced a zero-day vulnerability that exposes an organization’s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security manager’s PRIMARY concern?

Ability to test the patch prior to deployment
Adequacy of the incident response plan
Availability of resources to implement controls
Documentation of patching procedures

What is the MOST important reason to regularly report information security risk to relevant stakeholders?

To enable risk-informed decision making
To reduce the impact of information security risk
To ensure information security controls are effective
To achieve compliance with regulatory requirements

Which of the following is MOST important to ensure ongoing senior management commitment to an organization’s information security strategy?

Effective and reliable security reporting
A well-defined information security control framework
A detailed and documented business impact analysis (BIA)
Strategic alignment to an industry framework

A penetration test of a new system has identified a number of critical vulnerabilities, jeopardizing the go-live date. The information security manager is asked by the system owner to approve an exception to allow the system to be implemented without fixing the vulnerabilities. Which of the following is the MOST appropriate course of action?

Implement a log monitoring process.
Perform a risk assessment.
Develop a set of compensating controls.
Approve and document the exception.

Which of the following information security activities is MOST helpful to support compliance with information security policy?

Conducting information security awareness programs
Creating monthly trend metrics
Performing periodic IT reviews on new system acquisitions
Obtaining management commitment

Which of the following is MOST important to determine following the discovery and eradication of a malware attack?

The creator of the malware
The malware entry path
The type of malware involved
The method of detecting the malware

Which of the following is MOST helpful in ensuring an information security governance framework continues to support business objectives?

A consistent risk assessment methodology
A monitoring strategy
An effective organizational structure
Stakeholder buy-in

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Management’s business goals and objectives
Strategies of other non-regulated companies
Industry best practices and control recommendations
Risk assessment results

In order to understand an organization’s security posture, it is MOST important for an organization’s senior leadership to:

review the number of reported security incidents.
evaluate results of the most recent incident response test.
ensure established security metrics are reported.
assess progress of risk mitigation efforts.

Information security controls should be designed PRIMARILY based on:

regulatory requirements.
a vulnerability assessment.
business risk scenarios.
a business impact analysis (BIA).

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

risk assessment results.
international security standards.
the most stringent requirements.
the security organization structure.

An information security manager developing an incident response plan MUST ensure it includes:

critical infrastructure diagrams.
a business impact analysis (BIA).
criteria for escalation.
an inventory of critical data.

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Require staff to sign confidentiality agreements.
Require staff to participate in information security awareness training.
Communicate disciplinary processes for policy violations.
Include information security responsibilities in job descriptions.

Security program development is PRIMARILY driven by which of the following?

Regulatory requirements
Business strategy
Risk appetite
Available resources

An organization has identified a risk scenario that has low impact to the organization but is very costly to mitigate. Which risk treatment option is MOST appropriate in this situation?

Transfer
Acceptance
Mitigation
Avoidance

Prior to conducting a forensic examination, an information security manager should:

boot the original hard disk on a clean system.
create an image of the original data on new media.
duplicate data from the backup media.
shut down and relocate the server.

The fundamental purpose of establishing security metrics is to:

adopt security best practices.
establish security benchmarks.
provide feedback on control effectiveness.
increase return on investment (ROI).

Which of the following presents the GREATEST challenge to a security operations center’s timely identification of potential security breaches?

An organization has a decentralized data center that uses cloud services.
Operating systems are no longer supported by the vendor.
IT system clocks are not synchronized with the centralized logging server.
The patch management system does not deploy patches in a timely manner.

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Review independent security assessment reports for each vendor.
Benchmark each vendor's services with industry best practices.
Define information security requirements and processes.
Analyze the risks and propose mitigating controls.

An online bank identifies a successful network attack in progress. The bank should FIRST:

report the root cause to the board of directors.
isolate the affected network segment.
shut down the entire network.
assess whether personally identifiable information (PII) is compromised.

Which of the following provides an information security manager with the MOST accurate indication of the organization’s ability to respond to a cyber attack?

Walk-through of the incident response plan
Black box penetration test
Simulated phishing exercise
Red team exercise

Which of the following would be MOST helpful to identify worst-case disruption scenarios?

Cost-benefit analysis
SWOT analysis
Business process analysis
Business impact analysis (BIA)

Which of the following BEST enables an organization to appropriately prioritize information security-focused projects?

Return on investment (ROI)
Privacy compliance requirements
Organizational risk appetite
Historical security incidents

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Document a security exception.
Reduce security hardening settings.
Perform a risk assessment.
Inform business management of the risk.

Which of the following activities MUST be performed by an information security manager for change requests?

Assess impact on information security risk.
Perform penetration testing on affected systems.
Scan IT systems for operating system vulnerabilities.
Review change in business requirements for information security.

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

alignment with compliance requirements.
effectiveness of controls.
control gaps are minimized.
system availability.

Which of the following is the MOST important factor of a successful information security program?

The program follows industry best practices.
The program is based on a well-developed strategy.
The program is focused on risk management.
The program is cost-efficient and within budget.

Which of the following messages would be MOST effective in obtaining senior management’s commitment to information security management?

Security is a business product and not a process.
Effective security eliminates risk to the business.
Adopt a recognized framework with metrics.
Security supports and protects the business.

When choosing the best controls to mitigate risk to acceptable levels, the information security manager s decision should be MAINLY driven by:

regulatory requirements.
control framework.
best practices.
cost-benefit analysis.

A high-risk issue is discovered during an information security risk assessment of a legacy application. The business is unwilling to allocate the resources to remediate the issue. Which of the following would be the information security manager’s BEST course of action?

Document risk acceptance from the business.
Recommend discontinuing the use of the legacy application.
Design alternative compensating controls to reduce the risk.
Present the worst-case scenario related to the risk.

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

reduces unauthorized access to systems.
promotes efficiency in control of the environment.
prevents inconsistencies in information in the distributed environment.
allows administrative staff to make management decisions.

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Support business investments in security.
Evaluate the security posture of the organization.
Identify unmitigated risk.
Prevent incident recurrence.

Which of the following is MOST important for building a robust information security culture within an organization?

Mature information security awareness training across the organization
Security controls embedded within the development and operation of the IT environment
Senior management approval of information security policies
Strict enforcement of employee compliance with organizational security policies

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Documenting multiple scenarios for the organization and response steps
Providing training from third-party forensics firms
Obtaining industry certifications for the response team
Conducting tabletop exercises appropriate for the organization

Which of the following metrics BEST measures the effectiveness of an organization’s information security program?

Return on information security investment
Number of information security business cases developed
Reduction in information security incidents
Increase in risk assessments completed

Which of the following is MOST important when conducting a forensic investigation?

Capturing full system images
Documenting analysis steps
Maintaining a chain of custody
Analyzing system memory

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Unavailable or corrupt data backups
Ineffective alert configurations for backup operations
Lack of encryption for backup data in transit
Undefined or undocumented backup retention policies

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager’s FIRST course of action?

Identify the skill set of the provider's incident response team.
Update the incident escalation process.
Evaluate the provider’s audit logging and monitoring controls.
Review the provider’s incident definitions and notification criteria.

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Key risk indicators (KRIs)
Responsible entities
Compensating controls
Potential business impact

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager’s BEST course of action?

Present the risk to senior management.
Modify the policy.
Create an exception for the deviation.
Enforce the policy.

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Perform a cost-benefit analysis.
Collect additional metrics.
Begin due diligence on the outsourcing company.
Submit funding request to senior management.

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Business impact analysis (BIA)
Risk assessment
Vulnerability assessment
Industry best practices

Which of the following BEST ensures timely and reliable access to services?

Authenticity
Availability
Nonrepudiation
Recovery time objective (RTO)

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Deterrent
Detective
Preventive
Corrective

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization’s information security strategy?

Internal security audit
Organizational risk appetite
External security audit
Business impact analysis (BIA)

Which of the following is an information security manager’s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Assess the risk to the organization.
Review the mitigating security controls.
Notify staff members of the threat.
Increase the frequency of system backups.

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Security architects
End users
Corporate auditors
Process owners

Which risk is introduced when using only sanitized data for the testing of applications?

Unexpected outcomes may arise in production.
Data disclosure may occur during the migration event.
Breaches of compliance obligations will occur.
Data loss may occur during the testing phase.

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Legal and regulatory requirements
Likelihood of a disaster
Organizational tolerance to service interruption
Geographical location of the backup site

Which of the following should be done FIRST when developing an information security program?

Establish security policies.
Define the security strategy.
Approve security standards.
Set security baselines.

The BEST way to identify the risk associated with a social engineering attack is to:

monitor the intrusion detection system (IDS).
review single sign-on (SSO) authentication logs.
perform a business risk assessment of the email filtering system.
test user knowledge of information security practices.

Which of the following is MOST important to have in place to help ensure an organization’s cybersecurity program meets the needs of the business?

Information security awareness training
Risk assessment program
Information security governance
Information security metrics

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

More visibility to the impact of disruptions
Ability to monitor and control incident management costs
Effective protection of information assets
Optimized allocation of recovery resources

A recovery point objective (RPO) is required in which of the following?

Business continuity plan (BCP)
Information security plan
Incident response plan
Disaster recovery plan (DRP)

Which of the following provides the BEST assurance that security policies are applied across business operations?

Organizational standards are enforced by technical controls.
Organizational standards are included in awareness training.
Organizational standards are required to be formally accepted.
Organizational standards are documented in operational procedures.

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Recommend risk acceptance.
Perform a cost-benefit analysis.
Escalate to senior management.
Revisit the business objective.

A business unit is not complying with a control implemented to mitigate risk because doing so impacts the ability to achieve business goals. When reporting the noncompliance to senior management, what would be the information security manager’s BEST recommendation?

Accept the noncompliance.
Conduct a control assessment.
Implement compensating controls.
Educate the noncompliant users.

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Updated security policies
Regular antivirus updates
Defined security standards
Threat intelligence

Which of the following should be the PRIMARY consideration when developing an incident response plan?

Previously reported incidents
Management support
Compliance with regulations
The definition of an incident

A strict new regulation is being finalized to address global concerns regarding cybersecurity. Which of the following should the information security manager do FIRST?

Monitor industry response to the regulation.
Seek legal counsel on the new regulation.
Validate the applicability of the regulation.
Escalate compliance risk to senior management

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

The underlying reason for the user error
The time and location that the breach occurred
Appropriate disciplinary procedures for user error
Evidence of previous incidents caused by the user

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

responses to security questionnaires.
previous training sessions.
examples of help desk requests.
results of exit interviews.

A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. The MOST likely reason for this decision is:

the cost of implementing controls exceeds the potential financial losses.
the risk assessment has not defined the likelihood of occurrence.
executive management is not aware of the impact potential.
the reported vulnerability has not been validated.

Which of the following is the BEST indication of an effective information security awareness training program?

An increase in the identification rate during phishing simulations
An increase in the speed of incident resolution
An increase in positive user feedback
An increase in the frequency of phishing tests

Penetration testing is MOST appropriate when a:

new system is about to go live.
security incident has occurred.
security policy is being developed.
new system is being designed.

Which of the following will result in the MOST accurate controls assessment?

Mature change management processes
Unannounced testing
Well-defined security policies
Senior management support

The MOST important reason for having an information security manager serve on the change management committee is to:

ensure changes are properly documented.
advise on change-related risk.
identify changes to the information security policy.
ensure that changes are tested.

Of the following, who is in the BEST position to evaluate business impacts?

Senior management
Information security manager
Process manager
IT manager

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Encrypt all personal data stored on systems and networks.
Evaluate privacy technologies required for data protection.
Create an inventory of systems where personal data is stored.
Update disciplinary processes to address privacy violations.

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

Transfer responsibility for incident response to the cloud provider.
Continue using the existing incident response procedures.
Revise incident response procedures to encompass the cloud environment.
Adopt the cloud provider’s incident response procedures.

Which of the following is the BEST way to help ensure an organization’s risk appetite will be considered as part of the risk treatment process?

Establish key risk indicators (KRIs).
Provide regular reporting on risk treatment to senior management.
Require steering committee approval of risk treatment plans.
Use quantitative risk assessment methods.

Which of the following is MOST important to include in a post-incident review following a data breach?

An evaluation of the effectiveness of the information security strategy
Documentation of regulatory reporting requirements
A review of the forensics chain of custody
Evaluations of the adequacy of existing controls

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?

Conduct vulnerability assessments on social network platforms.
Assess the security risk associated with the use of social networks.
Establish processes to publish content on social networks.
Develop security controls for the use of social networks.

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Ensuring current documentation of security processes
Formalizing a security strategy and program
Developing an awareness program for staff
Establishing processes within the security operations team

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Balanced scorecard
Risk profile
Business impact analysis (BIA)
Key performance indicators (KPIs)

Management decisions concerning information security investments will be MOST effective when they are based on:

a process for identifying and analyzing threats and vulnerabilities.
the formalized acceptance of risk analysis by management.
the reporting of consistent and periodic assessments of risks.
an annual loss expectancy (ALE) determined from the history of security events.

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Identification of risk
Selection of risk treatment options
Analysis of control gaps
Design of key risk indicators (KRIs)

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Users are not notified of scheduled system changes.
Fallback processes are tested the weekend before changes are made.
The development manager migrates programs into production.
A manual rather than an automated process is used to compare program versions.

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Full interruption test
Tabletop test
Parallel test
Simulation test

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Job descriptions include requirements to read security policies.
Senior management supports the policies.
The policies are aligned to industry best practices.
The policies are updated annually.

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

capture evidence using standard server-backup utilities.
document the chain of custody.
reboot affected machines in a secure area to search for evidence.
contact law enforcement.

An organization’s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

business senior management.
the compliance officer.
the information security manager.
the chief risk officer (CRO).

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

change activities are documented.
compliance with the risk acceptance framework.
the rationale for acceptance is periodically reviewed.
the acceptance is aligned with business strategy.

Which of the following is the BEST course of action for an information security manager to align security and business goals?

Reviewing the business strategy
Conducting a business impact analysis (BIA)
Actively engaging with stakeholders
Defining key performance indicators (KPIs)

What should be the information security manager’s FIRST step when updating an information security program?

Review costs and benchmark them against industry norms.
Interview business unit managers and key stakeholders.
Identify program components that do not align with business objectives.
Re-evaluate the organization's business expectations and objectives.

Which of the following defines the triggers within a business continuity plan (BCP)?

Disaster recovery plan (DRP)
Needs of the organization
Information security policy
Gap analysis

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager’s BEST course of action?

Instruct the vendor to conduct penetration testing.
Suspend the connection to the application in the firewall.
Initiate the organization’s incident response process.
Report the situation to the business owner of the application.

Which of the following is the BEST indication of a successful information security culture?

The budget allocated for information security is sufficient
End users know how to identify and report incidents
Individuals are given roles based on job functions
Penetration testing is done regularly and findings remediated

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Incident response plan
Disaster recovery plan (DRP)
Business contingency plan
Business continuity plan (BCP)

Which of the following sources is MOST useful when planning a business-aligned information security program?

Business impact analysis (BIA)
Information security policy
Security risk register
Enterprise architecture (EA)

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Requiring multifactor authentication
Requiring challenge/response information
Enforcing frequent password changes
Enforcing complex password formats

What is the BEST way to reduce the impact of a successful ransomware attack?

Include provisions to pay ransoms in the information security budget
Monitor the network and provide alerts on intrusions
Perform frequent backups and store them offline
Purchase or renew cyber insurance policies

Which of the following is the BEST approach for governing noncompliance with security requirements?

Require users to acknowledge the acceptable use policy
Base mandatory review and exception approvals on residual risk
Require the steering committee to review exception requests
Base mandatory review and exception approvals on inherent risk

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Defining security asset categorization
Assigning information asset ownership
Developing a records retention schedule
Defining information stewardship roles

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Infrastructure as a Service (IaaS)
Software as a Service (SaaS)
Disaster Recovery as a Service (DRaaS)
Platform as a Service (PaaS)

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

More security incidents are detected
Security behavior is improved
The security strategy is promoted
Fewer security incidents are reported

Which of the following is the FIRST step to establishing an effective information security program?

Assign accountability
Perform a business impact analysis (BIA)
Create a business case
Conduct a compliance review

An information security manager believes that information has been classified inappropriately, increasing the risk of a breach. Which of the following is the information security manager’s BEST action?

Re-classify the data and increase the security level to meet business risk
Complete a risk assessment and refer the results to the data owners
Instruct the relevant system owners to reclassify the data
Refer the issue to internal audit for a recommendation

Which of the following BEST supports the incident management process for attacks on an organization’s supply chain?

Requiring security awareness training for vendor staff
Including service level agreements (SLAs) in vendor contracts
Performing integration testing with vendor systems
Establishing communication paths with vendors

Which of the following is MOST useful to an information security manager when conducting a post-incident review of an attack?

Cost of the attack to the organization
Location of the attacker
Details from intrusion detection system (IDS) logs
Method of operation used by the attacker

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Existence of a right to audit clause
Technical capabilities of the provider
Results of the provider's business continuity tests
Existence of the provider's incident response plan

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

Antivirus software
Log monitoring
Intrusion detection
Patch management

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Providing ongoing training to the incident response team
Updating information security awareness materials
Implementing a honeypot environment
Implementing proactive systems monitoring

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Number of blocked intrusion attempts
Number of business cases reviewed by senior management
Trends in the number of identified threats to the business
Percentage of controls integrated into business processes

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Perform security code reviews on the entire application
Scan the entire application using a vulnerability scanning tool
Monitor Internet traffic for sensitive information leakage
Run the application from a high-privileged account on a test system

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

The vendor must be able to amend data
The vendor must agree to the organization's information security policy
Data is encrypted in transit and at rest at the vendor site
Data is subject to regular access log review

When investigating an information security incident details of the incident should be shared:

widely to demonstrate positive intent
only as needed
only with management
only with internal audit

The PRIMARY advantage of involving end users in continuity planning is that they:

can see the overall impact to the business
are more objective than information security management
can balance the technical and business risks
have a better understanding of specific business needs

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability. Before relying on this certification, it is MOST important that the information security manager confirms that the:

certification scope is relevant to the service being offered
certification will remain current through the life of the contract
current international standard was used to assess security processes
certification can be extended to cover the client's business

Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Capability to take a snapshot of virtual machines
Capability of online virtual machine analysis
Availability of web application firewall logs
Availability of current infrastructure documentation

Which of the following roles is BEST able to influence the security culture within an organization?

Chief information security officer (CISO)
Chief information officer (CIO)
Chief operating officer (COO)
Chief executive officer (CEO)

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Increase in the frequency of security incident escalations
Reduction in the impact of security incidents
Decrease in the number of security incidents
Increase in the number of reported security incidents

Which of the following is the BEST evidence of alignment between corporate and information security governance?

Security key performance indicators (KPIs)
Senior management sponsorship
Regular security policy reviews
Project resource optimization

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Key performance indicators (KPIs)
Systems inventory
Recovery procedures
Business impact analysis (BIA) results

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Regulatory requirements
Compliance acceptance
Management support
Budgetary approval

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Delegate the management of access permissions to an independent third party
Review access permissions annually or whenever job responsibilities change
Lock out accounts after a set number of unsuccessful login attempts
Enable multi-factor authentication on user and admin accounts

Which of the following is the MOST critical factor for information security program success?

A comprehensive risk assessment program for information security
The information security manager's knowledge of the business
Ongoing audits and addressing open items
Security staff with appropriate training and adequate resources

Which of the following events would MOST likely require a revision to the information security program?

A change in IT management
A merger with another organization
A significant increase in reported incidents
An increase in industry threat level

Which of the following is the MOST important consideration when establishing an organization’s information security governance committee?

Members represent functions across the organization
Members have knowledge of information security controls
Members are rotated periodically
Members are business risk owners

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is MOST important for the security manager to:

follow the incident response plan
follow the business continuity plan (BCP)
conduct an incident forensic analysis
notify the business process owner

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Purchase cyber insurance
Encrypt sensitive production data
Maintain multiple offline backups
Perform integrity checks on backups

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Unreliable delivery of hardware and software resources by a supplier
Unavailability of services provided by a supplier
Loss of customers due to unavailability of products
Compromise of critical assets via third-party resources

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager’s FIRST course of action?

Conduct an information security audit
Perform a gap analysis
Validate the relevance of the information
Inform senior management

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Internal compliance requirements are being met
Regulatory requirements are being met
Risk management objectives are being met
Business needs are being met

The MOST important attribute of a security control is that it is:

auditable
measurable
scalable
reliable

Which of the following will BEST enable an effective information asset classification process?

Reviewing the recovery time objective (RTO) requirements of the asset
Assigning ownership
Including security requirements in the classification process
Analyzing audit findings

An information security manager has been notified about a compromised endpoint device. Which of the following is the BEST course of action to prevent further damage?

Run a virus scan on the endpoint device
Wipe and reset the endpoint device
Power off the endpoint device
Isolate the endpoint device

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

Eradication
Identification
Containment
Post-incident review

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Wipe the device remotely
Remove user's access to corporate data
Prevent the user from using personal mobile devices
Report the incident to the police

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Evaluate the information security laws that apply to the acquired company
Apply the existing information security program to the acquired company
Merge the two existing information security programs
Determine which country's information security regulations will be used

An organization’s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Require disaster recovery documentation be stored with all key decision makers
Provide annual disaster recovery training to appropriate staff
Maintain an outsourced contact center in another country
Store disaster recovery documentation in a public cloud

Which of the following is a desired outcome of information security governance?

Penetration test
A maturity model
Improved risk management
Business agility

When designing an information security risk monitoring framework, it is MOST important to ensure:

preservation of forensic evidence is enabled
the monitoring system is patched regularly
feedback is communicated to stakeholders
outlier events are escalated to system administrators

Which of the following BEST enables staff acceptance of information security policies?

Adequate security funding
A robust incident response program
Strong senior management support
Computer-based training

Which of the following is the BEST way to rigorously test a disaster recovery plan (DRP) for a mission-critical system without disrupting business operations?

Parallel testing
Simulation testing
Checklist review
Structured walk-through

An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?

Review the business unit’s function against the policy
Revise the policy to accommodate the business unit
Report the business unit for policy noncompliance
Enforce sanctions on the business unit

Which of the following BEST facilitates an information security manager’s efforts to obtain senior management commitment for an information security program?

Presenting evidence of inherent risk
Reporting the security maturity level
Presenting compliance requirements
Communicating the residual risk

Which of the following is PRIMARILY determined by asset classification?

Priority for asset replacement
Level of protection required for assets
Replacement cost of assets
Insurance coverage required for assets

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Business impact analysis (BIA)
Security operations program
Information security policy
Security risk assessment

An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?

Perform a gap analysis.
Consult with senior management on the best course of action.
Implement a program of work to comply with the new legislation.
Understand the cost of noncompliance.

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Perform a risk assessment on the new technology.
Obtain legal counsel’s opinion on the standard's applicability to regulations.
Determine whether the organization can benefit from adopting the new standard.
Review industry specialists’ analyses of the new standard.

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Impact on information security program
Cost of controls
Impact to business function
Cost to replace

Which of the following BEST demonstrates return on investment (ROI) for an information security initiative?

Risk heat map
Business impact analysis (BIA)
Business case
Information security program roadmap

Which of the following is BEST suited to provide regular reporting to the board regarding the status of compliance to a global security standard?

Legal counsel
Quality assurance (QA)
Information security
Internal audit

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Performing penetration tests against the network to demonstrate business vulnerability
Highlighting competitor performance regarding network best security practices
Presenting comparable security implementation estimates from several vendors
Demonstrating that targeted security controls tie to business objectives

Which of the following is the MOST important reason to implement information security governance?

To align the security strategy with the organization’s strategy
To monitor the performance of information security resources
To monitor the achievement of business goals and objectives
To provide adequate resources to achieve business goals

Which of the following is a PRIMARY objective of an information security governance framework?

To provide the basis for action plans to achieve information security objectives organization-wide
To achieve the desired information security state as defined by business unit management
To align the relationships of stakeholders involved in developing and executing an information security strategy
To provide assurance that information assets are provided a level of protection proportionate to their inherent risk

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Implement a mobile device policy and standard.
Provide employee training on secure mobile device practices.
Implement a mobile device management (MDM) solution.
Require employees to install an effective anti-malware app.

An information security manager has contracted with a company to design security architecture for an application. Which of the following is accountable for identification associated with this initiative?

The project steering committee
The information security manager
The infrastructure management team
The application development team

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Enhanced security monitoring and reporting
Reduction of organizational risk
Reduced control complexity
Enhanced threat detection capability

CISM Final Assessment 1

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question

52. Question

53. Question

54. Question

55. Question

56. Question

57. Question

58. Question

59. Question

60. Question

61. Question

62. Question

63. Question

64. Question

65. Question

66. Question

67. Question

68. Question

69. Question

70. Question

71. Question

72. Question

73. Question