CISM Final Assessment 3

Which of the following should be done FIRST when developing an information security strategy?

Establish information security steering committee.
Determine the desired state of information security.
Develop security policies and standards.
Identity owners of information assets.

A business impact analysis (BIA) should be periodically executed PRIMARILY to:

verify the effectiveness of controls.
check compliance with regulations.
validate vulnerabilities on environmental changes.
analyze the importance of assets.

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

While responding to the incident
During post-incident review
During a tabletop exercise
After a risk reassessment

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

Updated risk assessments
Audit reports
Counts of information security incidents
Monthly metrics

Which of the following would BEST justify spending for a compensating control?

Root cause analysis
Emerging risk trends
Vulnerability assessment
Risk analysis

Which or the following is the BEST way to monitor for advanced persistent threats (APT) in an organization?

Browse the Internet to learn of potential events.
Search for threat signatures in the environment.
Search for anomalies in the environment.
Network with peers in the industry to share information.

In response to recent ransomware threats, an organization deployed a new endpoint detection and response (EDR) solution in its employee laptops. Of the following, who should be accountable for reviewing the solution to verify it has been properly deployed and configured?

The security analyst
The chief audit executive (CAE)
The chief information security officer (CISO)
The system administrator

An organization’s quality process can BEST support security management by providing:

a repository for security systems documentation.
assurance that security requirements are met.
guidance for security strategy.
security configuration controls.

Which of the following is the MOST important consideration when defining an information security framework?

Information security budget
Industry standards
Business strategy
Organizational culture

Which of the following is the MOST important consideration for reporting risk assessment results to senior management?

The reports should include comparisons to industry benchmarks.
The reports should be presented in business terms.
The reports should use formal methodologies.
The reports should include recommended controls.

Which of the following is the BEST way to determine the effectiveness of an incident response plan?

Reviewing previous audit reports
Benchmarking the plan against best practices
Performing a penetration test
Conducting a tabletop exercise

Which of the following should be an information security manager’s MOST important consideration when determining the priority for implementing security controls?

Availability of security budget
Alignment with industry benchmarks
Results of business impact analyses (BIAs)
Possibility of reputational loss due to incidents

Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?

To prioritize security initiatives
To avoid redundant controls
To align with emerging ris
To address end-user control complaints

Which of the following should be done FIRST when implementing a security program?

Implement data encryption.
Perform a risk analysis.
Create an information asset inventory.
Determine the value of information assets.

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Data owner
Information security manager
Business owner
Compliance manager

Which of the following is an example of a deterrent control?

Segregation of responsibilities
A warning banner
An intrusion detection system (IDS)
Periodic data restoration

An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?

Implement countermeasures to mitigate risk.
Classify all identified risks.
Conduct an evaluation of controls.
Determine if the risk is within the risk appetite.

Which of the following BEST enables an organization to maintain an appropriate security control environment?

Periodic employee security training
Budgetary support for security
Alignment to an industry security framework
Monitoring of the threat landscape

Which of the following is MOST important for responding effectively to security breaches?

Chain of custody
Incident classification
Log monitoring
Communication plan

Which of the following is the BEST method for assisting with incident containment in an Infrastructure as a Service (IaaS) cloud environment?

Disabling unnecessary services
Implementing privileged identity management
Establishing automated detection
Implementing network segmentation

Which of the following should be performed FIRST in response to a new information security regulation?

Industry benchmarking
Independent audit
Risk assessment
Gap analysis

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Assess the level of security awareness of the service provider.
Review a recent independent audit report of the service provider.
Review samples of service level reports from the service provider.
Request the service provider comply with information security policy.

Which of the following is the MOST important reason to consider organizational culture when developing an information security program?

It helps expedite approval for the information security budget.
It helps the organization meet compliance requirements.
Everyone in the organization is responsible for information security
Security incidents have an adverse impact on the entire organization.

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Post-incident review
Chain of custody
Incident logging
Root cause analysis

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization’s hosted payroll service provider?

Validate the breach with the provider.
Suspend the data exchange with the provider.
Notify appropriate regulatory authorities of the breach.
Initiate the business continuity plan (BCP).

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

Update the change management process.
Revise the procurement process.
Discuss the issue with senior leadership.
Remove the application from production.

An organization is strategizing on how to improve security awareness. Which of the following is MOST important to consider when developing this strategy?

Technical solutions for delivery
Cost to implement
Organizational culture
Organizational maturity

A penetration test against an organization’s external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

Vulnerabilities were caused by insufficient user acceptance testing (UAT).
Exploit code for one of the vulnerabilities is publicly available.
Atules of engagement form was not signed prior to the penetration test.
Vulnerabilities were not found by internal tests.

Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

The service desk will be staffed incorrectly.
Timely detection of attacks will be impossible.
Statistical reports will be incorrect.
Escalation procedures will be ineffective.

Which of the following would be the BEST way to maintain organization-wide support for an information security strategy?

Ensure information security objectives are understood by key stakeholders.
Monitor user activity to identify and track information security policy violations.
Place information security awareness materials in visible locations.
Ensure information security policies are easily accessible.

Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?

Reimage the systems.
Block access to the impacted systems.
Perform malware scanning.
Perform a vulnerability assessment.

Which of the following is the MOST important success factor for maintaining an organizational security-aware culture?

Senior management sign-off on security projects and resources
Regular security training and simulation exercises
Regular organization-wide reporting on the risk profile
Employee security policy acknowledgment

Senior management has expressed concern that the organization’s intrusion prevention system (IPS) may repeatedly disrupt business operations. Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Decreasing false positives
Decreasing false negatives
Increasing false negatives
Increasing false positives

Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?

Information security incidents caused due to unauthorized changes
Unauthorized changes in the environment
Denied changes due to insufficient security details
Information security-related changes

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Elapsed time between detection, reporting, and response
Average number of incidents per reporting period
Average total cost of downtime per reported incident
Elapsed time between response and resolution

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Confidentiality
Integrity
Authenticity
Nonrepudiation

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?

Backups are maintained on multiple sites and regularly reviewed.
Impacted networks can be detached at the network switch level.
Backups are maintained offline and regularly tested.
Production data is continuously replicated between primary and secondary sites.

Of the following, who should be assigned as the owner of a newly identified risk related to an organization’s new payroll system?

Head of IT department
Head of human resources (HR)
Information security manager
Data privacy officer

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Business continuity contingency planning is provided.
Security requirements are included in the vendor contract.
External security audit results are reviewed.
Service level agreements (SLAs) meet operational standards.

Which of the following is MOST effective in gaining support for the information security strategy from senior management?

Cost-benefit analysis results
Third-party security audit results
Business impact analysis (BIA) results
A major breach at a competitor

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation of a critical monitoring process. Which of the following should be the information security manager’s GREATEST concern with this situation?

Deviation from risk management best practices
Impact on the risk culture
Inability to determine short-term impact
Impact on compliance risk

An employee’s bring your own device (BYOD) smartphone has been lost. To reduce the risk associated with the loss of corporate sensitive data stored on the phone, the information security manager’s BEST course of action should have been to implement:

a requirement of prompt notification in the event of loss.
multi-factor authentication for the mobile device.
a board-approved and communicated mobile policy and standard.
a securely configured device enforced by a mobile device management (MDM) solution.

Which of the following is the BEST approach for an information security manager to develop an organization’s information security strategy?

Budget training costs and contingencies for unexpected events.
Determine desired outcomes and perform a gap analysis.
Evaluate the security posture in comparison with competitors.
Estimate operational costs and perform reliability checks.

Which of the following is the BEST way to monitor the effectiveness of security controls?

Review application and system audit logs.
Conduct regular threat assessments.
Establish and report security metrics.
Benchmark security controls against similar organizations.

An organization experienced a data breach that affected many of its clients. Legal counsel found out about this event only after a press release was issued. Which of the following would have been MOST helpful in preventing this situation?

A gap analysis of technical controls
Regular information security policy reviews
Tabletop testing of the incident response plan
Tabletop testing of the incident response plan

Which of the following would MOST effectively ensure that a new server is appropriately secured?

Enforcing technical security standards
Performing secure code reviews
Initiating security scanning
Conducting penetration testing

Spoofing should be prevented because it may be used to:

assemble information, track traffic, and identify network vulnerabilities.
predict which way a program will branch when an option is presented.
capture information such as passwords traveling through the network.
gain illegal entry to a secure system by faking the sender's address.

Which of the following is MOST important to have in place for an organization’s information security program to be effective?

Senior management support
A comprehensive IT strategy
Defined and allocated budget
Documented information security processes

When assigning a risk owner, the MOST important consideration is to ensure the owner has:

adequate knowledge of risk treatment and related control activities.
decision-making authority and the ability to allocate resources for risk.
sufficient time for monitoring and managing the risk effectively.
risk communication and reporting skills to enable decision-making.

After a ransomware incident, an organization’s systems were restored. Which of the following should be of MOST concern to the information security manager?

The service level agreement (SLA) was not met.
The recovery time objective (RTO) was not met.
The root cause was not identified.
Notification to stakeholders was delayed.

To improve the efficiency of the development of a new software application, security requirements should be defined:

based on code review.
based on available security assessment tools.
after functional requirements.
concurrently with other requirements.

Which of the following would provide the MOST effective security outcome in an organization’s contract management process?

Extending security assessment to cover asset disposal on contract termination
Ensuring security requirements are defined at the request-for-proposal (RFP) stage
Extending security assessment to include random penetration testing
Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage

Which of the following is the BEST way to contain an SQL injection attack that has been detected by a web application firewall?

Force password changes on the SQL database.
Reconfigure the web application firewall to block the attack.
Update the detection patterns on the web application firewall.
Block the IPs from where the attack originates.

Who is accountable for approving an information security governance framework?

The board of directors
The chief information security officer (CISO)
The enterprise risk committee
The chief information officer (CIO)

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?

Protection of business value and assets
Identification of core business strategies
Easier entrance into new businesses and technologies
Improved regulatory compliance posture

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Network address translation (NAT)
Message hashing
Transport Layer Security (TLS)
Multi-factor authentication

Which of the following is the FIRST step when conducting a post-incident review?

Identify mitigating controls.
Assess the costs of the incident.
Perform root cause analysis.
Assign responsibility for corrective actions.

Which of the following BEST facilitates the effectiveness of cybersecurity incident response?

Utilizing a security information and event management (SIEM) tool
Utilizing industry-leading network penetration testing tools
Increasing communication with all incident response stakeholder
Continuously updating signatures of the anti-malware solution

A business requires a legacy version of an application to operate, but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Accept
Transfer
Mitigate
Avoid

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

Escalate to the chief risk officer (CRO).
Conduct a vulnerability analysis.
Conduct a risk analysis.
Determine compensating controls.

An email digital signature will:

automatically correct unauthorized modification of an email message.
verify to recipients the integrity of an email message.
protect the confidentiality of an email message.
prevent unauthorized modification of an email message.

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Establish an organization-wide social media policy.
Develop sanctions for misuse of social media sites.
Monitor social media sites visited by employees.
Restrict social media access on corporate devices.

Which of the following BEST facilitates effective strategic alignment of security initiatives?

Procedures and standards are approved by department heads.
Organizational units contribute to and agree on priorities.
Periodic security audits are conducted by a third-party.
The business strategy is periodically updated.

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP), and disaster recovery plan (DRP)?

Asset classification
Recovery time objectives (RTOs)
Chain of custody
Escalation procedures

An information security program is BEST positioned for success when it is closely aligned with:

information security best practices.
recognized industry frameworks.
information security policies.
the information security strategy.

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization’s IT asset inventory?

Isolate the PC from the network
Perform a vulnerability scan.
Determine why the PC is not included in the inventory.
Reinforce information security training.

Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?

Including a situational forecast.
Using appropriate language for the target audience.
Including trend charts for metrics.
Using a rating system to demonstrate program effectiveness.

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

Data loss prevention (DLP)
Data retention strategy
Data encryption standards
Data masking

Which of the following is ESSENTIAL to ensuring effective incident response?

Business continuity plan (BCP)
Cost-benefit analysis
Classification scheme
Senior management support

Which of the following is the BEST indicator of an organization’s information security status?

Threat analysis
Controls audit
Penetration test
Intrusion detection log analysis

Which of the following practices is MOST effective for determining the adequacy of incident management operations?

Conducting unannounced external vulnerability testing
Testing current incident response plans with relevant stakeholders
Assessing incident response team members’ incident response skills
Reviewing incident response procedures against best practices

Which of the following MUST happen immediately following the identification of a malware incident?

Eradication
Containment
Preparation
Recovery

Which of the following is MOST effective in monitoring an organization’s existing risk?

Vulnerability assessment results
Security information and event management (SIEM) systems
Periodic updates to risk register
Risk management dashboards

Which of the following BEST indicates that information security governance and corporate governance are integrated?

The information security team is aware of business goals.
A cost-benefit analysis is conducted on all information security initiatives.
The board is regularly informed of information security key performance indicators (KPIs).
The information security steering committee is composed of business leaders.

Which of the following should be the PRIMARY basis for determining the value of assets?

Cost of replacing the assets
Total cost of ownership (TCO)
Business cost when assets are not available
Original cost of the assets minus depreciation

Which of the following is MOST helpful to identify whether information security policies have been followed?

Corrective controls
Directive controls
Detective controls
Preventive controls

Which of the following is the MOST important reason to classify an incident after detection?

To assign appropriate prioritization levels
To obtain funds for external forensic support
To approve data breach notifications
To ensure management is accurately informed

Which of the following principles BEST addresses the protection of data from unauthorized modification?

Nonrepudiation
Integrity
Availability
Authenticity

The MAIN reason for continuous monitoring of the security program is to:

validate reduction of incidents.
confirm benefits are being realized.
ensure alignment with industry standards.
optimize resource allocation.

Which of the following would BEST enable the help desk to recognize an information security incident?

Provide the help desk with criteria for security incidents.
Include members of the help desk on the security incident response team.
Require the help desk to participate in past-incident reviews.
Train the help desk to review the call logs.

Which of the following would be the GREATEST concern with the implementation of key risk indicators (KRIs)?

Inability to measure KRIs
Poorly defined risk appetite
Overly specific KRI definitions
Complex organizational structure

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

Purchase forensic standard operating procedures.
Retain a forensics firm prior to experiencing an incident.
Ensure the incident response policy allows hiring a forensics firm.
Provide forensics training to the information security team.

Which of the following is MOST important for the effective implementation of an information security governance program?

Information security roles and responsibilities are documented
The program budget is approved and monitored by senior management
Employees receive customized information security training
The program goals are communicated and understood by the organization

Which of the following is the BEST way to maintain ongoing senior management support for the implementation of a security monitoring toot?

Demonstrate return on investment (ROI).
Update security plans.
Present security monitoring reports.
Communicate risk reduction.

Which of the following would BEST support a business case to implement an anti-ransomware solution?

Industry benchmark of anti-ransomware investments
A threat and vulnerability assessment
Trend analysis of ransomware attacks
A reduction in required backups and associated costs

When responding to an incident involving malware on a server, which of the following should be done FIRST?

Isolate the server from the network.
Identify the owner of the server.
Locate the most recent backups.
Investigate the source of the malware.

Which of the following BEST reduces the likelihood of leakage of private information via email?

User awareness training
Periodic phishing exercises
Email signature verification
Restricted personal use of company email

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?

Business impact analysis (BIA)
Risk appetite
Business requirements
Supplier requirements

Which of the following MUST be established to maintain an effective information security governance framework?

Security controls automation
Change management processes
Security policy provisions
Defined security metrics

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Continuous monitoring
Compartmentalization
Multi-factor authentication
Overlapping redundancy

When responding to a security incident, information security management and the affected business unit management cannot agree whether to escalate the incident to senior management. Which of the following would MOST effectively prevent this situation from recurring?

Develop additional communication channels.
Obtain senior management buy-in for incident response processes.
Periodically test the incident response plan.
Create a clear definition of incident classifications.

Which of the following should be done FIRST to ensure information security is integrated in system development projects?

Assign resources based on the business impact.
Define security requirements.
Review the security policy.
Embed a security representative in each project team.

For which of the following is it MOST important that system administrators be restricted to read-only access?

User access log files
Administrator user profiles
System logging options
Administrator log files

Which of the following business units should own the data that populates an identity management system?

Legal
Human resources (HR)
Information security
Information technology

Which of the following BEST indicates senior management support for an information security program?

Top-down communication
Regular security awareness training
Participation in a certification program
Steering committee involvement

When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to:

identify the program's risk and compensating controls.
consider the organization's business strategy.
consider the strategic objectives of the program.
leverage industry benchmarks.

A business continuity plan (BCP) should contain:

criteria for activation.
hardware and software inventories.
data restoration procedures.
information about eradication activities.

A finance department director has decided to outsource the organization’s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by the information security manager?

Determine the required security controls for the new solution.
Obtain audit reports on the service providers’ hosting environment.
Review the disaster recovery plans (DRPs) of the providers.
Align the roles of the organization's and the service providers’ staffs.

What type of control is being implemented when a security information and event management (SIEM) system is installed?

Corrective
Preventive
Deterrent
Detective

Which of the following should be done FIRST when developing an information asset classification policy?

Identify accountability for information assets throughout the organization.
Establish the criteria that define an asset's classification level.
Identify existing security measures for protecting assets.
Obtain executive input to identify high-value assets to be classified.

Which of the following is the BEST option to lower the cost to implement application security controls?

Include standard application security requirements.
Perform security tests in the development environment.
Perform a risk analysis after project completion.
Integrate security activities within the development process.

Which of the following is the GREATEST benefit of effective information security governance?

Treatment priorities are based on risk exposure.
Information security standards are communicated to primary stakeholders.
The information security budget is aligned to the organization.
Executive management's strategy is aligned to the information security strategy.

The ability to integrate information security governance into corporate governance is PRIMARILY driven by:

the percentage of corporate budget allocated to the information security program.
how often information security metrics are presented to senior management.
how often the information security steering committee reviews and updates security policies.
how well the information security program supports business objectives.

Which of the following presents the GREATEST challenge for protecting Internet of Things (IoT) devices?

IoT vendor reputation
IoT architecture diversity
IoT-specific training
IoT device policies

Which of the following parameters is MOST helpful when designing a disaster recovery strategy?

Maximum tolerable downtime (MTD)
Mean time between failures (MTBF)
Allowable interruption window (AIW)
Recovery point objective (RPO)

An IT service desk was not adequately prepared for a recent ransomware attack on user workstations. Which of the following should be given HIGHEST priority by the information security team when creating an action plan to improve service desk readiness?

Investing in threat intelligence capability
Implementing key risk indicators (KRIs) for ransomware attacks
Updating the information security incident response manual
Strengthening the organization's data backup capability

After a risk has been identified, analyzed, and evaluated, which of the following should be done NEXT?

Monitor the risk.
Prioritize the risk for treatment
Identify the risk owner.
Identify controls for risk mitigation.

Which of the following will BEST facilitate timely and effective incident response?

Including penetration test results in incident response planning
Assessing the risk of compromised assets
Notifying stakeholders when invoking the incident response plan
Classifying the severity of an incident

Which of the following MOST effectively communicates the current risk profile to senior management after controls are applied?

Residual risk
Impact of loss events
Inherent risk
Number of risks avoided

Which of the following processes should be done NEXT after completing a business impact analysis (BIA)?

Evaluate the disaster recovery plan (DRP).
Develop the requirements for the incident response plan.
Develop a business continuity plan (BCP).
Identify resources for business recovery.

Which of the following is MOST important to include in an information security policy?

Maturity levels
Baselines
Best practices
Management objectives

Which of the following should an information security manager do FIRST when creating an organization’s disaster recovery plan (DRP)?

Develop response and recovery strategies.
Identify the response and recovery teams.
Review the communications plan.
Conduct a business impact analysis (BIA).

Which of the following would be the MOST effective use of findings from a post-incident review?

Providing input for updates to the incident response plan
Developing cost reports regarding the incident
Providing justification for an increase in the incident response plan budget
Incorporating the results into information security awareness training materials

During a post-incident review, it was determined that a known vulnerability was exploited in order to gain access to a system. The vulnerability was patched as part of the remediation on the offending system. Which of the following should be done NEXT?

Scan to determine whether the vulnerability is present on other systems.
Review the vulnerability management process.
Install patches an all existing systems.
Report the root cause of the vulnerability to senior management.

Which of the following is MOST helpful in determining the realization of benefits from an information security program?

Vulnerability assessments
Key risk indicators (KRIs)
Business impact analysis (BIA)
Key performance indicators (KPIs)

During an internal compliance review, the review team discovers that a critical legacy application is unable to meet the organization’s mandatory security requirements. Which of the following should be done FIRST?

Update the risk register.
Recommend taking the application out of service.
Implement compensating controls.
Monitor the application until it can be replaced.

Which of the following is the BEST way to improve an organization’s ability to detect and respond to incidents?

Conduct a business impact analysis (BIA).
Conduct periodic awareness training.
Perform a security gap analysis.
Perform network penetration testing.

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

Data privacy officer (DPO)
Chief information security officer (CISO)
Information security steering committee
Enterprise risk committee

Which of the following is the PRIMARY role of the information security manager in application development?

To ensure control procedures address business risk
To ensure enterprise security controls are implemented
To ensure compliance with industry best practice
To ensure security is integrated into the system development life cycle (SDLC)

Which of the following actions by senior management would BEST enable a successful implementation of an information security governance framework?

Demonstrating support for the business and information security governance functions
Delegating the implementation of the framework to information security management
Promoting the use of an internationally recognized governance framework
Engaging a consulting firm specializing in information security governance and standards

Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?

Conduct awareness training across the organization.
Require acknowledgment of the acceptable use policy.
Disable all incoming cloud mail services.
Implement a data loss prevention (DLP) system.

Which of the following is the PRIMARY benefit of an information security awareness training program?

Evaluating organizational security culture
Enforcing security policy
Influencing human behavior
Defining risk accountability

Which of the following MOST effectively supports an organization’s security culture?

Business unit security metrics
An information governance framework
Stakeholder involvement
A security mission statement

A new type of ransomware has infected an organization’s network. Which of the following would have BEST enabled the organization to detect this situation?

Periodic information security training for end users
Use of integrated patch deployment tools
Regular review of the threat landscape
Monitoring of anomalies in system behavior

Which of the following should an information security manager do FIRST upon notification of a potential security risk associated with a third-party service provider?

Determine risk treatment options.
Conduct a vulnerability analysis.
Escalate to the third-party provider.
Conduct a risk analysis.

A security incident has been reported within an organization. When should an information security manager contact the information owner?

After the potential incident has been logged
After the incident has been contained
After the incident has been confirmed
After the incident has been mitigated

An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?

Secure and preserve digital evidence for analysis.
Gather feedback on business impact.
Conduct a meeting to capture lessons learned.
Prepare an executive summary for senior management.

Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

Baseline controls
Audit findings
Risk assessment results
Key risk indicators (KRIs)

Which of the following information security practices would BEST prevent a SQL injection attack?

Adopting agile development
Enhancing the patching program
Training developers on secure coding practices to reduce vulnerabilities
Performing vulnerability testing before each version release

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Block IP addresses used by the attacker.
Disable firewall ports exploited by the attacker.
Power oft affected servers.
Redirect the attacker's traffic.

A data discovery project uncovers an unclassified process document. Of the following, who is BEST suited to determine the classification?

Creator of the document
Data custodian
Information security manager
Security policy author

Which of the following is MOST important to include in a post-incident report?

Forensic analysis results
List of potentially compromised assets
Root cause analysis
Service level agreements (SLAs)

When creating an incident response plan, the triggers for the business continuity plan (BCP) MUST be based on:

a threat assessment.
recovery time objectives (RTOs).
a business impact analysis (BIA).
a risk assessment.

An organization’s information security strategy should be the PRIMARY input to which of the following?

Security governance framework design
Enterprise risk scenario development
Security program metrics
Organizational risk appetite

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Information security audits
Security risk assessments
Lessons learned analysis
Key performance indicators (KPIs)

Which of the following is BEST used to determine the maturity of an information security program?

Organizational risk appetite
Risk assessment results
Security metrics
Security budget allocation

Which of the following should be done FIRST when developing an information security strategy that is aligned with organizational goals?

Establish a security risk framework with key risk indicators (KRIs).
Determine information security's impact on the achievement of organizational goals.
Assess information security risk associated with the organizational goals
Select information security projects related to the organizational goals.

A business impact analysis (BIA) BEST enables an organization to establish:

annualized loss expectancy (ALE).
recovery methods.
restoration priorities.
total cost of ownership (TCO).

Which of the following is the PRIMARY objective of developing an information security program that aligns with the information security strategy?

To define the resources required to achieve information security goals
To define a bottom-up approach for implementing information security policies
To define standards to be implemented
To define risk mitigation plans for security technologies

Which of the following is MOST important to include in an information security framework?

Guidance for designing information security controls
Information security organizational structure
Industry benchmarks of information security metrics
Information security risk assessment

An organization learns that a service provider experienced a breach last month and did not notify the organization. Which of the following should be the information security manager’s FIRST course of action?

Terminate the provider contract.
Conduct a business impact analysis (BIA).
Inform senior management.
Review the provider contract.

Which of the following approaches to communication with senior management BEST enables an information security manager to maximize the effectiveness of the information security program?

Reporting on industry security threats with potential impact to business objectives
Conducting periodic one-on-one meetings to align security with business objectives
Participating in operational review meetings to discuss daily operations and dependencies
Providing regular status of updates to security policies and standards

Which of the following control types should be considered FIRST for aligning employee behavior with an organization’s information security objectives?

Administrative security controls
Access security controls
Technical security controls
Physical security controls

An organization’s information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?

No owners were identified for some risks.
Business applications had the highest number of risks.
Risk mitigation action plans had no timelines.
Risk mitigation action plan milestones were delayed.

Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?

Penetration testing
Root cause analysis
Continuous log monitoring
Computer forensics

Which of the following should the information security manager do FIRST upon learning that a business department wants to use blockchain technology for a new payment process?

Include the new requirements in the system development life cycle (SDLC) pipeline.
Update the business case to include security budget and resource needs for the new process.
Perform a risk assessment to identify emerging risks.
Benchmark blockchain solutions to determine which one is most secure.

Which of the following BEST facilitates the development of information security procedures that effectively support the information security policy?

Aligning procedures with industry best practices
Classifying the information assets to be protected
Considering the impact of systemic risk events
Conducting an external benchmarking exercise

Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Business impact analysis (BIA)
Vulnerability scan results
Risk assessment
Penetration test results

Which of the following is MOST helpful for determining priorities when creating a long-term information security roadmap?

The organization's information security framework
Information security steering committee input
Enterprise architecture (EA)
Industry best practices

A KEY consideration in the use of quantitative risk analysis is that it:

applies commonly used labels to information assets.
assigns numeric values to exposures of information assets.
is based on criticality analysis of information assets.
aligns with best practice for risk analysis of information assets.

CISM Final Assessment 3

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question

52. Question

53. Question

54. Question

55. Question

56. Question

57. Question

58. Question

59. Question

60. Question

61. Question

62. Question

63. Question

64. Question

65. Question

66. Question

67. Question

68. Question

69. Question

70. Question

71. Question

72. Question

73. Question