CISM Final Assessment 5

Which of the following is the MOST important objective when planning an incident response program?

Minimizing business impact
Managing resources
Recovering from a disaster
Ensuring IT resiliency

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

The vendor’s proposal aligns with the objectives of the organization
The vendor’s proposal allows for contract modification during technology refresh cycles
The vendor’s proposal requires the provider to have a business continuity plan (BCP)
The vendor’s proposal allows for escrow in the event the third party goes out of business

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application’s security compliance?

During user acceptance testing (UAT)
During regulatory review
During the design phase
During static code analysis

When considering a new security initiative, which of the following should be done prior to the development of a business case?

Conduct a risk assessment
Conduct a benchmarking exercise
Perform a cost-benefit analysis
Identify resource requirements

Which of the following BEST demonstrates the potential for successful business continuity in the event of a disaster?

Tabletop exercises
Awareness training assessments
Disaster recovery tests
Checklist reviews

Which of the following is an essential practice for workstations used to conduct a forensic investigation?

A documented chain of custody log is kept for the workstations
The workstations are only accessed by members of the forensics team
Only forensics-related software is installed on the workstations
The workstations are backed up and hardened on a regular basis

Which of the following components of the risk assessment process should be reviewed FIRST to gain an understanding of the scope of an emerging risk within an organization?

Risk categorization
Asset identification
Control evaluation
Risk treatment

An information security manager has been tasked with implementing a security solution that provides insight into potential security incidents Which of the following BEST supports this activity?

Intrusion detection system (IDS)
Security information and event management (SIEM)
Data loss prevention system (DLP)
User behavior analytics

Which of the following is MOST important for the information security manager to confirm when reviewing an incident response plan?

The plan includes a requirement for post-incident review
The plan is based on a business impact analysis (BIA)
The plan is stored at backup recovery locations
The plan is readily available to provide to auditors.

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Improve the security awareness training program
Communicate consequences for future instances
Implement compensating controls
Enhance the data loss prevention (DLP) solution

Exceptions to a security policy should be approved based PRIMARILY on:

results of a cost-benefit analysis.
risk appetite.
security incident classification.
industry best practices.

When developing a business case for a new security initiative, an information security manager should FIRST:

conduct a feasibility study.
calculate the total cost of ownership (TCO).
perform a cost-benefit analysis.
define the issues to be addressed.

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

historical data of reported incidents.
analysis of current threat landscape.
industry benchmarking gap analysis.
projected return on investment (ROI).

Which of the following is MOST important for an information security steering committee to ensure?

Funding is available for information security projects.
Information security is managed as a business critical issue.
Periodic information security audits are conducted.
Resources used for information security projects are minimized.

An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?

Refer to the privacy policy.
Refer to the incident response plan.
Send out a breach notification to all parties involved.
Contact the board of directors.

Which of the following is the BEST defense against a brute force attack?

Discretionary access control
Multi-factor authentication (MFA)
Mandatory access control
Time-of-day restrictions

Which of the following is MOST important to verify during a test of an organization’s incident response process?

Whether incident response team members know their responsibilities
Whether senior management endorses the incident response process
Whether users know which numbers to call in the call tree
Whether incident response team members are cross-trained

An intrusion prevention system (IPS) has reported a significant increase in the number of hacking attempts over the past month, though no systems have actually been compromised. Which of the following should the information security manager do FIRST?

Tune the IPS to address false positives.
Report the increase in hacking attempts to senior management.
Validate the events identified by the IPS.
Update security awareness training.

The likelihood of a successful intrusion is a function of:

threat and vulnerability levels.
design and redundancy of network perimeter controls.
configuration and maintenance of log monitoring system.
opportunity and asset value.

Which of the following is the BEST evidence that senior management supports the information security program?

The information security manager reports to the chief risk officer (CRO)
A reduction in information security costs
Consistent enforcement of information security policies
A high level of information security risk acceptance

During incident recovery, which of the following is the BEST approach to ensure the eradication of traces hidden by an attacker?

Reinstall the system from the original source.
Perform continuous monitoring until validation is achieved.
Prohibit use of the account suspected to be compromised.
Conduct a forensic investigation to acquire evidence.

Which of the following BEST enables the effectiveness of an information security training program for new employees?

New employees are required to acknowledge the information security policy.
New employees must complete a security assessment after training.
Information security training precedes all other onboarding training.
The training is specific to new employees' job functions.

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization’s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Temporarily suspend wire transfers for the organization.
Provide awareness training to staff responsible for wire transfers.
Disable emails for staff responsible for wire transfers.
Provide awareness training to the CEO for this type of phishing attack.

Which of the following is the BEST indication of effective information security governance?

Comprehensive security policies reflect organizational objectives.
Information security is integrated into organizational processes.
The information security program follows industry best practices.
An information security risk register is maintained.

A data loss prevention (DLP) tool has flagged personally identifiable information (PII) during transmission. Which of the following should the information security manager do FIRST?

Validate the scope and impact with the business process owner.
Escalate the issue to senior management.
Review and validate the rules within the DLP system.
Initiate the incident response plan.

Which of the following is MOST likely to require an organization to update its business continuity plan (BCP)?

Successful BCP testing results
Increases in information security risk trends
Multiple changes in organizational leadership
Major changes in the business operating environment

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

It helps in assessing the availability of compatible backup hardware.
It identifies appropriate follow-up work to address shortcomings in the plan.
It provides a low-cost method of assessing the BCP’s completeness.
It allows for greater participation and planning from the business side.

Which of the following is the BEST approach for encouraging business units to assume their roles and responsibilities in an information security program?

Engage an independent security audit.
Perform a risk assessment.
Conduct an awareness program for senior management.
Develop controls and countermeasures.

Which of the following is MOST influential in driving the effectiveness of an information security program?

Policies and standards
Organizational risk appetite
Information security metrics
Organizational culture

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

compliance with legal and regulatory requirements.
the plan aligns with corporate governance.
staff participation in information security efforts.
the organization has the required funds to implement the plan.

Which of the following is the GREATEST risk associated with a poorly trained incident response team responding to a major incident?

Separation of duty violations
Loss of confidential information
Evidence contamination
Failure to escalate to senior management

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Eliminate privileged accounts.
Perform periodic certification of access to privileged accounts.
Provide privileged account access only to users who need it.
Frequently monitor activities on privileged accounts.

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

Technical capabilities of the team
Feedback from affected departments
Historical data from past incidents
Procedures for incident triage

An organization’s service desk has reported that a PC is displaying a message with the phrase “your personal files are encrypted.” Which of the following should be done FIRST?

Analyze the compromised PC to determine the root cause.
Isolate the compromised PC from the network.
Meet with the security team to identify related assets.
Update all security endpoints to the most current versions.

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

the incident is reported to senior management.
the integrity of evidence is preserved.
the server is unplugged from power.
forensic investigation software is loaded on the server.

Which of the following groups is MOST important to involve in the development of information security procedures?

Audit management
Senior management
End users
Operational units

Which of the following would be MOST useful to determine the current status of an information security program’s maturity level?

Business impact analysis (BIA)
Cost-benefit analysis
Benchmark analysis
Risk assessment

The MOST significant outcome obtained from conducting a business impact analysis (BIA) is improved:

employee awareness.
disaster recovery planning.
IT capacity planning.
budgeting.

Which of the following BEST indicates ongoing senior management commitment to the organization’s information security strategy?

An efficient incident response program
Established key performance indicators (KPIs)
A comprehensive security awareness training program
Adequate funding for the information security program

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Performance measures for existing controls
Number of false positives
Security training test results
Industry benchmarks

Which of the following is the MOST important objective when recommending controls?

Ensuring implementation costs are approved
Identifying business processes the controls can support
Reducing the risk to an acceptable level
Minimizing the impact to business processes

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Invoke the incident response plan.
Assess changes in the risk profile.
Conduct security awareness training.
Activate the disaster recovery plan (DRP).

After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager’s FIRST course of action should be to:

evaluate the cost of replacing the applications.
reevaluate the standards.
determine the potential impact.
implement compensating controls.

Which of the following is a PRIMARY responsibility of a data owner?

Data backup
Data classification
Data quality
Data storage

Which of the following is MOST helpful for retaining the support of executive management for an information security program?

Forming an information security steering committee to provide oversight of the program
Providing regular performance reports on the effectiveness of the program
Including satisfaction with information security in employee engagement surveys
Developing business cases to justify continued expenses for security awareness

When performing a business impact analysis (BIA), which of the following is the MOST important reason to determine the maximum tolerable downtime (MTD)?

To determine the data needed for a timely recovery
To assist in developing recovery strategies
To facilitate selection of the technologies needed to recover
To establish resources needed for a successful recovery

Which of the following processes should remain internal when outsourcing IT operations?

Authorization management
Data encryption
Log monitoring
Incident management

An organization plans to adopt a DevOps approach for innovative application development. Which of the following should be the information security manager’s MOST important consideration with regard to the information security strategy?

Risk profile may change with the new approach.
The identified framework may not be appropriate.
Security policies may need to be revised.
Security staff may lack software coding skills.

Which of the following is the MOST important reason to integrate nonrepudiation into the design of user authentication?

To ensure there are no conflicts when changing database records
To ensure users cannot escalate their own access privileges
To ensure users cannot alter log records within the system
To ensure actions can be traced to specific users

A significant risk was identified within a core business function. Budget constraints do not allow for effective remediation. Who should be accountable for selecting the appropriate risk treatment?

Data custodian
Data owner
Security officer
Senior management

An information security manager is building a business case to support an investment in a next generation firewall. Which of the following would BEST maximize the effectiveness of the business case?

Comparing inherent risk to residual risk
Aligning proof-of-concept with the information security strategy
Ensuring return on investment (ROI) is included
Comparing costs between the new solution and the current firewall

CISM Final Assessment 5

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question