• Home
  • Articles
  • A fully updated 2021 CISM Exam Dumps exam guide from training expert PassLeader [Q572-Q596]

A fully updated 2021 CISM Exam Dumps exam guide from training expert PassLeader [Q572-Q596]

Share

A fully updated 2021 CISM Exam Dumps exam guide from training expert PassLeader

Provides complete coverage of every objective on exam and exam preparation CISM

NEW QUESTION 572
Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

  • A. Continuous vulnerability monitoring tool
  • B. Action plan with responsibilities and deadlines
  • C. Categorization of the vulnerabilities based on system's criticality
  • D. Monitoring of key risk indicators (KRIs)

Answer: D

Explanation:
Explanation
Explanations
One approach seeing increasing use is to report and monitor risk through the use of key risk indicators (KRIs).
KRIs can be defined as measures that, in some manner, indicate when an enterprise is subject to risk that exceeds a defined risk level. Typically, these indicators are trends in factors known to increase risk and are generally developed based on experience. They can be as diverse as increasing absenteeism or increased turnover in key employees to rising levels of security events or incidents.

 

NEW QUESTION 573
Which of the following presents the GREATEST exposure to internal attack on a network?

  • A. All users reside on a single internal subnet
  • B. User passwords are encoded but not encrypted
  • C. All network traffic goes through a single switch
  • D. User passwords are not automatically expired

Answer: B

Explanation:
When passwords are sent over the internal network in an encoded format, they can easily be converted to clear text. All passwords should be encrypted to provide adequate security. Not automatically expiring user passwords does create an exposure, but not as great as having unencrypted passwords. Using a single switch or subnet does not present a significant exposure.

 

NEW QUESTION 574
The PRIMARY goal of a corporate risk management program is to ensure that an organization's:

  • A. business risks are addressed by preventive controls.
  • B. IT facilities and systems are always available.
  • C. IT assets in key business functions are protected.
  • D. stated objectives are achievable.

Answer: D

Explanation:
Risk management's primary goal is to ensure an organization maintains the ability to achieve its objectives. Protecting IT assets is one possible goal as well as ensuring infrastructure and systems availability. However, these should be put in the perspective of achieving an organization's objectives. Preventive controls are not always possible or necessary; risk management will address issues with an appropriate mix of preventive and corrective controls.

 

NEW QUESTION 575
Which of the following is the BKT approach for an information security manager when developing new information security policies?

  • A. Reference an industry standard.
  • B. Create a stakeholder nap
  • C. Download a policy template
  • D. Establish an information security governance committee

Answer: D

 

NEW QUESTION 576
An organization is MOST at risk from a new worm being introduced through the intranet when:

  • A. executable code is run from inside the firewall.
  • B. hosts have static IP addresses.
  • C. desktop virus definition files are not up to date.
  • D. system software does not undergo integrity checks.

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT

 

NEW QUESTION 577
An information security manager has researched several options for handling ongoing security concerns and will be presenting these solutions to business managers. Which of the following with BEST enable business managers to make an informed decision?

  • A. Business impact analysis (BIA)
  • B. Cost-benefit analysis
  • C. Gap analysis
  • D. Risk analysis

Answer: A

 

NEW QUESTION 578
A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission Which of the following should the information security manager do FIRST?

  • A. Disable the data loss prevention (DLP) policy
  • B. Escalate the issue to senior management
  • C. Validate the scope and impact with the business process owner
  • D. Notify authorities and the cyber insurance company

Answer: C

 

NEW QUESTION 579
The effectiveness of virus detection software is MOST dependent on which of the following?

  • A. Software upgrades
  • B. Definition tables
  • C. Intrusion detection
  • D. Packet filtering

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
The effectiveness of virus detection software depends on virus signatures which are stored in virus definition tables. Software upgrades are related to the periodic updating of the program code, which would not be as critical. Intrusion detection and packet filtering do not focus on virus detection.

 

NEW QUESTION 580
Which of the following is the MOST effective control to reduce the impact of ransomware attacks?

  • A. Intrusion detection system (IDS)
  • B. Backup strategy
  • C. Security awareness training
  • D. Antivirus software

Answer: B

 

NEW QUESTION 581
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GRF.ATEST weakness in recovery capability?

  • A. The provider services all major companies in the area
  • B. Exclusive use of the hot site is limited to six weeks
  • C. The hot site may have to be shared with other customers
  • D. The time of declaration determines site access priority

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Sharing a hot site facility is sometimes necessary in the case of a major disaster. Also, first come, first served usually determines priority of access based on general industry practice. Access to a hot site is not indefinite; the recovery plan should address a long-term outage. In case of a disaster affecting a localized geographical area, the vendor's facility and capabilities could be insufficient for all of its clients, which will all be competing for the same resource. Preference will likely be given to the larger corporations, possibly delaying the recovery of a branch that will likely be smaller than other clients based locally.

 

NEW QUESTION 582
An outsourced vendor handles an organization's business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor's security practices?

  • A. Requiring business continuity plans (BCPs) from the vendor
  • B. Reviewing the vendor's security audit reports
  • C. Verifying security certifications held by the vendor
  • D. Requiring periodic independent third-party reviews

Answer: D

 

NEW QUESTION 583
The BEST way to ensure that an external service provider complies with organizational security policies is to:

  • A. Explicitly include the service provider in the security policies.
  • B. Perform periodic reviews of the service provider.
  • C. Cross-reference to policies in the service level agreement
  • D. Receive acknowledgment in writing stating the provider has read all policies.

Answer: B

Explanation:
Explanation
Periodic reviews will be the most effective way of obtaining compliance from the external service provider.
References in policies and service level agreements and requesting written acknowledgement will not be as effective since they will not trigger the detection of noncompliance.

 

NEW QUESTION 584
Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?

  • A. The lack of a security information and event management (SIEM) system
  • B. The lack of delegated authority
  • C. The lack of forensic investigation skills
  • D. The lack of automated communication channels

Answer: B

 

NEW QUESTION 585
Which of the following is MOST important in determining whether a disaster recovery test is successful?

  • A. Critical business processes are duplicated
  • B. IT staff fully recovers the processing infrastructure
  • C. All systems are restored within recovery time objectives (RTOs)
  • D. Only business data files from offsite storage are used

Answer: A

Explanation:
Explanation/Reference:
Explanation:
To ensure that a disaster recovery test is successful, it is most important to determine whether all critical business functions were successfully recovered and duplicated. Although ensuring that only materials taken from offsite storage are used in the test is important, this is not as critical in determining a test's success. While full recovery of the processing infrastructure is a key recovery milestone, it does not ensure the success of a test. Achieving the RTOs is another important milestone, but does not necessarily prove that the critical business functions can be conducted, due to interdependencies with other applications and key elements such as data, staff, manual processes, materials and accessories, etc.

 

NEW QUESTION 586
When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?

  • A. Measure the probability of occurrence of each threat
  • B. Assess the impact of confidential data disclosure
  • C. Calculate the value of the information or asset
  • D. Evaluate productivity losses

Answer: C

Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
Calculating the value of the information or asset is the first step in a risk analysis process to determine the impact to the organization, which is the ultimate goal. Determining how much productivity could be lost and how much it would cost is a step in the estimation of potential risk process. Knowing the impact if confidential information is disclosed is also a step in the estimation of potential risk. Measuring the probability of occurrence for each threat identified is a step in performing a threat analysis and therefore a partial answer.

 

NEW QUESTION 587
During a review to approve a penetration test plan, which of the following should be an information security manager's PRIMARY concern?

  • A. Unauthorized access to administrative utilities
  • B. Impact on production systems
  • C. False positive alarms to operations staff
  • D. Penetration test team's deviation from scope

Answer: B

 

NEW QUESTION 588
What is the MOST cost-effective method of identifying new vendor vulnerabilities?

  • A. honey pots located in the DMZ
  • B. Intrusion prevention software
  • C. Periodic vulnerability assessments performed by consultants
  • D. External vulnerability reporting sources

Answer: D

Explanation:
Explanation/Reference:
Explanation:
External vulnerability sources are going to be the most cost-effective method of identifying these vulnerabilities. The cost involved in choices B and C would be much higher, especially if performed at regular intervals. Honeypots would not identify all vendor vulnerabilities. In addition, honeypots located in the DMZ can create a security risk if the production network is not well protected from traffic from compromised honey pots.

 

NEW QUESTION 589
Which of the following would be the BEST metric for the IT risk management process?

  • A. Percentage of unresolved risk exposures
  • B. Percentage of critical assets with budgeted remedial
  • C. Number of security incidents identified
  • D. Number of risk management action plans

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Percentage of unresolved risk exposures and the number of security incidents identified contribute to the IT risk management process, but the percentage of critical assets with budgeted remedial is the most indicative metric. Number of risk management action plans is not useful for assessing the quality of the process.

 

NEW QUESTION 590
Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

  • A. Regulatory compliance
  • B. Alignment with industry best practices
  • C. Business benefits
  • D. Business continuity investment

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Regulatory compliance can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Buy-in from business managers must be obtained by the information security manager when an information security governance measure is sought based on its alignment with industry best practices.
Business continuity investment needs to be justified by business impact analysis. When an information security governance measure is sought based on qualitative business benefits, further analysis is required to determine whether the benefits outweigh the cost of the information security governance measure in question.

 

NEW QUESTION 591
Which of the following is the GREATEST potential exposure created by outsourcing to an application service provider?

  • A. Lack of technical expertise
  • B. Denial of service attacks
  • C. Combining incompatible duties
  • D. Mixing of data

Answer: D

 

NEW QUESTION 592
What is the PRIMARY objective of a post-event review in incident response?

  • A. Preserve forensic data
  • B. Ensure the incident is fully documented
  • C. Improve the response process
  • D. Adjust budget provisioning

Answer: C

Explanation:
The primary objective is to find any weakness in the current process and improve it. The other choices are all secondary.

 

NEW QUESTION 593
When conducting a post-incident review, the benefit of collecting mean time to resolution (MTTR) data is the ability to:

  • A. reduce the costs of future preventive controls.
  • B. learn of potential areas of improvement.
  • C. provide metrics for reporting to senior management.
  • D. verify compliance with the service level agreement (SLA).

Answer: B

 

NEW QUESTION 594
What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?

  • A. Update the risk register
  • B. Complete a control assessment
  • C. Perform a gap analysis
  • D. Submit a business case to support compliance

Answer: D

Explanation:
Section: INFORMATION SECURITY GOVERNANCE

 

NEW QUESTION 595
Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?

  • A. Large percentage decrease in monthly change requests
  • B. Small number of change request
  • C. Percentage of changes that include post-approval supplemental add-ons
  • D. High ratio of lines of code changed to total lines of code

Answer: A

 

NEW QUESTION 596
......

Tested Material Used To CISM: https://www.passleader.top/ISACA/CISM-exam-braindumps.html

Steps Necessary To Pass The CISM Exam: https://drive.google.com/open?id=1VDccHz-enQCSWQU2-wDTUShjfJQZXe9V

 

Related Articles

more
ISACA CISM Certification Practice Exam