CISM Flashcards
CISM
The MOST important component of a privacy policy is:
Notifications
Which of the following is MOST likely to remain constant over time? An information security:
Strategy
What is the PRIMARY factor to be taken into account when designing a backup strategy that will be consistent with a disaster recovery strategy?
Recovery point objective
When performing a business impact analysis, which of the following should calculate the recovery time and cost estimates?
Business process owners
What is the MOST important reason for formally documenting security procedures?
Ensuring processes are repeatable and sustainable.
Which of the following choices should be assessed after the likelihood of a loss event has been determined?
Magnitude of impact
What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
Periodically perform penetration tests
Which two components PRIMARILY must be assessed in an effective risk analysis?
Likelihood and impact
When designing an intrusion detection system, the information security manager should recommend that it be placed:
On a screened subnet
To BEST improve the alignment of the information security objectives in an enterprise, the chief information security officer should:
Evaluate a business balanced scorecard (BSC)
Which of the following factors is MOST important for the successful implementation of an enterprise’s information security program?
Senior management support
Management decided that the enterprise will not achieve compliance with a recently issued set of regulations. Which of the following is the MOST likely reason for the decision?
The cost of compliance exceeds the cost of possible sanctions.
Enterprises implement ethics training PRIMARILY to provide guidance to individuals engaged in:
Monitoring user activities
To implement information security governance, an enterprise should FIRST:
Define security strategy
What is the BEST method to verify that all security patches applied to servers were properly documented?
Trace OS patch logs to change control requests
Which of the following choices should be assessed after the likelihood of a loss event has been determined?
The magnitude of impact
Which of the following is the MAIN reason for performing risk assessment on a continuous basis?
The risk environment is constantly changing.
What is the BEST way to ensure that security settings on each platform are in compliance with information security policies and procedures?
Establish security baselines
New regulatory and legal compliance requirements that will have an effect on information security will MOST likely come from the:
Affected departments
Addressing the root cause of an incident is one aspect of which of the following incident management processes?
Eradication
Determining the level of effort needed to meet particular improvement targets in risk management can BEST be determined using which of the following tools?
A gap analysis
Which of the following is MOST important when collecting evidence for forensic analysis?
Ensure the assignment of qualified personnel
An enterprise is transferring its IT operations to an offshore location. An information security manager should PRIMARILY focus on:
Conducting a risk assessment
A financial institution plans to allocate information security resources to each of its business divisions. What areas should security activities focus on?
Areas where threat, likelihood and impact are the greatest.
Who should be assigned as data owner for sensitive customer data that are used only by the sales department and stored in a central database?
The head of the sales department
Which of the following do security policies need to be MOST closely aligned with?
Organizational needs
When creating an effective data-protection strategy, the information security manager must understand the flow of data and its protection at various stages. This is BEST achieved with:
A tailored methodology based on exposure.
Which of the following is MOST essential when assessing risk?
Considering both monetary value and likelihood of loss.
Which of the following is a key component of an incident response policy?
Escalation criteria
An enterprise has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?
Determine the extent of the compromise
Which of the following is the BEST approach for an enterprise desiring to protect its intellectual property?
Restrict access to a need-to-know basis
Which of the following steps should be FIRST in developing an information security plan?
Analyze the current business strategy
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?
Chief operating officer (COO)
What mechanism should be used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?
Security gap analysis
The MOST direct way to accurately determine the control baseline in an IT system is to do which of the following activities?
Review standards and system compliance
Which of the following provides the BEST confirmation that the business continuity plan/disaster recovery plan (BCP/DRP) objectives have been achieved?
The recovery time objective was not exceeded during testing.
Which of the following situations would be of the MOST concern to a security manager?
A Trojan was found installed on a systems administrator’s laptop.
Which of the following would BEST prepare an information security manager for regulatory reviews?
Perform self-assessments using regulatory guidelines and reports.
Which of the following BEST protects confidentiality of information?
Least privilege
Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?
Cost-benefit analysis
An information security manager is in the process of investigating a network intrusion. One of the enterprise’s employees is a suspect. The manager has just obtained the suspect’s computer and hard drive. Which of the following is the BEST next step?
Create an image of the original hard drive
Which of the following choices is the BEST indicator of the state of information security governance?
A defined maturity level
What is a desirable sensitivity setting for a biometric access control system that protects a high-security data center?
A high false reject rate
The MOST useful way to describe the objectives in the information security strategy is through:
Attributes and characteristics of the desired state
Quantifying the level of acceptable risk can BEST be indicated by which of the following choices?
Determining the ratio of business interruption insurance to its cost
Which of the following control measures BEST addresses integrity?
Nonrepudiation
Which of the following measures would be MOST effective against insider threats to confidential information?
Role-based access control
With regard to the implementation of security awareness programs in an enterprise, it is MOST relevant to understand that which one of the following aspects can change?
Threats and vulnerabilities
There is a delay between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?
Identify the vulnerable systems and apply compensating controls
Which of the following choices would be the MOST useful in determining the possible consequences of a major compromise?
Asset valuation
An information security strategy presented to senior management for approval MUST incorporate:
Business priorities
When outsourcing, to ensure that third-party service providers comply with an enterprise security policy, which of the following should occur?
A periodic security audit
Which one of the following measures will BEST indicate the effectiveness of an incident response process?
Reduction of average response time to an incident
The BEST process for assessing an existing risk level is:
A security review
The triage phase of the incident response plan provides:
A snapshot of the current status of all incident activity reported.
Which of the following choices BEST reveals the evolving nature of attacks in an online environment?
Industry tracking groups
Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (2300 hours)?
Systems are vulnerable to new viruses during the intervening week.
The factor that is MOST likely to result in identification of security incidents is:
Security awareness training
The MOST basic requirement for an information security governance program is to:
Be aligned with the corporate business strategy
What is the BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed?
Simulate an attack and review IDS performance
Which of the following should be performed FIRST in the aftermath of a denial-of-service (DoS) attack?
Conduct an assessment to determine system status
When should a request for proposal be issued?
Prior to developing a project budget
Which of the following factors is the MOST significant in determining an enterprise’s risk appetite?
The organizational structure
From an information security perspective, which of the following will have the GREATEST impact on a financial enterprise with offices in various countries and involved in transborder transactions?
Evolving data protection regulations
With which of the following business functions is integration of information security MOST likely to result in risk being addressed as a standard part of production processing?
Quality assurance
The MOST effective way to limit actual and potential impacts of e-discovery in the event of litigation is to:
Develop and enforce comprehensive retention policies
Which of the following choices is the MOST significant single point of failure in a public key infrastructure?
A certificate authority’s (CA) private key
Which of the following choices is the BEST input for the definition of escalation guidelines?
A risk and impact analysis
What is the BEST way to ensure users comply with organizational security requirements for password complexity?
Enable system-enforced password configuration
Information security managers should use risk assessment techniques to:
Justify selection of risk mitigation strategies
Which of the following functions is responsible for determining the members of the enterprise’s response teams?
Information Security
When a large enterprise discovers that it is the subject of a network probe, which of the following actions should be taken?
Monitor the probe and isolate the affected segment
The concept of governance, risk and compliance serves PRIMARILY to:
Align enterprise assurance functions
An enterprise’s board of directors is concerned about recent fraud attempts that originated over the Internet. What action should the board take to address this concern?
Direct executive management to assess the risk and report results to the board
Under what circumstances do good information security practices dictate a full reassessment of risk?
After a material control failure
