CISM Exam Exam Questions And Answers Verified
100% Correct
Which of the following is MOST appropriate for inclusion in an information security
strategy? A.
Business controls designated as key controls B.
Security processes, methods, tools and techniques C.
Firewall rule sets, network defaults and intrusion detection system (IDS) settings D.
Budget estimates to acquire specific security tools - ANSWER- B.
Security processes, methods, tools and techniques
Senior management commitment and support for information security will BEST be
attained by an information security manager by emphasizing: A.
organizational risk. B.
organization wide metrics. C.
security needs. D.
the responsibilities of organizational units. - ANSWER- A. organizational
risk.
Which of the following roles would represent a conflict of interest for an information
security
manager?
A.
Evaluation of third parties requesting connectivity
B.
Assessment of the adequacy of disaster recovery plans
C.
Final approval of information security policies
D.
Monitoring adherence to physical security controls - ANSWER- C.
Final approval of information security policies
Which of the following situations must be corrected FIRST to ensure successful
information
security governance within an organization?
A.
The information security department has difficulty filling vacancies.
B.
The chief information officer (CIO) approves security policy changes.
,C.
The information security oversight committee only meets quarterly.
D.
The data center manager has final signoff on all security projects. - ANSWER- D.
The data center manager has final signoff on all security projects.
Which of the following requirements would have the lowest level of priority in information
security?
A.
Technical
B.
Regulatory
C.
Privacy
D.
Business - ANSWER- A.
Technical
When an organization hires a new information security manager, which of the following
goals
should this individual pursue FIRST?
A.
Develop a security architecture
B.
Establish good communication with steering committee members
C.
Assemble an experienced staff
D.
Benchmark peer organizations - ANSWER- B.
Establish good communication with steering committee members
It is MOST important that information security architecture be aligned with which of the
following?
A.
Industry best practices
B.
Information technology plans
C.
Information security best practices
D.
Business objectives and goals - ANSWER- D.
Business objectives and goals
,Which of the following is MOST likely to be discretionary?
A.
Policies
B.
Procedures
C. Guidelines
D.
Standards - ANSWER- C.
Guidelines
Security technologies should be selected PRIMARILY on the basis of their:
A.
ability to mitigate business risks.
B.
evaluations in trade publications.
C.
use of new and emerging technologies.
D.
benefits in comparison to their costs. - ANSWER- A.
ability to mitigate business risks.
, Which of the following are seldom changed in response to technological changes?
A.
Standards
B.
Procedures
C.
Policies
D.
Guidelines - ANSWER- C.
Policies
The MOST important factor in planning for the long-term retention of electronically
stored business
records is to take into account potential changes in:
A.
storage capacity and shelf life.
B.
regulatory and legal requirements.
C.
business strategy and direction.
D.
application systems and media. - ANSWER- D.
application systems and media.
Which of the following is characteristic of decentralized information security
management across a
geographically dispersed organization?
100% Correct
Which of the following is MOST appropriate for inclusion in an information security
strategy? A.
Business controls designated as key controls B.
Security processes, methods, tools and techniques C.
Firewall rule sets, network defaults and intrusion detection system (IDS) settings D.
Budget estimates to acquire specific security tools - ANSWER- B.
Security processes, methods, tools and techniques
Senior management commitment and support for information security will BEST be
attained by an information security manager by emphasizing: A.
organizational risk. B.
organization wide metrics. C.
security needs. D.
the responsibilities of organizational units. - ANSWER- A. organizational
risk.
Which of the following roles would represent a conflict of interest for an information
security
manager?
A.
Evaluation of third parties requesting connectivity
B.
Assessment of the adequacy of disaster recovery plans
C.
Final approval of information security policies
D.
Monitoring adherence to physical security controls - ANSWER- C.
Final approval of information security policies
Which of the following situations must be corrected FIRST to ensure successful
information
security governance within an organization?
A.
The information security department has difficulty filling vacancies.
B.
The chief information officer (CIO) approves security policy changes.
,C.
The information security oversight committee only meets quarterly.
D.
The data center manager has final signoff on all security projects. - ANSWER- D.
The data center manager has final signoff on all security projects.
Which of the following requirements would have the lowest level of priority in information
security?
A.
Technical
B.
Regulatory
C.
Privacy
D.
Business - ANSWER- A.
Technical
When an organization hires a new information security manager, which of the following
goals
should this individual pursue FIRST?
A.
Develop a security architecture
B.
Establish good communication with steering committee members
C.
Assemble an experienced staff
D.
Benchmark peer organizations - ANSWER- B.
Establish good communication with steering committee members
It is MOST important that information security architecture be aligned with which of the
following?
A.
Industry best practices
B.
Information technology plans
C.
Information security best practices
D.
Business objectives and goals - ANSWER- D.
Business objectives and goals
,Which of the following is MOST likely to be discretionary?
A.
Policies
B.
Procedures
C. Guidelines
D.
Standards - ANSWER- C.
Guidelines
Security technologies should be selected PRIMARILY on the basis of their:
A.
ability to mitigate business risks.
B.
evaluations in trade publications.
C.
use of new and emerging technologies.
D.
benefits in comparison to their costs. - ANSWER- A.
ability to mitigate business risks.
, Which of the following are seldom changed in response to technological changes?
A.
Standards
B.
Procedures
C.
Policies
D.
Guidelines - ANSWER- C.
Policies
The MOST important factor in planning for the long-term retention of electronically
stored business
records is to take into account potential changes in:
A.
storage capacity and shelf life.
B.
regulatory and legal requirements.
C.
business strategy and direction.
D.
application systems and media. - ANSWER- D.
application systems and media.
Which of the following is characteristic of decentralized information security
management across a
geographically dispersed organization?
