CISM – 6 Practice Questions and Answers (100% Pass)

©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 1 CISM – 6 Practice Questions and Answers (100% Pass) A. Validation checks are missing in data input pages. - Answer️️ -ID.Which of the following vulnerabilities allowing attackers access to the application database is the MOST serious? A. Validation checks are missing in data input pages. B. Password rules do not allow sufficient complexity. C. Application transaction log management is weak. D. Application and database share a single access B. Encryption of stored data - Answer️️ -Which of the following is the MOST effective security measure to protect data held on mobile computing devices? A.Biometric access control ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 B. Encryption of stored data C.Power-on passwords D. Protection of data being transmitted D. the threats and vulnerabilities - Answer️️ -With regard to the implementation of security awareness programs in an organization, it is MOST relevant to understand that one of the following aspects can change? A. The security culture B. The information technology C. The compliance requirements ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 D. the threats and vulnerabilities D. the data owner - Answer️️ -Who is in the BEST position to determine the level of information security needed for a specific business application? A.The system developer B. The information security manager C. The system custodian D. the data owner B.Employ packet filtering to drop suspect packets. - Answer️️ -What is the BEST method for mitigating against network denial-of-service (DoS) attacks? A.Ensure all servers are up-to-date on OS patches. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 B.Employ packet filtering to drop suspect packets. C. Implement network address translation to make internal addresses nonroutable. D. Implement load balancing for Internet facing devices. D. Reduces financial risk but leaves legal responsibility generally unchanged. - Answer️️ -Outsourcing combined with indemnification: A.reduces legal responsibility but leaves financial risk relatively unchanged. B.Is more cost-effective as a means of risk transfer than purchasing insurance. C.Eliminates the reputational risk present when operations remain in-house. D. Reduces financial risk but leaves legal responsibility generally unchanged. B. Preserving the integrity of the evidence - Answer️️ -What is the PRIMARY focus if an organization considers taking legal action on a security incident? ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 5 A.Obtaining evidence as soon as possible B. Preserving the integrity of the evidence C. Disconnecting all IT equipment involved D.Reconstructing the sequence of events C. Define and monitor security metrics. - Answer️️ -Which of the following is the BEST approach for improving information security management processes? A. Conduct periodic security audits. B. Perform periodic penetration testing. C. Define and monitor security metrics. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 6 D. Survey business units for feedback. C. Use third-party providers for low-risk activities. - Answer️️ -Which of the following is the BEST approach to deal with inadequate funding of the information security program? A. Eliminate low-priority security services. B. Require management to accept the increased risk. C. Use third-party providers for low-risk activities. D.Reduce monitoring and compliance enforcement activities. B. Percent of control objectives accomplished - Answer️️ -Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program? ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 7 A. Number of controls implemented B. Percent of control objectives accomplished C. Percent of compliance with the security policy D. Reduction in the number of reported security incidents D. The extent of data loss that is acceptable - Answer️️ -Which of the following items is MOST important to determine the recovery point objective for a critical process in an enterprise? A. The number of hours of acceptable downtime B. The total cost of recovering critical systems C. The acceptable reduction in the level of service ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 8 D. The extent of data loss that is acceptable - Answer️️ -An organization's IT change management process requires that all change requests be approved by the asset owner and the information security manager. The PRIMARY objective of getting the information security manager's approval is to ensure that: A. A change affecting a security policy is not handled by an IT change process. B. Changes in the IT infrastructure may have an impact on existing risk. An information security manager must ensure that the proposed changes do not adversely affect the security posture. C. Rollback to a current state may cause a security risk event and is normally part of change management, but is not the primary reason that security is involved in the review. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 9 D. The person who initiates a change has no effect on the person who re