©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
CISM Exam Study Guide with Complete Solutions
Acceptable interruption window - Answer✔️✔️-Amount of time that an
organization deems acceptable for a system to be unavailable before the
organization's business objectives are compromised. This is ultimately about risk
management. This should be set before an interruption occurs.
Acceptable use policy - Answer✔️✔️-A policy set by organizations on proper
system usage. An agreement between the organization and client on what is
acceptable performance and expectation of behavior and activity before gaining
access to the system. Part of the overall security documentation infrastructure.
Access controls - Answer✔️✔️-Policies and procedures that determine the
permissions, rights, and privileges of users to data, information systems, or even
the physical building of an organization. Goal: helps to ensure that only people
who are authenticated and authorized can access resources.
Access path - Answer✔️✔️-When a user requests data, the route that a computer
takes to access it. Usually through the operating system, telecommunications
software, application software, and the access control system.
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Access rights - Answer✔️✔️-The permissions granted to users or programs to
access, create, view, modify, or delete data or files within a system. Determined by
data owners and information security policy.
Accountability - Answer✔️✔️-Tracking online activities of a user so they are held
accountable for the actions they take on the data. It relies on effective identification
and authentication. Usually used in audit logs.
Address Resolution Protocol (ARP) - Answer✔️✔️-A basic connectivity protocol.
ARP resolves IPv4 addresses to media access control (MAC) addresses (physical
address of the computer).
Administrative control - Answer✔️✔️-The policies and procedures defined by an
organization's security policy that deals with operational effectiveness, efficiency,
and adherence to regulations and management policies. Examples of these can
include: policies, hiring practices, background checks, classifying and labeling
data, security awareness and training efforts, personnel controls, and testing.
Advance encryption standard (AES) - Answer✔️✔️-An encryption standard used in
symmetric encryption. Replaced 3DES. It is fast, efficient, and strong. Encryption
ensures the confidentiality prong of the CIA triad.
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Alert situation - Answer✔️✔️-When a service interruption has reached a threshold
and an organization can no longer cope with the outage, causing the organization to
escalate into an alert situation.
Algorithm - Answer✔️✔️-A mathematical procedure, a finite set of rules and step-
by-step instructions, especially one that can be followed by a computer. In
cybersecurity, we usually talk about encryption algorithms.
Alternate facilities - Answer✔️✔️-Other buildings or sites that are used in case of an
emergency or disaster situation in which data availability is decreased or lost. This
includes hot sites, warm site, cold sites, and mobile sites, that can be activated as
part of an emergency protocol. The level of preparedness varies from completely
configured with hardware and software and backup servers, to just physical
buildings. Hot sites can be ready within several minutes to an hour of need.
Alternate process - Answer✔️✔️-Steps used to continue critical business function
from point-of-failure to return-to-normal. Used after a disruption of service.
Annual loss expectancy (ALE) - Answer✔️✔️-ALE is used in quantitative risk
assessment, which uses a specific monetary amount to manage risk. The ALE is the
Single loss expectancy (SLE) x Annual rate of occurrence (ARO).
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Anomaly detection - Answer✔️✔️-The process of examining the system for any
deviation from normal.
Anonymous File Transfer Protocol (AFTP) - Answer✔️✔️-A way of downloading
public files using FTP. It does not require the user to identify themselves before
accessing files. Instead, when prompted, the user can type "anonymous" as a
username and "guest" as a password. Often times, an AFTP site will not ask for a
username and password. This is a security concern, as these sites might not be
protected.
Antivirus software - Answer✔️✔️-Software installed on many points in the IT
infrastructure that protects and can eliminate virus code before damage occurs. Can
repair or quarantine infected files.
Application controls - Answer✔️✔️-Policies and procedures that ensure that
objectives of system applications are achieved.
Application layer - Answer✔️✔️-The top layer of the OSI stack, this is a service
layer that allows application programs to communicate with each other. The
application itself is not located within this level. The protocols and services
required to transmit files, exchange messages, and connect to remote terminals are
4
CISM Exam Study Guide with Complete Solutions
Acceptable interruption window - Answer✔️✔️-Amount of time that an
organization deems acceptable for a system to be unavailable before the
organization's business objectives are compromised. This is ultimately about risk
management. This should be set before an interruption occurs.
Acceptable use policy - Answer✔️✔️-A policy set by organizations on proper
system usage. An agreement between the organization and client on what is
acceptable performance and expectation of behavior and activity before gaining
access to the system. Part of the overall security documentation infrastructure.
Access controls - Answer✔️✔️-Policies and procedures that determine the
permissions, rights, and privileges of users to data, information systems, or even
the physical building of an organization. Goal: helps to ensure that only people
who are authenticated and authorized can access resources.
Access path - Answer✔️✔️-When a user requests data, the route that a computer
takes to access it. Usually through the operating system, telecommunications
software, application software, and the access control system.
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Access rights - Answer✔️✔️-The permissions granted to users or programs to
access, create, view, modify, or delete data or files within a system. Determined by
data owners and information security policy.
Accountability - Answer✔️✔️-Tracking online activities of a user so they are held
accountable for the actions they take on the data. It relies on effective identification
and authentication. Usually used in audit logs.
Address Resolution Protocol (ARP) - Answer✔️✔️-A basic connectivity protocol.
ARP resolves IPv4 addresses to media access control (MAC) addresses (physical
address of the computer).
Administrative control - Answer✔️✔️-The policies and procedures defined by an
organization's security policy that deals with operational effectiveness, efficiency,
and adherence to regulations and management policies. Examples of these can
include: policies, hiring practices, background checks, classifying and labeling
data, security awareness and training efforts, personnel controls, and testing.
Advance encryption standard (AES) - Answer✔️✔️-An encryption standard used in
symmetric encryption. Replaced 3DES. It is fast, efficient, and strong. Encryption
ensures the confidentiality prong of the CIA triad.
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Alert situation - Answer✔️✔️-When a service interruption has reached a threshold
and an organization can no longer cope with the outage, causing the organization to
escalate into an alert situation.
Algorithm - Answer✔️✔️-A mathematical procedure, a finite set of rules and step-
by-step instructions, especially one that can be followed by a computer. In
cybersecurity, we usually talk about encryption algorithms.
Alternate facilities - Answer✔️✔️-Other buildings or sites that are used in case of an
emergency or disaster situation in which data availability is decreased or lost. This
includes hot sites, warm site, cold sites, and mobile sites, that can be activated as
part of an emergency protocol. The level of preparedness varies from completely
configured with hardware and software and backup servers, to just physical
buildings. Hot sites can be ready within several minutes to an hour of need.
Alternate process - Answer✔️✔️-Steps used to continue critical business function
from point-of-failure to return-to-normal. Used after a disruption of service.
Annual loss expectancy (ALE) - Answer✔️✔️-ALE is used in quantitative risk
assessment, which uses a specific monetary amount to manage risk. The ALE is the
Single loss expectancy (SLE) x Annual rate of occurrence (ARO).
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Anomaly detection - Answer✔️✔️-The process of examining the system for any
deviation from normal.
Anonymous File Transfer Protocol (AFTP) - Answer✔️✔️-A way of downloading
public files using FTP. It does not require the user to identify themselves before
accessing files. Instead, when prompted, the user can type "anonymous" as a
username and "guest" as a password. Often times, an AFTP site will not ask for a
username and password. This is a security concern, as these sites might not be
protected.
Antivirus software - Answer✔️✔️-Software installed on many points in the IT
infrastructure that protects and can eliminate virus code before damage occurs. Can
repair or quarantine infected files.
Application controls - Answer✔️✔️-Policies and procedures that ensure that
objectives of system applications are achieved.
Application layer - Answer✔️✔️-The top layer of the OSI stack, this is a service
layer that allows application programs to communicate with each other. The
application itself is not located within this level. The protocols and services
required to transmit files, exchange messages, and connect to remote terminals are
4
