CISM Domain 3 Practice Questions and Answers (100% Pass)

CISM Domain 3 Practice Questions and Answers (100% Pass) Which of the following devices should be placed within a DMZ? - Answer️️ - mail relay An intrusion detection system should be placed: - Answer️️ -on a screened subnet The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to: - Answer️️ -permit traffic load balancing On which of the following should a firewall be placed? - Answer️️ -domain boundary Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database? - Answer️️ -screened subnets A border router should be placed on which of the following? - Answer️️ -domain boundary ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 Which of the following is the MOST important consideration when securing customer credit card data acquired by a point- of-sale (POS) cash register? - Answer️️ -encryption Which of the following is the MOST important risk associated with middleware in a client-server environment? - Answer️️ -system integrity may be affected Which of the following security mechanisms is MOST - Answer️️ - effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network? - Answer️️ -safeguards over keys In the process of deploying a new email system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new email system implementation? - Answer️️ -encryption Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser? - Answer️️ -certificate-based authentication of web client A message that has been encrypted by the sender's private key and again by the receiver's public key achieves: - Answer️️ -confidentiality and nonrepudiation ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following? - Answer️️ -trojan Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message? - Answer️️ -encrypting first by sender's private key and second by receiver's public key In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement: - Answer️️ -a strong authentication The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to: - Answer️️ -provide a high assurance of identity What is the BEST policy for securing data on mobile universal serial bus (USB) drives? - Answer️️ -encryption A digital signature using a public key infrastructure (PKI) will: - Answer️️ -rely on the extent to which the certificate authority (CA) is trusted Which of the following is MOST useful in managing increasingly complex security deployments? - Answer️️ -a security architecture ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 Which of the following control measures BEST addresses integrity? - Answer️️ - nonrepudiation Which of the following is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted? - Answer️️ -install a honeypot on the network An information security manager reviewing firewall rules will be MOST concerned if the firewall allows: - Answer️️ -source routing Which of the following presents the GREATEST exposure to internal attack on a network? - Answer️️ -user passwords are encoded but not encrypted Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts? - Answer️️ -implementation of lock-out policies The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that: - Answer️️ -the existence of messages is unknown Minimum standards for securing the technical infrastructure should be defined in a security: - Answer️️ -architecture Obtaining another party's public key is required to initiate which of the following activities? - Answer️️ -authentication ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 5 The MOST effective technical approach to mitigate the risk of confidential information being disclosed in email attachments is to implement: - Answer️️ - content filtering An organization is planning to deliver subscription-based educational services to customers online that will require customers to log in with their user IDs and passwords. Which of the following is the BEST method to validate passwords entered by a customer before access to educational resources is granted? - Answer️️ -hashing Integrating a number of different activities in the development of an inf