Certified Information Security Manager Test Questions with Answers

Certified Information Security Manager Test Questions with Answers Risk analysis is where the level of risk and its nature are assessed and understood, and it should: A. Be based on the profiles of similar companies B. Provide an equal degree of protection for all assets C. Equally consider the potential size and likelihood of loss D. Provide more weight to the likelihood vs. the size of loss - Answer -C. Equally consider the potential size and likelihood of loss Risk management is different in each organization based on an organization's appetite for risk. Understanding organizational risks and an organization's business objectives assists in this process. It is not practical to eliminate all risk and therefore a risk manager should strive for: A. Achieving a risk and organizational goals equilibrium B. Reducing risk to an acceptable level C. Ensuring that policy development considers organizational structure D. Addressing external regulation as threats - Answer -B. Reducing risk to an acceptable level When contracting with an outsourced party to provide security administrators, which is the most important contractual element? A. Right -to-terminate clause B. Limitations of liability C. Service Level Agreement, SLA D. Financial penalties clause - Answer -C. Service Level Agreement, SLA All actions dealing with incidents must be worked with cyclical consideration. What is the primary post -incident review takeaway? A. Pursuit of legal action B. Identify personnel failures C. Incident management report D. Derive ways to improve the response process - Answer -not c In order to implement a successful information security program, it is vital to have: A. Emerging security technologies training B. Communication channels with process owners C. Comprehensive policies and standards and procedures D. Commitment from executive management - Answer -D. Commitment from executive management Because risks both internal and external are continuously changing, a risk assessment should be conducted: A. Once a year for each business process area and sub -process B. As regulatory requirements are released per FISMA C. By external parties to maintain objectivity D. Annually or whenever there is a significant change - Answer -not b or c To address the ever changing risk and threat, an effective risk management program should: A. Ensure the establishment of continuous monitoring processes B. Establish proper security baselines for all information resources C. Create a Disaster Recovery Plan D. Change security policies on a timely basis to address changing risks - Answer -not b or d Along with attention to detail what is an additional quality required of an incident handler? A. Presentation skills B. Ability to speak to the media C. Certification and training D. Ability to handle stress - Answer -D. Ability to handle stress