Download Certified Information Security Manager.CISM.VCEplus.2025-01-28.237q.vcex
| Vendor: | Financial |
| Exam Code: | CISM |
| Exam Name: | Certified Information Security Manager |
| Date: | Jan 28, 2025 |
| File Size: | 174 KB |
| Downloads: | 5 |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
- Intrusion detection
- Log monitoring
- Patch management
- Antivirus software
Correct answer: C
Question 2
Which of the following is the FIRST step to establishing an effective information security program?
- Conduct a compliance review.
- Assign accountability.
- Perform a business impact analysis (BIA).
- Create a business case.
Correct answer: D
Question 3
An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued.
Approval of risk acceptance should be provided by:
- the chief risk officer (CRO).
- business senior management.
- the information security manager.
- the compliance officer.
Correct answer: B
Question 4
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
- Disaster recovery plan (DRP)
- Incident response plan
- Business continuity plan (BCP)
- Business contingency plan
Correct answer: C
Question 5
A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?
- The time and location that the breach occurred
- Evidence of previous incidents caused by the user
- The underlying reason for the user error
- Appropriate disciplinary procedures for user error
Correct answer: C
Question 6
Which of the following is the BEST indicator of an organization's information security status?
- Intrusion detection log analysis
- Controls audit
- Threat analysis
- Penetration test
Correct answer: B
Question 7
An organization recently outsourced the development of a mission-critical business application.
Which of the following would be the BEST way to test for the existence of backdoors?
- Scan the entire application using a vulnerability scanning tool.
- Run the application from a high-privileged account on a test system.
- Perform security code reviews on the entire application.
- Monitor Internet traffic for sensitive information leakage.
Correct answer: C
Question 8
The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:
- reduces unauthorized access to systems.
- promotes efficiency in control of the environment.
- prevents inconsistencies in information in the distributed environment.
- allows administrative staff to make management decisions.
Correct answer: D
Question 9
Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?
- Review the previous risk assessment and countermeasures.
- Perform a new risk assessment,
- Evaluate countermeasures to mitigate new risks.
- Transfer the new risk to a third party.
Correct answer: C
Question 10
Which of the following is the BEST indication of an effective information security awareness training program?
- An increase in the frequency of phishing tests
- An increase in positive user feedback
- An increase in the speed of incident resolution
- An increase in the identification rate during phishing simulations
Correct answer: D
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!