Download Certified Information Security Manager.CISM.Train4Sure.2020-02-28.643q.vcex

Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Feb 28, 2020
File Size: 537 KB
Downloads: 1

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Senior management commitment and support for information security can BEST be obtained through presentations that:
  1. use illustrative examples of successful attacks.
  2. explain the technical risks to the organization.
  3. evaluate the organization against best security practices.
  4. tie security risks to key business objectives.
Correct answer: D
Explanation:
Senior management seeks to understand the business justification for investing in security. This can best be accomplished by tying security to key business objectives. Senior management will not be as interested in technical risks or examples of successful attacks if they are not tied to the impact on business environment and objectives. Industry best practices are important to senior management but, again, senior management will give them the right level of importance when they are presented in terms of key business objectives.
Senior management seeks to understand the business justification for investing in security. This can best be accomplished by tying security to key business objectives. Senior management will not be as interested in technical risks or examples of successful attacks if they are not tied to the impact on business environment and objectives. Industry best practices are important to senior management but, again, senior management will give them the right level of importance when they are presented in terms of key business objectives.
Question 2
Successful implementation of information security governance will FIRST require:
  1. security awareness training.
  2. updated security policies.
  3. a computer incident management team.
  4. a security architecture.
Correct answer: B
Explanation:
Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
Question 3
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?
  1. Information security manager
  2. Chief operating officer (COO)
  3. Internal auditor
  4. Legal counsel
Correct answer: B
Explanation:
The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.
The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.
Question 4
The MOST important component of a privacy policy is:
  1. notifications.
  2. warranties.
  3. liabilities.
  4. geographic coverage.
Correct answer: A
Explanation:
Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.
Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.
Question 5
The cost of implementing a security control should not exceed the:
  1. annualized loss expectancy.
  2. cost of an incident.
  3. asset value.
  4. implementation opportunity costs.
Correct answer: C
Explanation:
The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses drat are expected to happen during a single calendar year. A security mechanism may cost more than this amount (or the cost of a single incident) and still be considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an item or the making of a business decision.
The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses drat are expected to happen during a single calendar year. A security mechanism may cost more than this amount (or the cost of a single incident) and still be considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an item or the making of a business decision.
Question 6
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
  1. organizational risk.
  2. organization wide metrics.
  3. security needs.
  4. the responsibilities of organizational units.
Correct answer: A
Explanation:
Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.
Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.
Question 7
Which of the following roles would represent a conflict of interest for an information security manager?
  1. Evaluation of third parties requesting connectivity
  2. Assessment of the adequacy of disaster recovery plans
  3. Final approval of information security policies
  4. Monitoring adherence to physical security controls
Correct answer: C
Explanation:
Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.
Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.
Question 8
Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?
  1. The information security department has difficulty filling vacancies.
  2. The chief information officer (CIO) approves security policy changes.
  3. The information security oversight committee only meets quarterly.
  4. The data center manager has final signoff on all security projects.
Correct answer: D
Explanation:
A steering committee should be in place to approve all security projects. The fact that the data center manager has final signoff for all security projects indicates that a steering committee is not being used and that information security is relegated to a subordinate place in the organization. This would indicate a failure of information security governance. It is not inappropriate for an oversight or steering committee to meet quarterly. Similarly, it may be desirable to have the chief information officer (CIO) approve the security policy due to the size of the organization and frequency of updates. Difficulty in filling vacancies is not uncommon due to the shortage of good, qualified information security professionals.
A steering committee should be in place to approve all security projects. The fact that the data center manager has final signoff for all security projects indicates that a steering committee is not being used and that information security is relegated to a subordinate place in the organization. This would indicate a failure of information security governance. It is not inappropriate for an oversight or steering committee to meet quarterly. Similarly, it may be desirable to have the chief information officer (CIO) approve the security policy due to the size of the organization and frequency of updates. Difficulty in filling vacancies is not uncommon due to the shortage of good, qualified information security professionals.
Question 9
It is MOST important that information security architecture be aligned with which of the following?
  1. Industry best practices
  2. Information technology plans
  3. Information security best practices
  4. Business objectives and goals
Correct answer: D
Explanation:
Information security architecture should always be properly aligned with business goals and objectives. Alignment with IT plans or industry and security best practices is secondary by comparison.
Information security architecture should always be properly aligned with business goals and objectives. Alignment with IT plans or industry and security best practices is secondary by comparison.
Question 10
Which of the following is MOST likely to be discretionary?
  1. Policies
  2. Procedures
  3. Guidelines
  4. Standards
Correct answer: C
Explanation:
Policies define security goals and expectations for an organization. These are defined in more specific terms within standards and procedures. Standards establish what is to be done while procedures describe how it is to be done. Guidelines provide recommendations that business management must consider in developing practices within their areas of control; as such, they are discretionary.
Policies define security goals and expectations for an organization. These are defined in more specific terms within standards and procedures. Standards establish what is to be done while procedures describe how it is to be done. Guidelines provide recommendations that business management must consider in developing practices within their areas of control; as such, they are discretionary.
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!