Pass CISM EXAM - Exam Questions
If you want to buy complete file visit: https://www.udemy.com/course/cism-exam-questions-for-the-year-2020/?instructorPreviewMode=guest
OR
Email: moonintdubai@gmail.com
1
An information security manager suspects that the organization has suffered a ransomware attack. What should be done FIRST?
- Notify senior management.
- Confirm the infection.
- Isolate the affected systems.
- Alert employees to the attack.
ANS: 2
2
In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security?
- Frequency of status reporting
- Compliance with security requirements
- Intellectual property
- Nondisclosure clause
ANS: 2
3
Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?
- Statistical pattern recognition
- Traffic analysis
- Attack signatures
- Heuristic analysis
ANS: 3
4
The BEST time to ensure that a corporation acquires secure software products when outsourcing software development is during:
- security policy development.
- corporate security reviews.
- contract performance audits.
- contract negotiation.
ANS: 1
5
Which of the following is the BEST way for an information security manager to identify compliance with information security policies within
- Analyze system logs.
- Conduct periodic audits.
- Perform vulnerability assessments.
- Conduct security awareness testing.
ANS: 2
6
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following is True?
- The privacy program does not include a formal training component.
- The organization does not have a dedicated privacy officer.
- Privacy policies are only reviewed annually.
- The organization uses a decentralized privacy governance structure.
ANS: 4
7
Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?
- Change control procedures
- Regular risk reporting
- Incident monitoring activities
- Risk monitoring processes
ANS: 4
8
In which of the following ways can an information security manager BEST ensure that security controls are adequate for supporting busines
- Reviewing results of the annual company external audit
- Adopting internationally accepted controls
- Using the risk management process
- Enforcing strict disciplinary procedures in case of noncompliance
ANS: 3
9
Following a successful and well-publicized hacking incident, an organization has plans to improve application security. Which of the following is True?
- Resources may not be available to support the implementation.
- Critical evidence may be lost.
- A trapdoor may have been installed in the application.
- The reputation of the organization may be damaged.
ANS: 1
10
Which of the following would be MOST important to consider when implementing security settings for a new system?
- Industry best practices applicable to the business
- Business objectives and related IT risk
- Results from internal and external audits
- Government regulations and related penalties
Ans: 2
No comments:
Post a Comment