CISM - Latest Training Dumps

NEUE FRAGE 130
An organization with a strict need-to-know information access policy is about to launch a knowledge management intranet. Which of the following is the MOST important activity to ensure compliance with existing security policies?

Develop a control procedure to check content before it is published.

Change organization policy to allow wider use of the new web site.

Password-protect documents that contain confidential information.

Ensure that access to the web site is limited to senior managers and the board.

NEUE FRAGE 131
Which of the following is a potential indicator of inappropriate Internet use by staff?

Increased help desk calls for password resets

Reduced number of pings on firewalls

Increased reports of slow system performance

Increased number of weakness from vulnerability scans

NEUE FRAGE 132
When establishing metrics for an information security program, the BEST approach is to identify indicators that:

reduce information security program spending.

support major information security initiatives.

reflect the corporate risk culture.

demonstrate the effectiveness of the security program.

NEUE FRAGE 133
An organization’s CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager.
Which of the following is the MOST significant issue with the development of this committee?

The committee consists of too many senior executives.

The committee lacks sufficient business representation.

There is a conflict of interest between the business and IT.

The CIO is not taking charge of the committee.

NEUE FRAGE 134
Which of the following is BEST used to determine the maturity of an information security program?

Security budget allocation

Organizational risk appetite

Risk assessment results

Security metrics

NEUE FRAGE 135
An intrusion detection system (IDS) should:

run continuously

ignore anomalies

require a stable, rarely changed environment

be located on the network

NEUE FRAGE 136
Which of the following BEST reduces the likelihood of leakage of private information via email?

User awareness training

Email encryption

Strong user authentication protocols

Prohibition on the personal use of email

NEUE FRAGE 137
Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?

Outsource compliance activities.

Obtain annual sign-off from executive management.

Send the policies to stakeholders for review.

Align the policies to the most stringent global regulations.

NEUE FRAGE 138
Which of the following is the PRIMARY reason that an information security manager would contract with an external provider to perform penetration testing?

To obtain an independent network security certification

To mitigate gaps in technical skills

To obtain an independent view of vulnerabilities

To obtain the full list of system vulnerabilities

NEUE FRAGE 139
Recovery point objectives (RPOs) can be used to determine which of the following?

Maximum tolerable period of data loss

Maximum tolerable downtime

Baseline for operational resiliency

Time to restore backups

NEUE FRAGE 140
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

Adopt the cloud provider’s incident response procedures.

Transfer responsibility for incident response to the cloud provider.

Continue using the existing incident response procedures.

Revise incident response procedures to encompass the cloud environment.

NEUE FRAGE 141
Which of the following is MOST important in increasing the effectiveness of incident responders?

Communicating with the management team

Integrating staff with the IT department

Testing response scenarios

Reviewing the incident response plan annually

NEUE FRAGE 142
When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:

calculating the residual risk.

enforcing the security standard.

redesigning the system change.

implementing mitigating controls.

NEUE FRAGE 143
When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?

Assigning responsibility for acquiring the data

Locating the data and preserving the integrity of the data

Creating a forensically sound image

Issuing a litigation hold to all affected parties

NEUE FRAGE 144
A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. The MOST likely reason for this decision is:

the cost of implementing controls exceeds the potential financial losses.

the risk assessment has not defined the likelihood of occurrence.

executive management is not aware of the impact potential.

the reported vulnerability has not been validated.

NEUE FRAGE 145
A software vendor has announced a zero-day vulnerability that exposes an organization’s critical business systems, following should be the information security manager’s PRIMARY concern?

Business tolerance of downtime

Adequacy of the incident response plan

Availability of resources to implement controls

Ability to test patches prior to deployment

NEUE FRAGE 146
Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Availability of current infrastructure documentation

Capability to take a snapshot of virtual machines

Availability of web application firewall logs

Capability of online virtual machine analysis

Kategorie CISM

UPDATED [Feb 24, 2025] Pass Certified Information Security Manager Exam with Latest Questions [Q130-Q146]