Pass Your Exam With 100% Verified CISM Exam Questions

CISM Dumps PDF - CISM Real Exam Questions Answers

ISACA CISM: What requirements should you meet?

The ISACA CISM certificate is available for those individuals who have technical and IS/IT experience and are ready to become a Manager. It validates your expertise in risk management, incident management, security governance, as well as program management and development. This certification proves your knowledge in the following domains:

• Information Security Program Development & Management;
• Information Security Incident Management;
• Information Risk Management;
• Information Security Governance.

ISACA recommends all the potential candidates to have at least 5 years of experience in the IS management. To become eligible for this certification, you also need to pass one exam.

4. Information Security Incident Management – 19%

This is the last subject area you need to successfully master to get the CISM certification. Therefore, you should be ready to demonstrate the following knowledge:

• Knowledge of the main components of an incident response plan and the concepts and practices of its management;
• Knowledge of escalation processes;
• Knowledge and ability to effectively equip incident response teams through their training and tools;
• To detect and analyze information security events, one should have knowledge of technologies.
• Knowledge of the relationship of business continuity planning and disaster recovery planning to the incident response plan;

There are many types of study materials offered by ISACA, which are available in English, Japanese, Spanish, and Chinese. You can find training videos and eBooks. Thus, you can go for the following guides that are available on Amazon to learn the exam topics:

• CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition by Peter H. Gregory;
• CISM Review Manual.

The vendor also offers virtual instructor-led training, on-site courses, online review courses, and a lot of other resources. Attending an online course a week or two before the exam can also be beneficial. It is intended solely to prepare you for the test and the instructors may sometimes point to the topics you should pay attention to. After its completion, you will have the CISM Self-Assessment exam with 75 questions that will show you how much you are prepared for the actual test. If you have done this assessment well, then you do not have to be worried about the real exam. The online course covers all the objectives and offers you plenty of interactive workbooks, case study activities, and interactive modules.

 

NEW QUESTION 142
Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?

• A. Embedded steganographic
• B. Two-factor authentication
• C. Biometric authentication
• D. Embedded digital signature

Answer: D

Explanation:
Digital signatures ensure that transmitted information can be attributed to the named sender; this provides nonrepudiation. Steganographic techniques are used to hide messages or data within other files. Biometric and two-factor authentication is not generally used to protect internet data transmissions.

 

NEW QUESTION 143
A desktop computer that was involved in a computer security incident should be secured as evidence by:

• A. encrypting local files and uploading exact copies to a secure server.
• B. copying all files using the operating system (OS) to write-once media.
• C. disconnecting the computer from all power sources.
• D. disabling all local user accounts except for one administrator.

Answer: C

Explanation:
Explanation
To preserve the integrity of the desktop computer as an item of evidence, it should be immediately disconnected from all sources of power. Any attempt to access the information on the computer by copying, uploading or accessing it remotely changes the operating system (OS) and temporary files on the computer and invalidates it as admissible evidence.

 

NEW QUESTION 144
Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?

• A. Sufficient coverage of the insurance policy for accidental losses
• B. Disclosure of personal information
• C. Intrinsic value of the data stored on the equipment
• D. Replacement cost of the equipment

Answer: C

Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
When mobile equipment is lost or stolen, the information contained on the equipment matters most in determining the impact of the loss. The more sensitive the information, the greater the liability. If staff carries mobile equipment for business purposes, an organization must develop a clear policy as to what information should be kept on the equipment and for what purpose. Personal information is not defined in the question as the data that were lost. Insurance may be a relatively smaller issue as compared with information theft or opportunity loss, although insurance is also an important factor for a successful business. Cost of equipment would be a less important issue as compared with other choices.

 

NEW QUESTION 145
The PRIMARY reason for implementing scenario-based training for incident response is to:

• A. ensure staff knows where to report in the event evacuation is required.
• B. verify threats and vulnerabilities faced by the incident response team.
• C. help incident response team members understand their assigned roles.
• D. assess the timeliness of the incident team response and remediation.

Answer: C

 

NEW QUESTION 146
During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST help to prevent this occurrence?

• A. Improvements to incident identification methods
• B. Validation of senior management's risk tolerance
• C. More effective disaster recovery plan (DRP) testing
• D. Updates to the business impact analysis (BIA)

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT

 

NEW QUESTION 147
An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:

• A. establish a baseline standard incorporating those requirements that all jurisdictions have in common.
• B. establish baseline standards for all locations and add supplemental standards as required.
• C. bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
• D. bring all locations into conformity with a generally accepted set of industry best practices.

Answer: B

Explanation:
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
It is more efficient to establish a baseline standard and then develop additional standards for locations that must meet specific requirements. Seeking a lowest common denominator or just using industry best practices may cause certain locations to fail regulatory compliance. The opposite approach-forcing all locations to be in compliance with the regulations places an undue burden on those locations.

 

NEW QUESTION 148
If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:

• A. obtaining evidence as soon as possible.
• B. preserving the integrity of the evidence.
• C. disconnecting all IT equipment involved.
• D. reconstructing the sequence of events.

Answer: B

Explanation:
The integrity of evidence should be kept, following the appropriate forensic techniques to obtain the evidence and a chain of custody procedure to maintain the evidence (in order to be accepted in a court of law). All other options are pan of the investigative procedure, but they are not as important as preserving the integrity of the evidence.

 

NEW QUESTION 149
What should be an organization'e. MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?

• A. Where the application resides
• B. Application ownership
• C. Availability of providers services
• D. Internal audit requirements

Answer: C

 

NEW QUESTION 150
Relationships among security technologies are BEST defined through which of the following?

• A. Process improvement models
• B. Network topology
• C. Security architecture
• D. Security metrics

Answer: C

Explanation:
Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain the use and relationships of security technologies. Process improvement models and network topology diagrams also do not describe the use and relationships of these technologies.

 

NEW QUESTION 151
Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?

• A. Applying patches
• B. Backing up files
• C. Changing access rules
• D. Upgrading hardware

Answer: B

Explanation:
If malicious code is not immediately detected, it will most likely be backed up as a part of the normal tape backup process. When later discovered, the code may be eradicated from the device but still remain undetected ON a backup tape. Any subsequent restores using that tape may reintroduce the malicious code. Applying patches, changing access rules and upgrading hardware does not significantly increase the level of difficulty.

 

NEW QUESTION 152
Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?

• A. Review the service providers' information security policies and procedures.
• B. Conduct regular vulnerability assessments on the service providers' IT systems.
• C. Provide information security awareness training to service provider staff.
• D. Perform regular audits on the service providers' applicable controls.

Answer: D

 

NEW QUESTION 153
Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?

• A. User awareness
• B. Strong passwords that are changed periodically
• C. Implementation of lock-out policies
• D. Passwords stored in encrypted form

Answer: C

Explanation:
Implementation of account lock-out policies significantly inhibits brute-force attacks. In cases where this is not possible, strong passwords that are changed periodically would be an appropriate choice. Passwords stored in encrypted form w ill not defeat an online brute-force attack if the password itself is easily guessed. User awareness would help but is not the best approach of the options given.

 

NEW QUESTION 154
Which of the following is the BEST indication that an organization is able to comply with information security requirements?

• A. Internal audit has not identified significant information security findings
• B. Maturity assessments have been performed for key business processes.
• C. Information security is included in business processes
• D. Senior management has approved the information security strategy.

Answer: C

 

NEW QUESTION 155
Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?

• A. Security baselines
• B. Virus detection
• C. Patch management
• D. Change management

Answer: D

Explanation:
Change management controls the process of introducing changes to systems. This is often the point at which a weakness will be introduced. Patch management involves the correction of software weaknesses and would necessarily follow change management procedures. Security baselines provide minimum recommended settings and do not prevent introduction of control weaknesses. Virus detection is an effective tool but primarily focuses on malicious code from external sources, and only for those applications that are online.

 

NEW QUESTION 156
An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage cross training. Which type of authorization policy would BEST address this practice?

• A. Discretionary
• B. Multilevel
• C. Role-based
• D. Attribute-based

Answer: C

Explanation:
Explanation
A role-based policy will associate data access with the role performed by an individual, thus restricting access to data required to perform the individual's tasks. Multilevel policies are based on classifications and clearances. Discretionary policies leave access decisions up to information resource managers.

 

NEW QUESTION 157
Good information security procedures should:

• A. define the allowable limits of behavior.
• B. describe security baselines for each platform.
• C. underline the importance of security governance.
• D. be updated frequently as new software is released.

Answer: D

Explanation:
Explanation
Security procedures often have to change frequently to keep up with changes in software. Since a procedure is a how-to document, it must be kept up-to-date with frequent changes in software. A security standard such as platform baselines - defines behavioral limits, not the how-to process; it should not change frequently.
High-level objectives of an organization, such as security governance, would normally be addressed in a security policy.

 

NEW QUESTION 158
What should be an organization's concern when evaluating an Infrastructure as a Service (IaaS) cloud computing model for an e-Commerce application?

• A. Where the application resides
• B. Application ownership
• C. Internal audit requirements
• D. Availability of provider's services

Answer: D

 

NEW QUESTION 159
What is the MOST cost-effective method of identifying new vendor vulnerabilities?

• A. Intrusion prevention software
• B. Periodic vulnerability assessments performed by consultants
• C. honey pots located in the DMZ
• D. External vulnerability reporting sources

Answer: D

Explanation:
Explanation
External vulnerability sources are going to be the most cost-effective method of identifying these vulnerabilities. The cost involved in choices B and C would be much higher, especially if performed at regular intervals. Honeypots would not identify all vendor vulnerabilities. In addition, honeypots located in the DMZ can create a security risk if the production network is not well protected from traffic from compromised honey pots.

 

NEW QUESTION 160
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

• A. risk assessment results.
• B. the security organization structure.
• C. international security standards.
• D. the most stringent requirements.

Answer: B

 

NEW QUESTION 161
In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?

• A. Perform an application security assessment.
• B. Implement compensating control.
• C. Update the application security policy.
• D. Submit a waiver for the legacy application.

Answer: B

 

NEW QUESTION 162
An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:

• A. mitigating the risk.
• B. eliminating the risk.
• C. accepting the risk.
• D. transferring the risk.

Answer: A

Explanation:
Risk can never be eliminated entirely. Transferring the risk gives it away such as buying insurance so the insurance company can take the risk. Implementing additional controls is an example of mitigating risk. Doing nothing to mitigate the risk would be an example of accepting risk.

 

NEW QUESTION 163
......

CISM Dumps 100 Pass Guarantee With Latest Demo: https://www.testsimulate.com/CISM-study-materials.html