Download CISM Dumps (2023) - Free PDF Exam Demo [Q179-Q193]

Rate this post

Download CISM Dumps (2023) – Free PDF Exam Demo

Enhance your career with CISM PDF Dumps – True ISACA Exam Questions

The CISM certification is ideal for individuals who are responsible for managing the information security programs of their organizations. These individuals may include IT managers, security managers, security consultants, and security auditors. Certified Information Security Manager certification is also beneficial for individuals who are looking to advance their career in the field of information security.

NEW QUESTION 179
The PRIMARY reason for initiating a policy exception process is when:

operations are too busy to comply.

the risk is justified by the benefit.

policy compliance would be difficult to enforce.

users may initially be inconvenienced.

Section: INFORMATION RISK MANAGEMENT
Explanation:
Exceptions to policy are warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits. Being busy is not a justification for policy exceptions, nor is the fact that compliance cannot be enforced. User inconvenience is not a reason to automatically grant exception to a policy.

NEW QUESTION 180
Which of the following would a security manager establish to determine the target for restoration of normal processing?

Recover time objective (RTO)

Maximum tolerable outage (MTO)

Recovery point objectives (RPOs)

Services delivery objectives (SDOs)

Section: INFORMATION RISK MANAGEMENT
Explanation:
Recovery time objective (RTO) is the length of time from the moment of an interruption until the time the process must be functioning at a service level sufficient to limit financial and operational impacts to an acceptable level. Maximum tolerable outage (MTO) is the maximum time for which an organization can operate in a reduced mode. Recovery point objectives (RPOs) relate to the age of the data required for recovery. Services delivery objectives (SDOs) are the levels of service required in reduced mode.

NEW QUESTION 181
An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:

source routing.

broadcast propagation.

unregistered ports.

nonstandard protocols.

If the firewall allows source routing, any outsider can carry out spoofing attacks by stealing the internal (private) IP addresses of the organization. Broadcast propagation, unregistered ports and nonstandard protocols do not create a significant security exposure.

NEW QUESTION 182
The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

realigns information security objectives to organizational strategy,

articulates management s intent and information security directives in clear language.

relates the investment to the organization’s strategic plan.

translates information security policies and standards into business requirements.

NEW QUESTION 183
Which of the following has the MOST direct impact on the usability of an organization’s asset classification program?

The granularity of classifications in the hierarchy

The frequency of updates to the organization’s risk register

The business objectives of the organization

The support of senior management for the classification scheme

NEW QUESTION 184
Which of the following is the MOST likely outcome of a well-designed information security awareness course?

Increased reporting of security incidents to the incident response function

Decreased reporting of security incidents to the incident response function

Decrease in the number of password resets

Increase in the number of identified system vulnerabilities

Explanation
A well-organized information security awareness course informs all employees of existing security policies, the importance of following safe practices for data security anil the need to report any possible security incidents to the appropriate individuals in the organization. The other choices would not be the likely outcomes.

NEW QUESTION 185
Which of the following is an information security manager’s BEST course of action to address a significant materialized risk that was not prevented by organizational controls?

Update the business impact analysis (BIA)

Update the risk register.

Perform root cause analysis.

Invoke the incident response plan.

NEW QUESTION 186
A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?

Prepare an impact assessment report.

Conduct a penetration test.

Obtain approval from senior management.

Back up the firewall configuration and policy files.

Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
An impact assessment report needs to be prepared first by providing the justification for the change, analysis of the changes to be made, the impact if the change does not work as expected, priority of the change and urgency of the change request. Choices B. C and D could be important steps, but the impact assessment report should be performed before the other steps.

NEW QUESTION 187
Which of the following activities is used to determine the effect of a disruptive event?

Maximum tolerable downtime assessment

Recovery time objective (RTO) analysis

Business impact analysis (BIA)

Incident impact analysis

NEW QUESTION 188
A business impact analysis (BIA) is the BEST tool for calculating:

total cost of ownership.

priority of restoration.

annualized loss expectancy (ALE).

residual risk.

Section: INFORMATION RISK MANAGEMENT
Explanation:
A business impact analysis (BIA) is the best tool for calculating the priority of restoration for applications. It is not used to determine total cost of ownership, annualized loss expectancy (ALE) or residual risk to the organization.

NEW QUESTION 189
The PRIMARY disadvantage of using a cold-site recovery facility is that it is:

unavailable for testing during normal business hours.

only available if not being used by the primary tenant.

not possible to reserve test dates in advance.

not cost-effective for testing critical applications at the site.

NEW QUESTION 190
Why is “slack space” of value to an information security manager as pan of an incident investigation?

Hidden data may be stored there

The slack space contains login information

Slack space is encrypted

It provides flexible space for the investigation

Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
“Slack space” is the unused space between where the fdc data end and the end of the cluster the data occupy. Login information is not typically stored in the slack space. Encryption for the slack space is no different from the rest of the file system. The slack space is not a viable means of storage during an investigation.

NEW QUESTION 191
Which of the following is the BEST course of action for an information security manager to align security and business goals?

Conducting a business impact analysis (BIA)

Reviewing the business strategy

Defining key performance indicators (KPIs)

Actively engaging with stakeholders

NEW QUESTION 192
Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?

Host-based IDS

Anomaly-based IDS

Network-based IDS

Application-based IDS

NEW QUESTION 193
The PRIMARY focus of a training curriculum for members of an incident response team should be:

specific role training

external corporate communication

security awareness

technology training

Loading …