100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CISM Questions & 100% Correct Answers $13.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. CISM
  4.  
  5. CISM

Exam (elaborations)

CISM Questions & 100% Correct Answers
 5 views  0 purchase
  • Course
  • CISM
  • Institution
  • CISM

What would be the BEST security measure we could use to prevent data disclosure and data exfiltration? A) User authentication in all applications. B) Use very strong encryption. C) Use very strong key storage. D) Use very complex firewall rules. :~~ C) Use very strong key storage. Explanat...

[Show more]

Preview 4 out of 123  pages

Document information

  • September 9, 2024
  • 123
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • cism questions 100 correct answers
  • what would be the best security measure we could u

Written for

  • CISM
  • CISM

Seller

avatar-seller
ExamArsenal

Reviews received

Content preview

1 | P a g e | © copyright 2024/2025 | Grade A+




CISM Questions & 100% Correct
Answers
What would be the BEST security measure we could use to prevent data disclosure

and data exfiltration?




A) User authentication in all applications.




B) Use very strong encryption.




C) Use very strong key storage.




D) Use very complex firewall rules.

✓ :~~ C) Use very strong key storage.




Explanation

We would want a very strong key storage, if the attackers can get to our

encryption keys, most of the other security measures are irrelevant. Most

encryption today is strong enough to not be breakable with current technologies,

making it stronger does often not make it significantly more secure. Complex

firewall rules do not mean more secure, and in this example is a distractor. We




Master01 | September, 2024/2025 | Latest update

, 2 | P a g e | © copyright 2024/2025 | Grade A+


would want user authentication in all applications, but not relevant for this

question.




What is the MOST important reason we have Information Security review our

contracts throughout the enterprise?




A) To ensure that both parties can perform their contractual promises.




B) To ensure the right to audit is a requirement.




C) To ensure appropriate controls are included.




D) To ensure no confidential information is included in the contract.

✓ :~~ C) To ensure appropriate controls are included.




As an IT auditor, Trisha is conducting a compliance review. Which of these is she

MOST likely to be performing?




A) Performing job activity analysis




B) Performing program activity analysis



Master01 | September, 2024/2025 | Latest update

, 3 | P a g e | © copyright 2024/2025 | Grade A+




C) Performing system aging analysis




D) Determine whether program changes are approved

✓ :~~ D) Determine whether program changes are approved




Explanation

Compliance reviews determine whether the controls are enforcing the regulations

and include ensuring there are no unauthorized changes to the production

environment. The other answers are part of a substantive review, that verify the

accuracy and reasonableness of reported information.




Of these options, when is the BEST time to have penetration tests conducted?




A) After a high staff turnover.




B) After significant system changes.




C) After an attempted intrusion.




D) After an audit has found weaknesses in our security controls.



Master01 | September, 2024/2025 | Latest update

, 4 | P a g e | © copyright 2024/2025 | Grade A+


✓ :~~ B) After significant system changes.




At which phase of our systems or software development lifecycle should risk

assessments be built in to ensure risks are addressed in the project development?




A) The specifications phase.




B) The programming phase.




C) The user testing phase.




D) The feasibility phase.


✓ :~~ D) The feasibility phase.




Explanation

We should address risk as early on in the project as possible, of the phases listed

here that would be feasibility. In the programming or the user testing phase is way

too late, if the feasibility phase was not an option, then we would do it in

specifications, but feasibility is much better.




Our organization has just finished a companywide Information Security user

awareness training effort and we are going to try to social engineer our employees


Master01 | September, 2024/2025 | Latest update

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamArsenal. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78252 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.49
  • (0)
  Add to cart