Certified Information Security Manager UPDATED Exam Questions and CORRECT Answers
7 views 0 purchase
Course
CISM - Certified Information Security Manager
Institution
CISM - Certified Information Security Manager
Certified Information Security Manager
UPDATED Exam Questions and
CORRECT Answers
Resource allocation is crucial during incident triage as it assists in prioritization and
categorization. Why would this be critical for most organizations when conducting triage?
A. Most organizations have li...
Certified Information Security Manager
UPDATED Exam Questions and
CORRECT Answers
Resource allocation is crucial during incident triage as it assists in prioritization and
categorization. Why would this be critical for most organizations when conducting triage?
A. Most organizations have limited incident handling resources
B. Categorization assists in mitigation
C. Prioritization aides in detection
D. Most organizations assign incidents based on criticality - CORRECT ANSWER- A. Most
organizations have limited incident handling resources
Who is in the best position to judge the risks and impacts since they are most knowledgeable
concerning their systems?
A. Internal auditors
B. Security management
C. Business process owners
D. External regulatory agencies - CORRECT ANSWER- C. Business process owners
In order to establish prioritization in the effective implementation of an organization's
security governance, primary emphasis should be placed on?
A. Consultation
B. Negotiation
C. Facilitation
,D. Planning - CORRECT ANSWER- D. Planning
All actions dealing with incidents must be worked with cyclical consideration. What is the
primary post-incident review takeaway?
A. Pursuit of legal action
B. Identify personnel failures
C. Incident management report
D. Derive ways to improve the response process - CORRECT ANSWER- not b or c
Which of the following is the most significant challenge when developing an incident
management plan?
A. A plan not aligning with organizational goals
B. Compliance and regulatory requirements
C. A cohesive incident threat matrix
D. Lack of management and leadership buy-in - CORRECT ANSWER- D. Lack of
management and leadership buy-in
Residual risks can be determined by:
A. Calculating remaining vulnerabilities after creating controls
B. Performing a threat analysis
C. Performing a risk assessment
, D. Through risk transference - CORRECT ANSWER- C. Performing a risk assessment
Which is the most effective solution for preventing internal users from modifying sensitive
and/or classified information?
A. Baseline security standards
B. System access violation logs
C. Role-based access control
D. Exit routines - CORRECT ANSWER- C. Role-based access control
As part of the Risk Management process, assessments must be performed on the information
systems and resources of an organization. If there are vulnerabilities disclosed during an
assessment, those vulnerabilities should be:
A. Handled as a risk without a threat consideration
B. Prioritized for re-mediation solely based on impact
C. Reviewed to analyse information security controls
D. Evaluated and prioritized based on credible threat and impact if exploited and and
mitigation cost - CORRECT ANSWER- D. Evaluated and prioritized based on credible threat
and impact if exploited and and mitigation cost
A security strategy is important for an organization, and along with the creation of supporting
policies, the overall planning effort should cover?
A. The logical security architecture for the organization
B. The intent and direction and expectations of management
C. Provides standard operating procedure for users on the GIG
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MGRADES. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
