Uploaded by ma00ma00ma00

Q

advertisement
QUESTION NO: 1393 During the security review of organizational servers, it was found
that a file server containingconfidential human resources (HR) data was accessible
to all user IDs. As a FIRST step, thesecurity manager should:A. copy sample files as
evidence.B. remove access privileges to the folder containing the data.C. report
this situation to the data owner.D. train the HR team on properly controlling file
permissions.Answer: CExplanation: The data owner should be notified prior to any
action being taken. Copying sample files asevidence is not advisable since it
breaches confidentiality requirements on the file. Removingaccess privileges to the
folder containing the data should be done by the data owner or by thesecurity
manager in consultation with the data owner, however, this would be done only
afterformally reporting the incident. Training the human resources (MR) team on
properly controllingfile permissions is the method to prevent such incidents in the
future, but should take place oncethe incident reporting and investigation
activities are completed.QUESTION NO: 1394 If an organization considers taking legal
action on a security incident, the information securitymanager should focus
PRIMARILY on:A. obtaining evidence as soon as possible.B. preserving the integrity
of the evidence.Isaca CISM Exam"Pass Any Exam. Any Time." - www.actualtests.com782
A risk profile support effective security decisions PRIMARILY because it:A. defines
how the best mitigate future risks.B. identifies priorities for risk reduction.C.
enables comparison with industry best practices.D. describes security
threats.Answer: BExplanation: QUESTION NO: 1431 The PRIMARY goal of a post-incident
review should be to:A. determine why the incident occurred.B. determine how to
improve the incident handling process.C. identify policy changes to prevent a
recurrence.D. establish the cost of the incident to the business.Answer:
CExplanation: QUESTION NO: 1432 Which of the following activities is used to
determine the effect of a disruptive event?Isaca CISM Exam"Pass Any Exam. Any Time."
- www.actualtests.com805
A. Require sign-off on acceptable use policies.B. Require regular security awareness
training.C. Provide detailed security procedures.D. Perform a gap analysis.Answer:
CExplanation: QUESTION NO: 1477 Which of the following is the MOST effective way to
address an organization's security concernsduring contract negotiations with a third
party?A. Ensure security is involved in the procurement process.B. Communicate
security policy with the third-party vendor.C. Review the third-party contract with
the organization's legal department.D. Conduct an information security audit on the
third-party vendor.Answer: AExplanation: QUESTION NO: 1478 Which of the following is
the BEST method to ensure that data owners take responsibility forimplementing
information security processes?Isaca CISM Exam"Pass Any Exam. Any Time." www.actualtests.com828
Explanation: QUESTION NO: 1518 What should be an information security manager's
FIRST course of action upon learning of asecurity threat that has occurred in the
industry for the first time?A. Update the relevant information security policy.B.
Perform a control gap analysis of the organization's environment.C. Revise the
organization's incident response plan.D. Examine responses of victims that have been
exposed to similar threats.Answer: BExplanation: QUESTION NO: 1519 An organization
was forced to pay a ransom to regain access to a critical database that had
beenencrypted in a ransomware attack. What would have BEST prevented the need to
make thisransom payment?A. Storing backups on a segregated networkB. Training
employees on ransomwareC. Ensuring all changes are approvedD. Verifying the firewall
is configured properlyIsaca CISM Exam"Pass Any Exam. Any Time." -
www.actualtests.com849
Answer: AExplanation: QUESTION NO: 1546 During an incident, which of the following
entities would MOST likely be contacted directly by anorganization's incident
response team without management approval?A. Industry regulatorsB. Technology
vendorC. Law enforcementD. Internal auditAnswer: DExplanation: QUESTION NO: 1547 The
BEST way to minimize errors in the response to an incident is to:A. follow standard
operating procedures.B. analyze the situation during the incident.C. implement
vendor recommendations.D. reference system administration manuals.Answer: AIsaca
CISM Exam"Pass Any Exam. Any Time." - www.actualtests.com863
Answer: AExplanation: QUESTION NO: 1564 When implementing a new risk assessment
methodology, which of the following is the MOSTimportant requirement?A. Risk
assessments must be conducted by certified staff.B. The methodology must be approved
by the chief executive officer.C. Risk assessments must be reviewed annually.D. The
methodology used must be consistent across the organization.Answer: DExplanation:
QUESTION NO: 1565 Over the last year, an information security manager has performed
risk assessments on multiplethird-party vendors. Which of the following criteria
would be MOST helpful in determining theassociated level of risk applied to each
vendor?A. Corresponding breaches associated with each vendorB. Compensating controls
in place to protect information securityC. Compliance requirements associated with
the regulationD. Criticality of the service to the organizationIsaca CISM Exam"Pass
Any Exam. Any Time." - www.actualtests.com872
Explanation: QUESTION NO: 1586 Which of the following is the BEST method to protect
against data exposure when a mobile deviceis stolen?A. Remote wipe capabilityB.
Password protectionC. InsuranceD. EncryptionAnswer: AExplanation: QUESTION NO: 1587
Which of the following is MOST helpful in protecting against hacking attempts on the
productionnetwork?A. Intrusion prevention systems (IPSs)B. Network penetration
testingC. Security information and event management (SIEM) toolsD. Decentralized
honeypot networksAnswer: AIsaca CISM Exam"Pass Any Exam. Any Time." www.actualtests.com883
Explanation: QUESTION NO: 1588 An information security manager has discovered an
external break-in to the corporate network.Which of the following actions should be
taken FIRST?A. Switch on trace logging.B. Copy event logs to a different server.C.
Isolate the affected portion of the network.D. Shut down the network.Answer:
CExplanation: QUESTION NO: 1589 Which of the following is MOST important for an
information security manager to verify whenselecting a third-party forensics
provider?A. Technical capabilities of the providerB. Existence of the provider’s
incident response planC. Results of the provider’s business continuity testsD.
Existence of a right-to-audit clauseAnswer: AIsaca CISM Exam"Pass Any Exam. Any
Time." - www.actualtests.com884
Explanation: QUESTION NO: 1590 An online trading company discovers that a network
attack has penetrated the firewall. Whatshould be the information security manager’s
FIRST response?A. Notify the regulatory agency of the incidentB. Evaluate the impact
to the business.C. Implement mitigating controlsD. Examine firewall logs to identify
the attacker.Answer: CExplanation: QUESTION NO: 1591 Which of the following is an
organization’s BEST approach for media communications whenexperiencing a disaster?A.
Defer public comment until partial recovery has been achieved.B. Report high-level
details of the losses and recovery strategy to the media.C. Authorize a qualified
representative to convey specially drafted messages.D. Hold a press conference and
advise the media to refer to legal authorities.Answer: CIsaca CISM Exam"Pass Any
Exam. Any Time." - www.actualtests.com885
Explanation: Isaca CISM Exam"Pass Any Exam. Any Time." - www.actualtests.com886
Download