CISM : Certified Information Security Manager : Part 26

  1. Which of the following mechanisms is the MOST secure way to implement a secure wireless network?

    • Filter media access control (MAC) addresses
    • Use a Wi-Fi Protected Access (WPA2) protocol
    • Use a Wired Equivalent Privacy (WEP) key
    • Web-based authentication


    WPA2 is currently one of the most secure authentication and encryption protocols for mainstream wireless products. MAC address filtering by itself is not a good security mechanism since allowed MAC addresses can be easily sniffed and then spoofed to get into the network. WEP is no longer a secure encryption mechanism for wireless communications. The WEP key can be easily broken within minutes using widely available software. And once the WEP key is obtained, all communications of every other wireless client are exposed. Finally, a web-based authentication mechanism can be used to prevent unauthorized user access to a network, but it will not solve the wireless network’s main security issues, such as preventing network sniffing.

  2. Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?

    • An intrusion prevention system (IPS)
    • An intrusion detection system (IDS)
    • A host-based intrusion detection system (HIDS)
    • A host-based firewall

    SQL injection attacks occur at the application layer. Most IPS vendors will detect at least basic sets of SQL injection and will be able to stop them. IDS will detect, but not prevent I IIDS will be unaware of SQL injection problems. A host-based firewall, be it on the web server or the database server, will allow the connection because firewalls do not check packets at an application layer.

  3. Nonrepudiation can BEST be ensured by using:

    • strong passwords.
    • a digital hash.
    • symmetric encryption.
    • digital signatures.

    Digital signatures use a private and public key pair, authenticating both parties. The integrity of the contents exchanged is controlled through the hashing mechanism that is signed by the private key of the exchanging party. A digital hash in itself helps in ensuring integrity of the contents, but not nonrepudiation. Symmetric encryption wouldn’t help in nonrepudiation since the keys are always shared between parties. Strong passwords only ensure authentication to the system and cannot be used for nonrepudiation involving two or more parties.

  4. Which of the following tasks should be performed once a disaster recovery plan has been developed?

    • Analyze the business impact
    • Define response team roles
    • Develop the test plan
    • Identify recovery time objectives (RTOs)
  5. During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST help to prevent this occurrence?

    • Validation of senior management’s risk tolerance
    • Updates to the business impact analysis (BIA)
    • More effective disaster recovery plan (DRP) testing
    • Improvements to incident identification methods
  6. The implementation of a capacity plan would prevent:

    • file system overload arising from distributed denial-of-service attacks
    • system downtime for scheduled security maintenance
    • software failures arising from exploitation of buffer capacity vulnerabilities
    • application failures arising from insufficient hardware resources
  7. Which of the following defines the triggers within a business continuity plan (BCP)?

    • Disaster recovery plan
    • Needs of the organization
    • Gap analysis
    • Information security policy
  8. An organization plans to allow employees to use their own devices on the organization’s network. Which of the following is the information security manager’s BEST course of action?

    • Implement automated software
    • Assess associated risk
    • Conduct awareness training
    • Update the security policy
  9. When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:

    • give the business a measure of the organization’s overall readiness
    • provide participants with situations to ensure understanding of their roles
    • measure management engagement as part of an incident response team
    • challenge the incident response team to solve the problem under pressure
    Tabletop scenarios that need to be completed with one hour per scenario using full escalation as per decision trees to accurately simulate and evaluate responses of each team member and the processes within the playbooks.
  10. Which of the following is the PRIMARY advantage of desk checking a business continuity plan (BCP)?

    • Assesses the availability and compatibility a backup hardware
    • Allows for greater participation be management and the IT department
    • Ensures that appropriate follow-up work is performed on noted issues
    • Provides a low-cost method of assessing the BCP’s completeness
  11. An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?

    • Results from a gap analysis
    • Results from a business impact analysis
    • Deadlines and penalties for noncompliance
    • An inventory of security controls currently in place
  12. A newly hired information security manager reviewing an existing security investment plan is MOST likely to be concerned when the plan:

    • is based solely on a review of security threats and vulnerabilities in existing IT systems
    • identifies potential impacts that the implementation may have on business processes
    • focuses on compliance with common international security standards
    • has summarized IT costs for implementation rather than providing detail
  13. When building a corporate-wide business continuity plan, it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?

    • Evaluating the cost associated with each system’s outage
    • Reviewing the business plans of each department
    • Comparing the recovery point objectives (RPOs)
    • Reviewing each system’s key performance indicators (KPIs)
  14. Information security awareness programs are MOST effective when they are:

    • customized for each target audience.
    • sponsored by senior management.
    • reinforced by computer-based training.
    • conducted at employee orientation
  15. Which of the following is the MOST effective method of determining security priorities?

    • Impact analysis
    • Threat assessment
    • Vulnerability assessment
    • Gap analysis
  16. When developing an incident response plan, the information security manager should:

    • include response scenarios that have been approved previously by business management.
    • determine recovery time objectives (RTOs).
    • allow IT to decide which systems can be removed from the infrastructure.
    • require IT to invoke the business continuity plan.
  17. To implement a security framework, an information security manager must FIRST develop:

    • security standards.
    • security procedures.
    • a security policy.
    • security guidelines.
  18. An organization is planning to open a new office in another country. Sensitive data will be routinely sent between two offices. What should be the information security manager’s FIRST course of action?

    • Identify applicable regulatory requirements to establish security policies.
    • Update privacy policies to include the other country’s laws and regulations.
    • Apply the current corporate security policies to the new office.
    • Encrypt the data for transfer to the head office based on security manager approval.
  19. As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain any effective information security program?

    • Ensure information security is included in any change control efforts
    • Merge the two information security programs to establish continuity
    • Determine new factors that could influence the information security strategy
    • Implement the current information security program in the acquired company
  20. An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

    • document and report the root cause of the incidents for senior management.
    • identify security program gaps or systemic weaknesses that need correction.
    • prepare properly vetted notifications regarding the incidents to external parties.
    • identify who should be held accountable for the security incidents.