CISM : Certified Information Security Manager : Part 42

Last Updated on October 26, 2022 by InfraExam

CISM : Certified Information Security Manager : Part 42

CISM : Part 1 - 40
CISA : Part 41 - 80

When outsourcing data to a cloud service provider, which of the following should be the information security manager’s MOST important consideration?
- Roles and responsibilities have been defined for the subscriber organization.
- Cloud servers are located in the same country as the organization.
- Access authorization includes biometric security verification.
- Data stored at the cloud service provider is not co-mingled.
Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?
- Conduct a risk assessment and develop an impact analysis.
- Update the risk register and review the information security strategy.
- Report the activity to senior management.
- Allow temporary use of the site and monitor for data leakage.
A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:
- data sharing complies with local laws and regulations at both locations.
- data is encrypted in transit and at rest.
- a nondisclosure agreement is signed.
- risk coverage is split between the two locations sharing data.
Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?
- The activities being monitored deviate from what is considered normal.
- The information regarding monitored activities becomes stale.
- The pattern of normal behavior changes quickly and dramatically.
- The environment is complex.
An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:
- perform a gap analysis of compliance requirements.
- assess the penalties for non-compliance.
- review the organization’s most recent audit report.
- determine the cost of compliance.
Which of the following will BEST protect confidential data when connecting large wireless networks to an existing wired-network infrastructure?
- Mandatory access control (MAC) address filtering
- Strong passwords
- Virtual private network (VPN)
- Firewall
A global organization processes and stores large volumes of personal data. Which of the following would be the MOST important attribute in creating a data access policy?
- Availability
- Integrity
- Reliability
- Confidentiality
An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?
- Evaluate the cost of information security integration
- Assess the business objectives of the processes
- Identify information security risk associated with the processes
- Benchmark the processes with best practice to identify gaps
Which of the following is MOST important for an information security manager to regularly report to senior management?
- Results of penetration tests
- Audit reports
- Impact of unremediated risks
- Threat analysis reports
Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
- Automation of controls
- Documentation of control procedures
- Integration of assurance efforts
- Standardization of compliance requirements
Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
- Warm
- Redundant
- Shared
- Mobile
Explanation:

Reference: https://searchdisasterrecovery.techtarget.com/answer/Whats-the-difference-between-a-hot-site-and-cold-site-for-disaster-recovery
Which of the following messages would be MOST effective in obtaining senior management’s commitment to information security management?
- Effective security eliminates risk to the business
- Adopt a recognized framework with metrics
- Security is a business product and not a process
- Security supports and protects the business
Which of the following characteristics is MOST important to a bank in a high-value online financial transaction system?
- Identification
- Confidentiality
- Authentication
- Audit monitoring
Which of the following presents the GREATEST challenge in calculating return on investment (ROI) in the security environment?
- Number of incidents cannot be predetermined
- Project cost overruns cannot be anticipated
- Cost of security tools is difficult to estimate
- Costs of security incidents cannot be estimated
Which of the following would MOST likely require a business continuity plan to be invoked?
- An unauthorized visitor discovered in the data center
- A distributed denial of service attack on an e-mail server
- An epidemic preventing staff from performing job functions
- A hacker holding personally identifiable information hostage
Which of the following is the MOST important driver when developing an effective information security strategy?
- Information security standards
- Compliance requirements
- Benchmarking reports
- Security audit reports
An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following would be MOST important to include in the business case?
- Business impact if threats materialize
- Availability of unused funds in the security budget
- Threat information from reputable sources
- Alignment of the new initiative with the approved business strategy
Which of the following would BEST help to identify vulnerabilities introduced by changes to an organization’s technical infrastructure?
- An intrusion detection system
- Established security baselines
- Penetration testing
- Log aggregation and correlation
When messages are encrypted and digitally signed to protect documents transferred between trading partners, the GREATEST concern is that:
- trading partners can repudiate the transmission of messages.
- hackers can eavesdrop on messages.
- trading partners can repudiate the receipt of messages.
- hackers can introduce forgery messages.
In order to ensure separation of duties, which of the following activities is BEST performed by someone other than the system administrator?
- Deleting system logs
- Using system utilities
- Monitoring system utilization
- Defining system recovery procedures

CISM : Part 1 - 40
CISA : Part 41 - 80

CISM : Certified Information Security Manager : All Parts
CISM Part 01	CISM Part 11	CISM Part 21	CISM Part 31
CISM Part 02	CISM Part 12	CISM Part 22	CISM Part 32
CISM Part 03	CISM Part 13	CISM Part 23	CISM Part 33
CISM Part 04	CISM Part 14	CISM Part 24	CISM Part 34
CISM Part 05	CISM Part 15	CISM Part 25	CISM Part 35
CISM Part 06	CISM Part 16	CISM Part 26	CISM Part 36
CISM Part 07	CISM Part 17	CISM Part 27	CISM Part 37
CISM Part 08	CISM Part 18	CISM Part 28	CISM Part 38
CISM Part 09	CISM Part 19	CISM Part 29	CISM Part 39
CISM Part 10	CISM Part 20	CISM Part 30	CISM Part 40

CISM : Certified Information Security Manager : All Parts
CISM Part 41	CISM Part 51	CISM Part 61	CISM Part 71
CISM Part 42	CISM Part 52	CISM Part 62	CISM Part 72
CISM Part 43	CISM Part 53	CISM Part 63	CISM Part 73
CISM Part 44	CISM Part 54	CISM Part 64	CISM Part 74
CISM Part 45	CISM Part 55	CISM Part 65	CISM Part 75
CISM Part 46	CISM Part 56	CISM Part 66	CISM Part 76
CISM Part 47	CISM Part 57	CISM Part 67	CISM Part 77
CISM Part 48	CISM Part 58	CISM Part 68	CISM Part 78
CISM Part 49	CISM Part 59	CISM Part 69	CISM Part 79
CISM Part 50	CISM Part 60	CISM Part 70	CISM Part 80

CISM : Certified Information Security Manager : All Parts
CISM Part 01	CISM Part 11	CISM Part 21	CISM Part 31
CISM Part 02	CISM Part 12	CISM Part 22	CISM Part 32
CISM Part 03	CISM Part 13	CISM Part 23	CISM Part 33
CISM Part 04	CISM Part 14	CISM Part 24	CISM Part 34
CISM Part 05	CISM Part 15	CISM Part 25	CISM Part 35
CISM Part 06	CISM Part 16	CISM Part 26	CISM Part 36
CISM Part 07	CISM Part 17	CISM Part 27	CISM Part 37
CISM Part 08	CISM Part 18	CISM Part 28	CISM Part 38
CISM Part 09	CISM Part 19	CISM Part 29	CISM Part 39
CISM Part 10	CISM Part 20	CISM Part 30	CISM Part 40

CISM : Certified Information Security Manager : All Parts
CISM Part 41	CISM Part 51	CISM Part 61	CISM Part 71
CISM Part 42	CISM Part 52	CISM Part 62	CISM Part 72
CISM Part 43	CISM Part 53	CISM Part 63	CISM Part 73
CISM Part 44	CISM Part 54	CISM Part 64	CISM Part 74
CISM Part 45	CISM Part 55	CISM Part 65	CISM Part 75
CISM Part 46	CISM Part 56	CISM Part 66	CISM Part 76
CISM Part 47	CISM Part 57	CISM Part 67	CISM Part 77
CISM Part 48	CISM Part 58	CISM Part 68	CISM Part 78
CISM Part 49	CISM Part 59	CISM Part 69	CISM Part 79
CISM Part 50	CISM Part 60	CISM Part 70	CISM Part 80

CISM : Certified Information Security Manager : Part 42

When outsourcing data to a cloud service provider, which of the following should be the information security manager’s MOST important consideration?

Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?

A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:

Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?

An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:

Which of the following will BEST protect confidential data when connecting large wireless networks to an existing wired-network infrastructure?

A global organization processes and stores large volumes of personal data. Which of the following would be the MOST important attribute in creating a data access policy?

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

Which of the following is MOST important for an information security manager to regularly report to senior management?

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

Which of the following messages would be MOST effective in obtaining senior management’s commitment to information security management?

Which of the following characteristics is MOST important to a bank in a high-value online financial transaction system?

Which of the following presents the GREATEST challenge in calculating return on investment (ROI) in the security environment?

Which of the following would MOST likely require a business continuity plan to be invoked?

Which of the following is the MOST important driver when developing an effective information security strategy?

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following would be MOST important to include in the business case?

Which of the following would BEST help to identify vulnerabilities introduced by changes to an organization’s technical infrastructure?

When messages are encrypted and digitally signed to protect documents transferred between trading partners, the GREATEST concern is that:

In order to ensure separation of duties, which of the following activities is BEST performed by someone other than the system administrator?