Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 46
The PRIMARY purpose of vulnerability assessments is to:
- determine the impact of potential threats.
- test intrusion detection systems (IDS) and response procedures.
- provide clear evidence that the system is sufficiently secure.
- detect deficiencies that could lead to a system compromise.
Which of the following could be detected by a network intrusion detection system (IDS)?
- Undocumented open ports
- Unauthorized file change
- Internally generated attacks
- Emailed virus attachments
The recovery point objective (RPO) is required in which of the following?
- Information security plan
- Incident response plan
- Business continuity plan
- Disaster recovery plan
Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?
- Risk acceptance by the business has been documented.
- Incident response and recovery plans are documented in simple language.
- Teams and individuals responsible for recovery have been identified.
- Copies of recovery and incident response plans are kept offsite.
Which of the following would BEST detect malicious damage arising from an internal threat?
- Access control list
- Fraud awareness training
- Job rotation
Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?
- Potential risks and exposures
- Impact analysis results
- Security architecture changes
- User roles and responsibilities
Which of the following is the BEST defense against a brute force attack?
- Discretionary access control
- Intruder detection lockout
- Time-of-day restrictions
- Mandatory access control
Which of the following would BEST help to ensure an organization’s security program is aligned with business objectives?
- Security policies are reviewed and approved by the chief information officer.
- The security strategy is reviewed and approved by the organization’s executive committee.
- The organization’s board of directors includes a dedicated information security specialist.
- Project managers receive annual information security awareness training.
Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?
- Following the principle of least privilege
- Restricting the use of removable media
- Applying data classification rules
- Enforcing penalties for security policy violations
An organization determines that an end-user has clicked on a malicious link. Which of the following would MOST effectively prevent similar situations from recurring?
- End-user training
- Virus protection
- End-user access control
- Updated security policies
Which of the following is the PRIMARY benefit of using agentless endpoint security solutions?
- Decreased network bandwidth usage
- Decreased administration
- Increased resiliency
- More comprehensive information results
Which of the following MOST efficiently ensures the proper installation of a firewall policy that restricts a small group of internal IP addresses from accessing the Internet?
- A connectivity test from the restricted host
- A simulated denial of service attack against the firewall
- A port scan of the firewall from an external source
- A review of the current firewall configuration
An organization with a large number of users finds it necessary to improve access control applications. Which of the following would BEST help to prevent unauthorized user access to networks and applications?
- Single sign-on
- Biometric systems
- Complex user passwords
- Access control lists
Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?
- Promote awareness of the policy among employees.
- Seek policy buy-in from business stakeholders.
- Implement an authentication and authorization system.
- Identify relevant information security frameworks for adoption.
The PRIMARY disadvantage of using a cold-site recovery facility is that it is:
- unavailable for testing during normal business hours.
- only available if not being used by the primary tenant.
- not possible to reserve test dates in advance.
- not cost-effective for testing critical applications at the site.
Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
- Results of an independent assessment
- Up-to-date policy and procedures documentation
- A report on the maturity of controls
- Existence of an industry-accepted framework
The BEST way to report to the board on the effectiveness of the information security program is to present:
- a dashboard illustrating key performance metrics.
- peer-group industry benchmarks.
- a summary of the most recent audit findings.
- a report of cost savings from process improvements.
The BEST way to identify the criticality of systems to the business is through:
- a threat assessment.
- an asset classification.
- a vulnerability assessment.
- an impact assessment.
Senior management has expressed concern that the organization’s intrusion prevention system may repeatedly disrupt business operations. Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
- Decreasing false positives
- Decreasing false negatives
- Increasing false positives
- Increasing false negatives
Which of the following is the BEST way to identify the potential impact of a successful attack on an organization’s mission critical applications?
- Conduct penetration testing.
- Execute regular vulnerability scans.
- Perform independent code review.
- Perform application vulnerability review.