CISM : Certified Information Security Manager : Part 60

  1. Which of the following is the BEST way to ensure information security metrics are meaningful?

    • Using a dashboard to present the information security metrics
    • Requiring information security metrics to be approved by senior management
    • Aligning information security metrics with business drivers
    • Correlating information security metrics to industry best practices
  2. Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?

    • The information security program manages risk within the business’s risk tolerance.
    • The information security team is able to provide key performance indicators (KPIs) to senior management.
    • Business senior management supports the information security policies.
    • Information security initiatives are directly correlated to business processes.
  3. Which of the following statements indicates that a previously failing security program is becoming successful?

    • The number of threats has been reduced.
    • More employees and stakeholders are attending security awareness programs.
    • The number of vulnerability false positives is decreasing.
    • Management’s attention and budget are now focused on risk reduction.
  4. Which of the following is the MOST effective method to help ensure information security incidents are reported?

    • Providing information security awareness training to employees
    • Integrating information security language in conditions of employment
    • Integrating information security language in corporate compliance rules
    • Implementing an incident management system
  5. An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?

    • Control owner responses based on a root cause analysis
    • The impact of noncompliance on the organization’s risk profile
    • An accountability report to initiate remediation activities
    • A plan for mitigating the risk due to noncompliance
  6. Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?

    • Review the service providers’ information security policies and procedures.
    • Conduct regular vulnerability assessments on the service providers’ IT systems.
    • Perform regular audits on the service providers’ applicable controls.
    • Provide information security awareness training to service provider staff.
  7. Which of the following will BEST facilitate the understanding of information security responsibilities by users across the organization?

    • Conducting security awareness training with performance incentives
    • Communicating security responsibilities as an acceptable usage policy
    • Warning users that disciplinary action will be taken for violations
    • Incorporating information security into the organization’s code of conduct
  8. Cold sites for disaster recovery events are MOST helpful in situations in which a company:

    • has a limited budget for coverage. 
    • uses highly specialized equipment that must be custom manufactured.
    • is located in close proximity to the cold site.
    • does not require any telecommunications connectivity
  9. Which of the following processes would BEST aid an information security manager in resolving systemic security issues?

    • Root cause analysis 
    • Business impact analysis (BIA)
    • Reinforced security controls
    • Security reviews
  10. An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager’s FIRST course of action?

    • Report the noncompliance to the board of directors.
    • Inform respective risk owners of the impact of exceptions
    • Design mitigating controls for the exceptions.
    • Prioritize the risk and implement treatment options. 
  11. Which of the following features of a library control software package would protect against unauthorized updating of source code?

    • Required approvals at each life cycle step
    • Date and time stamping of source and object code
    • Access controls for source libraries 
    • Release-to-release comparison of source code
  12. When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure that the:

    • server is backed up to the network.
    • server is unplugged from power.
    • integrity of evidence is preserved. 
    • forensic investigation software is loaded on the server.
  13. An organization’s information security manager has learned that similar organizations have become increasingly susceptible to spear phishing attacks. What is the BEST way to address this concern?

    • Update data loss prevention (DLP) rules for email.
    • Include tips to identify threats in awareness training. 
    • Conduct a business impact analysis (BIA) of the threat.
    • Create a new security policy that staff must read and sign.
  14. The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:

    • map the business process to supporting IT and other corporate resources.
    • obtain the support of executive management.
    • document the disaster recovery process.
    • identify critical processes and the degree of reliance on support services. 
  15. The BEST defense against phishing attempts within an organization is:

    • filtering of e-mail. 
    • an intrusion protection system (IPS).
    • strengthening of firewall rules.
    • an intrusion detection system (IDS).
  16. Which of the following should be of GREATEST concern to a newly hired information security manager regarding security compliance?

    • Lack of risk assessments
    • Lack of standard operating procedures
    • Lack of security audits
    • Lack of executive support 
  17. What should an information security team do FIRST when notified by the help desk that an employee’s computer has been infected with malware?

    • Take a forensic copy of the hard drive.
    • Restore the files from a secure backup.
    • Isolate the computer from the network. 
    • Use anti-malware software to clean the infected computer.
  18. An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?

    • Obtain documentation of the encryption management practices.
    • Verify the provider follows a cloud service framework standard. 
    • Ensure an audit of the provider is conducted to identify control gaps.
    • Review the provider’s information security policies and procedures.
  19. When preparing a strategy for protection from SQL injection attacks, it is MOST important for the information security manager to involve:

    • senior management 
    • the security operations center.
    • business owners.
    • application developers.
  20. Which of the following is the MOST challenging aspect of securing Internet of Things (IoT) devices?

    • Training staff on IoT architecture
    • Updating policies to include IoT devices
    • Managing the diversity of IoT architecture 
    • Evaluating the reputations of IoT vendors