Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 65
Which of the following factors are the MAIN reasons why large networks are vulnerable?
- Hacking and malicious software
- Connectivity and complexity
- Network operating systems and protocols
- Inadequate training and user errors
Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to:
- brute force attacks
- social engineering
- denial of service
While auditing a data center’s IT architecture, an information security manager discovers that required encryption for data communications has not been implemented. Which of the following should be done NEXT?
- Evaluate compensating and mitigating controls
- Perform a cost benefit analysis.
- Perform a business impact analysis (BIA).
- Document and report the findings.
When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?
- Access logs
- Audit reports
- Access lists
- Threat metrics
Senior management is concerned a security solution may not adequately protect its multiple global data centers following recent industry breaches. What should be done NEXT?
- Perform a gap analysis.
- Conduct a business impact analysis (BIA).
- Perform a risk assessment.
- Require an internal audit review.
An attacker was able to gain access to an organization’s perimeter firewall and made changes to allow wider external access and to steal data. Which of the following would have BEST provided timely identification of this incident?
- Deploying a security information and event management system (SIEM)
- Deploying an intrusion prevention system (IPS)
- Implementing a data loss prevention (DLP) suite
- Conducting regular system administrator awareness training
An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?
- Implementing application blacklisting
- Implementing an intrusion detection system (IDS)
- Banning executable file downloads at the Internet firewall
- Removing local administrator rights
An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization. In this case the information security manager should:
- use a qualitative method to assess the risk.
- use a quantitative method to assess the risk.
- put it in the priority list in order to gain time to collect more data.
- ask management to increase staff in order to collect more evidence on severity.
An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?
- Refer to the incident response plan.
- Send out a breach notification to all parties involved.
- Contact the board of directors.
- Invoke the corporate communications plan.
When a business-critical web server is compromised, the IT security department should FIRST:
- archive the logs as evidence.
- attempt to repair any damage in order to keep the server running.
- notify the legal department and/or regulatory officials as required.
- advise management of the incident.
Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?
- The security strategy is benchmarked with similar organizations.
- The information security manager reports to the chief executive officer.
- Security strategy objectives are defined in business terms.
- An IT governance committee is in place.
Which of the following is MOST critical when creating an incident response plan?
- Identifying what constitutes an incident
- Identifying vulnerable data assets
- Aligning with the risk assessment process
- Documenting incident notification and escalation processes
Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
- Availability of current infrastructure documentation
- Capability to take a snapshot of virtual machines
- Availability of web application firewall logs
- Capability of online virtual machine analysis
Which of the following is the BEST reason to reassess risk following an incident?
- To capture lessons learned
- To identify changes in the threat environment
- To update roles and responsibilities
- To accurately document risk to the organization
Which of the following is the MOST effective way to detect security incidents?
- Analyze penetration test results.
- Analyze recent security risk assessments.
- Analyze vulnerability assessments.
- Analyze security anomalies.
Which of the following would provide the MOST comprehensive view of the effectiveness of the information security function within an organization?
- An incident reporting system
- Examples of compliance with security processes
- A balanced scorecard
- An interview with senior managers
When developing an incident response plan, which of the following is the MOST effective way to ensure incidents common to the organization are handled properly?
- Adopting industry standard response procedures
- Rehearsing response scenarios
- Conducting awareness training
- Creating and distributing a personnel call tree
Following a successful and well-publicized hacking incident, an organization has plans to improve application security.
Which of the following is a security project risk?
- Critical evidence may be lost.
- The reputation of the organization may be damaged.
- A trapdoor may have been installed in the application.
- Resources may not be available to support the implementation.
Which of the following is MOST important when prioritizing an information security incident?
- Organizational risk tolerance
- Cost to contain and remediate the incident
- Critically of affected resources
- Short-term impact to shareholder value
Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?
- Regular risk reporting
- Risk monitoring processes
- Change control procedures
- Incident monitoring activities