Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 78
An executive’s personal mobile device used for business purposes is reported lost. The information security manager should respond based on:
- mobile device configuration.
- asset management guidelines.
- the business impact analysis (BIA).
- incident classification.
An organization is implementing an information security governance framework. To communicate the program’s effectiveness to stakeholders, it is MOST important to establish:
- automated reporting to stakeholders.
- a control self-assessment process.
- metrics for each milestone.
- a monitoring process for the security policy.
Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective?
- Assess risks introduced by the technology.
- Develop an acceptable use policy.
- Conduct a vulnerability assessment on the devices.
- Research mobile device ement (MDM) solutions.
For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?
- Number of virus infections detected
- Amount of infection-related downtime
- Average recovery time per incident
- Number of downtime-related help desk calls
An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the BEST way to address this situation?
- Communicate the responsibility and provide appropriate training.
- Publish an acceptable use policy and require signed acknowledgment.
- Turn on logging and record user activity.
- Implement a data loss prevention (DLP) solution.
During an incident, which of the following entities would MOST likely be contacted directly by an organization’s incident response team without management approval?
- Industry regulators
- Technology vendor
- Law enforcement
- Internal audit
The BEST way to minimize errors in the response to an incident is to:
- follow standard operating procedures.
- analyze the situation during the incident.
- implement vendor recommendations.
- reference system administration manuals.
The PRIMARY goal of a security infrastructure design is the:
- reduction of security incidents.
- protection of corporate assets.
- elimination of risk exposures.
- optimization of IT resources.
Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
- Cost of controls
- Cost to replace
- Classification of information
- Impact to business function
When outsourcing information security administration, it is MOST important for an organization to include:
- nondisclosure agreements (NDAs)
- contingency plans
- insurance requirements
- service level agreements (SLAs)
An information security manager determines the organization’s critical systems may be vulnerable to a new zero-day attack. The FIRST course of action is to:
- advise management of risk and remediation cost.
- analyze the probability of compromise.
- survey peer organizations to see how they have addressed the issue.
- re-assess the firewall configuration.
Who should determine data access requirements for an application hosted at an organization’s data center?
- Business owner
- Information security manager
- Systems administrator
- Data custodian
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
- reduce the costs of future preventive controls.
- provide metrics for reporting to senior management.
- learn of potential areas of improvement.
- verify compliance with the service level agreement (SLA).
Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?
- Balanced scorecard
- Cost-benefit analysis
- Industry benchmarks
- SWOT analysis
Which of the following is the FIRST step to perform before outsourcing critical information processing to a third party?
- Require background checks for third-party employees.
- Perform a risk assessment.
- Ensure that risks are formally accepted by third party.
- Negotiate a service level agreement.
Which of the following provides the GREATEST assurance that an organization allocates appropriate resources to respond to information security events?
- Threat analysis and intelligence reports
- Incident classification procedures
- Information security policies and standards
- An approved IT staffing plan
Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
- Make backups of the affected systems prior to transfer.
- Increase cyber insurance coverage.
- Identify all information assets in the legacy environment.
- Assign owners to be responsible for the transfer of each asset.
When reviewing the security controls of an application service provider, an information security manager discovers the provider’s change management controls are insufficient. Changes to the provided application often occur spontaneously with no notification to clients. Which of the following would BEST facilitate a decision to continue or discontinue services with this provider?
- Comparing the client organization’s risk appetite to the disaster recovery plan of the service provider.
- Comparing the client organization’s risk appetite to the criticality of the supplied application.
- Comparing the client organization’s risk appetite to the frequency of application downtimes.
- Comparing the client organization’s risk appetite to the vendor’s change control policy.
Which of the following would provide the MOST essential input for the development of an information security strategy?
- Measurement of security performance against IT goals
- Results of an information security gap analysis
- Availability of capable information security resources
- Results of a technology risk assessment
An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party’s contract programmers comply with the organization’s security policies?
- Require annual signed agreements of adherence to security policies.
- Include penalties for noncompliance in the contracting agreement.
- Perform periodic security assessments of the contractors’ activities.
- Conduct periodic vulnerability scans of the application.