Last Updated on October 26, 2022 by InfraExam

CISM : Certified Information Security Manager : Part 80

  1. An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:

    • has been disclosed.
    • could be temporarily available.
    • may not be time-synchronized.
    • may be modified.
  2. Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?

    • The lack of a security information and event management (SIEM) system
    • The lack of automated communication channels
    • The lack of delegated authority
    • The lack of forensic investigation skills
  3. Which of the following is the MAIN objective of classifying a security incident as soon as it is discovered?

    • Engaging appropriate resources
    • Enabling appropriate incident investigation
    • Downgrading the impact of the incident
    • Preserving relevant evidence
  4. Which of the following is MOST important to help ensure an intrusion prevention system (IPS) can view all traffic in a demilitarized zone (DMZ)?

    • All internal traffic is routed to the IPS.
    • Connected devices can contact the IPS.
    • The IPS is placed outside of the firewall.
    • Traffic is decrypted before processing by the IPS.
  5. An organization’s ability to prevent a security incident in a Software as a Service (SaaS) cloud-computing environment is MOST dependent on the:

    • ability to implement a web application firewall.
    • ability to monitor and analyze system logs.
    • configuration and sensitivity of an intrusion detection system (IDS).
    • granularity with which access rights can be configured.
  6. Which of the following is the BEST method to protect against data exposure when a mobile device is stolen?

    • Remote wipe capability
    • Password protection
    • Insurance
    • Encryption
  7. Which of the following is MOST helpful in protecting against hacking attempts on the production network?

    • Intrusion prevention systems (IPSs)
    • Network penetration testing
    • Security information and event management (SIEM) tools
    • Decentralized honeypot networks
  8. An information security manager has discovered an external break-in to the corporate network. Which of the following actions should be taken FIRST?

    • Switch on trace logging.
    • Copy event logs to a different server.
    • Isolate the affected portion of the network.
    • Shut down the network.
  9. Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

    • Technical capabilities of the provider
    • Existence of the provider’s incident response plan
    • Results of the provider’s business continuity tests
    • Existence of a right-to-audit clause
  10. An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager’s FIRST response?

    • Notify the regulatory agency of the incident
    • Evaluate the impact to the business.
    • Implement mitigating controls
    • Examine firewall logs to identify the attacker.