Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CISM

ISACA CISM Exam Practice Questions (P. 5)

  • Full Access (1250 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
An organization is concerned with the potential for exploitation of vulnerabilities in its server systems. Which of the following is the BEST control to mitigate the associated risk?
  1. A
    Enforcing standard system configurations based on secure configuration benchmarks
  2. B
    Implementing network and system-based anomaly monitoring software for server systems
  3. C
    Enforcing configurations for secure logging and audit trails on server systems
  4. D
    Implementing host-based intrusion detection systems (IDS) on server systems

Correct Answer:
A

Question #42
Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization?
  1. A
    Identify secure social networking sites
  2. B
    Establish disciplinary actions for noncompliance
  3. C
    Perform a vulnerability assessment
  4. D
    Define acceptable information for posting

Correct Answer:
D

Question #43
Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the
BEST way for the information security manager to help senior management understand the related risk?
  1. A
    Include the impact of the risk as part of regular metrics.
  2. B
    Send regular notifications directly to senior managers.
  3. C
    Recommend the security steering committee conduct a review.
  4. D
    Update the risk assessment at regular intervals.

Correct Answer:
A

Question #44
Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
  1. A
    Tabletop exercises
  2. B
    Forensics certification
  3. C
    Penetration tests
  4. D
    Disaster recovery drills

Correct Answer:
A

Question #45
Which of the following BEST protects against phishing attacks?
  1. A
    Security strategy training
  2. B
    Email filtering
  3. C
    Network encryption
  4. D
    Application whitelisting

Correct Answer:
A

Question #46
Which of the following is the MOST effective method of preventing deliberate internal security breaches?
  1. A
    Well-designed intrusion detection system (IDS)
  2. B
    Biometric security access control
  3. C
    Well-designed firewall system
  4. D
    Screening prospective employees

Correct Answer:
D

Question #47
When designing security controls, it is MOST important to:
  1. A
    focus on preventive controls.
  2. B
    apply controls to confidential information.
  3. C
    evaluate the costs associated with the controls.
  4. D
    apply a risk-based approach.

Correct Answer:
C

Question #48
An information security team plans to increase password complexity requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager's BEST course of action?
  1. A
    Evaluate business compensating controls.
  2. B
    Quantify the security risk to the business.
  3. C
    Assess business impact against security risk.
  4. D
    Conduct industry benchmarking.

Correct Answer:
A

Question #49
Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
  1. A
    Review and update existing security policies.
  2. B
    Enforce passwords and data encryption on the devices.
  3. C
    Conduct security awareness training.
  4. D
    Require remote wipe capabilities for devices.

Correct Answer:
A

Question #50
Which of the following would be MOST useful to help senior management understand the status of information security compliance?
  1. A
    Key performance indicators (KPIs)
  2. B
    Risk assessment results
  3. C
    Industry benchmarks
  4. D
    Business impact analysis (BIA) results

Correct Answer:
A

Previous Questions Next Questions

All Pages