ISACA New 2022 CISM Sample Questions Reliable CISM Test Engine
Feel ISACA CISM Dumps PDF Will likely be The best Option
2. Information Risk Management – 30%
This is the largest topic out of the whole exam content. The theoretical knowledge that you should have covers the following:
- Knowledge of gap analysis related to information security.
- Knowledge of threats, reliability, and current sources of information;
- Knowledge of analysis methodologies and risk assessment;
- Knowledge of risk reporting requirements;
- Knowledge of the changes to information security program elements and events that may require risk reassessments;
NEW QUESTION 106
Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?
- A. Connect through an IPSec VPN
- B. Use https with a server-side certificate
- C. Use security tokens for authentication
- D. Enforce static media access control (MAC) addresses
Answer: A
Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation
Explanation:
IPSec effectively prevents man-in-the-middle (MitM) attacks by including source and destination IPs within the encrypted portion of the packet. The protocol is resilient to MitM attacks. Using token-based authentication does not prevent a MitM attack; however, it may help eliminate reusability of stolen cleartext credentials. An https session can be intercepted through Domain Name Server (DNS) or Address Resolution Protocol (ARP) poisoning. ARP poisoning - a specific kind of MitM attack - may be prevented by setting static media access control (MAC) addresses. Nevertheless, DNS and NetBIOS resolution can still be attacked to deviate traffic.
NEW QUESTION 107
After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?
- A. IT audit manager
- B. Business manager
- C. Senior management
- D. Information security officer (ISO)
Answer: B
Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
The business manager will be in the best position, based on the risk assessment and mitigation proposals. to decide which controls should/could be implemented, in line with the business strategy and with budget. Senior management will have to ensure that the business manager has a clear understanding of the risk assessed but in no case will be in a position to decide on specific controls. The IT audit manager will take part in the process to identify threats and vulnerabilities, and to make recommendations for mitigations. The information security officer (ISO) could make some decisions regarding implementation of controls. However, the business manager will have a broader business view and full control over the budget and, therefore, will be in a better position to make strategic decisions.
NEW QUESTION 108
What is the PRIMARY objective of a post-event review in incident response?
- A. Ensure the incident is fully documented
- B. Adjust budget provisioning
- C. Improve the response process
- D. Preserve forensic data
Answer: C
Explanation:
Explanation
The primary objective is to find any weakness in the current process and improve it. The other choices are all secondary.
NEW QUESTION 109
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
- A. Agreeing on baseline values for the metrics
- B. Developing a dashboard for communicating the metrics
- C. Providing real-time insight on the security posture of the organization
- D. Benchmarking the expected value of the metrics against industry standards
Answer: A
Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
NEW QUESTION 110
Which of the following is BEST performed by the security department?
- A. Provisioning users to access the operating system
- B. Managing user profiles for accessing the operating system
- C. Approving standards for accessing the operating system
- D. Logging unauthorized access to the operating system
Answer: C
NEW QUESTION 111
A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?
- A. Add mitigating controls.
- B. Take the server off-line and install the patch.
- C. Check the server s security and install the patch.
- D. Conduct an impact analysis.
Answer: D
NEW QUESTION 112
When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
- A. Risk assessments must be conducted by certified staff.
- B. The methodology must be approved by the chief executive officer.
- C. Risk assessments must be reviewed annually.
- D. The methodology used must be consistent across the organization.
Answer: D
NEW QUESTION 113
Which of the following is the PRIMARY purpose of establishing an information security governance framework?
- A. To reduce security audit issues
- B. To proactively address security objectives
- C. To minimize security risks
- D. To enhance business continuity planning
Answer: B
NEW QUESTION 114
The PRIMARY goal of a post-incident review should be to:
- A. identify policy changes to prevent a recurrence.
- B. determine why the incident occurred.
- C. establish the cost of the incident to the business.
- D. determine how to improve the incident handling process.
Answer: A
Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
NEW QUESTION 115
Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
- A. Notify affected stakeholders
- B. Determine impact
- C. Isolate the incident
- D. Confirm the incident
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Before performing analysis of impact, resolution, notification or isolation of an incident, ii must be validated as a real security incident.
NEW QUESTION 116
Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?
- A. Implementation
- B. Feasibility
- C. Application security testing
- D. Design
Answer: B
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Information security should be considered at the earliest possible stage. Security requirements must be defined before you enter into design specification, although changes in design may alter these requirements later on. Security requirements defined during system implementation are typically costly add-ons that are frequently ineffective. Application security testing occurs after security has been implemented.
NEW QUESTION 117
Which of the following is the MOST important component of information security governance?
- A. Appropriate information security metrics
- B. Comprehensive information security awareness program
- C. Approved Information security strategy
- D. Documented information security policies
Answer: A
Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation
NEW QUESTION 118
Attackers who exploit cross-site scripting vulnerabilities take advantage of:
- A. weak authentication controls in the web application layer.
- B. implicit web application trust relationships.
- C. a lack of proper input validation controls.
- D. flawed cryptographic secure sockets layer (SSL) implementations and short key lengths.
Answer: C
Explanation:
Cross-site scripting attacks inject malformed input. Attackers who exploit weak application authentication controls can gain unauthorized access to applications and this has little to do with cross-site scripting vulnerabilities. Attackers who exploit flawed cryptographic secure sockets layer (SSI.) implementations and short key lengths can sniff network traffic and crack keys to gain unauthorized access to information. This has little to do with cross-site scripting vulnerabilities. Web application trust relationships do not relate directly to the attack.
NEW QUESTION 119
When outsourcing data to a cloud service provider, which of the following should be the information security manager's MOST important consideration?
- A. Data stored at the cloud service provider is not co-mingled.
- B. Access authorization includes biometric security verification.
- C. Roles and responsibilities have been defined for the subscriber organization.
- D. Cloud servers are located in the same country as the organization.
Answer: A
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
NEW QUESTION 120
Which of the following actions should be taken when an online trading company discovers a network attack in progress?
- A. Dump all event logs to removable media
- B. Isolate the affected network segment
- C. Enable trace logging on all event
- D. Shut off all network access points
Answer: B
Explanation:
Explanation
Isolating the affected network segment will mitigate the immediate threat while allowing unaffected portions of the business to continue processing. Shutting off all network access points would create a denial of service that could result in loss of revenue. Dumping event logs and enabling trace logging, while perhaps useful, would not mitigate the immediate threat posed by the network attack.
NEW QUESTION 121
......
What Are the Primary Sections Featured in the Isaca CISM Exam?
Adding this certification into your profile verifies that you have a broad set of skills that you can apply for solving different issues in the workplace. And these are covered in the domains of the the CISM exam. Let's go into these one by one.
- Information security governance
Information security governance, in general, is the way you utilize and lead the company's methodology to security. Proper handling of this crucial aspect greatly affects the core security activities of the business. In addition, it allows a smooth-sailing flow of security details within the organization. Aside from aligning the security with the key objectives, it's also significant to have a profound comprehension of the structural processes, security roles, and control frameworks.
- Information security incident management
Now, we're down to the last part of the exam and that is IS incident management. This domain requires candidates to know critical information about incident management as a whole. From there, it underscores one's skills in dealing with incident metrics, indicators, response methodologies, response plans, and management resources. Other areas that need your attention are business continuity, disaster recovery procedures, and post-incident activities. Being able to expound on the present situation of incident response is substantial too.
- Information risk management
CISM ensures that you get the right skills essential for risk management. Mastering the tools and techniques related to this particular process helps you easily distinguish, evaluate, and control possible threats that may affect the business' operations and financial flow. Another thing that makes this area more challenging is the extensive sources of threats, which may include management errors, legal liabilities, and even natural disasters. As a result, it's important to know the entire risk management frameworks, along with related functionalities such as security control selection, risk visibility, reporting, and actions.
- Information security program development and management
For the third section, it's all about program development and administration. At this point, one becomes more competent in the scope of an information security program as well as the entire management framework. Additionally, there will be a comprehensive elaboration of the list of operational and administrative activities, together with typical program challenges, controls, and countermeasures. The general security infrastructure and architecture are also vital topics.
Use Valid New CISM Test Notes & CISM Valid Exam Guide: https://examcollection.dumpsvalid.com/CISM-brain-dumps.html