CISM Practice Questions

A.  

Reviewing policies and procedures

B.  

Performing a risk assessment

C.  

Interviewing business managers and employees

D.  

Performing a business impact analysis (BIA)

A.  

major business processes have been redesigned.

B.  

the business continuity plan (BCP) has been updated.

C.  

the security risk profile has been reviewed

D.  

noncompliance incidents have been filed.

A.  

Wipe the affected system.

B.  

Notify internal legal counsel.

C.  

Notify senior management.

D.  

Isolate the impacted endpoints.

A.  

Senior management supports funding for ongoing awareness training.

B.  

Employees from each department have completed the required training.

C.  

There has been an increase in the number of phishing attempts reported.

D.  

There have been no reported successful phishing attempts since the training started.

A.  

Perform frequent backups and store them offline.

B.  

Purchase or renew cyber insurance policies.

C.  

Include provisions to pay ransoms ih the information security budget.

D.  

Monitor the network and provide alerts on intrusions.

A.  

Multi-factor authentication

B.  

Digital encryption

C.  

Data masking

D.  

Digital signatures

A.  

Balancing the benefits of information sharing with the drawbacks of sharing sensitive information

B.  

Reducing the costs associated with information sharing by automating the process

C.  

Ensuring information is detailed enough to be of use to other organizations

D.  

Notifying the legal department whenever incident-related information is shared

A.  

Assigning data classifications to organizational assets

B.  

Developing organizational risk assessment processes

C.  

Obtaining multiple perspectives from the business

D.  

Defining security standards for logical access controls

A.  

Regular audits of access controls

B.  

Strong background checks when hiring staff

C.  

Prompt termination procedures

D.  

Role-based access control (RBAC)

A.  

Business impact analysis (BIA) results

B.  

Vulnerability assessment results

C.  

The business continuity plan (BCP)

D.  

Recommendations from senior management

A.  

EradicationB Recovery

B.  

Lessons learned review

C.  

Incident declaration

A.  

Update the vendor risk assessment.

B.  

Engage legal counsel.

C.  

Renegotiate the vendor contract.

D.  

Terminate the relationship with the vendor.

A.  

Recovery

B.  

Identification

C.  

Containment

D.  

Preparation

A.  

Enhanced security monitoring and reporting

B.  

Reduced control complexity

C.  

Enhanced threat detection capability

D.  

Reduction of organizational risk

A.  

Security budget

B.  

Risk register

C.  

Risk score

D.  

Laws and regulations

A.  

Business impact analysis (BIA)

B.  

Annual risk assessments

C.  

Regular penetration testing

D.  

Continuous monitoring

A.  

Information security training is mandatory for all staff.

B.  

The organization's information security policy is documented and communicated.

C.  

The chief information security officer (CISO) regularly interacts with the board.

D.  

Staff consistently consider risk in making decisions.

A.  

file system overload arising from distributed denial of service (DDoS) attacks.

B.  

system downtime for scheduled security maintenance.

C.  

application failures arising from insufficient hardware resources.

D.  

software failures arising from exploitation of buffer capacity vulnerabilities.

A.  

Incorporating lessons learned

B.  

Implementing an IT resilience solution

C.  

Implementing management reviews

D.  

Documenting critical business processes

A.  

Documentation of control procedures

B.  

Standardization of compliance requirements

C.  

Automation of controls

D.  

Integration of assurance efforts