Certified Information Security Manager v1.0

Page:    1 / 38   
Exam contains 562 questions
Expand All

Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?

  • A. Decision on the classification of cloud-hosted data
  • B. Expertise of personnel providing incident response
  • C. Implementation of a SIEM in the organization
  • D. An agreement on the definition of a security incident


Answer : D

Which of the following is the BEST way for an organization to determine the maturity level of its information security program?

  • A. Review the results of information security awareness testing.
  • B. Validate the effectiveness of implemented security controls.
  • C. Benchmark the information security policy against industry standards.
  • D. Track the trending of information security incidents.


Answer : B

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

  • A. Increase the frequency of log monitoring and analysis.
  • B. Implement a security information and event management system (SIEM).
  • C. Increase the sensitivity of intrusion detection systems.
  • D. Implement multi-factor authentication.


Answer : D

When supporting an organizationג€™s privacy officer which of the following is the information security manager's PRIMARY role regarding privacy requirements?

  • A. Ensuring appropriate controls are in place
  • B. Monitoring the transfer of private data
  • C. Determining data classification
  • D. Conducting privacy awareness programs


Answer : A

The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?

  • A. The strategy does not include a cost-benefit analysis.
  • B. There was a lack of engagement with the business during development.
  • C. The strategy does not comply with security standards.
  • D. The CISO reports to the CIO.


Answer : B

An organization's CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?

  • A. The committee consists of too many senior executives.
  • B. The committee lacks sufficient business representation.
  • C. There is a conflict of interest between the business and IT.
  • D. The CIO is not taking charge of the committee.


Answer : B

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

  • A. To provide metrics to senior management
  • B. To evaluate how personnel react to the situation
  • C. To assess service level agreements (SLAs)
  • D. To estimate the recovery time objective (RTO)


Answer : B

Labeling information according to its security classification:

  • A. reduces the need to identify baseline controls for each classification.
  • B. reduces the number and type of countermeasures required.
  • C. enhances the likelihood of people handling information securely.
  • D. affects the consequences if information is handled insecurely.


Answer : C

Which of the following is the MOST effective approach for determining whether an organization's information security program supports the information security strategy?

  • A. Ensure resources meet information security program needs
  • B. Audit the information security program to identify deficiencies
  • C. Identify gaps impacting information security strategy
  • D. Develop key performance indicators (KPIs) of information security


Answer : D

When drafting the corporate privacy statement for a public web site, which of the following MUST be included?

  • A. Limited liability clause
  • B. Access control requirements
  • C. Explanation of information usage
  • D. Information encryption requirements


Answer : C

An organization is concerned with the potential for exploitation of vulnerabilities in its server systems. Which of the following is the BEST control to mitigate the associated risk?

  • A. Enforcing standard system configurations based on secure configuration benchmarks
  • B. Implementing network and system-based anomaly monitoring software for server systems
  • C. Enforcing configurations for secure logging and audit trails on server systems
  • D. Implementing host-based intrusion detection systems (IDS) on server systems


Answer : A

Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization?

  • A. Identify secure social networking sites
  • B. Establish disciplinary actions for noncompliance
  • C. Perform a vulnerability assessment
  • D. Define acceptable information for posting


Answer : D

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the
BEST way for the information security manager to help senior management understand the related risk?

  • A. Include the impact of the risk as part of regular metrics.
  • B. Send regular notifications directly to senior managers.
  • C. Recommend the security steering committee conduct a review.
  • D. Update the risk assessment at regular intervals.


Answer : A

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

  • A. Tabletop exercises
  • B. Forensics certification
  • C. Penetration tests
  • D. Disaster recovery drills


Answer : A

Which of the following BEST protects against phishing attacks?

  • A. Security strategy training
  • B. Email filtering
  • C. Network encryption
  • D. Application whitelisting


Answer : A

Page:    1 / 38   
Exam contains 562 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.