[2022] New CISM exam dumps Use Updated ISACA Exam [Q745-Q762]

Share

[2022] New CISM exam dumps Use Updated ISACA Exam

Verified CISM Dumps Q&As - CISM Test Engine with Correct Answers


What Is CISM Certification All About?

Earning CISM, or Certified Information Security Manager, is a credible way to prove your capacity to handle various security programs. Through your expertise, this helps in building a strategic team that complies with the standards set by the company. And as a result of your management, this boosts business productivity for better outcomes and product retention. Furthermore, the certification allows you to transition into a coveted individual in the enterprise leadership scope.


2. Information Risk Management – 30%

This is the largest topic out of the whole exam content. The theoretical knowledge that you should have covers the following:

  • Knowledge of analysis methodologies and risk assessment;
  • Knowledge of threats, reliability, and current sources of information;
  • Knowledge of risk reporting requirements;

 

NEW QUESTION 745
What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

  • A. Calculate the total cost of ownership (TCO).
  • B. Conduct a feasibility study.
  • C. Define the issues to be addressed.
  • D. Perform a cost-benefit analysis.

Answer: B

 

NEW QUESTION 746
What is the BEST way to determine the level of risk associated with information assets processed by an IT application?

  • A. Evaluate the potential value of information for an attacker
  • B. Calculate the business value of the information assets
  • C. Review the cost of acquiring the information assets for the business
  • D. Research compliance requirements associated with the information

Answer: B

Explanation:
Section: INFORMATION RISK MANAGEMENT

 

NEW QUESTION 747
An information security manager wants to implement a security Information and event management (SIEM) system that will aggregate log data from all systems that control perimeter access. Which of the following would BEST support the business case for this initiative to senior management?

  • A. Metrics related to the number of systems to be consolidated
  • B. Independent evidence of SIEM system's ability to reduce risk
  • C. Industry examples of threats detected using a SIEM system
  • D. Alignment with industry best practices

Answer: C

 

NEW QUESTION 748
Which of the following would BEST ensure the success of information security governance within an organization?

  • A. Steering committees enforce compliance with laws and regulations
  • B. Security policy training provided to all managers
  • C. Security training available to all employees on the intranet
  • D. Steering committees approve security projects

Answer: D

Explanation:
Explanation
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.

 

NEW QUESTION 749
Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?

  • A. To provide support for security audit activities
  • B. To identify key controls within the organization
  • C. To communicate the effectiveness of the security program
  • D. To demonstrate alignment to the business strategy

Answer: C

 

NEW QUESTION 750
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GRF.ATEST weakness in recovery capability?

  • A. The time of declaration determines site access priority
  • B. The provider services all major companies in the area
  • C. Exclusive use of the hot site is limited to six weeks
  • D. The hot site may have to be shared with other customers

Answer: B

Explanation:
Sharing a hot site facility is sometimes necessary in the case of a major disaster. Also, first come, first served usually determines priority of access based on general industry practice. Access to a hot site is not indefinite; the recovery plan should address a long-term outage. In case of a disaster affecting a localized geographical area, the vendor's facility and capabilities could be insufficient for all of its clients, which will all be competing for the same resource. Preference will likely be given to the larger corporations, possibly delaying the recovery of a branch that will likely be smaller than other clients based locally.

 

NEW QUESTION 751
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:

  • A. security needs.
  • B. the responsibilities of organizational units.
  • C. organization wide metrics.
  • D. organizational risk.

Answer: D

Explanation:
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.

 

NEW QUESTION 752
When two different controls are available to mitigate a risk, an information security manager's recommendation should be based on the results of a:

  • A. countermeasure analysis
  • B. cost-benefit analysis
  • C. control evaluation
  • D. threat analysis.

Answer: B

 

NEW QUESTION 753
Which of the following is the BEST method to securely transfer a message?

  • A. Password-protected removable media
  • B. Facsimile transmission in a secured room
  • C. Steganography
  • D. Using public key infrastructure (PKI) encryption

Answer: D

Explanation:
Using public key infrastructure (PKI) is currently accepted as the most secure method to transmit e-mail messages. PKI assures confidentiality, integrity and nonrepudiation. The other choices are not methods that are as secure as PKI. Steganography involves hiding a message in an image.

 

NEW QUESTION 754
Which of the following is the MOST important element of an information security strategy?

  • A. Defined objectives
  • B. Time frames for delivery
  • C. Adoption of a control framework
  • D. Complete policies

Answer: A

Explanation:
Without defined objectives, a strategy-the plan to achieve objectives-cannot be developed. Time frames for delivery are important but not critical for inclusion in the strategy document. Similarly, the adoption of a control framework is not critical to having a successful information security strategy. Policies are developed subsequent to, and as a part of, implementing a strategy.

 

NEW QUESTION 755
An organization has detected potential risk emerging from noncompliance with new regulations in its industry.
Which of the following is the MOST important reason to report this situation to senior management?

  • A. The risk profile needs to be updated.
  • B. Specific monitoring controls need to be implemented.
  • C. A benchmark analysis needs to be performed.
  • D. An external review of the risk needs to be conducted.

Answer: D

 

NEW QUESTION 756
When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

  • A. Post-incident analysis results
  • B. The security awareness programs
  • C. Firewall logs
  • D. The risk management process

Answer: D

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE

 

NEW QUESTION 757
Shortly after installation, an intrusion detection system (IDS) reports a violation. Which of the following is the MOST likely explanation?

  • A. A routine IDS log file upload has occurred,
  • B. A routine IDS signature file download has occurred.
  • C. An intrusion has occurred-
  • D. The violation is a false positive.

Answer: D

 

NEW QUESTION 758
Which of the following is the GREATEST benefit of an information security architecture?

  • A. Closer integration with the incident response team function
  • B. Ease of integration between different security components
  • C. Alignment with industry best practices
  • D. Fewer false positives in the security incident and event management (SIEM)

Answer: B

 

NEW QUESTION 759
The MAIN advantage of implementing automated password synchronization is that it:

  • A. reduces overall administrative workload.
  • B. reduces the need for two-factor authentication.
  • C. allows passwords to be changed less frequently.
  • D. increases security between multi-tier systems.

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Automated password synchronization reduces the overall administrative workload of resetting passwords. It does not increase security between multi-tier systems, allow passwords to be changed less frequently or reduce the need for two-factor authentication.

 

NEW QUESTION 760
Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?

  • A. Multiple encryption algorithms
  • B. Certificate-based authentication of web server
  • C. Certificate-based authentication of web client
  • D. Data confidentiality between client and web server

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Web browsers have the capability of authenticating through client-based certificates; nevertheless, it is not commonly used. When using https, servers always authenticate with a certificate and, once the connection is established, confidentiality will be maintained between client and server. By default, web browsers and servers support multiple encryption algorithms and negotiate the best option upon connection.

 

NEW QUESTION 761
Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does il always introduce?

  • A. Clear text authentication
  • B. Man-in-the-middle attack
  • C. Remote buffer overflow
  • D. Cross site scripting

Answer: A

Explanation:
One of the main problems with using SNMP vl and v2 is the clear text "community string" that it uses to authenticate. It is easy to sniff and reuse. Most times, the SNMP community string is shared throughout the organization's servers and routers, making this authentication problem a serious threat to security. There have been some isolated cases of remote buffer overflows against SNMP daemons, but generally that is not a problem. Cross site scripting is a web application vulnerability that is not related to SNMP. A man-in- the-middlc attack against a user datagram protocol (UDP) makes no sense since there is no active session; every request has the community string and is answered independently.

 

NEW QUESTION 762
......


CISM (Certified Information Security Manager) is a certification intended for those professionals who are involved in the information security management. This certificate is issued by ISACA, and it will help you demonstrate your commitment to information security, identify critical issues within your company, enhance security programs, and bring you the credibility to support information security. This option can bring you the visibility you need.

 

Pass Your CISM Dumps as PDF Updated on 2022 With 1340 Questions: https://testking.vceengine.com/CISM-vce-test-engine.html