Download Certified Information Security Manager.CISM.ActualTests.2018-11-17.385q.tqb

ProfExam Suite - Black Friday
Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Nov 17, 2018
File Size: 1 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Reviewing which of the following would BEST ensure that security controls are effective? 
  1. Risk assessment policies
  2. Return on security investment
  3. Security metrics
  4. User access rights
Correct answer: C
Explanation:
Reviewing security metrics provides senior management a snapshot view and trends of an organization's security posture. Choice A is incorrect because reviewing risk assessment policies would not ensure that the controls are actually working. Choice B is incorrect because reviewing returns on security investments provides business justifications in implementing controls, but does not measure effectiveness of the control itself. Choice D is incorrect because reviewing user access rights is a joint responsibility of the data custodian and the data owner, and does not measure control effectiveness.
Reviewing security metrics provides senior management a snapshot view and trends of an organization's security posture. Choice A is incorrect because reviewing risk assessment policies would not ensure that the controls are actually working. Choice B is incorrect because reviewing returns on security investments provides business justifications in implementing controls, but does not measure effectiveness of the control itself. Choice D is incorrect because reviewing user access rights is a joint responsibility of the data custodian and the data owner, and does not measure control effectiveness.
Question 2
Which of the following is responsible for legal and regulatory liability?
  1. Chief security officer (CSO)
  2. Chief legal counsel (CLC)
  3. Board and senior management
  4. Information security steering group
Correct answer: C
Explanation:
The board of directors and senior management are ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management are ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Question 3
While implementing information security governance an organization should FIRST:
  1. adopt security standards.
  2. determine security baselines.
  3. define the security strategy.
  4. establish security policies.
Correct answer: C
Explanation:
The first step in implementing information security governance is to define the security strategy based on which security baselines are determined. Adopting suitable security- standards, performing risk assessment and implementing security policy are steps that follow the definition of the security strategy.
The first step in implementing information security governance is to define the security strategy based on which security baselines are determined. Adopting suitable 
security- standards, performing risk assessment and implementing security policy are steps that follow the definition of the security strategy.
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!