Download Certified Information Security Manager.CISM.SelfTestEngine.2018-09-05.426q.tqb

Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Sep 05, 2018
File Size: 2 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Purchase
Coupon: EXAM_HUB

Discount: 20%

Demo Questions

Question 1
Risk assessment is MOST effective when performed:
  1. at the beginning of security program development.
  2. on a continuous basis.
  3. while developing the business case for the security program.
  4. during the business change process.
Correct answer: B
Explanation:
Risk assessment needs to be performed on a continuous basis because of organizational and technical changes. Risk assessment must take into account all significant changes in order to be effective.
Risk assessment needs to be performed on a continuous basis because of organizational and technical changes. Risk assessment must take into account all significant changes in order to be effective.
Question 2
Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?
  1. Justification of the security budget must be continually made.
  2. New vulnerabilities are discovered every day.
  3. The risk environment is constantly changing.
  4. Management needs to be continually informed about emerging risks.
Correct answer: C
Explanation:
The risk environment is impacted by factors such as changes in technology, and business strategy. These changes introduce new threats and vulnerabilities to the organization. As a result, risk assessment should be performed continuously. Justification of a budget should never be the main reason for performing a risk assessment. New vulnerabilities should be managed through a patch management process. Informing management about emerging risks is important, but is not the main driver for determining when a risk assessment should be performed.
The risk environment is impacted by factors such as changes in technology, and business strategy. These changes introduce new threats and vulnerabilities to the organization. As a result, risk assessment should be performed continuously. Justification of a budget should never be the main reason for performing a risk assessment. New vulnerabilities should be managed through a patch management process. Informing management about emerging risks is important, but is not the main driver for determining when a risk assessment should be performed.
Question 3
There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. 
Which of the following should be carried out FIRST to mitigate the risk during this time period?
  1. Identify the vulnerable systems and apply compensating controls
  2. Minimize the use of vulnerable systems
  3. Communicate the vulnerability to system users
  4. Update the signatures database of the intrusion detection system (IDS)
Correct answer: A
Explanation:
The best protection is to identify the vulnerable systems and apply compensating controls until a patch is installed. Minimizing the use of vulnerable systems and communicating the vulnerability to system users could be compensating controls but would not be the first course of action. Choice D does not make clear the timing of when the intrusion detection system (IDS) signature list would be updated to accommodate the vulnerabilities that are not yet publicly known. Therefore, this approach should not always be considered as the first option.
The best protection is to identify the vulnerable systems and apply compensating controls until a patch is installed. Minimizing the use of vulnerable systems and communicating the vulnerability to system users could be compensating controls but would not be the first course of action. Choice D does not make clear the timing of when the intrusion detection system (IDS) signature list would be updated to accommodate the vulnerabilities that are not yet publicly known. Therefore, this approach should not always be considered as the first option.
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!