Download Certified Information Security Manager.CISM.Train4Sure.2020-01-17.691q.vcex

Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Jan 17, 2020
File Size: 624 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Purchase
Coupon: EXAM_HUB

Discount: 20%

Demo Questions

Question 1
The MOST appropriate role for senior management in supporting information security is the:
  1. evaluation of vendors offering security products.
  2. assessment of risks to the organization.
  3. approval of policy statements and funding.
  4. monitoring adherence to regulatory requirements.
Correct answer: C
Explanation:
Since the members of senior management are ultimately responsible for information security, they are the ultimate decision makers in terms of governance and direction. They are responsible for approval of major policy statements and requests to fund the information security practice. Evaluation of vendors, assessment of risks and monitoring compliance with regulatory requirements are day-to-day responsibilities of the information security manager; in some organizations, business management is involved in these other activities, though their primary role is direction and governance.
Since the members of senior management are ultimately responsible for information security, they are the ultimate decision makers in terms of governance and direction. They are responsible for approval of major policy statements and requests to fund the information security practice. Evaluation of vendors, assessment of risks and monitoring compliance with regulatory requirements are day-to-day responsibilities of the information security manager; in some organizations, business management is involved in these other activities, though their primary role is direction and governance.
Question 2
Which of the following would BEST ensure the success of information security governance within an organization?
  1. Steering committees approve security projects
  2. Security policy training provided to all managers
  3. Security training available to all employees on the intranet
  4. Steering committees enforce compliance with laws and regulations
Correct answer: A
Explanation:
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.
Question 3
Which of the following represents the MAJOR focus of privacy regulations?
  1. Unrestricted data mining
  2. Identity theft
  3. Human rights protection D.
  4. Identifiable personal data
Correct answer: D
Explanation:
Protection of identifiable personal data is the major focus of recent privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Data mining is an accepted tool for ad hoc reporting; it could pose a threat to privacy only if it violates regulator)' provisions. Identity theft is a potential consequence of privacy violations but not the main focus of many regulations. Human rights addresses privacy issues but is not the main focus of regulations.
Protection of identifiable personal data is the major focus of recent privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Data mining is an accepted tool for ad hoc reporting; it could pose a threat to privacy only if it violates regulator)' provisions. Identity theft is a potential consequence of privacy violations but not the main focus of many regulations. Human rights addresses privacy issues but is not the main focus of regulations.
Question 4
Retention of business records should PRIMARILY be based on:
  1. business strategy and direction.
  2. regulatory and legal requirements.
  3. storage capacity and longevity.
  4. business ease and value analysis.
Correct answer: B
Explanation:
Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.
Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.
Question 5
Which of the following is characteristic of centralized information security management?
  1. More expensive to administer
  2. Better adherence to policies
  3. More aligned with business unit needs
  4. Faster turnaround of requests
Correct answer: B
Explanation:
Centralization of information security management results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economics of scale. However, turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economics of scale. However, turnaround can be slower due to the lack of alignment with business units.
Question 6
Successful implementation of information security governance will FIRST require:
  1. security awareness training.
  2. updated security policies.
  3. a computer incident management team.
  4. a security architecture.
Correct answer: B
Explanation:
Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
Question 7
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?
  1. Information security manager
  2. Chief operating officer (COO)
  3. Internal auditor
  4. Legal counsel
Correct answer: B
Explanation:
The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.
The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.
Question 8
The MOST important component of a privacy policy is:
  1. notifications.
  2. warranties.
  3. liabilities.
  4. geographic coverage.
Correct answer: A
Explanation:
Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.
Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.
Question 9
The cost of implementing a security control should not exceed the:
  1. annualized loss expectancy.
  2. cost of an incident.
  3. asset value.
  4. implementation opportunity costs.
Correct answer: C
Explanation:
The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses drat are expected to happen during a single calendar year. A security mechanism may cost more than this amount (or the cost of a single incident) and still be considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an item or the making of a business decision.
The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses drat are expected to happen during a single calendar year. A security mechanism may cost more than this amount (or the cost of a single incident) and still be considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an item or the making of a business decision.
Question 10
Minimum standards for securing the technical infrastructure should be defined in a security:
  1. strategy.
  2. guidelines.
  3. model.
  4. architecture.
Correct answer: D
Explanation:
Minimum standards for securing the technical infrastructure should be defined in a security architecture document. This document defines how components are secured and the security services that should be in place. A strategy is a broad, high-level document. A guideline is advisory in nature, while a security model shows the relationships between components.
Minimum standards for securing the technical infrastructure should be defined in a security architecture document. This document defines how components are secured and the security services that should be in place. A strategy is a broad, high-level document. A guideline is advisory in nature, while a security model shows the relationships between components.
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!