admin
Share Isaca CISM exam questions and answers from Lead4Pass latest updated CISM dumps free of charge.
Get the latest uploaded CISM dumps pdf from google driver online. To get the full Isaca CISM dumps PDF or dumps
VCE visit: https://www.leads4pass.com/cism.html (Q&As: 1591). all Isaca CISM exam questions have been updated, the answer has been corrected! Make sure your exam questions are real and effective to help you pass your first exam!
[Isaca CISM Dumps pdf] Latest Isaca CISM Dumps PDF collected by Lead4pass Google Drive:
https://drive.google.com/file/d/11WDHWE5MCTjr-8-nrOSy39IkL4PNliQX/
Latest Update Isaca CISM Exam Questions and Answers Online Test
QUESTION 1
An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the
net effect will be to PRIMARILY reduce the:
A. threat.
B. loss.
C. vulnerability.
D. probability.
Correct Answer: C
Implementing more restrictive preventive controls mitigates vulnerabilities but not the threats. Losses and probability of
occurrence may not be primarily or directly affected.
QUESTION 2
A project manager is developing a developer portal and requests that the security manager assign a public IP address
so that it can be accessed by in-house staff and by external consultants outside the organization\\’s local area network
(LAN). What should the security manager do FIRST?
A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the
server
Correct Answer: A
The information security manager cannot make an informed decision about the request without first understanding the
business requirements of the developer portal. Performing a vulnerability assessment of developer portal and installing
an intrusion detection system (IDS) are best practices but are subsequent to understanding the requirements. Obtaining
a signed nondisclosure agreement will not take care of the risks inherent in the organization\\’s application.
QUESTION 3
An information security manager is developing a new information security strategy.
Which of the following functions would serve as the BEST resource to review the strategy and provide guidance for
business alignment?
A. Internal audit
B. The steering committee
C. The legal department
D. The board of directors
Correct Answer: B
QUESTION 4
An incident response team has determined there is a need to isolate a system that is communicating with a known
malicious host on the Internet.
Which of the following stakeholders should be contacted FIRST?
A. Executive management
B. System administrator
C. Key customers
D. The business owner
Correct Answer: B
QUESTION 5
Which of the following is the MOST important consideration when selecting members for an information security
steering committee?
A. Cross-functional composition
B. Information security expertise
C. Tenure in the organization
D. Business expertise
Correct Answer: A
QUESTION 6
The BEST defense against phishing attempts within an organization is: A. filtering of e-mail.
B. an intrusion protection system (IPS).
C. strengthening of firewall rules.
D. an intrusion detection system (IDS).
Correct Answer: A
QUESTION 7
Which of the following is MOST critical for an effective information security governance framework?
A. Board members are committed to the information security program.
B. Information security policies are reviewed on a regular basis.
C. The information security program is continually monitored.
D. The CIO is accountable for the information security program.
Correct Answer: A
QUESTION 8
Which of the following is the BEST way to identify the potential impact of a successful attack on an organization\\’s
mission critical applications?
A. Conduct penetration testing.
B. Execute regular vulnerability scans.
C. Perform independent code review.
D. Perform application vulnerability review.
Correct Answer: A
QUESTION 9
A border router should be placed on which of the following?
A. Web server
B. IDS server
C. Screened subnet
D. Domain boundary
Correct Answer: D
A border router should be placed on a (security) domain boundary. Placing it on a web server or screened subnet, which
is a demilitarized zone (DMZ) would not provide any protection. Border routers are positioned on the boundary of the
network, but do not reside on a server.
QUESTION 10
Which of the following is the BEST method to defend against social engineering attacks?
A. Periodically perform antivirus scans to identify malware.
B. Communicate guidelines to limit information posted to public sites.
C. Employ the use of a web-content filtering solution.
D. Monitor for unauthorized access attempts and failed logins.
Correct Answer: C
QUESTION 11
An emergency change was made to an IT system as a result of a failure. Which of the following should be of
GREATEST concern to the organization\\’s information security manager?
A. The change did not include a proper assessment of risk.
B. Documentation of the change was made after implementation.
C. The information security manager did not review the change prior to implementation.
D. The operations team implemented the change without regression testing.
Correct Answer: D
QUESTION 12
During an incident, which of the following entities would MOST likely be contacted directly by an organization\\’s incident
response team without management approval?
A. Industry regulators
B. Technology vendor
C. Law enforcement
D. Internal audit
Correct Answer: D
QUESTION 13
The PRIORITY action to be taken when a server is infected with a virus is to:
A. isolate the infected server(s) from the network.
B. identify all potential damage caused by the infection.
C. ensure that the virus database files are current.
D. establish security weaknesses in the firewall.
Correct Answer: A
The priority in this event is to minimize the effect of the virus infection and to prevent it from spreading by removing the
infected server(s) from the network. After the network is secured from further infection, the damage assessment can be
performed, the virus database updated and any weaknesses sought.
For the full Isaca CISM exam dumps from Lead4pass CISM Dumps pdf or Dumps VCE visit: https://www.leads4pass.com/cism.html (Q&As: 1591 dumps)
ps.
Get free Isaca CISM dumps PDF online: https://drive.google.com/file/d/11WDHWE5MCTjr-8-nrOSy39IkL4PNliQX/