CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 11)

Page 10 of 430
PDF with 1716 Questions

Which of the following is the MOST important factor when designing information security architecture?

  1. Technical platform interfaces
  2. Scalability of the network
  3. Development methodologies
  4. Stakeholder requirements

Answer(s): D

Explanation:

The most important factor for information security is that it advances the interests of the business, as defined by stakeholder requirements. Interoperability and scalability, as well as development methodologies, are all important but are without merit if a technologically-elegant solution is achieved that does not meet the needs of the business.



Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?

  1. Knowledge of information technology platforms, networks and development methodologies
  2. Ability to understand and map organizational needs to security technologies
  3. Knowledge of the regulatory environment and project management techniques
  4. Ability to manage a diverse group of individuals and resources across an organization

Answer(s): B

Explanation:

Information security will be properly aligned with the goals of the business only with the ability to understand and map organizational needs to enable security technologies. All of the other choices are important but secondary to meeting business security needs.



Which of the following are likely to be updated MOST frequently?

  1. Procedures for hardening database servers
  2. Standards for password length and complexity
  3. Policies addressing information security governance
  4. Standards for document retention and destruction

Answer(s): A

Explanation:

Policies and standards should generally be more static and less subject to frequent change. Procedures on the other hand, especially with regard to the hardening of operating systems, will be subject to constant change; as operating systems change and evolve, the procedures for hardening will have to keep pace.



Who should be responsible for enforcing access rights to application data?

  1. Data owners
  2. Business process owners
  3. The security steering committee
  4. Security administrators

Answer(s): D

Explanation:

As custodians, security administrators are responsible for enforcing access rights to data. Data owners are responsible for approving these access rights. Business process owners are sometimes the data owners as well, and would not be responsible for enforcement. The security steering committee would not be responsible for enforcement.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts