CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 24)

Page 23 of 430
PDF with 1716 Questions

Which of the following situations would MOST inhibit the effective implementation of security governance?

  1. The complexity of technology
  2. Budgetary constraints
  3. Conflicting business priorities
  4. High-level sponsorship

Answer(s): D

Explanation:

The need for senior management involvement and support is a key success factor for the implementation of appropriate security governance. Complexity of technology, budgetary constraints and conflicting business priorities are realities that should be factored into the governance model of the organization, and should not be regarded as inhibitors.



What would be the MOST significant security risks when using wireless local area network (LAN) technology?

  1. Man-in-the-middle attack
  2. Spoofing of data packets
  3. Rogue access point
  4. Session hijacking

Answer(s): C

Explanation:

A rogue access point masquerades as a legitimate access point. The risk is that legitimate users may connect through this access point and have their traffic monitored. All other choices are not dependent on the use of a wireless local area network (LAN) technology.



To achieve effective strategic alignment of security initiatives, it is important that:

  1. Steering committee leadership be selected by rotation.
  2. Inputs be obtained and consensus achieved between the major organizational units.
  3. The business strategy be updated periodically.
  4. Procedures and standards be approved by all departmental heads.

Answer(s): B

Explanation:

It is important to achieve consensus on risks and controls, and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization. Rotation of steering committee leadership does not help in achieving strategic alignment. Updating business strategy does not lead to strategic alignment of security initiatives. Procedures and standards need not be approved by all departmental heads



When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?

  1. Business management
  2. Operations manager
  3. Information security manager
  4. System users

Answer(s): C

Explanation:

The escalation process in critical situations should involve the information security manager as the first contact so that appropriate escalation steps are invoked as necessary. Choices A, B and D would be notified accordingly.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts