CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 30)

Page 29 of 430
PDF with 1716 Questions

Which of the following is MOST important to understand when developing a meaningful information security strategy?

  1. Regulatory environment
  2. International security standards
  3. Organizational risks
  4. Organizational goals

Answer(s): D

Explanation:

Alignment of security with business objectives requires an understanding of what an organization is trying to accomplish. The other choices are all elements that must be considered, but their importance is secondary and will vary depending on organizational goals.



Which of the following is the BEST advantage of a centralized information security organizational structure?

  1. It allows for a common level of assurance across the enterprise.
  2. It is easier to manage and control business unit security teams.
  3. It is more responsive to business unit needs.
  4. It provides a faster turnaround for security waiver requests.

Answer(s): B

Explanation:

It is easier to manage and control a centralized structure. Promoting security awareness is an advantage of decentralization. Decentralization allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. Decentralized operations allow security administrators to be more responsive. Being close to the business allows decentralized security administrators to achieve a faster turnaround than that achieved in a centralized operation.



Which of the following would help to change an organization's security culture?

  1. Develop procedures to enforce the information security policy
  2. Obtain strong management support
  3. Implement strict technical security controls
  4. Periodically audit compliance with the information security policy

Answer(s): B

Explanation:

Management support and pressure will help to change an organization's culture. Procedures will support an information security policy, but cannot change the culture of the organization. Technical controls will provide more security to an information system and staff; however, this does not mean the culture will be changed. Auditing will help to ensure the effectiveness of the information security policy; however, auditing is not effective in changing the culture of the company.



The BEST way to justify the implementation of a single sign-on (SSO) product is to use:

  1. return on investment (ROD.
  2. a vulnerability assessment.
  3. annual loss expectancy (ALE).
  4. a business case.

Answer(s): D

Explanation:

A business case shows both direct and indirect benefits, along with the investment required and the expected returns, thus making it useful to present to senior management. Return on investment (ROD would only provide the costs needed to preclude specific risks, and would not provide other indirect benefits such as process improvement and learning. A vulnerability assessment is more technical in nature and would only identify and assess the vulnerabilities. This would also not provide insights on indirect benefits. Annual loss expectancy (ALE) would not weigh the advantages of implementing single sign-on (SSO) in comparison to the cost of implementation.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts