Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 63)

Page 63 of 430
PDF with 1716 Questions

Which of the following is the BEST method to ensure compliance with password standards?

  1. Implementing password-synchronization software
  2. A user-awareness program
  3. Automated enforcement of password syntax rules
  4. Using password-cracking software

Answer(s): C



An organization has contracted with a third-party e-commerce provider. Which of the following is MOST
important for the information security manager to examine during the subsequent compliance review period?

  1. Changes to the provider's controls and infrastructure
  2. Financial provisions and maintenance expenses
  3. Adherence to the service level agreement
  4. Right-to-audit provisions in the contract

Answer(s): A



Which of the following steps in conducting a risk assessment should be performed FIRST?

  1. Identity business assets
  2. Identify business risks
  3. Assess vulnerabilities
  4. Evaluate key controls

Answer(s): A

Explanation:

Risk assessment first requires one to identify the business assets that need to be protected before identifying the threats. The next step is to establish whether those threats represent business risk by identifying the likelihood and effect of occurrence, followed by assessing the vulnerabilities that may affect the security of the asset. This process establishes the control objectives against which key controls can be evaluated.



The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:

  1. periodically testing the incident response plans.
  2. regularly testing the intrusion detection system (IDS).
  3. establishing mandatory training of all personnel.
  4. periodically reviewing incident response procedures.

Answer(s): A

Explanation:

Security incident response plans should be tested to find any deficiencies and improve existing processes. Testing the intrusion detection system (IDS) is a good practice but would not have prevented this situation. All personnel need to go through formal training to ensure that they understand the process, tools and methodology involved in handling security incidents. However, testing of the actual plans is more effective in ensuring the process works as intended. Reviewing the response procedures is not enough; the security response plan needs to be tested on a regular basis.






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts