Free Isaca CISM Exam Dumps and CISM Exam Questions

Question No: 11

MultipleChoice

Which of the following metrics BEST measures the effectiveness of an organization's information security program?

Options

AIncrease in risk assessments completed

BReduction in information security incidents

CReturn on information security investment

DNumber of information security business cases developed

Question No: 12

MultipleChoice

In a call center, the BEST reason to conduct a social engineering exercise is to:

Options

Again funding (or information security initiatives.

Bminimize the likelihood of successful attacks.

Cimprove password policy.

Didentify candidates for additional security training.

Question No: 13

MultipleChoice

An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRS'F?ter defense? the security policy framework encompasses the new business model is to:

Options

Aperform a gap analysis.

Bmerge both companies' policies.

Cperform a vulnerability assessment.

Dimplement both companies' policies separately.

Question No: 14

MultipleChoice

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

Options

AA simulated denial of service (DoS) attack against the firewall

BA validation of the current firewall rule set

CA port scan of the firewall from an internal source

DA ping test from an external source

Question No: 15

MultipleChoice

Which of the following is the MOST Important outcome of a post-Incident review?

Options

AThe person responsible for the incident Is identified.

BThe root cause of the Incident Is determined.

CThe system affected by the Incident is restored to its prior state.

DThe impact of the incident is reported to senior management.

Question No: 16

MultipleChoice

The PRIMARY goal of information security governance is to:

Options

Areduce risk to an acceptable level.

Bestablish a security strategy.

Calign with business objectives.

Dalign with business processes.

Question No: 17

MultipleChoice

Which of the following is the GREATEST benefit of integrating information security governance into corporate governance?

Options

AAdditional qualified information security professionals can be hired.

BExternal cyber threats to the organization are identified more quickly.

CSenior management commitment to information security is strengthened.

DInformation security projects are managed more efficiently.

Question No: 18

MultipleChoice

After an Information security incident has been detected and its priority established, which of the following should be the NEXT course of action?

Options

AGathering evidence

BPerforming a risk assessment

CEradicating the incident

DContaining the incident

Question No: 19

MultipleChoice

Which of the following is MOST effective in reducing the financial I

Options

AAn incident response plan

BBackup and recovery strategy

CA business continuity plan (BCP)

DA data loss prevention (DLP) solution

Question No: 20

MultipleChoice

Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when Information security management is:

Options

Aoutside of information technology.

Bpartially staffed by external security consultants.

Ccombined with the change management function.

Dreporting to the network Infrastructure manager.

Free Isaca CISM Exam Dumps - Page 2