CIMS Pre-Assessment Examination D Questions

CIMS Pre-Assessment Examination D Questions Certified Information System Manager QUESTION 1 When performing an information risk analysis, an information security manager should FIRST: A. establish the ownership of assets. B. evaluate the risks to the assets. C. take an asset inventory. D. categorize the assets. QUESTION 2 The PRIMARY benefit of performing an information asset classification is to: A. link security requirements to business objectives. B. identify controls commensurate to risk. C. define access rights. D. establish ownership. QUESTION 3 Which of the following is MOST essential for a risk management program to be effective? A. Flexible security budget B. Sound risk baseline C. New risks detection D. Accurate risk reporting QUESTION 4 Which of the following attacks is BEST mitigated by utilizing strong passwords? A. Man-in-the-middle attack B. Brute force attack C. Remote buffer overflow D. Root kit QUESTION 5 Phishing is BEST mitigated by which of the following? A. Security monitoring software B. Encryption C. Two-factor authentication D. User awareness QUESTION 6 The security responsibility of data custodians in an organization will include: A. assuming overall protection of information assets. B. determining data classification levels. C. implementing security controls in products they install. D. ensuring security measures are consistent with policy. QUESTION 7 A security risk assessment exercise should be repeated at regular intervals because: A. business threats are constantly changing. B. omissions in earlier assessments can be addressed. C. repetitive assessments allow various methodologies. D. they help raise awareness on security in the business. QUESTION 8 Which of the following steps in conducting a risk assessment should be performed FIRST