CIMS Pre-Assessment Examination C

CIMS Pre-Assessment Examination C Certified Information System Manager QUESTION 1 Exam C Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise? A. Strategic business plan B. Upcoming financial results Correct Answer: D C. Customer personal information D. Previous financial results QUESTION 2 The PRIMARY purpose of using risk analysis within a security program is to: A. justify the security expenditure. B. help businesses prioritize the assets to be protected. C. inform executive management of residual risk value. D. assess exposures and plan remediation. Correct Answer: D QUESTION 3 Which of the following is the PRIMARY prerequisite to implementing data classification within an organization? A. Defining job roles B. Performing a risk assessment Correct Answer: C C. Identifying data owners D. Establishing data retention policies QUESTION 4 An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to: A. mitigate the impact by purchasing insurance. B. implement a circuit-level firewall to protect the network. C. increase the resiliency of security measures in place. D. implement a real-time intrusion detection system. Correct Answer: A QUESTION 5 What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system? A. Business impact analyses B. Security gap analyses Correct Answer: B C. System performance metrics D. Incident response processes QUESTION 6 A common concern with poorly written web applications is that they can allow an attacker to: A. gain control through a buffer overflow. B. conduct a distributed denial of service (DoS) attack. C. abuse a race condition. D. inject structured query language (SQL) statements. Correct Answer: D Page | 2 Certified Information System Manager Pre-Assessment Examination C QUESTION 7 Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk? A. Historical cost of the asset B. Acceptable level of potential business impacts C. Cost versus benefit of additional mitigating controls D. Annualized loss expectancy (ALE) Correct Answer: C QUESTION 8 A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager