CIMS Pre-Assessment Examination B

CIMS Pre-Assessment Examination B Questions Certified Information System Manager QUESTION 1 Who is responsible for ensuring that information is categorized and that specific protective measures are taken? A. The security officer B. Senior management C. The end user D. The custodian QUESTION 2 An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next? A. Direct information security on what they need to do B. Research solutions to determine the proper solutions C. Require management to report on compliance D. Nothing; information security does not report to the board QUESTION 3 The effectiveness of the information security process is reduced when an outsourcing organization: A. is responsible for information security governance activities B. receives additional revenue when security service levels are met C. incurs penalties for failure to meet security service-level agreements D. standardizes on a single access-control software product QUESTION 4 What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement? A. Perform a gap analysis B. Complete a control assessment C. Submit a business case to support compliance D. Update the risk register QUESTION 5 Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST? A. Create a security exception B. Perform a vulnerability assessment C. Perform a gap analysis to determine needed resources D. Assess the risk to business operations QUESTION 6 Which of the following is the MOST important reason for an organization to develop an information security governance program? A. Establishment of accountability B. Compliance with audit requirements C. Monitoring of security incidents D. Creation of tactical solutions Page | 2 QUESTION 7 The PRIMARY purpose of aligning information security with corporate governance objectives is to: A. build capabilities to improve security processes. B. consistently manage significant areas of risk. C. identify an organization’s tolerance for risk. D. re-align roles and responsibilities. QUESTION 8 Which of the following is the MOST important consideration for designing an effective information security governance framework? A. Defined metrics B. Continuous audit cycle C. Security policy provisions D. Security controls automation QUESTION 9 The PRIMARY goal of information security governance to an organization is to: A. align with business processes B. align with business objectives C. establish a security strategy D. manage security costs QUESTION 10 Which of the following is the BEST way to integrate information security into corporate governance? A. Engage external security consultants in security initiatives. B. Conduct comprehensive information security management