CISM Sample Examination Questions

CISM Sample Examination Questions 1. Senior management commitment and support for information security can BEST be obtained through presentations that A. Use illustrative examples of successful attacks B. Explain the technical risks to the organization C. Evaluate the organization against best security practices D. Tie security risks to key business objectives 2. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is: A. Broken authentication B. Un-validated input C. Cross-site scripting D. Structured query language (SOL) injection 3. Which of the following will BEST protect an organization from internal security attacks? A. Static IP addressing B. Internal address translation C. Prospective employee background checks D. Employee awareness certification program 4. When contracting with an outsourcer to provide security administration, the MOST important contractual element is the: A. Right-to-terminate clause B. Limitations of liability C. Service level agreement (SLA) D. Financial penalties clause 5. Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs? A. Penetration attempts investigated B. Violation log reports produced C. Violation log entries D. Frequency of corrective actions taken 6. Which of the following processes is critical for deciding prioritization of actions in a business continuity plan? A. Business impact analysis (BIA) B. Risk assessment C. Vulnerability assessment D. Business process mapping Krag Brotby/Megamind Training Institute, 2016 All rights reserved. This study source was downloaded by from CourseH on :46:51 GMT -05:00 https://www.