Certified Information Security Manager Exam 2023
Solved Correctly
Resource allocation is crucial during incident triage as it assists in prioritization
and categorization. Why would this be critical for most organizations when
conducting triage?
A. Most organizations have limited incident handling resources
B. Categorization assists in mitigation
C. Prioritization aides in detection
D. Most organizations assign incidents based on criticality
A. Most organizations have limited incident handling resources
Who is in the best position to judge the risks and impacts since they are most
knowledgeable concerning their systems?
A. Internal auditors
B. Security management
C. Business process owners
D. External regulatory agencies
C. Business process owners
In order to establish prioritization in the effective implementation of an
organization's security governance, primary emphasis should be placed on?
A. Consultation
B. Negotiation
C. Facilitation
D. Planning
D. Planning
All actions dealing with incidents must be worked with cyclical consideration.
What is the primary post-incident review takeaway?
A. Pursuit of legal action
B. Identify personnel failures
C. Incident management report
D. Derive ways to improve the response process
not b or c
, Which of the following is the most significant challenge when developing an
incident management plan?
A. A plan not aligning with organizational goals
B. Compliance and regulatory requirements
C. A cohesive incident threat matrix
D. Lack of management and leadership buy-in
D. Lack of management and leadership buy-in
Residual risks can be determined by:
A. Calculating remaining vulnerabilities after creating controls
B. Performing a threat analysis
C. Performing a risk assessment
D. Through risk transference
C. Performing a risk assessment
Which is the most effective solution for preventing internal users from modifying
sensitive and/or classified information?
A. Baseline security standards
B. System access violation logs
C. Role-based access control
D. Exit routines
C. Role-based access control
As part of the Risk Management process, assessments must be performed on the
information systems and resources of an organization. If there are vulnerabilities
disclosed during an assessment, those vulnerabilities should be:
A. Handled as a risk without a threat consideration
B. Prioritized for re-mediation solely based on impact
C. Reviewed to analyse information security controls
D. Evaluated and prioritized based on credible threat and impact if exploited and
and mitigation cost
D. Evaluated and prioritized based on credible threat and impact if exploited and and
mitigation cost
A security strategy is important for an organization, and along with the creation
of supporting policies, the overall planning effort should cover?
A. The logical security architecture for the organization
Solved Correctly
Resource allocation is crucial during incident triage as it assists in prioritization
and categorization. Why would this be critical for most organizations when
conducting triage?
A. Most organizations have limited incident handling resources
B. Categorization assists in mitigation
C. Prioritization aides in detection
D. Most organizations assign incidents based on criticality
A. Most organizations have limited incident handling resources
Who is in the best position to judge the risks and impacts since they are most
knowledgeable concerning their systems?
A. Internal auditors
B. Security management
C. Business process owners
D. External regulatory agencies
C. Business process owners
In order to establish prioritization in the effective implementation of an
organization's security governance, primary emphasis should be placed on?
A. Consultation
B. Negotiation
C. Facilitation
D. Planning
D. Planning
All actions dealing with incidents must be worked with cyclical consideration.
What is the primary post-incident review takeaway?
A. Pursuit of legal action
B. Identify personnel failures
C. Incident management report
D. Derive ways to improve the response process
not b or c
, Which of the following is the most significant challenge when developing an
incident management plan?
A. A plan not aligning with organizational goals
B. Compliance and regulatory requirements
C. A cohesive incident threat matrix
D. Lack of management and leadership buy-in
D. Lack of management and leadership buy-in
Residual risks can be determined by:
A. Calculating remaining vulnerabilities after creating controls
B. Performing a threat analysis
C. Performing a risk assessment
D. Through risk transference
C. Performing a risk assessment
Which is the most effective solution for preventing internal users from modifying
sensitive and/or classified information?
A. Baseline security standards
B. System access violation logs
C. Role-based access control
D. Exit routines
C. Role-based access control
As part of the Risk Management process, assessments must be performed on the
information systems and resources of an organization. If there are vulnerabilities
disclosed during an assessment, those vulnerabilities should be:
A. Handled as a risk without a threat consideration
B. Prioritized for re-mediation solely based on impact
C. Reviewed to analyse information security controls
D. Evaluated and prioritized based on credible threat and impact if exploited and
and mitigation cost
D. Evaluated and prioritized based on credible threat and impact if exploited and and
mitigation cost
A security strategy is important for an organization, and along with the creation
of supporting policies, the overall planning effort should cover?
A. The logical security architecture for the organization
