CISM TEST QUESTIONS WITH ANSWERS
The foundation of an information security program is: - ANSWER>>Alignment
with the goals and objectives of the organization
The core principles of an information security program are: -
ANSWER>>Confidentiality, Integrity and Availability
The key factor in a successful information security program is: -
ANSWER>>Senior Management support
A threat can be described as: - ANSWER>>Any event or action that could cause
harm to the organization
True/False: Threats can be either intentional or accidental - ANSWER>>True
Personnel Security requires trained personnel to manage systems and networks.
When does personnel security begin? - ANSWER>>Through pre-employment
checks
Who plays the most important role in information security? - ANSWER>>Upper
management
The advantage of an IPS (intrusion prevention system) over an IDS (intrusion
detection system) is that: - ANSWER>>The IPS can block suspicious activity in
real time
True/False: Physical security is an important part of an Information Security
program - ANSWER>>True
,The Sherwood Applied Business Security Architecture (SABSA) is primarily
concerned with: - ANSWER>>An enterprise=wide approach to security
architecture
A centralized approach to security has the primary advantage of: -
ANSWER>>Uniform enforcement of security policies
The greatest advantage to a decentralized approach to security is: -
ANSWER>>More adjustable to local laws and requirements
A primary objective of an information security strategy is to: -
ANSWER>>Identify and protect information assets
The first step in an information security strategy is to: - ANSWER>>Determine
the desired state of security
Effective information security governance is based on: -
ANSWER>>implementing security policies and procedures
The use of a standard such as ISO27001 is useful to: - ANSWER>>Ensure that all
relevant security needs have been addressed
Three main factors in a business case are resource usage, regulatory compliance
and: - ANSWER>>Return on investment
What is a primary method for justifying investments in information security? -
ANSWER>>development of a business case
Relationships with third parties may: - ANSWER>>Require the organization to
comply with the security standards of the third party
True or False? The organization does not have to worry about the impact of
third party relationships on the security program - ANSWER>>False
, The role of an Information Systems Security Steering Committee is to: -
ANSWER>>Provide feedback from all areas of the organization
The most effective tool a security department has is: - ANSWER>>A security
awareness program
The role of Audit in relation to Information Security is: - ANSWER>>The validate
the effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy? -
ANSWER>>The Security Manager
The security requirements of each member of the organization should be
documented in: - ANSWER>>Their job descriptions
What could be the greatest challenge to implementing a new security strategy?
- ANSWER>>Obtaining buy-in from employees
A disgruntled former employee is a: - ANSWER>>Threat
A bug or software flaw is a: - ANSWER>>Vulnerability
An audit log is an example of a: - ANSWER>>Detective control
A compensating control is used: - ANSWER>>When normal controls are not
sufficient to mitigate the trick
Encryption is an example of a: - ANSWER>>Countermeasure
The examination of risk factors would be an example of: - ANSWER>>Risk
analysis
The foundation of an information security program is: - ANSWER>>Alignment
with the goals and objectives of the organization
The core principles of an information security program are: -
ANSWER>>Confidentiality, Integrity and Availability
The key factor in a successful information security program is: -
ANSWER>>Senior Management support
A threat can be described as: - ANSWER>>Any event or action that could cause
harm to the organization
True/False: Threats can be either intentional or accidental - ANSWER>>True
Personnel Security requires trained personnel to manage systems and networks.
When does personnel security begin? - ANSWER>>Through pre-employment
checks
Who plays the most important role in information security? - ANSWER>>Upper
management
The advantage of an IPS (intrusion prevention system) over an IDS (intrusion
detection system) is that: - ANSWER>>The IPS can block suspicious activity in
real time
True/False: Physical security is an important part of an Information Security
program - ANSWER>>True
,The Sherwood Applied Business Security Architecture (SABSA) is primarily
concerned with: - ANSWER>>An enterprise=wide approach to security
architecture
A centralized approach to security has the primary advantage of: -
ANSWER>>Uniform enforcement of security policies
The greatest advantage to a decentralized approach to security is: -
ANSWER>>More adjustable to local laws and requirements
A primary objective of an information security strategy is to: -
ANSWER>>Identify and protect information assets
The first step in an information security strategy is to: - ANSWER>>Determine
the desired state of security
Effective information security governance is based on: -
ANSWER>>implementing security policies and procedures
The use of a standard such as ISO27001 is useful to: - ANSWER>>Ensure that all
relevant security needs have been addressed
Three main factors in a business case are resource usage, regulatory compliance
and: - ANSWER>>Return on investment
What is a primary method for justifying investments in information security? -
ANSWER>>development of a business case
Relationships with third parties may: - ANSWER>>Require the organization to
comply with the security standards of the third party
True or False? The organization does not have to worry about the impact of
third party relationships on the security program - ANSWER>>False
, The role of an Information Systems Security Steering Committee is to: -
ANSWER>>Provide feedback from all areas of the organization
The most effective tool a security department has is: - ANSWER>>A security
awareness program
The role of Audit in relation to Information Security is: - ANSWER>>The validate
the effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy? -
ANSWER>>The Security Manager
The security requirements of each member of the organization should be
documented in: - ANSWER>>Their job descriptions
What could be the greatest challenge to implementing a new security strategy?
- ANSWER>>Obtaining buy-in from employees
A disgruntled former employee is a: - ANSWER>>Threat
A bug or software flaw is a: - ANSWER>>Vulnerability
An audit log is an example of a: - ANSWER>>Detective control
A compensating control is used: - ANSWER>>When normal controls are not
sufficient to mitigate the trick
Encryption is an example of a: - ANSWER>>Countermeasure
The examination of risk factors would be an example of: - ANSWER>>Risk
analysis
