CISM 6 || Already Graded A+.
Which of the following BEST determines the allocation of resources during a security incident
response?
A. Defined levels of severity
B. Senior management commitment
C. A business continuity plan (BCP)
D. An established escalation process correct answers A. Defined levels of severity
During the response to a serious security breach, who is the BEST organizational staff member to
communicate with external entities?
A. The resource designated by senior management
B. The incident response team leader
C. The resource specified in the incident response plan
D. A dedicated public relations spokesperson correct answers C. The resource specified in the
incident response plan
Which of the following is the BEST way to demonstrate the alignment of the information
security strategy with the business strategy?
A. Show the relationship between information security goals and corporate goals.
B. Compare the allocated budget for business with the information security budget.
C. Present senior management's approval of information security policies.
D. Provide evidence that information security is included in the change management process.
correct answers A. Show the relationship between information security goals and corporate
goals.
A newly appointed information security manager has been asked to update all security-related
policies and procedures that have been static for five years or more. What is the BEST next step?
A. To gain an understanding of the current business direction
B. To update in accordance with the best business practices
,C. To perform a risk assessment of the current IT environment
D. To assess corporate culture correct answers A. To gain an understanding of the current
business direction
Implementing the principle of least privilege PRIMARILY requires the identification of:
A. job duties.
B. primary risk factors.
C. authentication controls.
D. data owners. correct answers A. job duties.
Which of the following is MOST helpful in preventing cybersecurity incidents?
A. Testing the backup plan according to a defined schedule
B. Documenting and testing incident response plans
C. Delivering periodic end-user security awareness training
D. Implementing best practice password parameters correct answers C. Delivering periodic end-
user security awareness training
Which of the following is the MOST important consideration when determining which type of
failover site to employ?
A. Disaster recovery test results
B. Reciprocal agreements
C. Recovery time objectives (RTOs)
D. Data retention requirements correct answers C. Recovery time objectives (RTOs)
A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the
following should be the information security manager's PRIMARY focus in this situation?
A. Conducting an independent review of risk responses
B. Establishing a strong ongoing risk monitoring process
, C. Presenting the risk profile for approval by the risk owner
D. Updating the information security standards to include the accepted risk correct answers B.
Establishing a strong ongoing risk monitoring process
Which of the following is the MOST important constraint to be considered when developing an
information security strategy?
A. Established security policies and standards
B. Information security architecture
C. Compliance with an international security standard
D. Legal and regulatory requirements correct answers D. Legal and regulatory requirements
Which of the following would BEST justify continued investment in an information security
program?
A. Speed of implementation
B. Reduction in residual risk
C. Industry peer benchmarking
D. Security framework alignment correct answers B. Reduction in residual risk
Which of the following BEST facilitates the effective execution of an incident response plan?
A. The plan is based on industry best practice.
B. The incident response plan aligns with the IT disaster recovery plan (DRP).
C. The plan is based on risk assessment results.
D. The response team is trained on the plan. correct answers D. The response team is trained on
the plan.
Which of the following is the PRIMARY reason that an information security manager should
restrict the use of generic administrator accounts in a multi-user environment?
A. To prevent accountability issues
B. To ensure segregation of duties is maintained
Which of the following BEST determines the allocation of resources during a security incident
response?
A. Defined levels of severity
B. Senior management commitment
C. A business continuity plan (BCP)
D. An established escalation process correct answers A. Defined levels of severity
During the response to a serious security breach, who is the BEST organizational staff member to
communicate with external entities?
A. The resource designated by senior management
B. The incident response team leader
C. The resource specified in the incident response plan
D. A dedicated public relations spokesperson correct answers C. The resource specified in the
incident response plan
Which of the following is the BEST way to demonstrate the alignment of the information
security strategy with the business strategy?
A. Show the relationship between information security goals and corporate goals.
B. Compare the allocated budget for business with the information security budget.
C. Present senior management's approval of information security policies.
D. Provide evidence that information security is included in the change management process.
correct answers A. Show the relationship between information security goals and corporate
goals.
A newly appointed information security manager has been asked to update all security-related
policies and procedures that have been static for five years or more. What is the BEST next step?
A. To gain an understanding of the current business direction
B. To update in accordance with the best business practices
,C. To perform a risk assessment of the current IT environment
D. To assess corporate culture correct answers A. To gain an understanding of the current
business direction
Implementing the principle of least privilege PRIMARILY requires the identification of:
A. job duties.
B. primary risk factors.
C. authentication controls.
D. data owners. correct answers A. job duties.
Which of the following is MOST helpful in preventing cybersecurity incidents?
A. Testing the backup plan according to a defined schedule
B. Documenting and testing incident response plans
C. Delivering periodic end-user security awareness training
D. Implementing best practice password parameters correct answers C. Delivering periodic end-
user security awareness training
Which of the following is the MOST important consideration when determining which type of
failover site to employ?
A. Disaster recovery test results
B. Reciprocal agreements
C. Recovery time objectives (RTOs)
D. Data retention requirements correct answers C. Recovery time objectives (RTOs)
A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the
following should be the information security manager's PRIMARY focus in this situation?
A. Conducting an independent review of risk responses
B. Establishing a strong ongoing risk monitoring process
, C. Presenting the risk profile for approval by the risk owner
D. Updating the information security standards to include the accepted risk correct answers B.
Establishing a strong ongoing risk monitoring process
Which of the following is the MOST important constraint to be considered when developing an
information security strategy?
A. Established security policies and standards
B. Information security architecture
C. Compliance with an international security standard
D. Legal and regulatory requirements correct answers D. Legal and regulatory requirements
Which of the following would BEST justify continued investment in an information security
program?
A. Speed of implementation
B. Reduction in residual risk
C. Industry peer benchmarking
D. Security framework alignment correct answers B. Reduction in residual risk
Which of the following BEST facilitates the effective execution of an incident response plan?
A. The plan is based on industry best practice.
B. The incident response plan aligns with the IT disaster recovery plan (DRP).
C. The plan is based on risk assessment results.
D. The response team is trained on the plan. correct answers D. The response team is trained on
the plan.
Which of the following is the PRIMARY reason that an information security manager should
restrict the use of generic administrator accounts in a multi-user environment?
A. To prevent accountability issues
B. To ensure segregation of duties is maintained
