ISACA CISMリアル試験問題保証付き更新された問題集 [Q399-Q423]

Rate this post

ISACA CISMリアル試験問題保証付き更新された問題集

検証済み！合格できるCISM試験一発合格保証付き

ISACA CISM認定試験は、情報セキュリティ管理の分野の専門家にとって挑戦的で価値のある認証です。幅広い知識と経験が必要ですが、雇用機会の増加、給与の増加、個人的な達成感など、認定を獲得することの利点は多数あります。

質問 399
Which of the following processes can be used to remediate identified technical vulnerabilities?

Updating the business impact analysis (BIA)

Performing penetration testing

Enforcing baseline configurations

Conducting a risk assessment

質問 400
Which of the following will BEST enable the identification of appropriate controls to prevent repeated occurrences of similar types of information………..

Review existing preventive controls for security weaknesses.

Perform a root cause analysis of the security incidents.

Review lessons learned with key stakeholders.

Perform a business impact analysis (BIA) of the security incidents.

質問 401
A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

Implement security assessments throughout the systems development life cycle.

Conduct regular security audits during system implementation stages.

Require penetration tests before production implementation.

Train and test system developers m secure coding practices.

質問 402
The PRIMARY benefit of integrating information security activities into change management processes is to:

provide greater accountability for security-related changes In the business

protect the organization from unauthorized changes.

protect the business from collusion and compliance threats.

ensure required controls are Included in changes.

質問 403
Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?

Security compliant servers trend report

Percentage of security compliant servers

Number of security patches applied

Security patches applied trend report

質問 404
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:

generally accepted industry best practices.

business requirements.

legislative and regulatory requirements.

storage availability.

質問 405
A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is

data sharing complies with local laws and regulations at both locations.

data is encrypted in transit and at rest.

a nondisclosure agreement is signed.

risk coverage is split between the two locations sharing data.

質問 406
Which of the following is the BEST way to evaluate the impact of threat events on an organization’s IT operations?

Controls review

Penetration testing

Risk assessment

Scenario analysis

質問 407
An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Create a business case for a new incident response plan.

Revise the existing incident response plan.

Conduct a gap analysis.

Assess the impact to the budget,

質問 408
Which type of test is MOST effective in communicating the roles of end users to support timely identification and response to information security incidents?

Simulation

Walk-through

Parallel

Complete failover

質問 409
The effectiveness of the information security process is reduced when an outsourcing organization:

is responsible for information security governance activities

receives additional revenue when security service levels are met

incurs penalties for failure to meet security service-level agreements

standardizes on a single access-control software product

質問 410
The security responsibility of data custodians in an organization will include:

assuming overall protection of information assets.

determining data classification levels.

implementing security controls in products they install.

ensuring security measures are consistent with policy.

質問 411
Which of the following is MOST important in determining whether a disaster recovery test is successful?

Only business data files from offsite storage are used

IT staff fully recovers the processing infrastructure

Critical business processes are duplicated

All systems are restored within recovery time objectives (RTOs)

質問 412
Which of the following is the PRIMARY objective of an incident communication plan?

To convey information about the incident to those affected by it

To prevent reputational damage to the organization

To prevent unannounced visits from the media during crisis

To fulfill regulatory requirements for incident response

質問 413
Which of the following is the PRIMARY advantage of desk checking a business continuity plan (BCP)?

Assesses the availability and compatibility a backup hardware

Allows for greater participation be management and the IT department

Ensures that appropriate follow-up work is performed on noted issues

Provides a low-cost method of assessing the BCP’s completeness

質問 414
The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to:

reinforce the need for training

increase corporate accountability

comply with security policy

enforce individual accountability

質問 415
Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

A patch management process

Version control

Change management controls

Logical access controls

質問 416
A newly appointed Information security manager finds mere is minimal interaction between departments in identifying …risk due to the organization’s current decentralized structure What is the managers BEST course of action?

Modify the current practices within the governance framework.

identify appropriate risk management training for relevant staff in the departments

Propose the creation of a consolidated organizational risk register to track risk

Recommend consolidating all risk management activities under a central authority.

質問 417
The implementation of a capacity plan would prevent:

file system overload arising from distributed denial-of-service attacks

system downtime for scheduled security maintenance

software failures arising from exploitation of buffer capacity vulnerabilities

application failures arising from insufficient hardware resources

質問 418
Risk management programs are designed to reduce risk to:

a level that is too small to be measurable.

the point at which the benefit exceeds the expense.

a level that the organization is willing to accept.

a rate of return that equals the current cost of capital.

質問 419
The PRIMARY objective of performing a post-incident review is to:

re-evaluate the impact of incidents

identify vulnerabilities

identify control improvements.

identify the root cause.

質問 420
After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to:

increase its customer awareness efforts in those regions.

implement monitoring techniques to detect and react to potential fraud.

outsource credit card processing to a third party.

make the customer liable for losses if they fail to follow the bank’s advice.

質問 421
Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?

Authentication

Hardening

Encryption

Nonrepudiation

質問 422
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Initiate incident response.

Disable remote

Initiate a device reset.

Conduct a risk assessment.

質問 423
Which of the following is the BEST defense against a brute force attack?

Time-of-day restrictions

Intruder detection lockout

Mandatory access control

Discretionary access control

ISACA CISM（認定情報セキュリティマネージャー）試験は、情報セキュリティプログラムの管理、設計、および実装についての個人の知識とスキルを評価する、世界的に認められた認定試験です。この認定は、あらゆる規模の組織で情報セキュリティプログラムを管理および監督する責任がある個人を対象としています。CISM認定は、候補者の情報セキュリティマネジメントにおける専門知識を証明するため、雇用主に高く評価されています。

今すぐダウンロード！リアルISACA CISM試験問題集テストエンジン試験問題：https://www.goshiken.com/ISACA/CISM-mondaishu.html

Tags: CISMテスト対策書, CISM勉強ガイド, CISM受験準備, CISM合格受験記, CISM資格試験

ISACA CISMリアル試験問題保証付き更新された問題集 [Q399-Q423]

コメントを残すコメントをキャンセル

関連認証

CISM 練習テスト

最近の投稿

アーカイブ

カテゴリー

ISACA CISMリアル試験問題保証付き更新された問題集 [Q399-Q423]

コメントを残す コメントをキャンセル

関連認証

CISM 練習テスト

最近の投稿

アーカイブ

カテゴリー

コメントを残すコメントをキャンセル