• Home
  • Articles
  • [Q244-Q265] Pass CISM Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Mar-2024]

[Q244-Q265] Pass CISM Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Mar-2024]

Share

Pass CISM Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Mar-2024]

Valid CISM test answers & ISACA CISM exam pdf

NEW QUESTION # 244
Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

  • A. Lack of encryption for backup data in transit
  • B. Undefined or undocumented backup retention policies
  • C. Unavailable or corrupt data backups
  • D. Ineffective alert configurations for backup operations

Answer: C

Explanation:
Explanation
According to the Certified Information Security Manager (CISM) Study Guide, the greatest challenge to the recovery of critical systems and data following a ransomware incident is the availability and integrity of backups. If the backups are unavailable or corrupt, it becomes much more difficult, if not impossible, to recover the systems and data. This highlights the importance of regularly testing and verifying the backup and recovery process to ensure that the backups are available and can be used in the event of an incident.
Additionally, it is important to ensure that backups are stored securely and off-line to prevent them from being encrypted or deleted by an attacker.


NEW QUESTION # 245
The BEST way to determine the current state of information security with regard to defined security objectives is by performing a:

  • A. cost-benefit analysis.
  • B. risk assessment.
  • C. business impact analysis (BIA).
  • D. gap analysis.

Answer: D


NEW QUESTION # 246
When implementing security controls, an information security manager must PRIMARILY focus on:

  • A. usage by similar organizations.
  • B. certification from a third party.
  • C. eliminating all vulnerabilities.
  • D. minimizing operational impacts.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Security controls must be compatible with business needs. It is not feasible to eliminate all vulnerabilities.
Usage by similar organizations does not guarantee that controls are adequate. Certification by a third party is important, but not a primary concern.


NEW QUESTION # 247
Which of the following is MOST important for an information security manager to regularly report to senior management?

  • A. Impact of unremediated risks
  • B. Threat analysis reports
  • C. Audit reports
  • D. Results of penetration tests

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 248
After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

  • A. Risk heat map
  • B. Balanced scorecard
  • C. Gap analysis
  • D. Recent audit results

Answer: B

Explanation:
Section: INFORMATION SECURITY GOVERNANCE


NEW QUESTION # 249
The likelihood of a successful intrusion is a function of:

  • A. opportunity and asset value.
  • B. configuration and maintenance of log monitoring system.
  • C. value and desirability to the intruder.
  • D. threat and vulnerability levels.

Answer: D


NEW QUESTION # 250
An organization has implemented an enterprise resource planning (ERP) system used by 500 employees from various departments. Which of the following access control approaches is MOST appropriate?

  • A. Mandatory
  • B. Discretionary
  • C. Role-based
  • D. Rule-based

Answer: C

Explanation:
Role-based access control is effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles. Rule-based access control needs to define the access rules, which is troublesome and error prone in large organizations. In mandatory access control, the individual's access to information resources needs to be defined, which is troublesome in large organizations. In discretionary access control, users have access to resources based on predefined sets of principles, which is an inherently insecure approach.


NEW QUESTION # 251
When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

  • A. Evaluate potential threats.
  • B. Manage the impact.
  • C. Assess vulnerabilities.
  • D. Identify unacceptable risk levels.

Answer: B


NEW QUESTION # 252
Which of the following BEST facilitates the effective execution of an incident response plan?

  • A. The plan is based on industry best practice.
  • B. The plan is based on risk assessment results.
  • C. The response team is trained on the plan.
  • D. The incident response plan aligns with the IT disaster recovery plan.

Answer: B

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE


NEW QUESTION # 253
When security policies are strictly enforced, the initial impact is that:

  • A. the need for compliance reviews is decreased.
  • B. they may have to be modified more frequently.
  • C. the total cost of security is increased.
  • D. they will be less subject to challenge.

Answer: C

Explanation:
When security policies are strictly enforced, more resources are initially required, thereby increasing, the total cost of security. There would be less need for frequent modification. Challenges would be rare and the need for compliance reviews would not necessarily be less.


NEW QUESTION # 254
When establishing an information security strategy, which of the following activities Is MOST helpful in Identifying critical areas to be protected?

  • A. Conducting a risk assessment
  • B. Establishing a baseline of network operations
  • C. Performing vulnerability scans
  • D. Adopting an information security framework

Answer: A


NEW QUESTION # 255
Which of the following BEST indicates the organizational benefit of an information security solution?

  • A. Cost savings the solution brings to the information security department
  • B. Costs and benefits of the solution calculated over time
  • C. Reduced security training requirements
  • D. Alignment to security threats and risks

Answer: B

Explanation:
Explanation
The best option to indicate the organizational benefit of an information security solution is D. Costs and benefits of the solution calculated over time. This is because costs and benefits of the solution calculated over time, also known as the return on security investment (ROSI), can help to measure and demonstrate the value and effectiveness of the information security solution in terms of reducing risks, enhancing performance, and achieving strategic goals. ROSI can also help to justify the allocation and optimization of the resources and budget for the information security solution, and to compare and prioritize different security alternatives.
ROSI can be calculated by using various methods and formulas, such as the annualized loss expectancy (ALE), the annualized rate of occurrence (ARO), and the cost-benefit analysis (CBA).
Costs and benefits of the solution calculated over time, also known as the return on security investment (ROSI), can help to measure and demonstrate the value and effectiveness of the information security solution in terms of reducing risks, enhancing performance, and achieving strategic goals. (From CISM Manual or related resources) References = CISM Review Manual 15th Edition, Chapter 3, Section 3.1.3, page 1311; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 99, page 26; How to Calculate Return on Security Investment (ROSI) - Infosec2


NEW QUESTION # 256
Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?

  • A. Periodic focus group meetings
  • B. Computer-based certification training (CBT)
  • C. Employee's signed acknowledgement
  • D. Periodic compliance reviews

Answer: B

Explanation:
Using computer-based training (CBT) presentations with end-of-section reviews provides feedback on how well users understand what has been presented. Periodic compliance reviews are a good tool to identify problem areas but do not ensure that procedures are known or understood. Eocus groups may or may not provide meaningful detail. Although a signed employee acknowledgement is good, it does not indicate whether the material has been read and/or understood.


NEW QUESTION # 257
Which of the following will BEST ensure that management takes ownership of the decision making process for information security?

  • A. Annual self-assessment by management
  • B. Security awareness campaigns
  • C. Security policies and procedures
  • D. Security-steering committees

Answer: D

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and self- assessment exercises are all good but do not exemplify the taking of ownership by management.


NEW QUESTION # 258
A security awareness program should:

  • A. address specific groups and roles.
  • B. address details on specific exploits.
  • C. present top management's perspective.
  • D. promote security department procedures.

Answer: A

Explanation:
Explanation
Different groups of employees have different levels of technical understanding and need awareness training that is customized to their needs; it should not be presented from a specific perspective. Specific details on technical exploits should be avoided since this may provide individuals with knowledge they might misuse or it may confuse the audience. This is also not the best forum in which to present security department procedures.


NEW QUESTION # 259
The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?

  • A. Mitigating controls
  • B. Likelihood of occurrence
  • C. Incident frequency
  • D. Visibility of impact

Answer: D

Explanation:
Explanation
Visibility of impact is the best measure since it manages risks to an organization in the timeliest manner.
Likelihood of occurrence and incident frequency are not as relevant. Mitigating controls is not a determining factor on incident reporting.


NEW QUESTION # 260
Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

  • A. industry benchmarks
  • B. Threat analysis
  • C. Root cause analysis
  • D. Quantitative loss

Answer: C


NEW QUESTION # 261
Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

  • A. Power off affected servers
  • B. Disable firewall ports exploited by the attacker.
  • C. Block IP addresses used by the attacker
  • D. Redirect the attacker's traffic

Answer: D

Explanation:
Explanation
Redirecting the attacker's traffic is a viable containment strategy for a distributed denial of service (DDoS) attack because it helps to divert the malicious traffic away from the target server and reduce the impact of the attack. A DDoS attack is an attempt by attackers to overwhelm a server or a network with a large volume of requests or packets, preventing legitimate users from accessing the service or resource. Redirecting the attacker's traffic is a technique that involves changing the DNS settings or routing tables to send the attacker's traffic to another destination, such as a sinkhole, a honeypot, or a scrubbing center. A sinkhole is a server that absorbs and discards the malicious traffic. A honeypot is a decoy server that mimics the target server and collects information about the attacker's behavior and techniques. A scrubbing center is a service that filters out the malicious traffic and forwards only the legitimate traffic to the target server. Redirecting the attacker's traffic helps to contain the DDoS attack by reducing the load on the target server and preserving its availability and performance. Therefore, redirecting the attacker's traffic is the correct answer.
References:
* https://www.fortinet.com/resources/cyberglossary/implement-ddos-mitigation-strategy
* https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-response-strategy
* https://www.cloudflare.com/learning/ddos/glossary/sinkholing/.


NEW QUESTION # 262
A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?

  • A. Ensure that all OS patches are up-to-date
  • B. Obtain guidance from the firewall manufacturer
  • C. Commission a penetration test
  • D. Block inbound traffic until a suitable solution is found

Answer: B

Explanation:
Explanation
The best source of information is the firewall manufacturer since the manufacturer may have a patch to fix the vulnerability or a workaround solution. Ensuring dial all OS patches are up-to-date is a best practice, in general, but will not necessarily address the reported vulnerability. Blocking inbound traffic may not be practical or effective from a business perspective. Commissioning a penetration test will take too much time and will not necessarily provide a solution for corrective actions.


NEW QUESTION # 263
Which of the following would be MOST useful to help senior management understand the status of information security compliance?

  • A. Key performance indicators (KPIs)
  • B. Risk assessment results
  • C. Industry benchmarks
  • D. Business impact analysis (BIA) results

Answer: A

Explanation:
Explanation
Key performance indicators (KPIs) are measurable values that demonstrate how effectively an organization is achieving its key objectives and goals. KPIs can help senior management understand the status of information security compliance by providing quantifiable and relevant data on the performance and progress of the information security program and processes. KPIs can also help senior management to evaluate the effectiveness and efficiency of the information security controls and activities, identify strengths and weaknesses, and make informed decisions and adjustments. KPIs should be aligned with the organization's strategy, vision, and mission, and should be SMART (specific, measurable, achievable, relevant, and time-bound). Some examples of information security KPIs are: percentage of compliance with policies and standards, number of security incidents and breaches, mean time to detect and respond to incidents, percentage of systems and applications patched, number of security awareness trainings completed, etc.
Industry benchmarks, business impact analysis (BIA) results, and risk assessment results are not the most useful to help senior management understand the status of information security compliance, although they may provide some useful information or insights. Industry benchmarks are comparative measures of the performance or practices of other organizations in the same industry or sector. Industry benchmarks can help senior management to compare and contrast their own information security performance or practices with those of their peers or competitors, and identify gaps or opportunities for improvement. However, industry benchmarks may not reflect the specific goals, needs, or context of the organization, and may not be readily available or reliable. Business impact analysis (BIA) results are the outcomes of the process of analyzing the potential impacts of disruptive events on the organization's critical business functions and processes. BIA results can help senior management to understand the dependencies, priorities, and recovery objectives of the organization's business functions and processes, and to plan for business continuity and disaster recovery.
However, BIA results do not directly measure or indicate the status of information security compliance, and may not be updated or accurate. Risk assessment results are the outcomes of the process of identifying, analyzing, and evaluating the information security risks that the organization faces. Risk assessment results can help senior management to understand the sources, causes, and consequences of information security risks, and to determine the appropriate risk responses and controls. However, risk assessment results do not directly measure or indicate the status of information security compliance, and may vary depending on the risk assessment methodology, criteria, and frequency. References = CISM Review Manual, 16th Edition, pages
47-481, 54-551, 69-701, 72-731; CISM Review Questions, Answers & Explanations Manual, 10th Edition, page 832 Key performance indicators (KPIs) are metrics that measure the effectiveness and ef-ficiency of information security processes and activities. They help senior manage-ment understand the status of information security compliance by providing relevant, timely and accurate information on the performance of security controls, the level of risk exposure, the return on security investment and the progress toward security ob-jectives. KPIs can also be used to benchmark the organization's security performance against industry standards or best practices. KPIs should be aligned with the organiza-tion's strategic goals and risk appetite, and should be reported regularly to senior man-agement and other stakeholders.
References:
*1 Key Performance Indicators for Security Governance, Part 1 - ISACA
*2 Key Performance Indicators for Security Governance, Part 2 - ISACA
*3 Compliance Metrics and KPIs For Measuring Compliance Effectiveness - Reciprocity
*4 14 Cybersecurity Metrics + KPIs You Must Track in 2023 - UpGuard


NEW QUESTION # 264
The PRIMARY objective of security awareness is to:

  • A. influence employee behavior.
  • B. ensure that security policies are understood.
  • C. ensure legal and regulatory compliance
  • D. notify of actions for noncompliance.

Answer: A

Explanation:
It is most important that security-conscious behavior be encouraged among employees through training that influences expected responses to security incidents. Ensuring that policies are read and understood, giving employees fair warning of potential disciplinary action, or meeting legal and regulatory requirements is important but secondary.


NEW QUESTION # 265
......


ISACA CISM Certification Exam is a challenging and valuable certification for professionals in the field of information security management. It requires extensive knowledge and experience, but the benefits of earning the certification are numerous, including increased job opportunities, higher salaries, and a personal sense of achievement.

 

CISM Exam Questions – Valid CISM Dumps Pdf: https://www.newpassleader.com/ISACA/CISM-exam-preparation-materials.html

Verified CISM dumps Q&As - Pass Guarantee: https://drive.google.com/open?id=1oUg85AM_PV1auOFBx8Q_4QlMU_KHV5Xc

Related Articles

more
ISACA CISM Certification Practice Exam