100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
v2 CISM Topic 4, INFORMATION SECURITY PROGRAM MANAGEMENT EXAM STUDY GUIDE $13.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. CISM
  4.  
  5. CISM

Exam (elaborations)

v2 CISM Topic 4, INFORMATION SECURITY PROGRAM MANAGEMENT EXAM STUDY GUIDE
 6 views  0 purchase
  • Course
  • CISM
  • Institution
  • CISM

v2 CISM Topic 4, INFORMATION SECURITY PROGRAM MANAGEMENT EXAM STUDY GUIDE A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager shoul...

[Show more]

Preview 4 out of 86  pages

Document information

  • August 16, 2024
  • 86
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • v2 cism topic 4 information security program mana

Written for

  • CISM
  • CISM

Seller

avatar-seller
OliviaWest

Reviews received

Content preview

©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM



v2 CISM Topic 4, INFORMATION SECURITY PROGRAM
MANAGEMENT EXAM STUDY GUIDE


A data leakage prevention (DLP) solution has identified that several employees are

sending confidential company data to their personal email addresses in violation of

company policy. The information security manager should FIRST: - Answer✔️✔️-

initiate an investigation to determine the full extent of noncompliance

To address the issue that performance pressures on IT may conflict with

information security controls, it is MOST important that: - Answer✔️✔️-senior

management provides guidance and dispute resolution

When developing security standards, which of the following would be MOST

appropriate to include? - Answer✔️✔️-Acceptable use of IT assets


Which of the following would be MOST effective in the strategic alignment of

security initiatives? - Answer✔️✔️-Policies are created with input from business unit

managers.

Which of the following would be the MOST effective countermeasure against

malicious programming that rounds down transaction amounts and transfers them




1

,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


to the perpetrator's account? - Answer✔️✔️-Implement controls for continuous

monitoring of middleware transactions.

The BEST way to mitigate the risk associated with a social engineering attack is to:

- Answer✔️✔️-perform a user-knowledge gap assessment of information security

practices

When considering whether to adopt a new information security framework, an

organization's information security manager should FIRST: - Answer✔️✔️-compare

the framework with the current business strategy

A data-hosting organization's data center houses servers, applications, and data for

a large number of geographically dispersed customers. Which of the following

strategies would be the BEST approach for developing a physical access control

policy for the organization? - Answer✔️✔️-Conduct a risk assessment to determine

security risks and mitigating controls.

After detecting an advanced persistent threat (APT), which of the following should

be the information security manager's FIRST step? - Answer✔️✔️-Notify

management.




2

,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


A new system has been developed that does not comply with password-aging rules.

This noncompliance can BEST be identified through: - Answer✔️✔️-an internal

audit assessment

Which of the following is the GREATEST security threat when an organization

allows remote access to a virtual private network (VPN)? - Answer✔️✔️-VPN

traffic could be sniffed and captured.

In which of the following ways can an information security manager BEST ensure

that security controls are adequate for supporting business goals and objectives? -

Answer✔️✔️-Using the risk management process


The authorization to transfer the handling of an internal security incident to a third-

party support provider is PRIMARILY defined by the: - Answer✔️✔️-chain of

custody.

Which of the following outsourced services has the GREATEST need for security

monitoring? - Answer✔️✔️-Web site hosting


Which of the following is done PRIMARILY to address the integrity of

information? - Answer✔️✔️-Assignment of appropriate control permissions


An organization has a policy in which all criminal activity is prosecuted. What is

MOST important for the information security manager to ensure when an


3

, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


employee is suspected of using a company computer to commit fraud? -

Answer✔️✔️-The employee's log files are backed-up.


A multinational organization's information security manager has been advised that

the city in which a contracted regional data center is located is experiencing civil

unrest. The information security manager should FIRST: - Answer✔️✔️-verify the

provider's ability to protect the organization's data.

When defining responsibilities with a cloud computing vendor, which of the

following should be regarded as a shared responsibility between user and provider?

- Answer✔️✔️-Data ownership


An organization is considering whether to allow employees to use personal

computing devices for business purposes. To BEST facilitate senior management's

decision, the information security manager should: - Answer✔️✔️-conduct a risk

assessment.

A business unit uses an e-commerce application with a strong password policy.

Many customers complain that they cannot remember their passwords because

they are too long and complex. The business unit states it is imperative to improve

the customer experience. The information security manager should FIRST: -

Answer✔️✔️-research alternative secure methods of identity verification.




4

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller OliviaWest. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

73243 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.49
  • (0)
  Add to cart