CISM Missed Questions And Answers
100% Verified.
"Which of the following would BEST ensure the success of information security governance
within an
organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training availab...
"Which of the following would BEST ensure the success of information security governance
within an
organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations
Correct Answer: A
Explanation" - answer✔✔"Explanation/Reference:
The existence of a steering committee that approves all security projects would be an indication
of the
existence of a good governance program. Compliance with laws and regulations is part of the
responsibility of
the steering committee but it is not a full answer. Awareness training is important at all levels in
any medium,
and also an indicator of good governance. However, it must be guided and approved as a security
project by
the steering committee.
"
"Retention of business records should PRIMARILY be based on:
A. business strategy and direction.
B. regulatory and legal requirements.
C. storage capacity and longevity.
D. business ease and value analysis.
Correct Answer: B" - answer✔✔"Retention of business records is generally driven by legal and
regulatory requirements. Business strategy and
direction would not normally apply nor would they override legal and regulatory requirements.
Storage capacity
and longevity are important but secondary issues. Business case and value analysis would be
secondary to
complying with legal and regulatory requirements.
"
"Successful implementation of information security governance will FIRST require:
A. security awareness training.
B. updated security policies.
C. a computer incident management team.
D. a security architecture.
Correct Answer: B" - answer✔✔"Updated security policies are required to align management
objectives with security procedures management
objectives translate into policy, policy translates into procedures. Security procedures will
necessitate
specialized teams such as the computer incident response and management group as well as
specialized tools
such as the security mechanisms that comprise the security architecture. Security awareness will
promote the
policies, procedures and appropriate use of the security mechanisms.
"
"Minimum standards for securing the technical infrastructure should be defined in a security:
A. strategy.
B. guidelines.
C. model.
Correct Answer: D" - answer✔✔"Minimum standards for securing the technical infrastructure
should be defined in a security architecture
document. This document defines how components are secured and the security services that
should be in
place. A strategy is a broad, high-level document. A guideline is advisory in nature, while a
security model
shows the relationships between components.
"
"When an organization hires a new information security manager, which of the following goals
should this
individual pursue FIRST?
A. Develop a security architecture
B. Establish good communication with steering committee members
C. Assemble an experienced staff
D. Benchmark peer organizations
Correct Answer: B" - answer✔✔"New information security managers should seek to build
rapport and establish lines of communication with
senior management to enlist their support. Benchmarking peer organizations is beneficial to
better understand
industry best practices, but it is secondary to obtaining senior management support. Similarly,
developing a
security architecture and assembling an experienced staff are objectives that can be obtained
later.
"
"Security technologies should be selected PRIMARILY on the basis of their:
A. ability to mitigate business risks.
B. evaluations in trade publications.
C. use of new and emerging technologies.
Correct Answer: A" - answer✔✔"The most fundamental evaluation criterion for the appropriate
selection of any security technology is its ability
to reduce or eliminate business risks. Investments in security technologies should be based on
their overall
value in relation to their cost the value can be demonstrated in terms of risk mitigation. This
should take
precedence over whether they use new or exotic technologies or how they are evaluated in trade
publications.
"
"The MOST important factor in planning for the long-term retention of electronically stored
business records is
to take into account potential changes in:
A. storage capacity and shelf life.
B. regulatory and legal requirements.
C. business strategy and direction.
D. application systems and media.
Correct Answer: D" - answer✔✔"Long-term retention of business records may be severely
impacted by changes in application systems and
media. For example, data stored in nonstandard formats that can only be read and interpreted by
previously
decommissioned applications may be difficult, if not impossible, to recover. Business strategy
and direction do
not generally apply, nor do legal and regulatory requirements. Storage capacity and shelf life are
important but
secondary issues.
"
"Which of the following is the MOST appropriate position to sponsor the design and
implementation of a new
security infrastructure in a large global enterprise?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
