CISM TEST QUESTIONS WITH ANSWERS

CISM TEST QUESTIONS WITH ANSWERS The foundation of an information security program is: - ANSWER- Alignment with the goals and objectives of the organization The core principles of an information security program are: - ANSWER- Confidentiality, Integrity and Availability The key factor in a successful information security program is: - ANSWER- Senior Management support A threat can be described as: - ANSWER- Any event or action that could cause harm to the organization True/False: Threats can be either intentional or accidental - ANSWER- True Personnel Security requires trained personnel to manage systems and networks. When does personnel security begin? - ANSWER- Through pre-employment checks Who plays the most important role in information security? - ANSWER- Upper management The advantage of an IPS (intrusion prevention system) over an IDS (intrusion detection system) is that: - ANSWER- The IPS can block suspicious activity in real time True/False: Physical security is an important part of an Information Security program - ANSWER- True The Sherwood Applied Business Security Architecture (SABSA) is primarily concerned with: - ANSWER- An enterprise=wide approach to security architecture A centralized approach to security has the primary advantage of: - ANSWER- Uniform enforcement of security policies The greatest advantage to a decentralized approach to security is: - ANSWER- More adjustable to local laws and requirements A primary objective of an information security strategy is to: - ANSWER- Identify and protect information assets The first step in an information security strategy is to: - ANSWER- Determine the desired state of security Effective information security governance is based on: - ANSWER- implementing security policies and procedures The use of a standard such as ISO27001 is useful to: - ANSWER- Ensure that all relevant security needs have been addressed Three main factors in a business case are resource usage, regulatory compliance and: - ANSWER- Return on investment What is a primary method for justifying investments in information security? - ANSWERdevelopment of a business case Relationships with third parties may: - ANSWER- Require the organization to comply with the security standards of the third party True or False? The organization does not have to worry about the impact of third party relationships on the security program - ANSWER- False The role of an Information Systems Security Steering Committee is to: - ANSWERProvide feedback from all areas of the organization The most effective tool a security department has is: - ANSWER- A security awareness program The role of Audit in relation to Information Security is: - ANSWER- The validate the effectiveness of the security program against established metrics Who should be responsible for development of a risk management strategy? -