New (2025) Download free CISM PDF for ISACA Practice Tests [Q324-Q343]

March 13, 2025 admin 0

Categories : CISM , ISACA

Rate this post

New (2025) Download free CISM PDF for ISACA Practice Tests

100% Free CISM Files For passing the exam Quickly

QUESTION 324
The PRIORITY action to be taken when a server is infected with a virus is to:

isolate the infected server(s) from the network.

identify all potential damage caused by the infection.

ensure that the virus database files are current.

establish security weaknesses in the firewall.

The priority in this event is to minimize the effect of the virus infection and to prevent it from spreading by removing the infected server(s) from the network. After the network is secured from further infection, the damage assessment can be performed, the virus database updated and any weaknesses sought.

QUESTION 325
When developing a categorization method for security incidents, the categories MUST:

align with industry standards.

be created by the incident handler.

have agreed-upon definitions.

align with reporting requirements.

When developing a categorization method for security incidents, the categories MUST have agreed-upon definitions. This is because having clear and consistent definitions for each category of incidents will help to ensure a common understanding and communication among the incident response team and other stakeholders. It will also facilitate the accurate and timely identification, classification, reporting and analysis of incidents. Having agreed-upon definitions will also help to avoid confusion, ambiguity and inconsistency in the incident management process

QUESTION 326
Which of the following should be established FIRST when implementing an information security governance framework?

Security incident management team

Security policies

Security awareness training program

Security architecture

QUESTION 327
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

While responding to the incident

During a tabletop exercise

During post-incident review

After a risk reassessment

During post-incident review is the best time to update the incident response plan after observing several deficiencies in the current plan while responding to a high-profile security incident. A post-incident review is a process of analyzing and evaluating the incident response activities, identifying the lessons learned, and documenting the recommendations and action items for improvement. Updating the incident response plan during post-incident review helps to ensure that the plan reflects the current best practices, addresses the gaps and weaknesses, and incorporates the feedback and suggestions from the incident response team and other stakeholders. Therefore, during post-incident review is the correct answer.
Reference:
https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdf
https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan
https://www.integrify.com/blog/posts/incident-response-plan-need-an-update/

QUESTION 328
An organization’s marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risks assessment. Which of the following should be the MOST important consideration?

The information to be exchanged

Methods for transferring the information

Reputations of the external marketing companies

The security of the third-party cloud provider

Section: INFORMATION SECURITY PROGRAM MANAGEMENT

QUESTION 329
When an organization is implementing an information security governance program, its board of directors should be responsible for:

drafting information security policies.

reviewing training and awareness programs.

setting the strategic direction of the program.

auditing for compliance.

Explanation
A board of directors should establish the strategic direction of the program to ensure that it is in sync with the company’s vision and business goals. The board must incorporate the governance program into the overall corporate business strategy. Drafting information security policies is best fulfilled by someone such as a security manager with the expertise to bring balance, scope and focus to the policies. Reviewing training and awareness programs may best be handled by security management and training staff to ensure that the training is on point and follows best practices. Auditing for compliance is best left to the internal and external auditors to provide an objective review of the program and how it meets regulatory and statutory compliance.

QUESTION 330
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:

organizational risk.

organization wide metrics.

security needs.

the responsibilities of organizational units.

Explanation/Reference:
Explanation:
Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.

QUESTION 331
Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

web services require unique forensic evidence

they prevent modification of application source code

they recognize web application protocols.

web services are prone to attacks.

QUESTION 332
Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

Regular audits of access controls

Strong background checks when hiring staff

Prompt termination procedures

Role-based access control4

Role-based access control is a security strategy that limits access to computer systems and data based on individuals’ roles or job functions within an organization. It ensures that individuals only have access to the information and resources necessary for them to perform their job duties, and nothing more. This approach minimizes the potential for unauthorized access to sensitive data by limiting access privileges to only what is required for an individual’s specific role.

QUESTION 333
When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?

Include information security clauses in the vendor contract.

Develop metrics for vendor performance.

Include information security criteria as part of vendor selection.

Review third-party reports of potential vendors.

QUESTION 334
IT projects have gone over budget with too many security controls being added post-production.
Which of the following would MOST help to ensure that relevant to a project?

Involving information security at each stage of project management

Creating a data classification framework and providing it to stakeholders

Identifying responsibilities during the project business case analysis

Providing stakeholders with minimum information security requirements

QUESTION 335
Which of the following devices should be placed within a DMZ?

Proxy server

Application server

Departmental server

Data warehouse server

Explanation/Reference:
Explanation:
An application server should normally be placed within a demilitarized zone (DMZ) to shield the internal network. Data warehouse and departmental servers may contain confidential or valuable data and should always be placed on the internal network, never on a DMZ that is subject to compromise. A proxy server forms the inner boundary of the DMZ but is not placed within it.

QUESTION 336
Which of the following is the MOST effective way to ensure information security policies are understood?

Implement a whistle-blower program.

Provide regular security awareness training.

Include security responsibilities in job descriptions.

Document security procedures.

Security awareness training is the most effective way to ensure information security policies are understood, as it educates employees on the purpose, content and importance of the policies, and how to comply with them. (From CISM Review Manual 15th Edition) References: CISM Review Manual 15th Edition, page 183, section 4.3.3.1.

QUESTION 337
A risk has been formally accepted and documented.
Which of the following is the MOST important action for an information security manager?

Update risk tolerance levels.

Notify senior management and the board.

Monitor the environment for changes.

Re-evaluate the organization’s risk appetite.

Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation

QUESTION 338
Which of the following is the MOST important requirement for a successful security program?

Mapping security processes to baseline security standards

Penetration testing on key systems

Management decision on asset value

Nondisclosure agreements (NDA) with employees

Explanation
“A successful security program requires management support and involvement. One of the key aspects of management support is to decide on the value of assets and the acceptable level of risk for them. This will help define the security objectives and priorities for the program. The other options are possible activities within a security program, but they are not as important as management decision on asset value.”

QUESTION 339
An anomaly-based intrusion detection system (IDS) operates by gathering data on:

normal network behavior and using it as a baseline lor measuring abnormal activity

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

abnormal network behavior and using it as a baseline for measuring normal activity

attack pattern signatures from historical data

Explanation
An anomaly-based intrusion detection system (IDS) operates by gathering data on normal network behavior and using it as a baseline for measuring abnormal activity. This is important because it allows the IDS to detect any activity that is outside of the normal range of usage for the network, which can help to identify potential malicious activity or security threats. Additionally, the IDS will monitor for any changes in the baseline behavior and alert the administrator if any irregularities are detected. By contrast, signature-based IDSs operate by gathering attack pattern signatures from historical data and comparing them against incoming traffic in order to identify malicious activity.

QUESTION 340
The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

uses multiple redirects for completing a data commit transaction.

has implemented cookies as the sole authentication mechanism.

has been installed with a non-1egitimate license key.

is hosted on a server along with other applications.

Explanation/Reference:
Explanation:
XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction. XSRF is related to an authentication mechanism, not to redirection. Option C is related to intellectual property rights, not to XSRF vulnerability. Merely hosting multiple applications on the same server is not the root cause of this vulnerability.

QUESTION 341
Which of the following should be an information security manager’s MOST important concern to ensure admissibility of information security evidence from cyber crimes?

Chain of custody

Tools used for evidence analysis

Forensics contractors

Efficiency of the forensics team

Section: INCIDENT MANAGEMENT AND RESPONSE

QUESTION 342
Which of the following is the BEST course of action when an online company discovers a network attack in progress?

Dump all event logs to removable media

Isolate the affected network segment

Enable trace logging on ail events

Shut off all network access points

Explanation
The BEST course of action when an online company discovers a network attack in progress is to isolate the affected network segment. This prevents the attacker from gaining further access to the network and limits the scope of the attack. Dumping event logs to removable media and enabling trace logging may be useful for forensic purposes, but should not be the first course of action in the midst of an active attack. Shutting off all network access points would be too drastic and would prevent legitimate traffic from accessing the network.

QUESTION 343
Which of the following should an information security manager do FIRST when creating an organization’s disaster recovery plan (DRP)?

Conduct a business impact analysis (BIA)

Identify the response and recovery learns.

Review the communications plan.

Develop response and recovery strategies.

Conducting a business impact analysis (BIA) is the first step when creating an organization’s disaster recovery plan (DRP) because it helps to identify and prioritize the critical business functions or processes that need to be restored after a disruption, and determine their recovery time objectives (RTOs) and recovery point objectives (RPOs)2. Identifying the response and recovery teams is not the first step, but rather a subsequent step that involves assigning roles and responsibilities for executing the DRP. Reviewing the communications plan is not the first step, but rather a subsequent step that involves defining the communication channels and protocols for notifying and updating the stakeholders during and after a disruption. Developing response and recovery strategies is not the first step, but rather a subsequent step that involves selecting and implementing the appropriate solutions and procedures for restoring the critical business functions or processes. References:
2 https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/business-impact-analysis-bia-and- disaster-recovery-planning-drp

Loading …