This page was exported from Latest Exam Prep [ http://certify.vceprep.com ] Export date:Thu Apr 10 17:55:04 2025 / +0000 GMT ___________________________________________________ Title: New (2025) Download free CISM PDF for ISACA Practice Tests [Q324-Q343] --------------------------------------------------- New (2025) Download free CISM PDF for ISACA Practice Tests 100% Free CISM Files For passing the exam Quickly QUESTION 324The PRIORITY action to be taken when a server is infected with a virus is to:  isolate the infected server(s) from the network.  identify all potential damage caused by the infection.  ensure that the virus database files are current.  establish security weaknesses in the firewall. The priority in this event is to minimize the effect of the virus infection and to prevent it from spreading by removing the infected server(s) from the network. After the network is secured from further infection, the damage assessment can be performed, the virus database updated and any weaknesses sought.QUESTION 325When developing a categorization method for security incidents, the categories MUST:  align with industry standards.  be created by the incident handler.  have agreed-upon definitions.  align with reporting requirements. When developing a categorization method for security incidents, the categories MUST have agreed-upon definitions. This is because having clear and consistent definitions for each category of incidents will help to ensure a common understanding and communication among the incident response team and other stakeholders. It will also facilitate the accurate and timely identification, classification, reporting and analysis of incidents. Having agreed-upon definitions will also help to avoid confusion, ambiguity and inconsistency in the incident management processQUESTION 326Which of the following should be established FIRST when implementing an information security governance framework?  Security incident management team  Security policies  Security awareness training program  Security architecture QUESTION 327While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?  While responding to the incident  During a tabletop exercise  During post-incident review  After a risk reassessment During post-incident review is the best time to update the incident response plan after observing several deficiencies in the current plan while responding to a high-profile security incident. A post-incident review is a process of analyzing and evaluating the incident response activities, identifying the lessons learned, and documenting the recommendations and action items for improvement. Updating the incident response plan during post-incident review helps to ensure that the plan reflects the current best practices, addresses the gaps and weaknesses, and incorporates the feedback and suggestions from the incident response team and other stakeholders. Therefore, during post-incident review is the correct answer.Reference:https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdfhttps://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-planhttps://www.integrify.com/blog/posts/incident-response-plan-need-an-update/QUESTION 328An organization’s marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risks assessment. Which of the following should be the MOST important consideration?  The information to be exchanged  Methods for transferring the information  Reputations of the external marketing companies  The security of the third-party cloud provider Section: INFORMATION SECURITY PROGRAM MANAGEMENTQUESTION 329When an organization is implementing an information security governance program, its board of directors should be responsible for:  drafting information security policies.  reviewing training and awareness programs.  setting the strategic direction of the program.  auditing for compliance. ExplanationA board of directors should establish the strategic direction of the program to ensure that it is in sync with the company’s vision and business goals. The board must incorporate the governance program into the overall corporate business strategy. Drafting information security policies is best fulfilled by someone such as a security manager with the expertise to bring balance, scope and focus to the policies. Reviewing training and awareness programs may best be handled by security management and training staff to ensure that the training is on point and follows best practices. Auditing for compliance is best left to the internal and external auditors to provide an objective review of the program and how it meets regulatory and statutory compliance.QUESTION 330Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:  organizational risk.  organization wide metrics.  security needs.  the responsibilities of organizational units. Explanation/Reference:Explanation:Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.QUESTION 331Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:  web services require unique forensic evidence  they prevent modification of application source code  they recognize web application protocols.  web services are prone to attacks. QUESTION 332Which of the following is the MOST effective defense against malicious insiders compromising confidential information?  Regular audits of access controls  Strong background checks when hiring staff  Prompt termination procedures  Role-based access control4 Role-based access control is a security strategy that limits access to computer systems and data based on individuals’ roles or job functions within an organization. It ensures that individuals only have access to the information and resources necessary for them to perform their job duties, and nothing more. This approach minimizes the potential for unauthorized access to sensitive data by limiting access privileges to only what is required for an individual’s specific role.QUESTION 333When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?  Include information security clauses in the vendor contract.  Develop metrics for vendor performance.  Include information security criteria as part of vendor selection.  Review third-party reports of potential vendors. QUESTION 334IT projects have gone over budget with too many security controls being added post-production.Which of the following would MOST help to ensure that relevant to a project?  Involving information security at each stage of project management  Creating a data classification framework and providing it to stakeholders  Identifying responsibilities during the project business case analysis  Providing stakeholders with minimum information security requirements QUESTION 335Which of the following devices should be placed within a DMZ?  Proxy server  Application server  Departmental server  Data warehouse server Explanation/Reference:Explanation:An application server should normally be placed within a demilitarized zone (DMZ) to shield the internal network. Data warehouse and departmental servers may contain confidential or valuable data and should always be placed on the internal network, never on a DMZ that is subject to compromise. A proxy server forms the inner boundary of the DMZ but is not placed within it.QUESTION 336Which of the following is the MOST effective way to ensure information security policies are understood?  Implement a whistle-blower program.  Provide regular security awareness training.  Include security responsibilities in job descriptions.  Document security procedures. Security awareness training is the most effective way to ensure information security policies are understood, as it educates employees on the purpose, content and importance of the policies, and how to comply with them. (From CISM Review Manual 15th Edition) References: CISM Review Manual 15th Edition, page 183, section 4.3.3.1.QUESTION 337A risk has been formally accepted and documented.Which of the following is the MOST important action for an information security manager?  Update risk tolerance levels.  Notify senior management and the board.  Monitor the environment for changes.  Re-evaluate the organization’s risk appetite. Section: INFORMATION SECURITY PROGRAM MANAGEMENTExplanationQUESTION 338Which of the following is the MOST important requirement for a successful security program?  Mapping security processes to baseline security standards  Penetration testing on key systems  Management decision on asset value  Nondisclosure agreements (NDA) with employees Explanation“A successful security program requires management support and involvement. One of the key aspects of management support is to decide on the value of assets and the acceptable level of risk for them. This will help define the security objectives and priorities for the program. The other options are possible activities within a security program, but they are not as important as management decision on asset value.”QUESTION 339An anomaly-based intrusion detection system (IDS) operates by gathering data on:  normal network behavior and using it as a baseline lor measuring abnormal activity  abnormal network behavior and issuing instructions to the firewall to drop rogue connections  abnormal network behavior and using it as a baseline for measuring normal activity  attack pattern signatures from historical data ExplanationAn anomaly-based intrusion detection system (IDS) operates by gathering data on normal network behavior and using it as a baseline for measuring abnormal activity. This is important because it allows the IDS to detect any activity that is outside of the normal range of usage for the network, which can help to identify potential malicious activity or security threats. Additionally, the IDS will monitor for any changes in the baseline behavior and alert the administrator if any irregularities are detected. By contrast, signature-based IDSs operate by gathering attack pattern signatures from historical data and comparing them against incoming traffic in order to identify malicious activity.QUESTION 340The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:  uses multiple redirects for completing a data commit transaction.  has implemented cookies as the sole authentication mechanism.  has been installed with a non-1egitimate license key.  is hosted on a server along with other applications. Explanation/Reference:Explanation:XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction. XSRF is related to an authentication mechanism, not to redirection. Option C is related to intellectual property rights, not to XSRF vulnerability. Merely hosting multiple applications on the same server is not the root cause of this vulnerability.QUESTION 341Which of the following should be an information security manager’s MOST important concern to ensure admissibility of information security evidence from cyber crimes?  Chain of custody  Tools used for evidence analysis  Forensics contractors  Efficiency of the forensics team Section: INCIDENT MANAGEMENT AND RESPONSEQUESTION 342Which of the following is the BEST course of action when an online company discovers a network attack in progress?  Dump all event logs to removable media  Isolate the affected network segment  Enable trace logging on ail events  Shut off all network access points ExplanationThe BEST course of action when an online company discovers a network attack in progress is to isolate the affected network segment. This prevents the attacker from gaining further access to the network and limits the scope of the attack. Dumping event logs to removable media and enabling trace logging may be useful for forensic purposes, but should not be the first course of action in the midst of an active attack. Shutting off all network access points would be too drastic and would prevent legitimate traffic from accessing the network.QUESTION 343Which of the following should an information security manager do FIRST when creating an organization’s disaster recovery plan (DRP)?  Conduct a business impact analysis (BIA)  Identify the response and recovery learns.  Review the communications plan.  Develop response and recovery strategies. Conducting a business impact analysis (BIA) is the first step when creating an organization’s disaster recovery plan (DRP) because it helps to identify and prioritize the critical business functions or processes that need to be restored after a disruption, and determine their recovery time objectives (RTOs) and recovery point objectives (RPOs)2. Identifying the response and recovery teams is not the first step, but rather a subsequent step that involves assigning roles and responsibilities for executing the DRP. Reviewing the communications plan is not the first step, but rather a subsequent step that involves defining the communication channels and protocols for notifying and updating the stakeholders during and after a disruption. Developing response and recovery strategies is not the first step, but rather a subsequent step that involves selecting and implementing the appropriate solutions and procedures for restoring the critical business functions or processes. References:2 https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/business-impact-analysis-bia-and- disaster-recovery-planning-drp Loading … CISM Premium Exam Engine - Download Free PDF Questions: https://www.vceprep.com/CISM-latest-vce-prep.html --------------------------------------------------- Images: https://certify.vceprep.com/wp-content/plugins/watu/loading.gif https://certify.vceprep.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2025-03-13 10:12:42 Post date GMT: 2025-03-13 10:12:42 Post modified date: 2025-03-13 10:12:42 Post modified date GMT: 2025-03-13 10:12:42