Which of the following is the PRIMARY objective of defining a severity hierarchy for security incidents? A. To prioritize available incident response resources B. To streamline the risk analysis process C. To facilitate root cause analysis of incidents D. To facilitate the
classification of an organization's IT assets An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the system? A. Remove all signs of the intrusion from the OS and application. B. Restore the application and data from a forensic copy. C. Restore the
OS, patches, and application from a backup. D. Install the OS, patches, and application from the original source. Which of the following is the BEST justification for making a revision to a password policy? A. Audit recommendation B. Vendor recommendation C. Industry best
practice D. A risk assessment When supporting an organization's privacy officer, which of the following is the information security manager's PRIMARY role regarding privacy requirements? A. Monitoring the transfer of private data B. Determining data classification C.
Conducting privacy awareness programs D. Ensuring appropriate controls are in place Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify? A. The URL of the 6-commerce
server
B. The browser's indication of SSL use C. The IP address of the e-commerce server D. The certificate of the e-commerce server An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify, What is the
BEST way to help ensure similar incidents are identified more quickly in the future? A. Establish performance metrics for the team. B. Perform a threat analysis. C. Perform a post-incident review. D. Implement a SIEM solution. Of the following, who should the security manager consult FIRST when determining the severity level of a security incident involving a third-party vendor? A. Business partners B. Risk manager C. Business process owners D. IT process owners When determining an acceptable risk level, which of the following is the MOST important consideration? A. System criticalities B. Threat profiles C. Risk matrices D. Vulnerability scores Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system? A. Maximum tolerable outage (MTO) B. Recovery time objective (RTO) C. Available annual budget D. Cost-benefit analysis of mitigating controls Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls? A. Percentage of outstanding high-risk audit issues B. Number of successful disaster recovery tests C. Frequency of updates to system software D. Number of incidents resulting in disruptions In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents? A. Non-standard event logs B. Access to the hardware C. Compressed customer data D. Data encryption When monitoring the security of a web-based application, which of the following is MOST frequently reviewed? A. Threat metrics B. Audit reports C. Access logs D. Access lists Which of the following is PRIMARILY influenced by a business impact analysis (BIA)? A. IT strategy B. Risk mitigation strategy C. Security 'strategy D. Recovery strategy Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements? A. Restrict application network access temporarily. B. Consult with the business owner. C. Include security requirements in the contract. D. Update the risk register. Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level? A. Monitor the effectiveness of controls. B. Review the risk probability and impact. C. Update the risk assessment framework. D. Review the inherent risk level. Which of the following processes can be used to remediate identified technical vulnerabilities? A. Conducting a risk assessment B. Enforcing baseline configurations C. Performing penetration testing D. Updating the business impact analysis (BIA) Which of the following has the GREATEST impact on efforts to improve an organization's security posture? A. Regular reporting to senior management B. Automation of security controls C. Well-documented security policies and procedures D. Supportive tone at the top regarding security Which of the following should be the PRIMARY outcome of an information security program? A. Threat reduction B. Strategic alignment C. Risk elimination D. Cost reduction In a multinational organization, local security regulations should be implemented over global security policy because: A. deploying awareness of local regulations is more practical than of global policy B. business objectives are defined by local business unit managers. C. global security policies include unnecessary controls for local businesses. D. requirements of local regulations take precedence Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives? A. Balanced scorecard B. Benchmarking C. Risk matrix D. Heat map Which of the following should be determined FIRST when preparing a risk communication plan? A. Target audience B. Communication channel C. Reporting frequency D. Reporting content Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control? A. To justify information security program activities B. To ensure that the mitigation effort does not exceed the asset value C. To ensure that benefits are aligned with business strategies D. To present a realistic information security budget Which of the following would BEST help an organization's ability to manage advanced persistent threats (APT)? A. Having network detection tools in place B. Increasing the information security budget C. Having a skilled information security team D. Using multiple security vendors A n employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST? A. Initiate a device reset. B. Initiate incident response. C. Conduct a risk assessment. D. Disable remote access. Which of the following is the BEST way to strengthen the alignment of an information security program with business strategy? A. Providing organizational training on information security policies B. Increasing the frequency of control assessments C. Establishing an information security steering committee D. Increasing budget for risk assessments Which of the following would provide the BEST evidence to senior management that security control performance has improved? A. Demonstrated return on security investment B. Reduction in inherent risk C. Review of security metrics trends D. Results of an emerging threat analysis Which of the following is the MAJOR advantage of conducting a post-incident review? The review: A. provides continuous process improvement. B. facilitates reporting on actions taken during the incident process. C. helps identify current and desired level of risk. D. helps develop business cases for security monitoring tools. How many questions are in the CISM exam?The official CISM exam has 150 questions.
What CISM means?Critical Incident Stress Management (CISM) is selecting and implementing the most appropriate crisis intervention tactics to best respond to the situation's needs. However, CISM has multiple components other than responding after a critical incident. These components can be used before, during, and after a crisis.
How much is the CISM exam?Exam Details. How do you get CISM?Apply to Get Certified
Pass the CISM Exam within the last 5 years. Have the relevant full-time work experience in the CISM exam content outline. Submit the CISM Certification Application including the application processing fee.
|