File Info
| Exam | Certified Information Security Manager |
| Number | CISM |
| File Name | Financial.CISM.CertKiller.2020-04-10.674q.tqb |
| Size | 2 MB |
| Posted | Apr 10, 2020 |
| Download | Financial.CISM.CertKiller.2020-04-10.674q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which of the following should be the FIRST step in developing an information security plan?
- Perform a technical vulnerabilities assessment
- Analyze the current business strategy
- Perform a business impact analysis
- Assess the current levels of security awareness
Correct answer: B
Explanation:
Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability. Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.
Question 2
Which of the following would BEST ensure the success of information security governance within an organization?
- Steering committees approve security projects
- Security policy training provided to all managers
- Security training available to all employees on the intranet
- Steering committees enforce compliance with laws and regulations
Correct answer: A
Explanation:
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee. The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.
Question 3
Information security governance is PRIMARILY driven by:
- technology constraints.
- regulatory requirements.
- litigation potential.
- business strategy.
Correct answer: D
Explanation:
Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy. Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy.
