File Info
| Exam | Certified Information Security Manager |
| Number | CISM |
| File Name | Financial.CISM.NewDumps.2018-09-19.370q.tqb |
| Size | 1 MB |
| Posted | Sep 19, 2018 |
| Download | Financial.CISM.NewDumps.2018-09-19.370q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
What is the PRIMARY role of the information security manager in the process of information classification within an organization?
- Defining and ratifying the classification structure of information assets
- Deciding the classification levels applied to the organization's information assets
- Securing information assets in accordance with their classification
- Checking if information assets have been classified properly
Correct answer: A
Explanation:
Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization. Choice B is incorrect because the final responsibility for deciding the classification levels rests with the data owners. Choice C is incorrect because the job of securing information assets is the responsibility of the data custodians. Choice D may be a role of an information security manager but is not the key role in this context. Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization. Choice B is incorrect because the final responsibility for deciding the classification levels rests with the data owners. Choice C is incorrect because the job of securing information assets is the responsibility of the data custodians. Choice D may be a role of an information security manager but is not the key role in this context.
Question 2
Logging is an example of which type of defense against systems compromise?
- Containment
- Detection
- Reaction
- Recovery
Correct answer: B
Explanation:
Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans. Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.
Question 3
Which of the following is MOST important in developing a security strategy?
- Creating a positive business security environment
- Understanding key business objectives
- Having a reporting line to senior management
- Allocating sufficient resources to information security
Correct answer: B
Explanation:
Alignment with business strategy is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization. Alignment with business strategy is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
