Discount Offer! Use Coupon Code to get 20% OFF DO2022
Our CISM dumps are key to get access. More than 1728+ satisfied customers.
Customers Passed CISM Exam Today
Maximum Passing Score in Real CISM Exam
Guaranteed Questions came from our CISM dumps
A company has a remote office located in a different country. The company's chief information security officer (CISO) has just learned of a new regulatory requirement mandated by the country of the remote office. Which of the following should be the NEXT step?
A. Create separate security policies and procedures for the new regulation.
B. Evaluate whether the new regulation impacts information security.
C. Integrate new requirements into the corporate policies.
D. Implement the requirement at the remote office location.
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
A. normal network behavior and using it as a baseline for measuring abnormal activity.
B. abnormal network behavior and issuing instructions to the firewall to drop rogue connections.
C. abnormal network behavior and using it as a baseline for measuring normal activity.
D. attack pattern signatures from historical data.
Which of the following should be the PRIMARY basis for an information security strategy?
A. Results of a comprehensive gap analysis
B. The organization's vision and mission
C. Audit and regulatory requirements
D. Information security policies
Which of the following BEST determines the allocation of resources during a security incident response?
A. Defined levels of severity
B. Senior management commitment
C. A business continuity plan (BCP)
D. An established escalation process
An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?
A. Examine firewall logs to identify the attacker.
B. Notify the regulatory agency of the incident.
C. Implement mitigating controls.
D. Evaluate the impact to the business.
Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
A. Number of incidents resulting in disruptions
B. Number of successful disaster recovery tests
C. Frequency of updates to system software
D. Percentage of outstanding high-risk audit issues
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
A. using industry best practice to meet local legal regulatory requirements.
B. developing a security program that meets global and regional requirements.
C. monitoring compliance with defined security policies and standards.
D. ensuring effective communication with local regulatory bodies.
The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?
A. Conflicting legal requirements
B. Varying threat environments
C. Disparate reporting lines
D. Differences in work culture
Which of the following is the MOST important consideration when developing information security objectives?
A. They are regularly reassessed and reported to stakeholders.
B. They are identified using global security frameworks and standards.
C. They are approved by the IT governance function.
D. They are clear and can be understood by stakeholders.
An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:
A. the business strategy includes exceptions to the encryption standard.
B. the implementation supports the business strategy.
C. data can be recovered if the encryption keys are misplaced.
D. a classification policy has been developed to incorporate the need for encryption.