Isaca CISM Certified Information Security Manager Exam Practice Test
Page: 1 / 14 Total 801 questions
Want more questions? Get Premium Access. ()
Question 1
Which of the following is the BEST indication of an effective information security program?
Answer : A
Comprehensive and Detailed Step-by-Step Explanation:
An effective information security program aims to manage risks to acceptable levels while supporting business objectives.
A . Risk is treated to an acceptable level: This is the BEST answer as it directly reflects the program's success in mitigating risks within the organization's tolerance levels.
B . The number of security incidents reported by staff has increased: An increase in reported incidents might indicate improved awareness but does not necessarily reflect overall effectiveness.
C . Key risk indicators (KRIs) are established: KRIs are important for monitoring risks but do not indicate whether risks are being effectively managed.
D . Policies are reviewed and approved by senior management: While essential, this action alone does not demonstrate the program's effectiveness.
Question 2
An incident response policy should include:
Answer : B
Comprehensive and Detailed Step-by-Step Explanation:
Incident response policies must provide clear and actionable steps to ensure effective handling of incidents. Notification requirements are critical to ensure timely communication with stakeholders during an incident.
A . A description of testing methodology: While testing is important, it is typically addressed in incident response plans, not the policy itself.
B . Notification requirements: This is the BEST answer as it ensures that key stakeholders are informed promptly, allowing for coordination and mitigation efforts.
C . An infrastructure diagram: This is useful for understanding system architecture but is not a core policy requirement.
D . Recovery time objectives (RTOs): RTOs are part of business continuity and disaster recovery plans, not incident response policies.
Question 3
Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?
Answer : C
Comprehensive and Detailed Step-by-Step Explanation:
Security Information and Event Management (SIEM) systems are designed to collect, analyze, and correlate data from multiple sources, making them the BEST choice for identifying and correlating intrusion attempt alerts.
A . Threat analytics software: While this can provide insights, it is not specialized for real-time correlation and alerting across various platforms.
B . Host intrusion detection system (HIDS): HIDS monitors individual hosts and detects intrusions, but it does not correlate alerts from multiple sources.
C . SIEM: This is the BEST answer because SIEM integrates logs from diverse systems, applies correlation rules, and provides actionable insights into intrusion attempts.
D . Network intrusion detection system (NIDS): While NIDS detects network-level anomalies, it does not correlate alerts from other systems.
Question 4
Which of the following provides the MOST effective response against ransomware attacks?
Answer : C
Comprehensive and Detailed Step-by-Step Explanation:
Recovering from ransomware attacks often depends on having a robust data recovery strategy:
A . Automatic quarantine of systems: This can limit the spread of ransomware but does not address recovery.
B . Thorough communication plans: Communication is important during incidents but does not directly mitigate ransomware.
C . Effective backup plans and processes: This is the BEST option because having backups ensures that encrypted data can be restored, minimizing downtime and data loss.
D . Strong password requirements: This helps prevent unauthorized access but is not sufficient to combat ransomware once it has entered the system.
Question 5
An organization is selecting security metrics to measure security performance, and a firewall specialist suggests tracking the number of external attacks blocked by the firewalls. Which of the following is the GREATEST concern with using this metric?
Answer : A
Comprehensive and Detailed Step-by-Step Explanation:
Metrics should provide meaningful insights into the organization's risk exposure and security performance. Evaluating this option:
A . The number of blocked external attacks is not representative of the true threat profile: This is the BEST answer because counting attacks blocked does not reveal the effectiveness of security controls or the real risk environment.
B . The number of blocked external attacks will vary by month, causing inconsistent graphs: While variability is a concern, it does not make the metric invalid.
C . The number of blocked external attacks is an indicator of the organization's popularity: This is true but irrelevant to assessing the effectiveness of security measures.
D . The number of blocked external attacks over time does not explain the attackers' motivations: Understanding motivations is useful but not directly tied to evaluating the firewall metric's effectiveness.
Question 6
Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?
Answer : C
Question 7
Which of the following is the BEST indication of an effective disaster recovery planning process?
All Official Question Types