Real CISM Dumps - ISACA Correct Answers updated on 2021 [Q631-Q651]

Use Real CISM Dumps - ISACA Correct Answers updated on 2021

Isaca Certification CISM Exam Practice Dumps

NEW QUESTION 631
An intrusion detection system (IDS) should:

• A. require a stable, rarely changed environment
• B. ignore anomalies
• C. be located on the network
• D. run continuously

Answer: D

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
If an intrusion detection system (IDS) does not run continuously the business remains vulnerable. An IDS should detect, not ignore anomalies. An IDS should be flexible enough to cope with a changing environment. Both host and network based IDS are recommended for adequate detection.

 

NEW QUESTION 632
Which of the following are the MOST important criteria when selecting virus protection software?

• A. Product market share and annualized cost
• B. Ability to interface with intrusion detection system (IDS) software and firewalls
• C. Ease of maintenance and frequency of updates
• D. Alert notifications and impact assessments for new viruses

Answer: C

Explanation:
For the software to be effective, it must be easy to maintain and keep current. Market share and annualized cost, links to the intrusion detection system (IDS) and automatic notifications are all secondary in nature.

 

NEW QUESTION 633
Which of the following is the MOST important factor when designing information security architecture?

• A. Development methodologies
• B. Technical platform interfaces
• C. Scalability of the network
• D. Stakeholder requirements

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The most important factor for information security is that it advances the interests of the business, as defined by stakeholder requirements. Interoperability and scalability, as well as development methodologies, are all important but are without merit if a technologically-elegant solution is achieved that does not meet the needs of the business.

 

NEW QUESTION 634
When performing a risk assessment, the MOST important consideration is that:

• A. attack motives, means and opportunities be understood.
• B. annual loss expectations (ALEs) have been calculated for critical assets.
• C. assets have been identified and appropriately valued.
• D. management supports risk mitigation efforts.

Answer: C

Explanation:
Identification and valuation of assets provides the basis for risk management efforts as it relates to the criticality and sensitivity of assets. Management support is always important, but is not relevant when determining the proportionality of risk management efforts. ALE calculations are only valid if assets have first been identified and appropriately valued. Motives, means and opportunities should already be factored in as a part of a risk assessment.

 

NEW QUESTION 635
Which of the following is MOST essential for a risk management program to be effective?

• A. Flexible security budget
• B. Accurate risk reporting
• C. New risks detection
• D. Sound risk baseline

Answer: C

Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
All of these procedures are essential for implementing risk management. However, without identifying new risks, other procedures will only be useful for a limited period.

 

NEW QUESTION 636
Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?

• A. Utilize an intrusion detection system.
• B. Implement vendor recommended settings.
• C. Perform periodic penetration testing.
• D. Establish minimum security baselines.

Answer: C

Explanation:
Penetration testing is the best way to assure that perimeter security is adequate. An intrusion detection system (IDS) may detect an attempted attack, hut it will not confirm whether the perimeter is secured. Minimum security baselines and applying vendor recommended settings are beneficial, but they will not provide the level of assurance that is provided by penetration testing.

 

NEW QUESTION 637
An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

• A. Cost-benefit analysis
• B. Identified risks and mitigating controls
• C. Industry best practice benchmarking results
• D. Information security-related metrics

Answer: A

 

NEW QUESTION 638
Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?

• A. Encryption
• B. Tuning
• C. Packet filtering
• D. Patching

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
If an intrusion detection system (IDS) is not properly tuned it will generate an unacceptable number of false positives and/or fail to sound an alarm when an actual attack is underway. Patching is more related to operating system hardening, while encryption and packet filtering would not be as relevant.

 

NEW QUESTION 639
What is the FIRST action an information security manager should take when a company laptop is reported stolen?

• A. Evaluate the impact of the information loss
• B. Disable the user account immediately
• C. Update the corporate laptop inventory
• D. Ensure compliance with reporting procedures

Answer: D

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
The key step in such an incident is to report it to mitigate any loss. After this, the other actions should follow.

 

NEW QUESTION 640
A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?

• A. Network
• B. User
• C. Database
• D. Operations

Answer: B

Explanation:
Explanation/Reference:
Explanation:
As owners of the system, user management signoff is the most important. If a system does not meet the needs of the business, then it has not met its primary objective. The needs of network, operations and database management are secondary to the needs of the business.

 

NEW QUESTION 641
Which of the following are the MOST important criteria when selecting virus protection software?

• A. Product market share and annualized cost
• B. Ability to interface with intrusion detection system (IDS) software and firewalls
• C. Ease of maintenance and frequency of updates
• D. Alert notifications and impact assessments for new viruses

Answer: C

Explanation:
Explanation
For the software to be effective, it must be easy to maintain and keep current. Market share and annualized cost, links to the intrusion detection system (IDS) and automatic notifications are all secondary in nature.

 

NEW QUESTION 642
Which of the following is the MOST important consideration for designing an effective information security governance framework?

• A. Security controls automation
• B. Continuous audit cycle
• C. Defined security metrics
• D. Security policy provisions

Answer: C

Explanation:
Section: INFORMATION SECURITY GOVERNANCE

 

NEW QUESTION 643
The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:

• A. cause false positives from minor changes to system variables.
• B. generate false alarms from varying user or system actions.
• C. cannot detect new types of attacks.
• D. create more overhead than signature-based IDSs.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
A statistical anomaly-based intrusion detection system (stat IDS) collects data from normal traffic and establishes a baseline. It then periodically samples the network activity based on statistical methods and compares samples to the baseline. When the activity is outside the baseline parameter (clipping level), the IDS notifies the administrator. The baseline variables can include a host's memory or central processing unit (CPU) usage, network packet types and packet quantities. If actions of the users or the systems on the network vary widely with periods of low activity and periods of frantic packet exchange, a stat IDS may not be suitable, as the dramatic swing from one level to another almost certainly will generate false alarms.
This weakness will have the largest impact on the operation of the IT systems. Due to the nature of stat IDS operations (i.e., they must constantly attempt to match patterns of activity to the baseline parameters), a stat IDS requires much more overhead and processing than signature-based versions. Due to the nature of a stat IDS-based on statistics and comparing data with baseline parameters-this type of IDS may not detect minor changes to system variables and may generate many false positives. Choice D is incorrect; since the stat IDS can monitor multiple system variables, it can detect new types of variables by tracing for abnormal activity of any kind.

 

NEW QUESTION 644
Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?

• A. Isolate the screened subnet
• B. Perform an impact analysis of the outage
• C. Conduct an assessment to determine system status
• D. Restore servers from backup media stored offsite

Answer: C

Explanation:
Explanation
An assessment should be conducted to determine whether any permanent damage occurred and the overall system status. It is not necessary at this point to rebuild any servers. An impact analysis of the outage or isolating the demilitarized zone (DMZ) or screen subnet will not provide any immediate benefit.

 

NEW QUESTION 645
An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:

• A. discontinue the use of the vulnerable technology.
• B. report to senior management that the organization is not affected.
• C. assess the likelihood of incidents from the reported cause.
• D. remind staff that no similar security breaches have taken place.

Answer: C

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
The security manager should first assess the likelihood of a similar incident occurring, based on available information. Discontinuing the use of the vulnerable technology would not necessarily be practical since it would likely be needed to support the business. Reporting to senior management that the organization is not affected due to controls already in place would be premature until the information security manager can first assess the impact of the incident. Until this has been researched, it is not certain that no similar security breaches have taken place.

 

NEW QUESTION 646
Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

• A. Availability of resources
• B. Root cause analysis results
• C. Adverse effects on the business
• D. Legal and regulatory requirements

Answer: B

 

NEW QUESTION 647
An organization has established information security policies, but the information security the MOST likely reason for this situation?

• A. The information security policies lack alignment with corporate goals.
• B. The information security program is not adequately funded.
• C. The organization is operating in a highly regulated industry.
• D. The information security policies are not communicated across the organization.

Answer: A

 

NEW QUESTION 648
The PRIMARY reason for establishing a data classification scheme is to identify:

• A. recovery priorities.
• B. appropriate controls.
• C. data-retention strategy.
• D. data ownership.

Answer: B

 

NEW QUESTION 649
Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?

• A. Intrusion detection system (IDS)
• B. Strong encryption
• C. Boundary router
• D. Internet-facing firewall

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Strong encryption is the most effective means of protecting wireless networks. Boundary routers, intrusion detection systems (IDSs) and firewalling the Internet would not be as effective.

 

NEW QUESTION 650
To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?

• A. Conducting a business impact analysis (BIA).
• B. Conducting a qualitative and quantitative risk analysis.
• C. Assigning value to the assets.
• D. Weighing the cost of implementing the plan vs. financial loss.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
BIA is an essential component of an organization's business continuity plan; it includes an exploratory component to reveal any vulnerabilities and a planning component to develop strategies for minimizing risk. It is the first crucial step in business continuity planning. Qualitative and quantitative risk analysis will have been completed to define the dangers to individuals, businesses and government agencies posed by potential natural and human-caused adverse events. Assigning value to assets is part of the BIA process.
Weighing the cost of implementing the plan vs. financial loss is another part of the BIA.

 

NEW QUESTION 651
......

Get ready to pass the CISM Exam right now using our Isaca Certification  Exam Package: https://www.dumpexams.com/CISM-real-answers.html

CISM Premium Files Test pdf - Free Dumps Collection: https://drive.google.com/open?id=1ITIqQ4uPKohYPsiNaS0Xeog7rZ7VNBoe