ISACA CISM 시험

Question No : 1

When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?

• A.Provide security training for developers.
• B.Prepare detailed acceptance criteria
• C.Adhere to change management processes.
• D.Perform a security gap analysis.

답을 확인하기

정답:

Question No : 2

Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?

• A.Disaster recovery plan
• B.Identity and access management
• C.Vendor’s information security policy
• D.A risk assessment

답을 확인하기

정답:

Question No : 3

Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA).
Which of the following is the information security manager's BEST course of action?

• A.Inform the legal department of the deficiency
• B.Analyze and report the issue to server management
• C.Require the application owner to implement the controls.
• D.Assess and present the risks to the application owner

답을 확인하기

정답:

Question No : 4

Which of the following will BEST help to ensure security is addressed when developing a custom application?

• A.Conducting security training for the development staff
• B.Integrating security requirements into the development process
• C.Requiring a security assessment before implementation
• D.Integrating a security audit throughout the development process

답을 확인하기

정답:

Question No : 5

Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

• A.The patch should be applied to critical systems.
• B.The patch should be validated using a hash algorithm.
• C.The patch should be evaluated in a testing environment.
• D.The patch should be deployed quickly to systems that are vulnerable.

답을 확인하기

정답:

Question No : 6

The success of a computer forensic investigation depends on the concept of:

• A.chain of evidence.
• B.chain of attack.
• C.forensic chain
• D.evidence of attack.

답을 확인하기

정답:

Question No : 7

Senior management has approved employees working off-site by using a virtual private network (VPN) connection.
It is MOST important for the information security manager to periodically:

• A.perform a cost-benefit analysis.
• B.perform a risk assessment.
• C.review firewall configuration.
• D.review the security policy.

답을 확인하기

정답:

Question No : 8

Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?

• A.Average time to resolve an incident
• B.Total number of reported incidents
• C.Total number of incident responses
• D.Average time to respond to an incident

답을 확인하기

정답:

Question No : 9

Executive management is considering outsourcing all IT operations.
Which of the following functions should remain internal?

• A.Data encryption
• B.Data ownership
• C.Data custodian
• D.Data monitoring

답을 확인하기

정답:

Question No : 10

A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations.
Which of the following would be of MOST concern to senior management?

• A.The organization uses a decentralized privacy governance structure
• B.Privacy policies ire only reviewed annually
• C.The organization doe* not have a dedicated privacy officer
• D.The privacy program does not include a formal warning component

답을 확인하기

정답:

Question No : 11

Which of the following would provide nonrepudiation of electronic transactions?

• A.Two-factor authentication
• B.Periodic reaccredinations
• C.Third-party certificates
• D.Receipt acknowledgment

답을 확인하기

정답:

Question No : 12

Which of the following is the MOST important outcome from vulnerability scanning?

• A.Prioritization of risks
• B.Information about steps necessary to hack the system
• C.Identification of back doors
• D.Verification that systems are property configured

답을 확인하기

정답:

Question No : 13

An information security manager is reviewing the impact of a regulation on the organization’s human resources system.
The NEXT course of action should be to:

• A.perform a gap analysis of compliance requirements
• B.assess the penalties for noncompliance.
• C.review the organization s most recent audit report
• D.determine the cost of compliance

답을 확인하기

정답:

Question No : 14

Which of the following is the MOST important driver when developing an effective information security strategy?

• A.Information security standards
• B.Compliance requirements
• C.Security audit reports
• D.Benchmarking reports

답을 확인하기

정답:

Question No : 15

After a server has been attacked, which of the following is the BEST course of action?

• A.Review vulnerability assessment
• B.Conduct a security audit
• C.Initiate modem response
• D.Isolate the system.

답을 확인하기

정답: