100% Updated ISACA CISM Enterprise PDF Dumps [Q110-Q125]

Share

100% Updated ISACA CISM Enterprise PDF Dumps

Use Valid Exam CISM by Prep4pass Books For Free Website

NEW QUESTION # 110
An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

  • A. Store disaster recovery documentation in a public cloud
  • B. Provide annual disaster recovery training to appropriate staff
  • C. Require disaster recovery documentation be stored with all key decision makers
  • D. Maintain an outsourced contact center in another country

Answer: B


NEW QUESTION # 111
A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?

  • A. Review customers' security policies.
  • B. Develop access control requirements for each system and application.
  • C. Design single sign-on (SSO) or federated access.
  • D. Conduct a risk assessment to determine security risks and mitigating controls.

Answer: D

Explanation:
= The best approach for developing a physical access control policy for the organization is to conduct a risk assessment to determine the security risks and mitigating controls that are relevant and appropriate for the organization's data center. A risk assessment is a process of identifying, analyzing, and evaluating the information security risks that could affect the availability, integrity, or confidentiality of the servers, applications, and data that are hosted in the data center. A risk assessment can help to determine the likelihood and impact of the unauthorized or inappropriate physical access to the data center, such as theft, damage, sabotage, or espionage, and the potential consequences for the organization and its customers, such as service disruption, data loss, data breach, or legal liability. A risk assessment can also help to identify and prioritize the appropriate risk treatment options, such as implementing technical, administrative, or physical controls to prevent, detect, or respond to the physical access incidents, such as locks, alarms, cameras, guards, badges, or logs. A risk assessment can also help to communicate and report the risk level and status to the senior management and the relevant stakeholders, and to provide feedback and recommendations for improvement and optimization of the physical access control policy and the risk management process.
Reviewing customers' security policies, developing access control requirements for each system and application, and designing single sign-on (SSO) or federated access are all possible steps that the organization can take after conducting the risk assessment, but they are not the best ones. Reviewing customers' security policies is a process of understanding and complying with the customers' expectations and requirements for the security of their servers, applications, and data that are hosted in the data center, and ensuring that the organization's physical access control policy is consistent and compatible with them. Developing access control requirements for each system and application is a process of defining and implementing the specific rules and criteria for granting or denying the physical access to the servers and applications that are hosted in the data center, based on the roles, responsibilities, and privileges of the users, and the sensitivity and criticality of the systems and applications. Designing single sign-on (SSO) or federated access is a process of enabling and facilitating the authentication and authorization of the users who need to access the servers and applications that are hosted in the data center, by using a single or shared identity and credential across multiple systems and domains. References = CISM Review Manual 15th Edition, pages 51-531; CISM Practice Quiz, question 1542


NEW QUESTION # 112
A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?

  • A. Severity criteria
  • B. Emergency call tree directory
  • C. Risk assessment results
  • D. Table of critical backup files

Answer: A

Explanation:
Quickly ranking the severity criteria of an incident is a key element of incident response. The other choices refer to documents that would not likely be included in a computer incident response team (CIRT) manual.


NEW QUESTION # 113
Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?

  • A. The number of false negatives increases
  • B. The number of false positives increases
  • C. Active probing is missed
  • D. Attack profiles are ignored

Answer: B

Explanation:
Failure to tune an intrusion detection system (IDS) will result in many false positives, especially when the threshold is set to a low value. The other options are less likely given the fact that the threshold for sounding an alarm is set to a low value.


NEW QUESTION # 114
Which of the following would generally have the GREATEST negative impact on an organization?

  • A. Interruption of utility services
  • B. Theft of computer software
  • C. Internal fraud resulting in monetary loss
  • D. Loss of customer confidence

Answer: D

Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
Although the theft of software, interruption of utility services and internal frauds are all significant, the loss of customer confidence is the most damaging and could cause the business to fail.


NEW QUESTION # 115
Which of the following is the MOST important consideration when updating procedures for managing security devices?

  • A. Review and approval of procedures by management
  • B. Updates based on changes in risk, technology, and process
  • C. Notification to management of the procedural changes
  • D. Updates based on the organization's security framework

Answer: D


NEW QUESTION # 116
Which of the following devices should be placed within a DMZ?

  • A. Firewall
  • B. Mail relay
  • C. Router
  • D. Authentication server

Answer: B

Explanation:
Explanation/Reference:
Explanation:
A mail relay should normally be placed within a demilitarized zone (DMZ) to shield the internal network. An authentication server, due to its sensitivity, should always be placed on the internal network, never on a DMZ that is subject to compromise. Both routers and firewalls may bridge a DMZ to another network, but do not technically reside within the DMZ, network segment.


NEW QUESTION # 117
Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?

  • A. Data monitoring
  • B. Data encryption
  • C. Data ownership
  • D. Data custodian

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation


NEW QUESTION # 118
When choosing the best controls to mitigate risk to acceptable levels, the information security manager s decision should be MAINLY driven by:

  • A. best practices.
  • B. cost-benefit analysis.
  • C. control framework.
  • D. regulatory requirements.

Answer: B


NEW QUESTION # 119
A common drawback of email software packages that provide native encryption of messages is that the encryption:

  • A. has an insufficient key length.
  • B. cannot interoperate across product domains.
  • C. cannot encrypt attachments
  • D. has no key-recovery mechanism.

Answer: B

Explanation:
Explanation
A common drawback of email software packages that provide native encryption of messages is that the encryption cannot interoperate across product domains. This means that emails sent from one product cannot be read by another product, as the encryption keys used are not compatible. This can be a problem when sending emails to people who use different software packages, as the encrypted emails cannot be read.


NEW QUESTION # 120
Which of the following should be the PRIMARY basis for determining information security objectives?

  • A. Regulatory requirements
  • B. Information security strategy
  • C. Data classification
  • D. Business strategy

Answer: D


NEW QUESTION # 121
Which of the following BEST indicates the value a purchased information security solution brings to an organization?

  • A. Degree to which the solution matures the information security program
  • B. Alignment to security threats and risks
  • C. Cost savings the solution brings to the information security department
  • D. Costs and benefits of the solution calculated over time

Answer: B


NEW QUESTION # 122
Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?

  • A. A comprehensive list of business processes performed by each business unit
  • B. Involvement of senior management in information security policy development
  • C. Inclusion of business unit management In the Information security steering committee
  • D. Targeted user security awareness programs for business units outside of IT

Answer: D


NEW QUESTION # 123
A company has a remote office located in a different country. The company's chief information security officer (CISO) has just learned of a new regulatory requirement mandated by the country of the remote office. Which of the following should be the NEXT step?

  • A. Integrate new requirements into the corporate policies.
  • B. Evaluate whether the new regulation impacts information security.
  • C. Create separate security policies and procedures for the new regulation.
  • D. Implement the requirement at the remote office location.

Answer: B


NEW QUESTION # 124
Which of the following is the MOST appropriate method to protect a password that opens a confidential file?

  • A. Delivery path tracing
  • B. Out-of-band channels
  • C. Digital signatures
  • D. Reverse lookup translation

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Out-of-band channels are useful when it is necessary, for confidentiality, to break a message into two parts that are then sent by different means. Digital signatures only provide nonrepudiation. Reverse lookup translation involves converting ;in Internet Protocol (IP) address to a username. Delivery path tracing shows the route taken but does not confirm the identity of the sender.


NEW QUESTION # 125
......

ISACA CISM Official Cert Guide PDF: https://www.prep4pass.com/CISM_exam-braindumps.html

Free Isaca Certification CISM Official Cert Guide PDF Download: https://drive.google.com/open?id=1nMgxCSiSepQI-9APkh2ny5ieDsi1PxQB