isaca cism practice test

Certified Information Security Manager

Last exam update: May 13 ,2024
Page 1 out of 123. Viewing questions 1-15 out of 1842

Question 1 Topic 5

Topic 5
Which of the following actions should be taken when an online trading company discovers a network attack in progress?

  • A. Shut off all network access points
  • B. Dump all event logs to removable media
  • C. Isolate the affected network segment
  • D. Enable trace logging on all event
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Isolating the affected network segment will mitigate the immediate threat while allowing unaffected portions of the business
to continue processing. Shutting off all network access points would create a denial of service that could result in loss of
revenue. Dumping event logs and enabling trace logging, while perhaps useful, would not mitigate the immediate threat
posed by the network attack.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2 Topic 5

Topic 5
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site.
Which of the following would be the GREATEST weakness in recovery capability?

  • A. Exclusive use of the hot site is limited to six weeks
  • B. The hot site may have to be shared with other customers
  • C. The time of declaration determines site access priority
  • D. The provider services all major companies in the area
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Sharing a hot site facility is sometimes necessary in the case of a major disaster. Also, first come, first served usually
determines priority of access based on general industry practice. Access to a hot site is not indefinite; the recovery plan
should address a long-term outage. In case of a disaster affecting a localized geographical area, the vendor's facility and
capabilities could be insufficient for all of its clients, which will all be competing for the same resource. Preference will likely
be given to the larger corporations, possibly delaying the recovery of a branch that will likely be smaller than other clients
based locally.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3 Topic 5

Topic 5
A desktop computer that was involved in a computer security incident should be secured as evidence by:

  • A. disconnecting the computer from all power sources.
  • B. disabling all local user accounts except for one administrator.
  • C. encrypting local files and uploading exact copies to a secure server.
  • D. copying all files using the operating system (OS) to write-once media.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
To preserve the integrity of the desktop computer as an item of evidence, it should be immediately disconnected from all
sources of power. Any attempt to access the information on the computer by copying, uploading or accessing it remotely
changes the operating system (OS) and temporary files on the computer and invalidates it as admissible evidence.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4 Topic 5

Topic 5
Which of the following should be determined FIRST when establishing a business continuity program?

  • A. Cost to rebuild information processing facilities
  • B. Incremental daily cost of the unavailability of systems
  • C. Location and cost of offsite recovery facilities
  • D. Composition and mission of individual recovery teams
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Prior to creating a detailed business continuity plan, it is important to determine the incremental daily cost of losing different
systems. This will allow recovery time objectives to be determined which, in turn, affects the location and cost of offsite
recovery facilities, and the composition and mission of individual recovery teams. Determining the cost to rebuild information
processing facilities would not be the first thing to determine.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 5

Topic 5
The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that
the system:

  • A. is not collecting logs from relevant devices.
  • B. has not been updated with the latest patches.
  • C. is hosted by a cloud service provider.
  • D. has performance issues.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6 Topic 5

Topic 5
Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information
security managers NEXT step should be to:

  • A. inform senior management of changes in risk metrics.
  • B. perform an assessment to measure the current state.
  • C. deliver security awareness training.
  • D. ensure baseline back-ups are performed.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 5

Topic 5
Which is the MOST important to enable a timely response to a security breach?

  • A. Knowledge sharing and collaboration
  • B. Security event logging
  • C. Roles and responsibilities
  • D. Forensic analysis
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8 Topic 5

Topic 5
When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the
following will BEST help to ensure the effectiveness of the plan?

  • A. A training program for the vendor staff
  • B. An audit and compliance program
  • C. Responsibility and accountability assignments
  • D. Requirements for onsite recovery testing
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9 Topic 5

Topic 5
Which of the following is the MOST important part of an incident response plan?

  • A. Recovery time objective (RTO)
  • B. Business impact analysis (BIA)
  • C. Recovery point objective (RPO)
  • D. Mean time to report (MTTR)
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10 Topic 5

Topic 5
Which of the following is the MOST important reason to document information security incidents that are reported across the
organization?

  • A. Identify unmitigated risk
  • B. Prevent incident recurrence
  • C. Evaluate the security posture of the organization
  • D. Support business investments in security
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11 Topic 5

Topic 5
Which of the following is MOST likely to affect an organizations ability to respond to security incidents in a timely manner?

  • A. Lack of senior management buy-in
  • B. Inadequate detective control performance
  • C. Complexity of network segmentation
  • D. Misconfiguration of security information and event management (SIEM) tool
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 5

Topic 5
A measure of the effectiveness of the incident response capabilities of an organization is the:

  • A. time to closure of incidents.
  • B. number of employees receiving incident response training.
  • C. reduction of the annual loss expectancy (ALE).
  • D. number of incidents detected.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 5

Topic 5
Which of the following should be an information security managers MOST important criterion for determining when to review
the incident response plan?

  • A. When missing information impacts recovery from an incident
  • B. At intervals indicated by industry best practice
  • C. Before an internal audit of the incident response process
  • D. When recovery time objectives (RTOs) are not met
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14 Topic 5

Topic 5
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud
service?

  • A. Expertise of personnel providing incident response
  • B. Implementation of a SIEM in the organization
  • C. Decision on the classification of cloud-hosted data
  • D. An agreement on the definition of a security incident
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 5

Topic 5
Which of the following is MOST important to ensuring that incident management plans are executed effectively?

  • A. An incident response maturity assessment has been conducted.
  • B. A reputable managed security services provider has been engaged.
  • C. The incident response team has the appropriate training.
  • D. Management support and approval has been obtained.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2