Tag: CISM Certified Information Security Manager

CISM Certified Information Security Manager – Question1426

An information security manager that is utilizing a public cloud is performing a root cause investigation of an incident that took place in that environment. Which of the following should be the security manager’s MAIN concern?

A. Limited access to information
B. Shared infrastructure with other subscribers
C. Transaction records split into multiple cloud locations
D. Lack of security log filtering

Correct Answer: A

CISM Certified Information Security Manager – Question1425

When training an incident response team, the advantage of using tabletop exercises is that they:

A. provide the team with practical experience in responding to incidents
B. ensure that the team can respond to any incident
C. remove the need to involve senior managers in the response process
D. enable the team to develop effective response interactions

Correct Answer: A

CISM Certified Information Security Manager – Question1424

When segregation of duties concerns exists between IT support staff and end users, what would be a suitable compensating control?

A. Restricting physical access to computing equipment
B. Reviewing transaction and application logs
C. Performing background checks prior to hiring IT staff
D. Locking user sessions after a specified period of inactivity

Correct Answer: B

Explanation:

Explanation: Only reviewing transaction and application logs directly addresses the threat posed by poor segregation of duties. The review is a means of detecting inappropriate behavior and also discourages abuse, because people who may otherwise be tempted to exploit the situation are aware of the likelihood of being caught. Inadequate segregation of duties is more likely to be exploited via logical access to data and computing resources rather than physical access. Choice C is a useful control to ensure IT staff are trustworthy and competent but does not directly address the lack of an optimal segregation of duties. Choice D acts to prevent unauthorized users from gaining system access, but the issue of a lack of segregation of duties is more the misuse (deliberately or inadvertently} of access privileges that have officially been granted.

CISM Certified Information Security Manager – Question1423

Which of the following activities performed by a database administrator (DBA) should be performed by a different person?

A. Deleting database activity logs
B. Implementing database optimization tools
C. Monitoring database usage
D. Defining backup and recovery procedures

Correct Answer: A

Explanation:

Explanation: Since database activity logs record activities performed by the database administrator (DBA), deleting them should be performed by an individual other than the DBA. This is a compensating control to aid in ensuring an appropriate segregation of duties and is associated with the DBA’s role. A DBA should perform the other activities as part of the normal operations.

CISM Certified Information Security Manager – Question1422

Which of the following reduces the potential impact of social engineering attacks?

A. Compliance with regulatory requirements
B. Promoting ethical understanding
C. Security awareness programs
D. Effective performance incentives

Correct Answer: C

Explanation:

Explanation: Because social engineering is based on deception of the user, the best countermeasure or defense is a security awareness program. The other choices are not user-focused.

CISM Certified Information Security Manager – Question1421

Which of the following is a risk of cross-training?

A. Increases the dependence on one employee
B. Does not assist in succession planning
C. One employee may know all parts of a system
D. Does not help in achieving a continuity of operations

Correct Answer: C

Explanation:

Explanation: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposures this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning. It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations.

CISM Certified Information Security Manager – Question1420

Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software

Correct Answer: A

Explanation:

Explanation: Assimilation of the framework and intent of a written security policy by the users of the system is critical to the successful implementation and maintenance of the security policy. A good password system may exist, but if the users of the system keep passwords written on their desk, the password is of little value. Management support and commitment is no doubt important, but for successful implementation and maintenance of security policy, educating the users on the importance of security is paramount. The stringent implementation, monitoring and enforcing of rules by the security officer through access control software, and provision for punitive actions for violation of security rules, is also required, along with the user’s education on the importance of security.