Tag: CISM Certified Information Security Manager

CISM Certified Information Security Manager – Question1329

A desktop computer that was involved in a computer security incident should be secured as evidence by:

A. disconnecting the computer from all power sources.
B. disabling all local user accounts except for one administrator.
C. encrypting local files and uploading exact copies to a secure server.
D. copying all files using the operating system (OS) to write-once media.

Correct Answer: A

Explanation:

Explanation:
To preserve the integrity of the desktop computer as an item of evidence, it should be immediately disconnected from all sources of power. Any attempt to access the information on the computer by copying, uploading or accessing it remotely changes the operating system (OS) and temporary files on the computer and invalidates it as admissible evidence.

CISM Certified Information Security Manager – Question1328

Which of the following should be determined FIRST when establishing a business continuity program?

A. Cost to rebuild information processing facilities
B. Incremental daily cost of the unavailability of systems
C. Location and cost of offsite recovery facilities
D. Composition and mission of individual recovery teams

Correct Answer: B

Explanation:

Explanation:
Prior to creating a detailed business continuity plan, it is important to determine the incremental daily cost of losing different systems. This will allow recovery time objectives to be determined which, in turn, affects the location and cost of offsite recovery facilities, and the composition and mission of individual recovery teams. Determining the cost to rebuild information processing facilities would not be the first thing to determine.

CISM Certified Information Security Manager – Question1327

The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

A. is not collecting logs from relevant devices.
B. has not been updated with the latest patches.
C. is hosted by a cloud service provider.
D. has performance issues.

Correct Answer: A

CISM Certified Information Security Manager – Question1326

Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information security manager’s NEXT step should be to:

A. inform senior management of changes in risk metrics.
B. perform an assessment to measure the current state.
C. deliver security awareness training.
D. ensure baseline back-ups are performed.

Correct Answer: B

CISM Certified Information Security Manager – Question1324

When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?

A. A training program for the vendor staff
B. An audit and compliance program
C. Responsibility and accountability assignments
D. Requirements for onsite recovery testing

Correct Answer: C

CISM Certified Information Security Manager – Question1322

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

A. Identify unmitigated risk
B. Prevent incident recurrence
C. Evaluate the security posture of the organization
D. Support business investments in security

Correct Answer: B

CISM Certified Information Security Manager – Question1320

Following a malicious security incident, an organization has decided to prosecute those responsible. Which of the following will BEST facilitate the forensic investigation?

A. Performing a backup of affected systems
B. Identifying the affected environment
C. Maintaining chain of custody
D. Determining the degree of loss

Correct Answer: C