ISACA-Certified Information Security Manager Set 11

1.

In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?

Applying patches Changing access rules Upgrading hardware Backing up files

2.

Which of the following is the BEST indicator that security awareness training has been effective?

Employees sign to acknowledge the security policy More incidents are being reported A majority of employees have completed training No incidents have been reported in three months

3.

Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?

Penetration attempts investigated Violation log reports produced Violation log entries Frequency of corrective actions taken

4.

Which of the following is MOST important to the successful promotion of good security management practices?

Security metrics Security baselines Management support Periodic training

5.

Which of the following environments represents the GREATEST risk to organizational security?

Locally managed file server Enterprise data warehouse Load-balanced, web server cluster Centrally managed data switch

6.

Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:

mandatory access controls. discretionary access controls. lattice-based access controls. role-based access controls.

7.

Security policies should be aligned MOST closely with:

industry' best practices. organizational needs. generally accepted standards. local laws and regulations.

8.

The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:

simulate an attack and review IDS performance. use a honeypot to check for unusual activity. audit the configuration of the IDS. benchmark the IDS against a peer site.

9.

Successful social engineering attacks can BEST be prevented through:

preemployment screening. close monitoring of users' access patterns. periodic awareness training. efficient termination procedures.

10.

What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?

Perform periodic penetration testing Establish minimum security baselines Implement vendor default settings Install a honeypot on the network

ISACA-Certified Information Security Manager Set 11

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

ISACA-Certified Information Security Manager Set 11

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner