CISM Practice Test

Senior management wants to provide mobile devices to its sales force.
Which of the following should the information security manager do FIRST to support this
objective?

A.

Assess risks introduced by the technology.

B.

Research mobile device management (MDM) solutions

C.

Conduct a vulnerability assessment on the devices

D.

Develop an acceptable use policy.

Which of the following is MOST important to the successful implementation of an
information security program?

A.

Understanding current and emerging technologies

B.

Conducting periodic risk assessments

C.

Obtaining stakeholder input

D.

Establishing key performance indicators (KPIs)

An information security manager is assisting in the development of the request for proposal
(RFP) for a new outsourced service. This will require the third party to have access to
critical business information. The security manager should focus PRIMARILY on defining:

A.

service level agreements (SLAs).

B.

security metrics.

C.

risk-reporting methodologies.

D.

security requirements for the process being outsourced.

What is the PRIMARY responsibility of the security steering committee?

A.

Set direction and monitor performance.

B.

Develop information security policy.

C.

Provide information security training to employees.

D.

Implement information security control.

An attacker was able to gain access to an organization's perimeter firewall and made
changes to allow wider external access and to steal data, Which of the following would
have BEST provided timely
identification of this incident?

A.

Deploying a security information and event management system
(SIEM)

B.

Conducting regular system administrator awareness training

C.

Deploying an intrusion prevention system (IPS)

D.

Implementing a data loss prevention (DLP) suite