CISM Practice Test

An information security manager has been asked to determine whether an information
security initiative has reduced risk to an acceptable level. Which of the following activities
would provide the BEST information for the information security manager to draw a
conclusion?

A.

Initiating a cost-benefit analysis of the implemented controls

B.

Reviewing the risk register

C.

Performing a risk assessment

D.

Conducting a business impact analysis (BIA)

Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?

A.

The URL of the 6-commerce server

B.

The certificate of the e-commerce server

C.

The browser's indication of SSL use

D.

The IP address of the e-commerce server

An employee is found to be using an external cloud storage service to share corporate
information with a third-party consultant, which is against company policy. Which of the
following should be the information security manager's FIRST course of action?

A.

Determine the classification level of the information

B.

Block access to the cloud storage service.

C.

Seek business justification from the employee

D.

Inform higher management of a4 security breach

The GREATEST benefit resulting from well-documented information security procedures is
that they:

A.

provide a basis for auditing security practices

B.

facilitate security training of new staff.

C.

ensure processes can be followed by temporary staff

D.

ensure that security policies are consistently applied

An information security manager MUST have an understanding of the organization's
business goals to:

A.

define key performance indicators (KPIs).

B.

develop an information security strategy

C.

develop operational procedures.

D.

relate information security to change management.