CISM無料問題集「ISACA Certified Information Security Manager」

質問 1

Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

（A）Target audience

（B）Compliance requirements

（C）Criticality of information

（D）Return on investment (ROI)

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An organization's quality process can BEST support security management by providing:

（A）security configuration controls.

（B）assurance that security requirements are met.

（C）guidance for security strategy.

（D）a repository for security systems documentation.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

When collecting admissible evidence, which of the following is the MOST important requirement?

（A）Due diligence

（B）Need to know

（C）Chain of custody

（D）Preserving audit logs

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

（A）Possibility of reputational loss due to incidents

（B）Alignment with industry benchmarks

（C）Results of business impact analyses (BIAs)

（D）Availability of security budget

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes? »

（A）Results from a gap analysis

（B）Results from a business impact analysis (BIA)

（C）Deadlines and penalties for noncompliance

（D）An inventory of security controls currently in place

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which of the following MUST happen immediately following the identification of a malware incident?

（A）Eradication

（B）Containment

（C）Preparation

（D）Recovery

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

（A）Improper authorization

（B）Lack of accountability

（C）Inadequate authentication

（D）Lack of availability

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

（A）To train information security professionals to mitigate new threats

（B）To compare emerging trends with the existing organizational security posture

（C）To determine opportunities for expanding organizational information security

（D）To communicate worst-case scenarios to senior management

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following is the BEST source of information to support an organization's information security vision and strategy?

（A）Governance policies

（B）Metrics dashboard

（C）Capability maturity model

（D）Enterprise information security architecture

正解：D 解答を投票する

質問 10

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

（A）A data forensics program

（B）A layered security program

（C）An incident response program

（D）A configuration management program

正解：B 解答を投票する

質問 11

Which of the following is the BEST approach to incident response for an organization migrating to a cloud- based solution?

（A）Adopt the cloud provider's incident response procedures.

（B）Continue using the existing incident response procedures.

（C）Revise incident response procedures to encompass the cloud environment.

（D）Transfer responsibility for incident response to the cloud provider.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

An information security manager has recently been notified of potential security risks associated with a third- party service provider. What should be done NEXT to address this concern?

（A）Determine compensating controls.

（B）Conduct a vulnerability analysis.

（C）Conduct a risk analysis.

（D）Escalate to the chief risk officer (CRO).

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following is MOST important for building 4 robust information security culture within an organization?

（A）Security controls embedded within the development and operation of the IT environment

（B）Senior management approval of information security policies

（C）Strict enforcement of employee compliance with organizational security policies

（D）Mature information security awareness training across the organization

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CISM 無料問題集「ISACA Certified Information Security Manager」

弊社を連絡する

関連リンク

トップ試験