Online Access Free CISM Exam Questions

Which of the following is MOST important when conducting a forensic investigation?

• A.Analyzing system memory
• B.Documenting analysis steps
• C.Maintaining a chain of custody
• D.Capturing full system images

The executive management of a domestic organization has announced plans to expand operations to multiple international locations. Which of the following should be the information security manager's FIRST step upon learning of these plans?

• A.Update security training and awareness resources accordingly
• B.Research legal and regulatory requirements impacting the new locations
• C.Prepare localized information security policies for each new location
• D.Perform a gap analysis against international information security standards

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

• A.Perform security code reviews on the entire application.
• B.Scan the entire application using a vulnerability scanning tool.
• C.Monitor Internet traffic for sensitive information leakage.
• D.Run the application from a high-privileged account on a test system.

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

• A.To alert on unacceptable risk
• B.To reassess risk appetite
• C.To identify residual risk
• D.To benchmark control performance

Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?

• A.Endpoint detection and response (EDR)
• B.Extended detection and response (XDR)
• C.Network intrusion detection system (NIDS)
• D.Security information and event management (SIEM)