CISM-CN Exam Questions - Real & Updated Questions PDF
Pass Guaranteed Quiz 2024 Realistic Verified Free ISACA
NEW QUESTION # 130
以下哪項是針對通過社會工程未經授權訪問公司網絡的最佳技術防禦?
- A. 需要挑戰/響應信息
- B. 強制頻繁更改密碼
- C. 強制執行複雜的密碼格式
- D. 需要多因素身份驗證
Answer: D
Explanation:
Social engineering is a technique used by attackers to manipulate individuals into divulging sensitive information or performing actions that can compromise the security of an organization. Multi-factor authentication (MFA) is a security mechanism that requires users to provide at least two forms of authentication to verify their identity. By requiring MFA, even if an attacker successfully obtains a user's credentials through social engineering, they will not be able to access the network without the additional form of authentication.
NEW QUESTION # 131
在為受不同法律和法規約束的全球組織製定安全策略時,以下哪一項是最佳方法?
- A. 要求所有地點均遵守一套普遍接受的行業標準
- B. 為所有地點建立基線標準並根據需要添加補充標準
- C. 遵守獨特的企業隱私和安全標準
- D. 納入源自第三方標準和基準的政策聲明。
Answer: B
Explanation:
When creating a security policy for a global organization subject to varying laws and regulations, it is important to consider the unique legal and cultural requirements of each location. The best approach is to establish baseline standards for all locations and then add supplemental standards as required to meet local laws and regulations. This approach ensures that the organization is in compliance with all relevant laws and regulations, while also maintaining a consistent and unified approach to security across all locations. Additionally, by establishing baseline standards, the organization can ensure that its security policies are aligned with its overall security strategy and objectives.
NEW QUESTION # 132
当未知恶意软件感染了组织的关键系统时,应首先触发以下哪项?
- A. 漏洞管理计划
- B. 事件响应计划
- C. 业务连续性计划(BCP)
- D. 灾难恢复计划(DRP)
Answer: B
Explanation:
The document that should be triggered first when unknown malware has infected an organization's critical system is the incident response plan because it defines the roles and responsibilities, procedures and protocols, tools and techniques for responding to and managing a security incident effectively and efficiently. Disaster recovery plan (DRP) is not a good document for this purpose because it focuses on restoring the organization's critical systems and operations after a major disruption or disaster, which may not be necessary or appropriate at this stage. Business continuity plan (BCP) is not a good document for this purpose because it focuses on restoring the organization's critical business functions and operations after a major disruption or disaster, which may not be necessary or appropriate at this stage. Vulnerability management plan is not a good document for this purpose because it focuses on identifying and evaluating the security weaknesses or exposures of the organization's systems and assets, which may not be relevant or helpful at this stage. Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-5/incident-response-lessons-learned https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/incident-response-lessons-learned
NEW QUESTION # 133
以下哪项对组织的信息安全策略影响最大?
- A. 行业安全标准
- B. 组织的风险承受能力
- C. 组织结构
- D. 信息安全意识
Answer: B
Explanation:
An organization's information security strategy should be aligned with its risk tolerance, which is the level of risk that an organization is willing to accept in pursuit of its objectives. The strategy should aim to balance the cost of security controls with the potential impact of security incidents on the organization's objectives. Therefore, an organization's risk tolerance has the greatest influence on its information security strategy.
The organization's risk tolerance has the greatest influence on its information security strategy because it determines how much risk the organization is willing to accept and how much resources it will allocate to mitigate or transfer risk. The organizational structure, industry security standards, and information security awareness are important factors that affect the implementation and effectiveness of an information security strategy but not as much as the organization's risk tolerance.
An information security strategy is a high-level plan that defines how an organization will achieve its information security objectives and address its information security risks. An information security strategy should align with the organization's business strategy and reflect its mission, vision, values, and culture. An information security strategy should also consider the external and internal factors that influence the organization's information security environment such as laws, regulations, competitors, customers, suppliers, partners, stakeholders, employees etc.
NEW QUESTION # 134
ACISO 获悉第三方服务提供商没有通知组织影响服务提供商数据中心的数据泄露。CISO 应该首先做以下哪项?
- A. 建议取消外包合同。
- B. 将数据泄露通知受影响的客户。
- C. 请求对提供商的数据中心进行独立审查。
- D. 确定对组织的影响程度。
Answer: D
NEW QUESTION # 135
恢復時間目標 (RTO) 最好由以下因素確定:
- A. 業務連續性官員
- B. 執行管理層
- C. 數據庫管理員 (DBA)。
- D. 業務經理
Answer: A
Explanation:
Recovery time objectives (RTOs) are best determined by business continuity officers, who are responsible for ensuring that the organization is prepared for any type of disruption. Business managers, executive management, and database administrators (DBAs) all have important roles to play in the preparation and implementation of a disaster recovery plan, but they are not the ones who should determine the RTOs.
Reference that support this statement include:
"Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)" by ISACA (Information Systems Audit and Control Association). This resource states that "BCP and DRP teams are responsible for determining the RTOs for critical processes and systems."
"Business Continuity Planning" by the Federal Emergency Management Agency (FEMA). This guide states that "RTOs are determined by the organization and are based on the criticality of the business function and the maximum acceptable outage for that function."
"Business Continuity Planning: The Process" by Continuity Central. This resource states that "The BCP team should determine the RTOs for the organization's critical functions, processes and systems." Please note that while Business Continuity Officer is responsible for determining RTOs, it is important to consider input from other stakeholders such as executive management, IT, and other department heads to ensure that RTOs align with the overall goals and priorities of the organization.
NEW QUESTION # 136
以下哪一项是成功的安全计划最重要的要求?
- A. 关键系统渗透测试
- B. 与员工的保密协议 (NDA)
- C. 将安全流程映射到基线安全标准
- D. 资产价值管理决策
Answer: D
Explanation:
"A successful security program requires management support and involvement. One of the key aspects of management support is to decide on the value of assets and the acceptable level of risk for them. This will help define the security objectives and priorities for the program. The other options are possible activities within a security program, but they are not as important as management decision on asset value."
NEW QUESTION # 137
在制定事件响应计划时,应首先考虑以下哪项?
- A. 事件的定义
- B. 先前报告的事件
- C. 管理支持
- D. 遵守法规
Answer: D
NEW QUESTION # 138
已檢測到並遏制了入侵。以下哪一個步驟代表了確保恢復系統完整性的最佳實踐?
- A. 從取證副本中恢復應用程序和數據。
- B. 從操作系統和應用程序中刪除所有入侵跡象。
- C. 從備份中恢復操作系統、補丁和應用程序。
- D. 從原始來源安裝操作系統、補丁和應用程序。
Answer: C
Explanation:
The BEST practice for ensuring the integrity of the recovered system after an intrusion is to restore the OS, patches, and application from a backup. This will ensure that the system is in a known good state, without any potential residual malicious code or changes from the intrusion. Restoring from a backup also enables the organization to revert to a previous configuration that has been tested and known to be secure. This step should be taken prior to conducting a thorough investigation and forensic analysis to determine the cause and extent of the intrusion.
NEW QUESTION # 139
以下哪项最能证明对信息安全计划的持续投资是合理的?
- A. 执行速度
- B. 降低剩余风险
- C. 安全框架对齐
- D. 行业同行对标
Answer: B
Explanation:
Residual risk is the remaining risk after all security controls have been implemented. It is important to measure the residual risk of an organization in order to determine the effectiveness of the security program and to justify continued investment in the program. A reduction in residual risk is an indication that the security program is effective and that continued investment is warranted.
NEW QUESTION # 140
信息安全經理確定新發布的行業要求的安全標準存在大量例外情況。接下來應該執行以下哪項操作?
- A. 進行信息安全審核。
- B. 修改組織的安全策略。
- C. 評估不合規的後果。
- D. 記錄風險接受情況。
Answer: C
NEW QUESTION # 141
當適當降低風險的預防性控制不可行時,以下哪項是信息安全經理最重要的行動?
- A. 評估潛在威脅
- B. 評估漏洞
- C. 識別不可接受的風險級別
- D. 管理影響
Answer: D
Explanation:
When preventive controls to appropriately mitigate risk are not feasible, the most important action for the information security manager is to manage the impact, which means taking measures to reduce the likelihood or severity of the consequences of the risk. Managing the impact can involve using alternative controls, such as engineering, administrative, or personal protective controls, that can lower the exposure or harm to the organization. The other options, such as identifying unacceptable risk levels, assessing vulnerabilities, or evaluating potential threats, are part of the risk assessment process, but they are not actions to mitigate risk when preventive controls are not feasible. Reference:
https://bcmmetrics.com/risk-mitigation-evaluating-your-controls/
https://www.osha.gov/safety-management/hazard-prevention
https://www.cdc.gov/niosh/topics/hierarchy/default.html
NEW QUESTION # 142
一个组织发现其环境中的外部暴力攻击威胁增加。以下哪项是减轻组织关键系统风险的最有效方法?
- A. 实施安全信息和事件管理系统 (SIEM),
- B. 增加日志监控和分析的频率。
- C. 实施多因素身份验证。
- D. 提高入侵检测系统 (IDS) 的灵敏度。
Answer: C
NEW QUESTION # 143
在恢复需要完全重建的受损系统时,应首先考虑以下哪项?
- A. 入侵检测系统(IDS)日志
- B. 网络系统日志
- C. 补丁管理文件
- D. 配置管理文件
Answer: D
Explanation:
When recovering a compromised system that needs a complete rebuild, the first step should be to restore configuration management files. Configuration management files are critical for identifying the system's original state and the changes that were made to it, and restoring them can help ensure that the system is rebuilt to its original state.
According to the Certified Information Security Manager (CISM) Study Manual, "The initial phase of the recovery process requires that configuration management files be restored. These files represent the foundation of the system and provide insight into the original state of the system, which is important for identifying changes that were made to the system as well as ensuring the recovery process can return the system to its original state." Patch management files, network system logs, and intrusion detection system (IDS) logs are also important in the recovery process, but they should be addressed after configuration management files have been restored.
Reference:
Certified Information Security Manager (CISM) Study Manual, 15th Edition, Page 256.
NEW QUESTION # 144
基於 Web 應用程序的數據輸入功能已外包給將在遠程站點工作的第三方服務提供商 以下哪一個問題是信息安全經理最關心的問題?
- A. 應用程序配置了限制性訪問控制
- B. 不強制執行基於服務器的惡意軟件防護
- C. 業務流程只有一級錯誤檢查
- D. 應用程序未使用安全通信協議
Answer: A
Explanation:
The greatest concern for an information security manager in this situation would be the security of the data that is being processed by the third-party service provider working from a remote site. This could be a concern because the data may not be adequately protected from unauthorized access, manipulation, or theft. A secure communications protocol should be used to ensure the confidentiality and integrity of the data in transit. Additionally, the information security manager should ensure that the third-party service provider has appropriate security controls in place to protect the data, such as access controls, error checking, and malware protection. This information can be found in the ISACA's Certified Information Security Manager (CISM) Study Manual, Section 5.2.
NEW QUESTION # 145
在收集可接受的证据时,以下哪项是最重要的要求?
- A. 保存审计日志
- B. 尽职调查
- C. 监管链
- D. 需要知道
Answer: C
Explanation:
The most important requirement when collecting admissible evidence is the chain of custody. The chain of custody is a documented record of who had control of the evidence at any given time, from the point of collection until the evidence is presented in court. This is important in order to ensure the evidence can be authenticated and is not subject to tampering or any other form of interference. Other important considerations include need to know, preserving audit logs, and due diligence.
NEW QUESTION # 146
......
Get to the Top with CISM-CN Practice Exam Questions: https://easytest.exams4collection.com/CISM-CN-latest-braindumps.html
