CISM 実際試験問題と解答 - 模擬練習 - 受験自信を増やす

Question No : 1
When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?

A.Provide security training for developers.
B.Prepare detailed acceptance criteria
C.Adhere to change management processes.
D.Perform a security gap analysis.

正解:

Question No : 2
Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?

A.Disaster recovery plan
B.Identity and access management
C.Vendor’s information security policy
D.A risk assessment

正解:

Question No : 3
Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA).
Which of the following is the information security manager's BEST course of action?

A.Inform the legal department of the deficiency
B.Analyze and report the issue to server management
C.Require the application owner to implement the controls.
D.Assess and present the risks to the application owner

正解:

Question No : 4
Which of the following will BEST help to ensure security is addressed when developing a custom application?

A.Conducting security training for the development staff
B.Integrating security requirements into the development process
C.Requiring a security assessment before implementation
D.Integrating a security audit throughout the development process

正解:

Question No : 5
Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

A.The patch should be applied to critical systems.
B.The patch should be validated using a hash algorithm.
C.The patch should be evaluated in a testing environment.
D.The patch should be deployed quickly to systems that are vulnerable.

正解:

Question No : 6
The success of a computer forensic investigation depends on the concept of:

A.chain of evidence.
B.chain of attack.
C.forensic chain
D.evidence of attack.

正解:

Question No : 7
Senior management has approved employees working off-site by using a virtual private network (VPN) connection.
It is MOST important for the information security manager to periodically:

A.perform a cost-benefit analysis.
B.perform a risk assessment.
C.review firewall configuration.
D.review the security policy.

正解:

Question No : 8
Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?

A.Average time to resolve an incident
B.Total number of reported incidents
C.Total number of incident responses
D.Average time to respond to an incident

正解:

Question No : 9
Executive management is considering outsourcing all IT operations.
Which of the following functions should remain internal?

A.Data encryption
B.Data ownership
C.Data custodian
D.Data monitoring

正解:

Question No : 10
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations.
Which of the following would be of MOST concern to senior management?

A.The organization uses a decentralized privacy governance structure
B.Privacy policies ire only reviewed annually
C.The organization doe* not have a dedicated privacy officer
D.The privacy program does not include a formal warning component

正解:

Question No : 11
Which of the following would provide nonrepudiation of electronic transactions?

A.Two-factor authentication
B.Periodic reaccredinations
C.Third-party certificates
D.Receipt acknowledgment

正解:

Question No : 12
Which of the following is the MOST important outcome from vulnerability scanning?

A.Prioritization of risks
B.Information about steps necessary to hack the system
C.Identification of back doors
D.Verification that systems are property configured

正解:

Question No : 13
An information security manager is reviewing the impact of a regulation on the organization’s human resources system.
The NEXT course of action should be to:

A.perform a gap analysis of compliance requirements
B.assess the penalties for noncompliance.
C.review the organization s most recent audit report
D.determine the cost of compliance

正解:

Question No : 14
Which of the following is the MOST important driver when developing an effective information security strategy?

A.Information security standards
B.Compliance requirements
C.Security audit reports
D.Benchmarking reports

正解:

Question No : 15
After a server has been attacked, which of the following is the BEST course of action?

A.Review vulnerability assessment
B.Conduct a security audit
C.Initiate modem response
D.Isolate the system.

正解:

ISACA CISM 問題練習