CISM試験無料問題集（922題）「ISACA Certified Information Security Manager 認定」

出題：1

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

A. The vendor's proposal allows for contract modification during technology refresh cycles.

B. The vendor's proposal allows for escrow in the event the third party goes out of business.

C. The vendor's proposal aligns with the objectives of the organization.

D. The vendor's proposal requires the provider to have a business continuity plan (BCP).

正解：C 解答を投票する

出題：2

Which of the following should be the PRIMARY outcome of an information security program?

A. Strategic alignment

B. Risk elimination

C. Cost reduction

D. Threat reduction

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following is MOST important for the effective implementation of an information security governance program?

A. Information security roles and responsibilities are documented.

B. The program budget is approved and monitored by senior management

C. The program goals are communicated and understood by the organization.

D. Employees receive customized information security training

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A. Require that all locations comply with a generally accepted set of industry

B. Incorporate policy statements derived from third-party standards and benchmarks.

C. Establish baseline standards for all locations and add supplemental standards as required

D. Adhere to a unique corporate privacy and security standard

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

A. Assess the extent of the issue.

B. Notify senior management of the issue.

C. Report the issue to legal personnel.

D. Initiate contract renegotiation.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

A. Update the threat landscape.

B. Improve the change control process.

C. Review the effectiveness of controls

D. Determine operational losses.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

A. To communicate worst-case scenarios to senior management

B. To train information security professionals to mitigate new threats

C. To compare emerging trends with the existing organizational security posture

D. To determine opportunities for expanding organizational information security

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following BEST supports effective communication during information security incidents7

A. Responsibilities defined within role descriptions

B. Frequent incident response training sessions

C. Centralized control monitoring capabilities

D. Predetermined service level agreements (SLAs)

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of the following should be the PRIMARY basis for an information security strategy?

A. The organization's vision and mission

B. Information security policies

C. Results of a comprehensive gap analysis

D. Audit and regulatory requirements

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following is the MOST effective way to increase security awareness in an organization?

A. Conduct periodic simulated phishing exercises.

B. Include information security requirements in job descriptions.

C. Require signed acknowledgment of information security policies.

D. Implement regularly scheduled information security audits.

正解：A 解答を投票する

出題：11

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

A. Ensuring current documentation of security processes

B. Establishing processes within the security operations team

C. Developing an awareness program for staff

D. Formalizing a security strategy and program

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

A. Perform a cost-benefit analysis.

B. Define the issues to be addressed.

C. Conduct a feasibility study.

D. Calculate the total cost of ownership (TCO).

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

A. Limited liability clause

B. Explanation of information usage

C. Information encryption requirements

D. Access control requirements

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

Which of the following BEST enables an organization to effectively manage emerging cyber risk?

A. Clear lines of responsibility

B. Cybersecurity policies

C. Periodic internal and external audits

D. Sufficient cyber budget allocation

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

A. Inadequate authentication

B. Improper authorization

C. Lack of accountability

D. Lack of availability

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

A. Digital signatures

B. Digital encryption

C. Multi-factor authentication

D. Data masking

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

A. Inform senior management

B. Conduct an information security audit.

C. Validate the relevance of the information.

D. Perform a gap analysis.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：18

Which of the following BEST indicates misalignment of security policies with business objectives?

A. Lack of adequate funding for the security program

B. A large number of long-term policy exceptions

C. Low completion rate of employee awareness training

D. A large number of user noncompliance incidents

正解：B 解答を投票する

出題：19

Which or the following is MOST important to consider when determining backup frequency?

A. Allowable interruption window

B. Recovery time objective (RTO)

C. Maximum tolerable outage (MTO)

D. Recovery point objective (RPO)

正解：D 解答を投票する

出題：20

Which of the following is MOST important to include in an information security policy?

A. Best practices

B. Maturity levels

C. Management objectives

D. Baselines

正解：C 解答を投票する

CISM試験無料問題集「ISACA Certified Information Security Manager 認定」