Valid CISM Dumps shared by ExamDiscuss.com for Helping Passing CISM Exam! ExamDiscuss.com now offer the newest CISM exam dumps, the ExamDiscuss.com CISM exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISM dumps with Test Engine here:
Access CISM Dumps Premium Version
(964 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 3/247
Investments in information security technologies should be based on:
Correct Answer: B
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
Investments in security technologies should be based on a value analysis and a sound business case.
Demonstrated value takes precedence over the current business climate because it is ever changing. Basing decisions on audit recommendations would be reactive in nature and might not address the key business needs comprehensively. Vulnerability assessments are useful, but they do not determine whether the cost is justified.
Explanation:
Investments in security technologies should be based on a value analysis and a sound business case.
Demonstrated value takes precedence over the current business climate because it is ever changing. Basing decisions on audit recommendations would be reactive in nature and might not address the key business needs comprehensively. Vulnerability assessments are useful, but they do not determine whether the cost is justified.
- Question List (247q)
- Question 1: The head of a department affected by a recent security incid...
- Question 2: When developing a disaster recovery plan, which of the follo...
- Question 3: Investments in information security technologies should be b...
- 1 commentQuestion 4: The risk of mishandling alerts identified by an intrusion de...
- Question 5: Which of the following BEST enables an organization to provi...
- Question 6: Recovery time objectives (RTOs) are an output of which of th...
- Question 7: A multinational organization is required to follow governmen...
- Question 8: From an information security manager perspective, what is th...
- Question 9: An organization's information security processes are current...
- 1 commentQuestion 10: Which of the following would be the GREATEST threat posed by...
- 1 commentQuestion 11: Which of the following should be the focus of a post-inciden...
- Question 12: An information security manager has been asked to develop a ...
- Question 13: Which of the following is the MOST important consideration o...
- Question 14: An extranet server should be placed:...
- Question 15: A global organization has developed a strategy to share a cu...
- Question 16: Which of the following would provide the MOST effective secu...
- Question 17: Which of the following is the MOST effective way to demonstr...
- Question 18: Which of the following is the PRIMARY prerequisite to implem...
- Question 19: The MOST important reason for conducting periodic risk asses...
- Question 20: Which of the following is the MOST important to keep in mind...
- Question 21: Which of the following will BEST protect an organization fro...
- Question 22: Which of the following will BEST protect confidential data w...
- Question 23: The MOST important reason for conducting periodic risk asses...
- 1 commentQuestion 24: Which of the following would be an information security mana...
- Question 25: An information security manager has recently been notified o...
- Question 26: When evaluating cloud storage solutions the FIRST considerat...
- Question 27: Which of the following will BEST protect an organization fro...
- Question 28: Risk acceptance is a component of which of the following?...
- Question 29: Which of the following factors is a PRIMARY driver for infor...
- Question 30: An organization's IT department is undertaking a large virtu...
- Question 31: Which of the following should be the information security ma...
- Question 32: Which of the following provides the MOST comprehensive under...
- Question 33: A validated patch to address a new vulnerability that may af...
- Question 34: An account with full administrative privileges over a produc...
- Question 35: An organization is leveraging tablets to replace desktop com...
- Question 36: A core business function has created a significant risk. Bud...
- Question 37: Which of the following is the BEST way to reduce the risk of...
- Question 38: Which of the following situations would be the MOST concern ...
- Question 39: An organization has purchased a security information and eve...
- Question 40: The MOST important factor in ensuring the success of an info...
- Question 41: Which of the following BEST supports the incident management...
- Question 42: Which of the following devices should be placed within a dem...
- Question 43: Information security should be:...
- Question 44: Which of the following is the BEST way to ensure that a corp...
- Question 45: Which of the following risks is represented in the risk appe...
- Question 46: A web server in a financial institution that has been compro...
- Question 47: Which of the following messages would be MOST effective in o...
- Question 48: In an organization with effective IT risk management, the PR...
- Question 49: Which of the following is the PRIMARY purpose for establishi...
- Question 50: Which of the following tasks should be performed once a disa...
- Question 51: What is the BEST defense against a Structured Query Language...
- Question 52: Which of the following is an advantage of a centralized info...
- Question 53: When performing a risk assessment, the MOST important consid...
- Question 54: Which of the following practices is BEST to remove system ac...
- Question 55: When conducting a post-incident review, the GREATEST benefit...
- Question 56: To determine how a security breach occurred on the corporate...
- Question 57: Of the following, which is the MOST important aspect of fore...
- Question 58: Which of the following is the PRIMARY goal of business conti...
- Question 59: An organization has implemented an enhanced password policy ...
- Question 60: Who should drive the risk analysis for an organization?...
- Question 61: A risk management program would be expected to:...
- Question 62: Which of the following provides the GREATEST assurance that ...
- Question 63: Which of the following is characteristic of decentralized in...
- Question 64: The PRIMARY goal of a corporate risk management program is t...
- Question 65: Which of the following would BEST ensure thai security risk ...
- Question 66: Which of the following would be MOST effective in ensuring t...
- 1 commentQuestion 67: Which of the following would be MOST helpful when justifying...
- Question 68: A risk assessment study carried out by an organization noted...
- Question 69: An outcome of effective security governance is:...
- Question 70: Which of the following roles is PRIMARILY responsible for de...
- Question 71: The PRIMARY reason for establishing a data classification sc...
- 1 commentQuestion 72: A new organization has been hit with a ransomware attack tha...
- Question 73: The MOST important reason to use a centralized mechanism to ...
- Question 74: Isolation and containment measures lor a compromised compute...
- Question 75: Which would be one of the BEST metrics an information securi...
- Question 76: Which of the following would be of GREATEST assistance in de...
- Question 77: When a newly installed system for synchronizing passwords ac...
- Question 78: When collecting evidence for forensic analysis, it is import...
- Question 79: A business unit intends to deploy a new technology in a mann...
- Question 80: To gain a clear understanding of the impact that a new regul...
- Question 81: When security policies are strictly enforced, the initial im...
- Question 82: In a business proposal, a potential vendor promotes being ce...
- Question 83: Which of the following is an example of a change to the exte...
- Question 84: An information security manager is preparing a presentation ...
- Question 85: Which of the following is the PRIMARY advantage of using an ...
- Question 86: Which of the following would be the BEST way for a company t...
- Question 87: Which of the following MOST efficiently ensures the proper i...
- Question 88: The MAIN reason for having senior management review and appr...
- Question 89: Which of the following is the BEST way to measure the effect...
- Question 90: The valuation of IT assets should be performed by:...
- 1 commentQuestion 91: A risk has been formally accepted and documented. Which of t...
- Question 92: Which of the following is the MOST important information to ...
- Question 93: Which of the following will BEST protect against malicious a...
- Question 94: An information security manager has been asked to develop a ...
- Question 95: What is the PRIMARY purpose of an unannounced disaster recov...
- Question 96: Why is "slack space" of value to an information security man...
- Question 97: Which of the following is the MOST essential element of an i...
- Question 98: Which of the following is MOST important for an information ...
- Question 99: Which of the following is the BEST reason for an organizatio...
- Question 100: Which of the following will ensure confidentiality of conten...
- Question 101: Which of the following change management activities would be...
- Question 102: Which of the following will BEST enable the identification o...
- Question 103: A core business unit relies on an effective legacy system th...
- Question 104: Which of the following is the MOST appropriate method to pro...
- Question 105: An organization with multiple data centers has designated on...
- Question 106: The effectiveness of virus detection software is MOST depend...
- Question 107: Which of the following is the GREATEST risk of an inadequate...
- Question 108: Which of the following is the FIRST step required to achieve...
- Question 109: The PRIMARY purpose of involving third-party teams for carry...
- Question 110: The department head of application development has decided t...
- Question 111: A company has a network of branch offices with local file/pr...
- Question 112: A risk analysis for a new system is being performed. For whi...
- Question 113: A risk profile supports effective security decisions PRIMARI...
- Question 114: The MOST useful way to describe the objectives in the inform...
- Question 115: When reporting to senior management on an information securi...
- Question 116: Which of the following environments represents the GREATEST ...
- Question 117: The MOST appropriate owner of customer data stored in a cent...
- Question 118: Using which of the following metrics will BEST help to deter...
- Question 119: Which of the following would be MOST useful in developing a ...
- Question 120: What is the PRIMARY objective of a post-event review in inci...
- Question 121: Data entry functions for a web-based application have been o...
- Question 122: Which of the following is the PRIMARY goal of an incident re...
- Question 123: Which of the following is the MOST effective type of access ...
- Question 124: An organization's information security manager has been aske...
- Question 125: The return on investment of information security can BEST be...
- Question 126: Which of the following is the MOST important information to ...
- Question 127: Noncompliance issues were identified through audit. Which of...
- Question 128: A benefit of using a full disclosure (white box) approach as...
- Question 129: When preventative controls to appropriately mitigate risk ar...
- Question 130: When a security standard conflicts with a business objective...
- Question 131: The PRIMARY goal of the eradication phase in an incident res...
- Question 132: When speaking to an organization's human resources departmen...
- Question 133: Which of the following is the MOST important factor to ensur...
- Question 134: Which of the following should be determined FIRST when prepa...
- Question 135: Which of the following is the PRIMARY responsibility of an i...
- Question 136: Which of the following is MOST critical when creating an inc...
- Question 137: Reviewing which of the following would BEST ensure that secu...
- Question 138: In a business impact analysis, the value of an information s...
- Question 139: Of the following, which is the MOST important aspect of fore...
- Question 140: Which of the following would help to change an organization'...
- Question 141: Which of the following would be MOST effective in ensuring t...
- Question 142: From an information security manager perspective, what is th...
- Question 143: Which of the following is the MOST appropriate position to s...
- Question 144: The main mail server of a financial institution has been com...
- Question 145: Which of the following represents the MAJOR focus of privacy...
- Question 146: The BEST reason for an organization to have two discrete fir...
- Question 147: Following a risk assessment, new countermeasures have been a...
- Question 148: Management is questioning the need for several items in the ...
- Question 149: Which of the following is the MOST critical activity to ensu...
- Question 150: Which of the following is the MOST important consideration w...
- Question 151: In which cloud model does the cloud service buyer assume the...
- Question 152: Attackers who exploit cross-site scripting vulnerabilities t...
- Question 153: The organization has decided to outsource the majority of th...
- Question 154: Which of the following MOST efficiently ensures the proper i...
- Question 155: Which of the following is the MOST effective method to help ...
- Question 156: Senior management has allocated funding to each of the organ...
- Question 157: Which of the following reduces the potential impact of socia...
- Question 158: The PRIMARY objective of performing a post-incident review i...
- Question 159: For computer forensics evidence to be admissible in a court ...
- Question 160: A customer credit card database has been breached by hackers...
- Question 161: Which of the following is the MOST effective way to communic...
- Question 162: Which of the following stakeholders would provide the BEST g...
- Question 163: Which of the following is MOST important to consider when de...
- Question 164: Which of the following is MOST important to the successful p...
- Question 165: Which of the following metrics BEST evaluates the completene...
- Question 166: A critical component of a continuous improvement program for...
- Question 167: What is the BEST method to confirm that all firewall rules a...
- Question 168: A risk profile supports effective security decisions PRIMARI...
- Question 169: Which program element should be implemented FIRST in asset c...
- Question 170: What would a security manager PRIMARILY utilize when proposi...
- Question 171: What is the MOST cost-effective method of identifying new ve...
- Question 172: Phishing is BEST mitigated by which of the following?...
- Question 173: A risk management program will be MOST effective when:...
- Question 174: An organization has verified that its customer information w...
- Question 175: Developing a successful business case for the acquisition of...
- Question 176: An organization is already certified to an international sec...
- Question 177: A large organization is considering a policy that would allo...
- Question 178: Which of the following metrics would provide management with...
- Question 179: A financial company executive is concerned about recently in...
- Question 180: Security awareness training is MOST likely to lead to which ...
- Question 181: An information security manager is recommending an investmen...
- Question 182: Which of the following is MOST important to consider when de...
- Question 183: What is the BEST way for a customer to authenticate an e-com...
- Question 184: An organization is in the process of acquiring a new company...
- Question 185: To minimize security exposure introduced by changes to the I...
- Question 186: The information classification scheme should:...
- Question 187: Attackers who exploit cross-site scripting vulnerabilities t...
- Question 188: Executive leadership becomes involved in decisions about inf...
- Question 189: Which of the following should be included in an annual infor...
- Question 190: In order to highlight to management the importance of networ...
- Question 191: The MOST effective use of a risk register is to:...
- Question 192: In organizations where availability is a primary concern, th...
- Question 193: Which of the following plans should be invoked by an organiz...
- Question 194: What is the MOST appropriate change management procedure for...
- Question 195: An organization implemented a mandatory information security...
- Question 196: The PRIMARY reason for using information security metrics is...
- Question 197: Which of the following is the MOST important delivery outcom...
- Question 198: Which of the following features is normally missing when usi...
- Question 199: An organization's operations staff places payment files in a...
- Question 200: When a large organization discovers that it is the subject o...
- Question 201: Risk assessment is MOST effective when performed:...
- Question 202: Which of the following is the GREATEST potential exposure cr...
- Question 203: When identifying legal and regulatory issues affecting infor...
- Question 204: Which of the following would be helpful in determining an or...
- Question 205: Which of the following would MOST likely require a business ...
- Question 206: Which of the following are the MOST important individuals to...
- Question 207: The GREATEST benefit resulting from well-documented informat...
- Question 208: Data owners are normally responsible for which of the follow...
- Question 209: Which of the following is the MOST important reason to consi...
- Question 210: Which of the following disaster recovery testing techniques ...
- 1 commentQuestion 211: Which of the following devices should be placed within a DMZ...
- 1 commentQuestion 212: An internal review of a web-based application system finds t...
- Question 213: Which of the following BEST promotes stakeholder accountabil...
- Question 214: The MOST effective way to continuously monitor an organizati...
- Question 215: A global organization is developing an incident response tea...
- Question 216: As part of an international expansion plan, an organization ...
- Question 217: Which of the following is the PRIMARY responsibility of an i...
- Question 218: Which of the following should an information security manage...
- Question 219: If the inherent risk of a business activity is higher than t...
- Question 220: The business continuity policy should contain which of the f...
- Question 221: At what stage of the applications development process should...
- Question 222: Which of the following is a risk of cross-training?...
- Question 223: Which of the following is MOST important for measuring the e...
- 1 commentQuestion 224: Which of the following is an information security manager's ...
- Question 225: Which of the following would be a MAJOR consideration for an...
- Question 226: Risk assessment is MOST effective when performed:...
- Question 227: A data-hosting organization's data center houses servers, ap...
- Question 228: Which of the following would be the MOST important factor to...
- Question 229: Which of the following would BEST ensure that security risk ...
- 1 commentQuestion 230: Which of the following provides the MOST useful information ...
- Question 231: Which of the following is the PRIMARY reason for executive m...
- Question 232: How would an organization know if its new information securi...
- Question 233: An intrusion detection system (IDS) should:...
- Question 234: Adding security requirements late in the software developmen...
- Question 235: Which of the following outsourced services has the GREATEST ...
- Question 236: What is the BEST way to ensure users comply with organizatio...
- Question 237: Within the confidentiality, integrity, and availability (CIA...
- Question 238: Which of the following is a step in establishing a security ...
- Question 239: Which of the following is the BEST evidence of the maturity ...
- Question 240: An information security manager is advised by contacts in la...
- Question 241: Which of the following is the MOST important item to include...
- Question 242: Which of the following BEST contributes to the development o...
- Question 243: An information security manager determines there are a signi...
- Question 244: Which of the following Is MOST useful to an information secu...
- Question 245: Which of the following is the BEST tool to maintain the curr...
- Question 246: Which of the following is the BEST source of information to ...
- Question 247: The PRIMARY objective of a risk management program is to:...
