Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. ISACA
  5. CISM

Certified Information Security Manager
CISM Exam

Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:

  1. organizational risk.
  2. organization wide metrics.
  3. security needs.
  4. the responsibilities of organizational units.

Answer(s): A

Explanation:

Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.



Which of the following roles would represent a conflict of interest for an information security manager?

  1. Evaluation of third parties requesting connectivity
  2. Assessment of the adequacy of disaster recovery plans
  3. Final approval of information security policies
  4. Monitoring adherence to physical security controls

Answer(s): C

Explanation:

Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.



Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?

  1. The information security department has difficulty filling vacancies.
  2. The chief information officer (CIO) approves security policy changes.
  3. The information security oversight committee only meets quarterly.
  4. The data center manager has final signoff on all security projects.

Answer(s): D

Explanation:

A steering committee should be in place to approve all security projects. The fact that the data center manager has final signoff for all security projects indicates that a steering committee is not being used and that information security is relegated to a subordinate place in the organization. This would indicate a failure of information security governance. It is not inappropriate for an oversight or steering committee to meet quarterly. Similarly, it may be desirable to have the chief information officer (CIO) approve the security policy due to the size of the organization and frequency of updates. Difficulty in filling vacancies is not uncommon due to the shortage of good, qualified information security professionals.



Which of the following requirements would have the lowest level of priority in information security?

  1. Technical
  2. Regulatory
  3. Privacy
  4. Business

Answer(s): A

Explanation:

Information security priorities may, at times, override technical specifications, which then must be rewritten to conform to minimum security standards. Regulatory and privacy requirements are government-mandated and, therefore, not subject to override. The needs of the business should always take precedence in deciding information security priorities.




dnllin
Q342: Which AWS service or feature for technical assistance is available to a user who has the AWS Basic Support plan? - Ans AWS senior support engineers is wrong. Should be D. Basic Support offers support for account and billing questions and service quota increases. The other plans offer a number of technical support cases with pay-by-the-month pricing and no long-term contracts.
- UNITED STATES
Upvote


Dnllin
Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.) Answer(s): A,D. D (VPC peering) is wrong. C is correct - AWS Direct Connect. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office,
- UNITED STATES
Upvote


Lin Tzu
QUESTION: 154 - answer (D) - Transit gateway is wrong, should be C & E. Below are the components of the site to site VPN: Customer Gateway: A customer gateway is a physical device or software application on your side of the Site-to-Site VPN connection. Virtual Private Gateway: A virtual private gateway is the VPN concentrator on the AWS side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the Site-to-Site VPN connection.
- Anonymous
Upvote


saritha
I have passed the exam thankyou
- UNITED STATES
Upvote


Tzu Lin
What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) Answer(s): C,E C) One bill for multiple accounts E) Custom cost and usage budget creation E seems incorrect, should be A = Volume discounts (Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts)
- UNITED STATES
Upvote


Niraj
Questions are valid. I just passed.
- India
Upvote


Sarah
Fantastic effort on the practice exam!
- UNITED STATES
Upvote


Marcus
Impressive work on this exam dumps. Love the free version.
- CANADA
Upvote


Emily
Great job on these practice exam questions! You guys are the best.
- CANADA
Upvote


seagal
I just passed (310-025) SCJP test yesterday. Your guide is right on the money and almost covers every question word for word. Great work !
- Edmonton
Upvote

Read more ...