Valid CISM Dumps PDF Isaca Real Dumps - Isaca CISM Question Answers

Question No: 5

An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?

A. Security in storage and transmission of sensitive data
B. Provider's level of compliance with industry standards
C. Security technologies in place at the facility
D. Results of the latest independent security review

Answer: A

Explanation:

Mow the outsourcer protects the storage and transmission of sensitive information will allow an information security manager to understand how sensitive data will be protected. Choice B is an important but secondary consideration. Choice C is incorrect because security technologies are not the only components to protect the sensitive customer information. Choice D is incorrect because an independent security review may not include analysis on how sensitive customer information would be protected.

2019 Latest Updated Isaca Exam Guide PDF - 100% Real CISM Exam Question Answers

Question No: 4

Which of the following is the MOST effective type of access control?

A. Centralized

B. Role-based

C. Decentralized

D. Discretionary

Answer: B

Explanation:

Role-based access control allows users to be grouped into job-related categories, which significantly cases the required administrative overhead. Discretionary access control would require a greater degree of administrative overhead. Decentralized access control generally requires a greater number of staff to administer, while centralized access control

is an incomplete answer.

Get Valid Dumps Isaca CISM Real Exam Question Answers

Question No: 3

Which of the following steps in conducting a risk assessment should be performed FIRST?

A. Identity business assets

B. Identify business risks

C. Assess vulnerabilities

D. Evaluate key controls

Answer: A

Explanation:

Risk assessment first requires one to identify the business assets that need to be protected before identifying the threats. The next step is to establish whether those threats represent business risk by identifying the likelihood and effect of occurrence, followed by assessing the vulnerabilities that may affect the security of the asset. This process establishes the control objectives against which key controls can be evaluated.

2019 Isaca CISM Exam Questions - CISM Exam Dumps PDF

Question No: 2

A risk management program would be expected to:

A. remove all inherent risk.

B. maintain residual risk at an acceptable level.

C. implement preventive controls for every threat.

D. reduce control risk to zero.

Answer: B

Explanation:

The object of risk management is to ensure that all residual risk is maintained at a level acceptable to the business; it is not intended to remove every identified risk or implement controls for every threat since this may not be cost-effective. Control risk, i.e., that a control may not be effective, is a component of the program but is unlikely to be reduced to zero.

Download Isaca CISM Exam Dumps - PDF Question Answers

Question No: 1

When developing an information security program, what is the MOST useful source of information for determining available resources?

A. Proficiency test

B. Job descriptions

C. Organization chart

D. Skills inventory

Answer: D

Explanation:

A skills inventory would help identify- the available resources, any gaps and the training requirements for developing resources. Proficiency testing is useful but only with regard to specific technical skills. Job descriptions would not be as useful since they may be out of date or not sufficiently detailed. An organization chart would not provide the details necessary to determine the resources required for this activity

CISM Dumps - Certified Information Security Manager (CISM) Exam Dumps