Free CISM-CN Braindumps Download Updated on Dec 06, 2023 with 417 Questions
ISACA CISM-CN Exam Practice Test Questions
NEW QUESTION # 43
在创建组织的灾难恢复计划 (DRP) 时,信息安全经理应该首先执行以下哪项?
- A. 确定响应和恢复学习。
- B. 制定响应和恢复策略。
- C. 审查沟通计划。
- D. 进行业务影响分析 (BIA)
Answer: D
Explanation:
Conducting a business impact analysis (BIA) is the first step when creating an organization's disaster recovery plan (DRP) because it helps to identify and prioritize the critical business functions or processes that need to be restored after a disruption, and determine their recovery time objectives (RTOs) and recovery point objectives (RPOs)2. Identifying the response and recovery teams is not the first step, but rather a subsequent step that involves assigning roles and responsibilities for executing the DRP. Reviewing the communications plan is not the first step, but rather a subsequent step that involves defining the communication channels and protocols for notifying and updating the stakeholders during and after a disruption. Developing response and recovery strategies is not the first step, but rather a subsequent step that involves selecting and implementing the appropriate solutions and procedures for restoring the critical business functions or processes. Reference: 2 https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/business-impact-analysis-bia-and-disaster-recovery-planning-drp
NEW QUESTION # 44
組織允許在員工擁有的智能手機上存儲和使用其關鍵和敏感信息。以下哪項是最好的安全控制?
- A. 監控智能手機的使用頻率
- B. 要求用戶備份組織的數據
- C. 建立遠程擦除權限
- D. 開展安全意識培訓
Answer: C
Explanation:
The best security control for an organization that permits the storage and use of its critical and sensitive information on employee-owned smartphones is establishing the authority to remote wipe. Remote wipe is a feature that allows an authorized administrator or user to remotely erase the data on a device in case of loss, theft, or compromise1. Remote wipe can help prevent unauthorized access or disclosure of the organization's information on employee-owned smartphones, as well as protect the privacy of the employee's personal dat a. Remote wipe can be implemented through various methods, such as mobile device management (MDM) software, native device features, or third-party applications2. However, remote wipe requires the consent and cooperation of the employee, as well as a clear policy that defines the conditions and procedures for its use. The other options are not the best security controls for an organization that permits the storage and use of its critical and sensitive information on employee-owned smartphones. Developing security awareness training is an important measure to educate employees about the security risks and responsibilities associated with using their own smartphones for work purposes, but it does not provide a technical or physical protection for the data on the devices3. Requiring the backup of the organization's data by the user is a good practice to ensure data availability and recovery in case of device failure or loss, but it does not prevent unauthorized access or disclosure of the data on the devices4. Monitoring how often the smartphone is used is a possible way to detect abnormal or suspicious activities on the devices, but it does not prevent or mitigate the impact of a data breach on the devices. Reference: 4: Mobile Device Backup - NIST 3: Security Awareness Training - NIST 1: Remote Wipe - Lifewire 2: How Businesses with a BYOD Policy Can Secure Employee Devices - IBM : Mobile Device Security Policy - SANS
NEW QUESTION # 45
信息安全團隊發現用戶與包含敏感信息的應用程序共享登錄帳戶,這違反了訪問策略。業務管理表明,這種做法可以提高運營效率。信息安全經理的最佳行動方案是什麼?
- A. 修改策略。
- B. 執行策略。
- C. 為偏差創建例外。
- D. 向高級管理層提出風險。
Answer: D
NEW QUESTION # 46
一家在線銀行發現正在進行的成功網絡攻擊。銀行應該首先:
- A. 向董事會報告根本原因。
- B. 隔離受影響的網段。
- C. 評估個人身份信息 (Pll) 是否受到洩露。
- D. 關閉整個網絡。
Answer: B
NEW QUESTION # 47
以下哪項是減少不必要的合規活動重複的最佳方法?
- A. 保障工作的整合
- B. 控製程序的文檔
- C. 控制自動化
- D. 合規要求標準化
Answer: D
NEW QUESTION # 48
以下哪項是針對分佈式拒絕服務 (DDoS) 攻擊的可行遏制策略?
- A. 關閉受影響的服務器
- B. 阻止攻擊者使用的 IP 地址
- C. 禁用攻擊者利用的防火牆端口。
- D. 重定向攻擊者的流量
Answer: D
Explanation:
Redirecting the attacker's traffic is a viable containment strategy for a distributed denial of service (DDoS) attack because it helps to divert the malicious traffic away from the target server and reduce the impact of the attack. A DDoS attack is an attempt by attackers to overwhelm a server or a network with a large volume of requests or packets, preventing legitimate users from accessing the service or resource. Redirecting the attacker's traffic is a technique that involves changing the DNS settings or routing tables to send the attacker's traffic to another destination, such as a sinkhole, a honeypot, or a scrubbing center. A sinkhole is a server that absorbs and discards the malicious traffic. A honeypot is a decoy server that mimics the target server and collects information about the attacker's behavior and techniques. A scrubbing center is a service that filters out the malicious traffic and forwards only the legitimate traffic to the target server. Redirecting the attacker's traffic helps to contain the DDoS attack by reducing the load on the target server and preserving its availability and performance. Therefore, redirecting the attacker's traffic is the correct answer.
Reference:
https://www.fortinet.com/resources/cyberglossary/implement-ddos-mitigation-strategy
https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-response-strategy
https://www.cloudflare.com/learning/ddos/glossary/sinkholing/.
NEW QUESTION # 49
某個組織收到了用戶的投訴,稱他們的某些文件已被加密。這些用戶收到了解密文件所需的金錢要求。以下哪一項是最好的行動方案?
- A. 重建受影響的系統。
- B. 隔離受影響的系統。
- C. 進行影響評估。
- D. 啟動事件響應。
Answer: B
NEW QUESTION # 50
以下哪一項對信息安全治理計劃的成功採用影響最大?
- A. 組織文化
- B. 安全管理流程
- C. 安全策略
- D. 控制有效性
Answer: A
NEW QUESTION # 51
以下哪一項是確保信息安全與組織戰略保持一致的最重要原因?
- A. 協調安全角色和職責
- B. 確定組織的風險承受能力
- C. 優化安全風險管理
- D. 改進安全流程
Answer: C
NEW QUESTION # 52
從成功的惡意軟件攻擊中恢復後,惡意軟件的實例會繼續被發現。哪個階段的事件響應不成功?
- A. 經驗教訓回顧
- B. 事件聲明
- C. 根除
B恢復
Answer: C
Explanation:
Eradication is the phase of incident response where the incident team removes the threat from the affected systems and restores them to a secure state. If this phase is not successful, the malware may persist or reappear on the systems, causing further damage or compromise. Therefore, eradication is the correct answer.
Reference:
https://www.securitymetrics.com/blog/6-phases-incident-response-plan
https://www.atlassian.com/incident-management/incident-response
https://eccouncil.org/cybersecurity-exchange/incident-handling/what-is-incident-response-life-cycle/
NEW QUESTION # 53
以下哪项是预防信息安全事件最有效的方法?
- A. 实施员工安全意识培训计划
- B. 部署一致的事件响应方法
- C. 在网络环境中部署入侵检测工具
- D. 实施安全信息和事件管理 (SIEM) 工具
Answer: A
Explanation:
The most effective way to prevent information security incidents is to implement a security awareness training program for employees. Security awareness training provides employees with the knowledge and skills they need to identify potential security threats and protect their systems from unauthorized access and malicious activity. Security awareness training also helps to ensure that employees understand their roles and responsibilities when it comes to information security, and can help to reduce the risk of information security incidents by making employees more aware of potential risks. Additionally, implementing a security information and event management (SIEM) tool, deploying a consistent incident response approach, and deploying intrusion detection tools in the network environment can also help to reduce the risk of security incidents
NEW QUESTION # 54
ACISO 了解到,第三方服務提供商沒有向該組織通報影響該服務提供商數據中心的數據洩露事件。CISO 應首先執行以下哪項操作?
- A. 確定對組織的影響程度。
- B. 建議取消外包合同。
- C. 通知受影響的客戶數據洩露。
- D. 請求對提供商的數據中心進行獨立審查。
Answer: A
NEW QUESTION # 55
對於遷移到基於雲的解決方案的組織來說,以下哪項是最佳的事件響應方法?
- A. 修改事件響應程序以涵蓋雲環境。
- B. 將事件響應的責任轉移給雲提供商。
- C. 繼續使用現有的事件響應程序。
- D. 採用雲提供商的事件響應程序。
Answer: A
NEW QUESTION # 56
某组织计划向客户提供一项受法规约束的新服务。在制定支持这项新服务的安全策略时,组织应该首先做什么?
- A. 建立合规计划,
- B. 确定新服务的安全控制。
- C. 针对当前状态进行差距分析
- D. 雇用新资源来支持服务。
Answer: C
NEW QUESTION # 57
在確定是否需要將事件升級為高級人員時,以下哪一項對於信息安全經理最有用?
- A. 系統風險評估
- B. 事件管理程序
- C. 事件管理政策
- D. 組織風險登記冊
Answer: D
Explanation:
The organizational risk register is the most useful for an information security manager when determining the need to escalate an incident to senior management because it contains a list of identified risks to the organization, their likelihood and impact, and their predefined risk thresholds or targets, which can help the information security manager assess the severity and urgency of the incident and decide whether it requires senior management's attention or action. Incident management procedures are not very useful for this purpose because they do not provide any specific criteria or guidance on when to escalate an incident to senior management. Incident management policy is not very useful for this purpose because it does not provide any specific criteria or guidance on when to escalate an incident to senior management. System risk assessment is not very useful for this purpose because it does not reflect the current risk exposure or status of the organization as a whole. Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/how-to-measure-the-effectiveness-of-information-security-using-iso-27004 https://www.isaca.org/resources/isaca-journal/issues/2017/volume-5/incident-response-lessons-learned
NEW QUESTION # 58
如果民事訴訟是組織響應安全事件的目標,則主要步驟應該是:
- A. 在安全區域重新啟動受影響的計算機以搜索證據。
- B. 記錄監管鏈。
- C. 聯繫執法部門。
- D. 使用標準服務器備份實用程序捕獲證據。
Answer: B
NEW QUESTION # 59
進行法醫調查時,以下哪一項最重要?
- A. 捕獲完整系統映像
- B. 記錄分析步驟
- C. 分析系統內存
- D. 維持監管鏈
Answer: D
NEW QUESTION # 60
以下哪项 BEST 能够将信息安全治理整合到公司治理中?
- A. 具有业务代表的信息安全指导委员会
- B. 完善的信息安全政策和标准
- C. 整个组织的明确权限线
- D. 高级管理层对信息安全战略的批准
Answer: A
NEW QUESTION # 61
在收集可接受的证据时,以下哪项是最重要的要求?
- A. 保存审计日志
- B. 监管链
- C. 需要知道
- D. 尽职调查
Answer: B
Explanation:
The most important requirement when collecting admissible evidence is the chain of custody. The chain of custody is a documented record of who had control of the evidence at any given time, from the point of collection until the evidence is presented in court. This is important in order to ensure the evidence can be authenticated and is not subject to tampering or any other form of interference. Other important considerations include need to know, preserving audit logs, and due diligence.
NEW QUESTION # 62
以下哪一項最有利於信息安全經理努力獲得高級管理層對信息安全計劃的承諾?
- A. 傳達剩餘風險
- B. 提供固有風險的證據
- C. 提出合規性要求
- D. 報告安全成熟度級別
Answer: C
NEW QUESTION # 63
在对攻击进行事后审查时,以下哪项对信息安全经理最有用?
- A. 攻击对组织的成本
- B. 攻击者的位置
- C. 攻击者使用的操作方法
- D. 来自入侵检测系统 (IDS) 日志的详细信息
Answer: C
NEW QUESTION # 64
发现组织使用的云应用程序存在严重漏洞。评估风险后,以下哪一项是信息安全经理的最佳行动方案?
- A. 指示供应商进行渗透测试。
- B. 启动组织的事件响应流程。
- C. 将情况报告给申请的企业主。
- D. 暂停与防火墙中应用程序的连接
Answer: C
NEW QUESTION # 65
以下哪项是事件分类的主要目标?
- A. 缓解漏洞
- B. 通信协调
- C. 事件的分类
- D. 遏制威胁
Answer: C
Explanation:
Incident triage is the process of quickly assessing an incident and determining its severity in order to prioritize the response. This involves categorizing the events based on their potential impact, which helps to determine the right response and the most effective use of resources. It also helps to identify potential threats and vulnerabilities, and to coordinate communications and response activities.
NEW QUESTION # 66
......
Updated Verified CISM-CN dumps Q&As - Pass Guarantee or Full Refund: https://dumpsvce.exam4free.com/CISM-CN-valid-dumps.html
