Practicetest CISM Isaca cert24

Posted on by

Practicetest CISM Isaca cert24
Practicetest CISM Isaca cert24

IT Exam,IT Certification,braindump,original questions, question pool,document, braindump, test questions, test question, dumps, test answers, cert24.com, preparation, pdf, certification questions, answers Certification, certification test, practice test, exam dumps, certification training, answers real questions

CISM Certified Information Security Manager our products come with a 100% guarantee of success. We hold this claim because of the highly dedicated and expert team that we have and because of our past performance.

QUESTION: 1
A common concern with poorly written web applications is that they can allow an attacker
to:

A. gain control through a buffer overflow.
B. conduct a distributed denial of service (DoS) attack.
C. abuse a race condition.
D. inject structured query language (SQL) statements.

Answer: D

Explanation:
Structured query language (SQL) injection is one of the most common and dangerous web application vulnerabilities. Buffer overflows and race conditions are very difficult to find and exploit on web applications. Distributed denial of service (DoS) attacks have nothing to do with the quality of a web application.

QUESTION: 2
Which of the following would be of GREATEST importance to the security manager in
determining whether to accept residual risk?

A. Historical cost of the asset
B. Acceptable level of potential business impacts
C. Cost versus benefit of additional mitigating controls
D. Annualized loss expectancy (ALE)

Answer: C

Explanation:
The security manager would be most concerned with whether residual risk would be reduced by a greater amount than the cost of adding additional controls. The other choices, although relevant, would not be as important.

QUESTION: 3
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization’s local are network (LAN). What should the security manager do FIRST?

A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before
allowing external access to the server

Answer: A

Explanation:
The information security manager cannot make an informed decision about the request
without first understanding the business requirements of the developer portal. Performing a vulnerability assessment of developer portal and installing an intrusion detection system
(IDS) are best practices but are subsequent to understanding the requirements. Obtaining a signed nondisclosure agreement will not take care of the risks inherent in the organization’s application.

QUESTION: 4
A mission-critical system has been identified as having an administrative system account
with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?
A. Prevent the system from being accessed remotely
B. Create a strong random password
C. Ask for a vendor patch
D. Track usage of the account by audit trails

Answer: B

Explanation:
Creating a strong random password reduces the risk of a successful brute force attack by
exponentially increasing the time required. Preventing the system from being accessed
remotely is not always an option in mission-critical systems and still leaves local access
risks. Vendor patches are not always available. Tracking usage is a detective control and will not prevent an attack.

Practicetest CISM Isaca cert24

This entry was posted in Uncategorized by admin. Bookmark the permalink.

Comments are closed.