Online Access Free CISM Practice Test

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

• A.Calculate the return on investment (ROI).
• B.Provide security awareness training to HR.
• C.Assess the business objectives of the processes.
• D.Benchmark the processes with best practice to identify gaps.

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

• A.Implement compensating controls.
• B.Improve the security awareness training program.
• C.Communicate consequences for future instances.
• D.Enhance the data loss prevention (DLP) solution.

An information security program is BEST positioned for success when it is closely aligned with:

• A.the information security strategy.
• B.information security best practices.
• C.information security policies.
• D.recognized industry frameworks.

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

• A.Improper authorization
• B.Lack of accountability
• C.Lack of availability
• D.Inadequate authentication

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

• A.A data forensics program
• B.A layered security program
• C.A configuration management program
• D.An incident response program