Online Access Free CISM Practice Test

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

• A.Business impact analysis (BIA) results
• B.Risk assessment results
• C.Industry benchmarks
• D.Key performance indicators (KPIs)

When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:

• A.review corporate policies regarding credit card information.
• B.ensure that systems that handle credit card data are segmented.
• C.review industry best practices for handling secure payments.
• D.ensure alignment with industry encryption standards.

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

• A.Review a recent independent audit report of the service provider.
• B.Review samples of service level reports from the service provider.
• C.Assess the level of security awareness of the service provider.
• D.Request the service provider comply with information security policy.

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

• A.A configuration management program
• B.A data forensics program
• C.A layered security program
• D.An incident response program

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

• A.Review the state of security awareness
• B.Perform a gap analysis
• C.Perform a risk assessment
• D.Review information security policies