CISM 試験問題を無料オンラインアクセス

Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?

• A.Employees from each department have completed the required training.
• B.There has been an increase in the number of phishing attempts reported.
• C.There have been no reported successful phishing attempts since the training started.
• D.Senior management supports funding for ongoing awareness training.

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

• A.Legal and regulatory requirements
• B.Availability of resources
• C.Adverse effects on the business
• D.Root cause analysis results

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

• A.Increase the frequency of log monitoring and analysis.
• B.Implement multi-factor authentication.
• C.Increase the sensitivity of intrusion detection systems (IDSs).
• D.Implement a security information and event management system (SIEM),

A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

• A.Continue to enforce the policy.
• B.Escalate to senior management.
• C.Provide end-user training.
• D.Conduct a business impact analysis (BIA).

Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?

• A.Implementing strong password policies and enforcing regular password changes
• B.Ensuring access is granted to only those individuals whose job functions require it
• C.Implementing strong encryption protocols to protect sensitive data
• D.Reviewing and updating access controls in response to changes in organizational structure