CISM—Certified Information Security Manager - Part 235

1. Which of the following is the BEST reason to reassess risk following an incident?

A) To capture lessons learned
B) To identify changes in the threat environment
C) To update roles and responsibilities
D) To accurately document risk to the organization



2. Which of the following is the GREATEST benefit of integrating a security information and event management (SIEM) solution with traditional security tools such asIDs, anti-malware, and email screening solutions?

A) The elimination of false positive detections
B) A reduction in operational costs
C) An increase in visibility into patterns of potential threats
D) The consolidation of tools into a single console



3. An organization is -MOST at risk from a new worm being introduced through the intranet when:

A) desktop virus definition files are not up to date.
B) system software does not undergo integrity checks.
C) hosts have static IP addresses.
D) executable code is run from inside the firewall.



4. Which of the following is the MOST effective way to identify changes in an information security environment?

A) Continuous monitoring
B) Security baselining
C) Annual risk assessments
D) Business impact analysis



5. Which of the following is the MOST effective way to detect security incidents?

A) Analyze penetration test results.
B) Analyze recent security risk assessments.
C) Analyze vulnerability assessments.
D) Analyze security anomalies.