CISM—Certified Information Security Manager - Part 239

1. The MOST important outcome of information security governance is:

A) business risk avoidance.
B) informed decision making.
C) alignment with business goals.
D) alignment with compliance requirements.



2. An organization will be outsourcing mission-critical processes.Which of the following is MOST important to verify before signing the service level agreement (SLA)?

A) The provider has implemented the latest technologies.
B) The provider's technical staff are evaluated annually.
C) The provider is widely known within the organization's industry.
D) The provider has been audited by a recognized audit form.



3. Which of the following should be thePRIMARY input when defining the desired state of security within an organization?

A) Acceptable risk level
B) Annual loss expectancy
C) External audit results
D) Level of business impact



4. What is the BEST -way for a customer to authenticate an e-commerce vendor?

A) Use a secure communications protocol for the connection.
B) Verify the vendor's certificate with a certificate authority.
C) Request email verification of the order.
D) Encrypt the order using the vendor's private key.



5. Which of the following would BESTenhance firewall security?

A) Placing the firewall on a screened subnet
B) Logging of security events
C) Implementing change-control practices
D) Providing dynamic address assignment