CISM Practice Questions To Prep For The Exam
CISM Practice Questions To Prep For The Exam
CISM Practice Questions To Prep For The Exam
By
The following excerpt from Gregory's book offers CISM practice exam
questions from Chapter 3, "Information Risk Management." This area
constitutes 30% of the CISM exam, with questions on developing a risk
management strategy, integrating risk management into an organization's
practices and culture, and monitoring and reporting risk.
Before taking the exam, test your CISM knowledge here. Download
an excerpt of the book for even more questions.
Question 2 of 15
Marie, a CISO at a manufacturing company, is building a new cyber-risk
governance process. For this process to be successful, what is the best
first step for Marie to take?
Question 3 of 15
What steps must be completed prior to the start of a risk assessment in an
organization?
A. Determine the qualifications of the firm that will perform the audit.
B. Determine scope, purpose, and criteria for the audit.
C. Determine the qualifications of the person(s) who will perform the
audit.
D. Determine scope, applicability, and purpose for the audit.
Question 4 of 15
A risk manager recently completed a risk assessment in an organization.
Executive management asked the risk manager to remove one of the
findings from the final report. This removal is an example of what?
A. Gerrymandering
B. Internal politics
C. Risk avoidance
D. Risk acceptance
Question 5 of 15
A new CISO in a financial service organization is working to get asset
inventory processes under control. The organization uses on-premises and
IaaS-based virtualization services. What approach will most effectively
identify all assets in use?
Question 6 of 15
An internal audit examination of the employee termination process
determined that in 20 percent of employee terminations, one or more
terminated employee user accounts were not locked or removed. The
internal audit department also found that routine monthly user access
reviews identified 100 percent of missed account closures, resulting in
those user accounts being closed no more than 60 days after users were
terminated. What corrective actions, if any, are warranted?
Question 7 of 15
What is typically the greatest challenge when implementing a data
classification program?
A. Data replication
B. Spam and phishing e-mail filtering
C. File integrity monitoring
D. Firewalls
Question 9 of 15
A SaaS provider performs penetration tests on its services once per year,
and many findings are identified each time. The organization's CISO wants
to make changes so that penetration test results will improve. The CISO
should recommend all of the following changes except which one?
Question 10 of 15
An end user in an organization opened an attachment in e-mail, which
resulted in ransomware running on the end user's workstation. This is an
example of what?
A. Incident
B. Vulnerability
C. Threat
D. Insider threat
Question 11 of 15
What is the correct sequence of events when onboarding a third-party
service provider?
Question 12 of 15
The primary advantage of automatic controls versus manual controls
includes all of the following except which one?
Question 13 of 15
Which of the following statements about PCI-DSS compliance is true?
Question 14 of 15
An organization recently suffered a significant security incident. The
organization was surprised by the incident and believed that this kind of an
event would not occur. To avoid a similar event in the future, what should
the organization do next?
A. Commission an enterprise-wide risk assessment.
B. Commission a controls maturity assessment.
C. Commission an internal and external penetration test.
D. Commission a controls gap assessment.
Question 15 of 15
Security analysts in the SOC have noticed that the organization's firewall is
being scanned by a port scanner in a hostile country. Security analysts
have notified the security manager. How should the security manager
respond to this matter?
Advertisement
Show Answer
Q. 2 _______ platforms are used for safety and protection of information in the
cloud.
A : Cloud workload protection platforms
B : Cloud security protocols
C : AWS
D : One Drive
Advertisement
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Advertisement
Show Answer
Q. 10 This helps in identifying the origin of information and authentic user. This
referred to here as __________
A : Confidentiality
B : Integrity
C : Authenticity
D : Availability
Show Answer
Advertisement
Show Answer
Show Answer
Advertisement
Show Answer
Q. 14 Release of message contents and Traffic analysis are two types of _________
attacks.
A : Active Attack
B : Modification of Attack
C : Passive attack
D : DoS Attack
Show Answer
Show Answer
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Show Answer
Q. 24 A asymmetric-key (or public key ) cipher uses
A : 1 key
B : 2 key
C : 3 key
D : 4 key
Show Answer
Advertisement
Show Answer
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Show Answer
Advertisement
Show Answer
Q. 36 Elliptic curve cryptography follows the associative property.
A : TRUE
B : FALSE
Show Answer
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Q. 42 What is the size of the RSA signature hash after the MD5 and SHA-1
processing?
A : 42 bytes
B : 32 bytes
C : 36 bytes
D : 48 bytes
Show Answer
Q. 43 In the handshake protocol which is the message type first sent between client
and server ?
A : server_hello
B : client_hello
C : hello_request
D : certificate_request
Show Answer
Advertisement
Show Answer
Q. 45 The ________ method provides a one-time session key for two parties.
A : Diffie-Hellman
B : RSA
C : DES
D : AES
Show Answer
Q. 46 The _________ attack can endanger the security of the Diffie-Hellman method
if two parties are not authenticated to each other.
A : man-in-the-middle
B : ciphertext attack
C : plaintext attack
D : none of the above
Show Answer
Q. 48 VPN is abbreviated as __________
A : Visual Private Network
B : Virtual Protocol Network
C : Virtual Private Network
D : Virtual Protocol Networking
Show Answer
Q. 49 __________ provides an isolated tunnel across a public network for sending and
receiving data privately as if the computing devices were directly connected to the
private network.
A : Visual Private Network
B : Virtual Protocol Network
C : Virtual Protocol Networking
D : Virtual Private Network
Advertisement
Show Answer
Show Answer
Show Answer
Show Answer
Q. 54 _________ type of VPNs are used for home private and secure connectivity.
A : Remote access VPNs
B : Site-to-site VPNs
C : Peer-to-Peer VPNs
D : Router-to-router VPNs
Show Answer
Q. 55 Which types of VPNs are used for corporate connectivity across companies
residing in different geographical location?
A : Remote access VPNs
B : Site-to-site VPNs
C : Peer-to-Peer VPNs
D : Country-to-country VPNs
Show Answer
Advertisement
Show Answer
Show Answer
Show Answer
Advertisement
Show Answer
Show Answer
Show Answer
Advertisement
Show Answer
Q. 64 A _______network is used inside an organization.
A : private
B : public
C : semi-private
D : semi-public
Show Answer
Show Answer
Advertisement
Show Answer
Q. 67 In ______, there is a single path from the fully trusted authority to any
certificate.
A : X509
B : PGP
C : KDC
D : none of the above
Show Answer
Q. 68 A ______ provides privacy for LANs that must communicate through the global
Internet.
A : VPP
B : VNP
C : VNN
D : VPN
Show Answer
Show Answer
Next »
This set of Cyber Security written test Questions & Answers focuses on “Cyber Security
Privacy – Anonymity & Pseudonymity”.
1. The term _____________ means taking care of a user’s name as well as the identity
hidden or veiled using a variety of applications.
a) pseudonymous
b) anonymous
c) eponymous
d) homonymous
View Answer
2. Sometimes __________________ anonymize them to perform criminal activities.
a) virus
b) incident handlers
c) cyber-criminals
d) ethical hackers
View Answer
3. An _______________ allows users for accessing the web while blocking the trackers
or agents that keep tracing the identity online.
a) intranet
b) extranet
c) complex network
d) anonymity network
View Answer
advertisement
4. _________ services are examples of anonymity services that conceal the location and
usage of any user.
a) Tor
b) Encrypted router
c) Firewall
d) HTTPS
View Answer
5. Another anonymity network is the I2P identity-sensitive network which gets distributed
& is dynamic in nature as they route traffic through other peers.
a) True
b) False
View Answer
6. Which of the following is not an example of approaches for maintaining anonymity?
a) Use of VPNs
b) Use of Tor Browser
c) Use of Proxy servers
d) Use of Antivirus
View Answer
7. Which of the following is not an example of approaches for maintaining anonymity?
a) Using encrypted search engines that don’t share your search data
b) Use firewalls
c) Fake email services
d) Use file shielders
View Answer
8. Big multinational companies are providing us with search engines to easily search for
data for free. But they are also taking our searched data and browsing habits as well as
choices.
a) True
b) False
View Answer
9. Which of the following is not a VPN used for preserving our anonymity?
a) Nord VPN
b) Express VPN
c) Microsoft Security Essential
d) CyberGhost
View Answer
10. __________________ are those search engines that are intended and designed not
to take our searched data or browsing habits hence do not hampers our online privacy.
a) Paid search engines
b) Incognito mode
c) In-private mode
d) Private search engines
View Answer
11. Which of the following is a private search engine?
a) Bing
b) Google
c) Duckduckgo
d) Yahoo
View Answer
12. Which of the following is not a private search engine?
a) StartPage
b) Baidu
c) SearX.me
d) Qwant
View Answer
13. Which of the below-mentioned search engine can provide you with anonymity while
searching?
a) Privatelee
b) Baidu
c) Google
d) Bing
Cyber Security Questions and Answers – Attack Vectors –
Digital Privacy
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Attack Vectors – Digital Privacy”.