Free CISM Practice Quiz
Lets get started!
This free practice quiz includes questions from ISACA®'s test prep solutions that are the same level of difficulty you can expect on ISACA's official CISM exam.
-
A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk. Which of the following would be the BEST approach of the information security manager?
-
Acceptance of the business manager’s decision on the risk to the corporation
The business manager is likely to be focused on getting the business done as opposed to the risk posed to the organization.
-
Acceptance of the information security manager’s decision on the risk to the corporation
The typical information security manager is focused on risk, and on average, he/she will overestimate risk by about 100 percent—usually considering worst case scenarios rather than the most probable events.
-
Review of the risk assessment with executive management for final input
Executive management will be in the best position to consider the big picture and the trade-offs between security and functionality in the entire organization.
-
Create a new risk assessment and BIA to resolve the disagreement
There is no indication that the assessments are inadequate or defective in some way; therefore, repeating the exercise is not warranted
-
-
Who is accountable for ensuring that information is categorized and that specific protective measures are taken?
-
The security officer
The security officer supports and implements information security to achieve senior management objectives.
-
Senior management
Routine administration of all aspects of security is delegated, but top management must retain overall accountability.
-
The end user
The end user does not perform categorization.
-
The custodian
The custodian supports and implements information security measures as directed.
-
-
Abnormal server communication from inside the organization to external parties may be monitored to:
-
record the trace of advanced persistent threats
The most important feature of target attacks as seen in advanced persistent threats is that malware secretly sends information back to a command and control server. Therefore, monitoring of outbound server communications that do not follow predefined routes will be the best control to detect such security events.
-
evaluate the process resiliency of server operations
Server communications are usually not monitored to evaluate the resiliency of server operations.
-
verify the effectiveness of an intrusion detection system
The effectiveness of an intrusion detection system may not be verified by monitoring outbound server communications.
-
support a nonrepudiation framework in e-commerce
Nonrepudiation may be supported by technology, such as a digital signature. Server communication itself does not support the effectiveness of an e-commerce framework.
-
-
Which of the following authentication methods prevents authentication replay?
-
Password hash implementation
Capturing the authentication handshake and replaying it through the network will not work. Using hashes by itself will not prevent a replay.
-
Challenge/response mechanism
A challenge/response mechanism prevents replay attacks by sending a different random challenge in each authentication event. The response is linked to that challenge.
-
Wired equivalent privacy encryption usage
A wired equivalent privacy key will not prevent sniffing, but it will take the attacker longer to break the WEP key if he/she does not already have it). Therefore, it will not be able to prevent recording and replaying an authentication handshake.
-
Hypertext Transfer Protocol basic authentication
Hypertext Transfer Protocol basic authentication is cleartext and has no mechanisms to prevent replay.
-
-
IT-related risk management activities are MOST effective when they are:
-
treated as a distinct process
IT risk is part of the broader risk landscape and must be integrated into overall risk management activities.
-
conducted by the IT department
To ensure an objective, holistic approach, IT risk management must be addressed on an enterprisewide basis, making it separate from the IT department.
-
integrated within business processes
IT is an enabler of business activities, and to be effective, it must be integrated into business processes.
-
communicated to all employees
Communication alone does not necessarily correlate with successful execution of the process.
-
-
Which of the following is the BEST way to detect an intruder who successfully penetrates a network before significant damage is inflicted?
-
Perform periodic penetration testing
Penetration testing will not detect an intruder.
-
Establish minimum security baselines
Security baselines set minimum security levels but are not related to detecting intruders.
-
Implement vendor default settings
Implementing vendor default settings do not detect intruders and is not the best idea.
-
Install a honeypot on the network
Honeypots attract hackers away from sensitive systems and files. Because honeypots are closely monitored, the intrusion is more likely to be detected before significant damage is inflicted.
-
-
Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
-
User ad hoc reporting is not logged
Although the lack of logging for user ad hoc reporting is not necessarily good, it does not represent as serious a security weakness as the failure to install security patches.
-
Network traffic is through a single switch
Routing network traffic through a single switch is not unusual.
-
Operating system security patches have not been applied
The fact that operating system security patches have not been applied is a serious weakness.
-
Database security defaults to ERP settings
Database security defaulting to the enterprise resource planning system’s settings is not as significant.
-
-
In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
-
Implementing on-screen masking of passwords
Implementing on-screen masking of passwords is desirable but will not be effective in reducing the likelihood of a successful social engineering attack.
-
Conducting periodic security awareness programs
Social engineering can best be mitigated through periodic security awareness training for users who may be the target of such an attempt.
-
Increasing the frequency of password changes
Increasing the frequency of password changes is desirable but will not be effective in reducing the likelihood of a successful social engineering attack.
-
Requiring that passwords be kept strictly confidential
Requiring that passwords be kept secret in security policies is a good control but is not as effective as periodic security awareness programs that will alert users of the dangers posed by social engineering.
-
-
The postincident review of a security incident revealed that there was a process that was not monitored. As a result monitoring functionality has been implemented. Which of the following may BEST be expected from this remediation?
-
Reduction in total incident duration
Monitoring may cause incident durations to become longer as each event is investigated and possibly escalated for further remediation.
-
Increase in risk tolerance
Risk tolerance is a determination made by senior management based on the results of a risk analysis and the amount of risk senior management believes the organization can manage effectively. Risk tolerance will not change from implementation of a monitoring process
-
Improvement in identific
When a key process is not monitored, that lack of monitoring may lead to a security vulnerability or threat going undiscovered resulting in a security incident. Once consistent monitoring is implemented, identification of vulnerabilities and threats will improve.
-
Facilitation of escalation
Monitoring itself is simply an identification and reporting tool; it has little bearing on how information is escalated to other staff members for investigation and resolution.
-
-
To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
-
Database server
The database server would not assist in the correlation and review of the logs.
-
Domain name server
The domain name server would not assist in the correlation and review of the logs.
-
Time server
To accurately reconstruct the course of events, a time reference is needed, and that is provided by the time server.
-
Proxy server
The proxy server would not assist in the correlation and review of the logs.
-
Congratulations, you passed with 0 correct!
Great job! Your knowledge of IS/IT auditing, control and information security is off to a strong start.
Scroll down for your detailed results.
Remember: these questions are a small preview of what you can expect on exam day. The official CISM exam has 150 questions.
You're just a few steps away from obtaining your CISM certification:
- Register and pay for your exam.
- Schedule your exam.
- Prep for your exam.
- Ace the CISM exam.
Whether you are seeking a new career opportunity or striving to grow within
your current organization, the Certified Information Systems Manager® (CISM® )
certification proves your skills and expertise.
You've Got This! Now take the CISM exam.
Good work, you scored 0 correct!
Your knowledge of IS/IT auditing, control and information security is off to a good start.
Scroll down for your detailed results.
Remember: these questions are a small preview of what you can expect on exam day. The official CISM exam has 150 questions.
You're just a few steps away from obtaining your CISM certification:
- Prep for your exam.
- Register and pay for your exam.
- Schedule your exam.
- Ace the CISM exam.
To set yourself up for success on your CISM certification exam, take a look at
ISACA's suite of test prep solutions. There's something for every learning style and schedule.
Our team of CISM-certified information security management experts have combined cutting-edge
industry practices with proven training formats that maximize learning.
Choose the Exam Prep that Best Fits Your Needs.
Ready for your CRISC? Take the exam now.
You didn't pass with 0 correct, but you can still excel on the exam!
Great effort! No matter your score, the right preparation from ISACA® will help you excel on your CISM® exam and move your career forward.
Scroll down for your detailed results.
Remember: these questions are a small preview of what you can expect on exam day. The official CISM exam has 150 questions.
You're just a few steps away from obtaining your CISM certification:
- Prep for your exam.
- Register and pay for your exam.
- Schedule your exam.
- Ace the CISM exam.
Choose the Exam Prep that Best Fits Your Needs.
- Master the CISM material
- Quickly expand your skillset
- Become better at your job
- Make the most of exam day
CISM Practice Quiz
CISM Practice Quiz