callicon +1 210-504-8191
whatsAppIcon +1 210-504-8191
emailIcon info@koenig-solutions.com
koenig-logo
logo-30-years
Login
koenig-logo
+1 210-504-8191
+1 210-504-8191

Certified Information Security Manager (CISM) Quiz Questions and Answers

Answer :
  • Risk activities are embedded in business processes

Explanation :

The primary objective of the risk management process is that risk is identified, assessed, communicated and addressed. This objective is most effectively achieved by embedding risk management activities in business processes (e.g., change management, inci
Answer :
  • The steering committee approves security projects

Explanation :

The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. To ensure that all stakeholders impacted by security considerations are involved, many organizations use a stee
Answer :
  • A deviation in employee turnover

Explanation :

Significant changes in employee turnover indicate that something significant is impacting the workforce, which deserves the attention of the information security manager. If a large number of senior developers are leaving the research and development grou
Answer :
  • The provider services all major companies in the area

Explanation :

In case of a disaster affecting a localized geographical area, the vendor’s facility and capabilities could be insufficient for all of its clients, which will all be competing for the same resource. Preference will likely be given to the larger corporatio
Answer :
  • initiate an exception process for sending the report without encryption

Explanation :

The information security manager should first assess the risk in sending the report to the regulatory authority without encryption. The information security manager can consider alternate communication channels that will address the risk and provide for t
Answer :
  • Application support team

Explanation :

Structured query language (SQL) injection is an application-based attack. Because the security operations center has detected an attempt of SQL injection and could not determine if it was successful, the information security manager should approach the ap