Isaca CISM Quiz 168 Topic 4 Questions 836-840

Question: 1

An organization's IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information security manager?

ASelecting the virtualization software

BDetermining how incidents will be managed

CBeing involved at the design stage of the project

DEnsuring the project has appropriate security funding

Show Answer

Question: 2

A team developing an interface to a key financial system has identified a security flaw in one of the libraries. Remediating the flaw would require major system redesign. What should the information security manager do NEXT?

AHire a consultant to design proper remediation controls.

BInstruct the development team to remediate the flaw.

CConfirm the impact with the business owner.

DConduct a comprehensive source code review.

Show Answer

Question: 3

Which of the following metrics would BEST determine the effectiveness of an application security testing program?

ANumber of detected security defects per thousand lines of code

BAverage time to release code into production

CAverage time to fix each discovered security defect

DNumber of security defects discovered in development versus production

Show Answer

Question: 4

Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?

AUtilizing a formal change management process

BEnforcing service level agreements (SLAs)

CImplementing a data classification schema

DEnsuring encryption for data in transit

Show Answer

Question: 5

Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?

AHost-based IDS

BAnomaly-based IDS

CNetwork-based IDS

DApplication-based IDS

Show Answer

Isaca CISM Quiz:168 Topic:4 Questions:836-840