Which of the following steps should be performed FIRST in the risk assessment process?
Answer(s): C
The first step in the risk assessment methodology is a system characterization, or identification and valuation, of all of the enterprise's assets to define the boundaries of the assessment. Interviewing is a valuable tool to determine qualitative information about an organization's objectives and tolerance for risk. Interviews are used in subsequent steps. Identification of threats comes later in the process and should not be performed prior to an inventory since many possible threats will not be applicable if there is no asset at risk. Determination of likelihood comes later in the risk assessment process.
Which of the following authentication methods prevents authentication replay?
Answer(s): B
A challenge/response mechanism prevents replay attacks by sending a different random challenge in each authentication event. The response is linked to that challenge. Therefore, capturing the authentication handshake and replaying it through the network will not work. Using hashes by itself will not prevent a replay. A WEP key will not prevent sniffing (it just takes a few more minutes to break the WEP key if the attacker does not already have it) and therefore will not be able to prevent recording and replaying an authentication handshake. HTTP Basic Authentication is clear text and has no mechanisms to prevent replay.
An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?
The risk assessment process is continual and any changes to an established process should include a new- risk assessment. While a review of the SAS 70 report and a vulnerability assessment may be components of a risk assessment, neither would constitute sufficient due diligence on its own.
Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?
Answer(s): D
The information security manager must understand the business risk profile of the organization. No model provides a complete picture, but logically categorizing the risk areas of an organization facilitates focusing on key risk management strategies and decisions. It also enables the organization to develop and implement risk treatment approaches that are relevant to the business and cost effective.
It is MOST important for an information security manager to ensure that security risk assessments are performed:
Answer(s): A
https://m.isaca.org/Certification/Additional-Resources/Documents/CISM-Item-Development-Guide_bro_Eng_0117.pdf(14)
Share your comments for ISACA CISM exam with other users:
q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.
cool very helpfull
i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.
is this a valid prince2 practitioner dumps?
all are relatable questions
might help me to prepare for the exam
just paid and downlaod the 2 exams using the 50% sale discount. so far i was able to download the pdf and the test engine. all looks good.
i think it should be a,c. option d goes against the principle of building anything custom unless there are no work arounds available
very legible
is this exam accurate or helpful?
please upload dump, i have exam in 2 days
this is useful
question 232 answer should be perimeter not netowrk layer. wrong answer selected
nice questions
hi team, could you please provide this dump ?
very helpful to clear the exam and understand the concept.
i think it is great that you are helping people when they need it. thanks.
cannot evaluate yet
a laptops wireless antenna is most likely located in the bezel of the lid
good examplae to learn basic
this is useful information
looks usefull
question 81 should be c.
question 18 : response isnt a ?
plaese add questions
is dumps still valid ?
thanks for this
please upload questions
please upload the question dump for professional machinelearning
question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!
number 52 answer is d
just started preparing for my exam , and this site is so much help
question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.
i would like to take psm1 exam.