it-pruefungen bietet qualitativ hochwertige Prüfungsfragen und Antworten für die Vorbereitung auf Ihre IT-Zertifizierungsprüfungen, die alle Examfragen und Examsantworten abdecken. Bei it-pruefungen.de stehen Ihnen zahlreiche kostenlose Zertifizierungsfragen von IT Prüfungen zur Verfügung. Die neuesten Unterlagen und Simulationssoftware bei it-pruefungen.de machen die IT Prüfungen ganz leicht für Sie. Im Falle eines Scheiterns erhalten Sie nämlich die Gebühr zurückerstattet

CISM Certified Information Security Manager IT Prüfung,IT Zertifizierung,Prüfungsfrage, originale Fragen,Antorten, Fragenkataloge,Prüfungsunterlagen, Prüfungsfragen, Prüfungsfrage, Testfagen, Testantworten, Vorbereitung, Zertifizierungsfragen, Zertifizierungsantworten, Examsfragen, Antworten, echte Fragen

QUESTION: 1
A common concern with poorly written web applications is that they can allow an attacker
to:

A. gain control through a buffer overflow.
B. conduct a distributed denial of service (DoS) attack.
C. abuse a race condition.
D. inject structured query language (SQL) statements.

Answer: D

Explanation:
Structured query language (SQL) injection is one of the most common and dangerous web application vulnerabilities. Buffer overflows and race conditions are very difficult to find and exploit on web applications. Distributed denial of service (DoS) attacks have nothing to do with the quality of a web application.

QUESTION: 2
Which of the following would be of GREATEST importance to the security manager in
determining whether to accept residual risk?

A. Historical cost of the asset
B. Acceptable level of potential business impacts
C. Cost versus benefit of additional mitigating controls
D. Annualized loss expectancy (ALE)

Answer: C

Explanation:
The security manager would be most concerned with whether residual risk would be reduced by a greater amount than the cost of adding additional controls. The other choices, although relevant, would not be as important.

QUESTION: 3
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization’s local are network (LAN). What should the security manager do FIRST?

A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before
allowing external access to the server

Answer: A

Explanation:
The information security manager cannot make an informed decision about the request
without first understanding the business requirements of the developer portal. Performing a vulnerability assessment of developer portal and installing an intrusion detection system
(IDS) are best practices but are subsequent to understanding the requirements. Obtaining a signed nondisclosure agreement will not take care of the risks inherent in the organization’s application.

QUESTION: 4
A mission-critical system has been identified as having an administrative system account
with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?
A. Prevent the system from being accessed remotely
B. Create a strong random password
C. Ask for a vendor patch
D. Track usage of the account by audit trails

Answer: B

Explanation:
Creating a strong random password reduces the risk of a successful brute force attack by
exponentially increasing the time required. Preventing the system from being accessed
remotely is not always an option in mission-critical systems and still leaves local access
risks. Vendor patches are not always available. Tracking usage is a detective control and will not prevent an attack.

Echte Fragen CISM Isaca Fragenkatalog

it-pruefungen bietet qualitativ hochwertige Prüfungsfragen und Antworten für die Vorbereitung auf Ihre IT-Zertifizierungsprüfungen, die alle Examfragen und Examsantworten abdecken. Bei it-pruefungen.de stehen Ihnen zahlreiche kostenlose Zertifizierungsfragen von IT Prüfungen zur Verfügung. Die neuesten Unterlagen und Simulationssoftware bei it-pruefungen.de machen die IT Prüfungen ganz leicht für Sie. Im Falle eines Scheiterns erhalten Sie nämlich die Gebühr zurückerstattet

CISA Isaca CISA IT Prüfung,IT Zertifizierung,Prüfungsfrage, originale Fragen,Antorten, Fragenkataloge,Prüfungsunterlagen, Prüfungsfragen, Prüfungsfrage, Testfagen, Testantworten, Vorbereitung, Zertifizierungsfragen, Zertifizierungsantworten, Examsfragen, Antworten, echte Fragen

QUESTION NO: 1
Which of the following is a characteristic of timebox management?

A. Not suitable for prototyping or rapid application development (RAD)
B. Eliminates the need for a quality process
C. Prevents cost overruns and delivery delays
D. Separates system and user acceptance testing

Answer: C

Explanation:
Timebox management, by its nature, sets specific time and cost boundaries. It is very suitable for prototyping and RAD, and integrates system and user acceptance testing, but does not eliminate the need for a quality process.

QUESTION NO: 2
Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects?

A. Project database
B. Policy documents
C. Project portfolio database
D. Program organization

Answer: C

Explanation:
A project portfolio database is the basis for project portfolio management. It includes project data, such as owner, schedules, objectives, project type, status and cost. Project portfolio management requires specific project portfolio reports. A project database may contain the above for one specific project and updates to various parameters pertaining to the current status of that single project. Policy documents on project management set direction for the design, development, implementation and monitoring of the project. Program organization is the team required (steering committee, quality assurance, systems personnel, analyst, programmer, hardware support, etc.) to meet the delivery objective of the project.

QUESTION NO: 3
To minimize the cost of a software project, quality management techniques should be applied:

A. as close to their writing (i.e., point of origination) as possible.
B. primarily at project start-up to ensure that the project is established in accordance with
organizational governance standards.
C. continuously throughout the project with an emphasis on finding and fixing defects primarily during testing to maximize the defect detection rate.
D. mainly at project close-down to capture lessons learned that can be applied to future projects.

Answer: C

Echte Fragen CISA Isaca Fragenkatalog