Question: 1
Which of the following is an example of a corrective control?
A. Diverting incoming traffic upon responding to the denial of service (DoS) attack
B. Filtering network traffic before entering an internal network from outside
C. Examining inbound network traffic for viruses
D. Logging inbound network traffic
Answer: A
Explanation:
Diverting incoming traffic corrects the situation and. therefore, is a corrective control. Choice B is a
preventive control. Choices C and D are detective controls.
Question: 2
To determine how a security breach occurred on the corporate network, a security manager looks at
the logs of various devices. Which of the following BEST facilitates the correlation and review of
these logs?
A. Database server
B. Domain name server (DNS)
C. Time server
D. Proxy server
Answer: C
Explanation:
To accurately reconstruct the course of events, a time reference is needed and that is provided by
the time server. The other choices would not assist in the correlation and review1 of these logs.
Question: 3
An organization has been experiencing a number of network-based security attacks that all appear
to originate internally. The BEST course of action is to:
A. require the use of strong passwords.
B. assign static IP addresses.
C. implement centralized logging software.
D. install an intrusion detection system (IDS).
Answer: D
Explanation:
Installing an intrusion detection system (IDS) will allow the information security manager to better
pinpoint the source of the attack so that countermeasures may then be taken. An IDS is not limited
to detection of attacks originating externally. Proper placement of agents on the internal network
can be effectively used to detect an internally based attack. Requiring the use of strong passwords
will not be sufficiently effective against a network-based attack. Assigning IP addresses would not be
effective since these can be spoofed. Implementing centralized logging software will not necessarily
provide information on the source of the attack.
Question: 4
A serious vulnerability is reported in the firewall software used by an organization. Which of the
following should be the immediate action of the information security manager?
A. Ensure that all OS patches are up-to-date
B. Block inbound traffic until a suitable solution is found
C. Obtain guidance from the firewall manufacturer
D. Commission a penetration test
Answer: C
Explanation:
The best source of information is the firewall manufacturer since the manufacturer may have a
patch to fix the vulnerability or a workaround solution. Ensuring dial all OS patches are up-to-date is
a best practice, in general, but will not necessarily address the reported vulnerability. Blocking
inbound traffic may not be practical or effective from a business perspective. Commissioning a
penetration test will take too much time and will not necessarily provide a solution for corrective
actions.
Question: 5
An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are
properly maintained and usable during a system crash, the MOST appropriate measure the
organization should perform is to:
A. use the test equipment in the warm site facility to read the tapes.
B. retrieve the tapes from the warm site and test them.
C. have duplicate equipment available at the warm site.
D. inspect the facility and inventory the tapes on a quarterly basis.
Answer: B
Explanation:
A warm site is not fully equipped with the company's main systems; therefore, the tapes should be
tested using the company's production systems. Inspecting the facility and checking the tape
inventory does not guarantee that the tapes are usable.
Related links:
https://www.dumpspass4sure.com/isaca/cism-dumps.htmlhttp://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.