CISM: Controls and Countermeasures
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 44% Most missed: “Which risk will be applicable to a control that fails closed (secured)?”
CISM: Controls and Countermeasures
Time left 00:00
20 Questions

1. A system administrator is entrusted to analyze network events, take appropriate action, and provide a report to the security team. Which of the following additional controls will be more relevant for a risk-based review of network activities?
2. An organization is using an electronic data interchange (EDI) system to get orders from its distributors. What is the most effective way to ensure the authenticity of the orders received?
3. A system administrator is entrusted to analyze network events, take appropriate action, and provide a report to the security team. Which of the following additional controls will be more relevant for a risk-based review of network activities?
4. What is the most effective deterrent control against employees misusing their privileges?
5. What is the objective of segmenting a network?
6. A security manager is involved in the development of a system. In which phase should they finalize the access control and encryption algorithm?
7. A security manager is involved in the development of a system. In which phase should they finalize the access control and encryption algorithm?
8. What is the objective of segmenting a network?
9. What is the most effective method of removing data from tape media that is to be reused?
10. When should application-level control be implemented?
11. Which of the following is an example of corrective control?
12. When should application-level control be implemented?
13. What is the objective of corrective control?
14. A data backup policy primarily includes which of the following?
15. What is the most effective deterrent control against employees misusing their privileges?
16. Which risk will be applicable to a control that fails closed (secured)?
17. What is the most effective method to identify and remove an application back door?
18. Enabling a database audit log function will result in which of the following?
19. Which of the following primarily determines how a control is implemented?
20. An external security attack can be prevented by doing what?