CISM Security Mgr Practice 202 Practice Questions
Free CISM Security Mgr Practice 202 practice questions with answers and plain-English explanations. Browse the PDF, video and online mock test.
CISM Security Mgr Practice 202 Questions
Open each answer, read the explanation, then continue into the full practice flow.
Q1The National Institute of Standards and Technology (NIST) defines three categories of risk mitigation strategies in incident management. They are:
Show answer
✓ Correct answer: Avoidance, Transference, and Mitigation
Answer: Avoidance, Transference, and Mitigation NIST defines the three categories of risk mitigation strategies as: Avoidance (eliminating the risk factor entirely through preventive measures) Transference (shifting the risk to a third party, typically through insurance or outsourcing) Mitigation (reducing the impact or likelihood of the risk through control measures)
Q2An international bank is concerned that a cyber-attack could disrupt their primary trading network. They decide to set up an alternate trading site that can be operational immediately if such an attack occurs. Additionally, they want a tertiary site as a fallback option in case the secondary site is compromised. They have also specified that they want to reduce costs for this tertiary site. As the information security manager, what would you recommend for the tertiary site?
Show answer
✓ Correct answer: Cold site
Answer: Cold site A cold site is an appropriate choice for a bank expecting to rely on an alternative site (in this scenario: the secondary site) and needing a cost-effective tertiary option. If an extreme cyber-attack compromises the primary trading network, they can fail over to the alternate site. Once functional in the secondary site, they can then provision the cold site to become operational as needed. A hot site is not suitable because it does not align with the cost-reduction requirement for the tertiary site. A reciprocal agreement, which involves resource sharing with another entity, typically doesn't fit the banking industry's critical and sensitive operations. A mirror site is expensive and already operational, making it impractical as a backup for the alternate site. However, a bank might find a mirror site suitable as a primary or secondary option due to its real-time capabilities.
Q3Who is typically responsible for ensuring the proper handling and documentation of events during a disaster recovery process?
Show answer
✓ Correct answer: Disaster Recovery Coordinator
Answer: Disaster Recovery Coordinator The Disaster Recovery Coordinator is responsible for ensuring that disaster recovery plans are executed properly and that all actions and events are documented accordingly. They oversee the disaster recovery process to minimize downtime and data loss. The CIO will oversee the broader security strategy while the Board of Directors are informed stakeholders, and the Network Administrator focuses on maintaining network functionality.
Q4What is the MAIN difference between symmetric and asymmetric encryption?
Show answer
✓ Correct answer: The type of keys used for encryption and decryption
Correct answer: The type of keys used for encryption and decryption In symmetric encryption, the same key is used for both encryption and decryption. In asymmetric encryption, a pair of related but different keys (public and private) is used for encryption and decryption. The complexity of the algorithm, speed, and type of data are not the primary differences. Symmetric encryption algorithms tend to be less complex and faster, whereas asymmetric encryption is more complex but provides better security for key exchange purposes.
Q5What is the primary difference between event correlation and anomaly detection?
Show answer
✓ Correct answer: Event correlation links multiple related events to identify potential security incidents. Anomaly detection identifies deviations from a standard behavior.
Answer: Event correlation links multiple related events to identify potential security incidents. Anomaly detection identifies deviations from a standard behavior. The primary difference between event correlation and anomaly detection is that event correlation links multiple related events based on predefined patterns or rules, while anomaly detection identifies deviations from normal behavior. Event correlation relies on finding relationships between different security events, potentially indicating an incident. Anomaly detection, on the other hand, looks for unusual behavior that deviates from established baselines, indicating potential unknown threats.
Q6A financial brokerage firm is preparing for a major market event that is expected to significantly increase their network traffic. They are concerned about their primary internet connection failing during peak trading hours. To ensure they remain operational in the event of a failure, what solution could they implement to MINIMIZE downtime?
Show answer
✓ Correct answer: Redundant internet connections
Answer: Redundant internet connections Redundant internet connections provide a backup internet link to switch to if the primary connection fails, thus ensuring continued operation with minimal downtime. Network load balancing distributes traffic efficiently but does not directly address redundancy in case of a primary connection failure. Cloud-based backup focuses on data backup rather than maintaining continuous network connectivity. A VPN secures connections but does not provide redundancy or backup internet links.
Q7In the Disaster Recovery Plan (DRP), there must be a section that ensures the availability of backup power supplies, communication devices, and essential software for continuity. What is this section typically called?
Show answer
✓ Correct answer: Logistics
Answer: Logistics This is the logistics section of the DRP — it ensures that necessary resources such as backup power supplies, communication devices, and essential software are available for continuity. The technical support team handles hardware and software issues. The emergency coordination team organizes response actions during an emergency. The RPO determines the maximum tolerable period data might be lost due to a major incident.
Q8What is the primary method for an information security manager to ensure that the organization's network configurations are secure and avoid unauthorized access?
Show answer
✓ Correct answer: Regular vulnerability assessments
Answer: Regular vulnerability assessments Regular vulnerability assessments help identify weaknesses in network configurations and ensure they are secure, thus preventing unauthorized access. Approval by the legal department is not related to network security. Compliance with financial audits ensures financial integrity, not network security. An IT team’s capability cannot replace regular technical assessments for ensuring network security.
Q9Which of the following metrics is BEST to assess the effectiveness of a company's data loss prevention (DLP) strategy?
Show answer
✓ Correct answer: Reduction in data breaches
Answer: Reduction in data breaches Monitoring the reduction in data breaches is the most effective measure of a DLP strategy's success, as it directly correlates with the primary goal of preventing data loss. The other options, while useful for specific security aspects, do not directly measure the effectiveness of the overall DLP strategy.
Q10After a data protection strategy has been created, what should happen NEXT?
Show answer
✓ Correct answer: Executive approval
Answer: Executive approval A data protection strategy should be reviewed and approved by the executive team before it can be put into action. A vulnerability assessment is needed prior to creating a protection strategy; once developed, a strategy should be executed following proper approval. Monitoring compliance happens after the strategy has been implemented. Internal audits can be carried out at any stage, but they typically follow the approval process.
Full CISM Security Mgr Practice 202 bank + unlimited mocks
Try 30 questions free. Unlock the complete CISM Security Mgr Practice 202 question bank, every explanation, and unlimited timed mock exams. Practice on any device.
Unlock CISM Security Mgr Practice 202 →