2024年最新の有効なCISM-CN試験最新問題で2024年最新の学習ガイド [Q234-Q251]

2024年最新の有効なCISM-CN試験最新問題で2024年最新の学習ガイド

CISM-CN認定で究極のガイド [2024年更新]

質問 # 234
减少成功的勒索软件攻击影响的最佳方法是什么？

• A. 购买或更新网络保险单。
• B. 经常备份，离线保存。
• C. 监控网络并提供入侵警报。
• D. 在信息安全预算中包括支付赎金的条款。

正解：B

質問 # 235
部署以下哪種技術後，安全管理工作將大大減少？

• A. 自主訪問控制
• B. 基於角色的訪問控制
• C. 訪問控制列表
• D. 分佈式訪問控制

正解：B

質問 # 236
以下哪項是監控組織中高級持續威脅 (APT) 的最佳方法？

• A. 瀏覽互聯網以查找潛在事件的團隊
• B. 與業內同行建立聯繫，共享信息。
• C. 搜索環境中的威脅特徵。
• D. 搜索環境中的異常情況

正解：D

解説：
An advanced persistent threat (APT) is a stealthy and sophisticated attack that aims to compromise and maintain access to a target network or system over a long period of time, often for espionage or sabotage purposes. APTs are difficult to detect by conventional security tools, such as antivirus or firewalls, that rely on signatures or rules to identify threats. Therefore, the best way to monitor for APTs is to search for anomalies in the environment, such as unusual network traffic, user behavior, file activity, or system configuration changes, that may indicate a compromise or an ongoing attack. Reference: https://www.isaca.org/credentialing/cism https://www.nist.gov/publications/information-security-handbook-guide-managers

質問 # 237
在恢復需要完全重建的受損系統時，應首先考慮以下哪項？

• A. 配置管理文件
• B. 網絡系統日誌
• C. 補丁管理文件
• D. 入侵檢測系統 (IDS) 日誌

正解：A

解説：
When recovering a compromised system that needs a complete rebuild, the first step should be to restore configuration management files. Configuration management files are critical for identifying the system's original state and the changes that were made to it, and restoring them can help ensure that the system is rebuilt to its original state.
According to the Certified Information Security Manager (CISM) Study Manual, "The initial phase of the recovery process requires that configuration management files be restored. These files represent the foundation of the system and provide insight into the original state of the system, which is important for identifying changes that were made to the system as well as ensuring the recovery process can return the system to its original state." Patch management files, network system logs, and intrusion detection system (IDS) logs are also important in the recovery process, but they should be addressed after configuration management files have been restored.
Reference:
Certified Information Security Manager (CISM) Study Manual, 15th Edition, Page 256.

質問 # 238
以下哪一項應該是製定信息安全策略的第一步？

• A. 根據當前狀態進行差距分析
• B. 創建路線圖來確定安全基線和控制。
• C. 確定可接受的信息安全風險級別。
• D. 確定關鍵利益相關者以維護信息安全。

正解：A

解説：
first step in developing an information security strategy is to conduct a risk-aware and comprehensive inventory of your company's context, including all digital assets, employees, and vendors. Then you need to know about the threat environment and which types of attacks are a threat to your company1. This is similar to performing a gap analysis based on the current state3.

質問 # 239
一个组织正在利用平板电脑来取代轮班员工共享的台式电脑这些平板电脑包含关键业务数据并且本来就存在更高的被盗风险以下哪一项最有助于减轻这种风险''

• A. 实现远程擦除能力。
• B. 制定可接受的使用政策。
• C. 进行移动设备风险评估
• D. 部署移动设备管理 (MDM)

正解：C

解説：
A key risk indicator (KRI) is a metric that provides an early warning of potential exposure to a risk. A KRI should be relevant, measurable, timely, and actionable. The most important factor in an organization's selection of a KRI is the criticality of information, which means that the KRI should reflect the value and sensitivity of the information assets that are exposed to the risk. For example, a KRI for data breach risk could be the number of unauthorized access attempts to a database that contains confidential customer data. The criticality of information helps to prioritize the risks and focus on the most significant ones. Reference: https://www.isaca.org/credentialing/cism https://www.wiley.com/en-us/CISM+Certified+Information+Security+Manager+Study+Guide-p-9781119801948

質問 # 240
以下哪項最能幫助組織增強其事件響應計劃流程和程序？

• A. 信息安全審核
• B. 安全風險評估
• C. 經驗教訓分析
• D. 關鍵績效指標 (KPI)

正解：C

解説：
Lessons learned analysis is the best way to enable an organization to enhance its incident response plan processes and procedures because it helps to identify the strengths and weaknesses of the current plan, capture the feedback and recommendations from the incident responders and stakeholders, and implement the necessary improvements and corrective actions for future incidents. Security risk assessments are not directly related to enhancing the incident response plan, but rather to identifying and evaluating the security risks and controls of the organization. Information security audits are not directly related to enhancing the incident response plan, but rather to verifying and validating the compliance and effectiveness of the security policies and standards of the organization. Key performance indicators (KPIs) are not directly related to enhancing the incident response plan, but rather to measuring and reporting the performance and progress of the security objectives and initiatives of the organization. Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-5/incident-response-lessons-learned https://www.isaca.org/resources/isaca-journal/issues/2017/volume-1/security-risk-assessment-for-a-cloud-based-enterprise-resource-planning-system https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/how-to-measure-the-effectiveness-of-information-security-using-iso-27004 https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/how-to-measure-the-effectiveness-of-your-information-security-management-system

質問 # 241
信息安全经理确定新发布的行业要求的安全标准存在大量例外情况。NEXT 应该做以下哪项？

• A. 记录风险接受。
• B. 进行信息安全审计。
• C. 评估不合规的后果。
• D. 修改组织的安全策略。

正解：C

質問 # 242
跨国组织必须遵守其每个运营地点具有不同安全要求的政府法规。首席信息安全官 (CISO) 应该最关心的是：

• A. 制定满足全球和区域要求的安全计划。
• B. 确保与当地监管机构的有效沟通。
• C. 监控对定义的安全策略和标准的遵守情况。
• D. 使用行业最佳实践来满足当地法律监管要求。

正解：A

解説：
In this scenario, the chief information security officer (CISO) should be most concerned with developing a security program that meets the global and regional requirements of the organization. This includes considering the different legal and regulatory requirements of each operating location, and designing a security program that meets all of these requirements. The CISO should also ensure effective communication with local regulatory bodies to ensure compliance and understanding of the security program. Additionally, the CISO should use industry best practices and defined security policies and standards to ensure the program meets all applicable requirements.

質問 # 243
以下哪項是事件分類的主要目標？

• A. 遏制威脅
• B. 通信協調
• C. 漏洞緩解
• D. 事件分類

正解：D

解説：
Incident triage is the process of quickly assessing an incident and determining its severity in order to prioritize the response. This involves categorizing the events based on their potential impact, which helps to determine the right response and the most effective use of resources. It also helps to identify potential threats and vulnerabilities, and to coordinate communications and response activities.

質問 # 244
以下哪項對於傳達安全報告中的前瞻性趨勢最有效？

• A. 關鍵績效指標 (KPI)
• B. 關鍵控制指標（KCI）
• C. 關鍵目標指標 (KGI)
• D. 關鍵風險指標 (KRI)

正解：A

解説：
Key performance indicators (KPIs) are the most effective for communicating forward-looking trends within security reporting. KPIs are metrics used to measure progress towards a specific goal or objective, and can provide insight into the current state of security and any potential issues or risks that may arise in the future. Key control indicators (KCIs), key risk indicators (KRIs), and key goal indicators (KGIs) are all important for measuring security performance and identifying areas for improvement, but KPIs are the most effective for communicating forward-looking trends.
Reference that support this statement include:
"Key Performance Indicators (KPIs) for IT Security" by ISACA. This resource states that KPIs "can be used to measure the performance of security controls and identify trends in security risks."
"Measuring and Managing Information Risk: A FAIR Approach" by The Open Group. This guide states that "KPIs are used to track progress over time and to identify areas where improvements may be needed."
"Key Performance Indicators (KPIs) for Cyber Security" by SANS Institute. This resource states that "KPIs can be used to identify potential risks and measure the effectiveness of security controls.

質問 # 245
如果民事诉讼是组织对安全事件做出响应的目标，则主要步骤应该是：

• A. 文件监管链。
• B. 在安全区域重启受影响的机器以搜索证据。
• C. 联系执法部门。
• D. 使用标准服务器备份实用程序捕获证据。

正解：A

質問 # 246
当出于分析目的授予供应商远程访问机密信息时，以下哪项是最重要的安全考虑因素？

• A. 供应商必须同意组织的信息安全政策，
• B. 供应商必须能够修改数据。
• C. 数据在传输过程中加密，并在供应商站点处于静止状态。
• D. 数据受定期访问日志审查。

正解：A

質問 # 247
根据其安全等级的标签信息：

• A. 提高人们安全处理信息的可能性。
• B. 减少为每个分类确定基线控制的需要。
• C. 减少所需对策的数量和类型。
• D. 影响信息处理不安全的后果。

正解：A

解説：
Labeling information according to its security classification enhances the likelihood of people handling information securely. Security classification is a process of categoriz-ing information based on its level of sensitivity and importance, and applying appropri-ate security controls based on the level of risk associated with that infor-mation1. Labeling is a process of marking the information with the appropriate classifi-cation level, such as public, internal, confidential, secret, or top secret2. The purpose of labeling is to inform the users of the information about its value and protection re-quirements, and to guide them on how to handle it securely. Labeling can help users to:
* Identify the information they are dealing with and its classification level
* Understand their roles and responsibilities regarding the information
* Follow the security policies and procedures for the information
* Avoid unauthorized access, disclosure, modification, or destruction of the information
* Report any security incidents or breaches involving the information
Labeling can also help organizations to:
* Track and monitor the information and its usage
* Enforce access controls and encryption for the information
* Audit and review the compliance with security standards and regulations for the infor-mation
* Educate and train employees and stakeholders on information security awareness and best practices Therefore, labeling information according to its security classification enhances the likelihood of people handling information securely, as it increases their awareness and accountability, and supports the implementation of security measures. The other op-tions are not the primary benefits of labeling information according to its security clas-sification. Reducing the number and type of countermeasures required is not a benefit, but rather a consequence of applying security controls based on the classification lev-el. Reducing the need to identify baseline controls for each classification is not a bene-fit, but rather a prerequisite for labeling information according to its security classifica-tion. Affecting the consequences if information is handled insecurely is not a benefit, but rather a risk that needs to be managed by implementing appropriate security con-trols and incident response procedures. Reference: 1: Information Classification - Ad-visera 2: Information Classification in Information Security - GeeksforGeeks : Infor-mation Security Policy - NIST : Information Security Classification Framework - Queensland Government

質問 # 248
對組織內部網絡的定期漏洞掃描發現許多用戶工作站都有未打補丁的軟件版本。信息安全經理幫助高級管理層了解相關風險的最佳方法是什麼？

• A. 直接向高級管理人員發送定期通知
• B. 定期更新風險評估
• C. 建議安全指導委員會進行審查。
• D. 將風險的影響納入常規指標中。

正解：D

解説：
Including the impact of the risk as part of regular metrics is the best way for the information security manager to help senior management understand the related risk of having many user workstations with unpatched versions of software because it quantifies and communicates the potential consequences and likelihood of such a risk in terms of business objectives and performance indicators. Recommending the security steering committee conduct a review is not a good way because it does not provide any specific information or analysis about the risk or its impact. Updating the risk assessment at regular intervals is not a good way because it does not ensure that senior management is aware or informed about the risk or its impact. Sending regular notifications directly to senior managers is not a good way because it may be perceived as intrusive or annoying, and may not convey the severity or urgency of the risk or its impact. Reference: https://www.isaca.org/resources/isaca-journal/issues/2015/volume-6/measuring-the-value-of-information-security-investments https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/how-to-measure-the-effectiveness-of-your-information-security-management-system

質問 # 249
在识别恶意软件事件后，必须立即发生以下哪项？

• A. 恢复
• B. 根除
• C. 遏制
• D. 准备

正解：A

質問 # 250
以下哪一项是风险负责人的责任？

• A. 确定组织的风险偏好
• B. 确保监控有效性
• C. 进行风险评估以指导风险应对
• D. 实施控制措施以降低风险

正解：D

解説：
A risk owner is a person or entity that is responsible for ensuring that risk is managed effectively. One of the primary responsibilities of a risk owner is to implement controls that will help mitigate or manage the risk. While risk assessments, determining the organization's risk appetite, and monitoring control effectiveness are all important aspects of managing risk, it is the responsibility of the risk owner to take the necessary actions to manage the risk.

質問 # 251
......

CISM-CN練習試験と学習ガイドは厳密検証されたにはJPNTest：https://www.jpntest.com/shiken/CISM-CN-mondaishu

2024年最新のな厳密検証された合格させるCISM-CN学習ガイドベズトお試しセット：https://drive.google.com/open?id=1t6eQzfYY_Od3po-Tj6WwACqQpM5b6LLm