Instant Access ISACA.CISM.v2024-03-13.q421 Actual Practice Test Engine for Free (Page 82)

Welcome to DumpsDB

- Passing Exams, Dumps for Free

Request Exam Contact

Home
Popular Exams
- Oracle
- Fortinet
- Juniper
- Microsoft
- Cisco
- Citrix
- CompTIA
- VMware
- ISC
- SAP
- EMC
- PMI
- HP
- Salesforce
View All Exams
New Dumps
Upload

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2024-03-13.q421 Dumps

««
«
…
77
78
79
80
81
82
83
84
85
86
»

Question 401

Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?

A.Use security tokens for authentication
B.Connect through an IPSec VPN
C.Use https with a server-side certificate
D.Enforce static media access control (MAC) addresses

Correct Answer: B

Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
IPSec effectively prevents man-in-the-middle (MitM) attacks by including source and destination IPs within the encrypted portion of the packet. The protocol is resilient to MitM attacks. Using token-based authentication does not prevent a MitM attack; however, it may help eliminate reusability of stolen cleartext credentials. An
https session can be intercepted through Domain Name Server (DNS) or Address Resolution Protocol (ARP) poisoning. ARP poisoning - a specific kind of MitM attack - may be prevented by setting static media access control (MAC) addresses. Nevertheless, DNS and NetBIOS resolution can still be attacked to deviate traffic.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 402

An information security manager must understand the relationship between information security and business operations in order to:

A.support organizational objectives.
B.determine likely areas of noncompliance.
C.assess the possible impacts of compromise.
D.understand the threats to the business.

Correct Answer: A

Explanation
Security exists to provide a level of predictability for operations, support for the activities of the organization and to ensure preservation of the organization. Business operations must be the driver for security activities in order to set meaningful objectives, determine and manage the risks to those activities, and provide a basis to measure the effectiveness of and provide guidance to the security program. Regulatory compliance may or may not be an organizational requirement. If compliance is a requirement, some level of compliance must be supported but compliance is only one aspect. It is necessary to understand the business goals in order to assess potential impacts and evaluate threats. These are some of the ways in which security supports organizational objectives, but they are not the only ways.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 403

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

A.define the circumstances where cryptography should be used.
B.define cryp, Graphic algorithms and key lengths.
C.describe handling procedures of cryptographic keys.
D.establish the use of cryptographic solutions.

Correct Answer: A

There should be documented standards- procedures for the use of cryptography across the enterprise; they should define the circumstances where cryptography should be used. They should cover the selection of cryptographic algorithms and key lengths, but not define them precisely, and they should address the handling of cryptographic keys. However, this is secondary to how and when cryptography should be used. The use of cryptographic solutions should be addressed but, again, this is a secondary consideration.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 404

When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

A.verify compliance with the service level agreement (SLA).
B.reduce the costs of future preventive controls.
C.provide metrics for reporting to senior management
D.learn of potential areas of improvement

Correct Answer: A

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 405

For risk management purposes, the value of an asset should be based on:

A.original cost.
B.net cash flow.
C.net present value.
D.replacement cost.

Correct Answer: D

Explanation
The value of a physical asset should be based on its replacement cost since this is the amount that would be needed to replace the asset if it were to become damaged or destroyed. Original cost may be significantly different than the current cost of replacing the asset. Net cash flow and net present value do not accurately reflect the true value of the asset.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
77
78
79
80
81
82
83
84
85
86
»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2024-03-13.q421 Dumps

Email:

We are the Largest and the most Updated website for all vendors Certification Exam materials around the world.

Using resources of we provide, we strive using dumps to strengthen the community of High level Certification professionals for free.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 DumpsDB

www.dumpsdb.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics