CISM Information Security Program Development Practice Exam
Q) The security awareness training is more likely to lead to which of the following?
a) Decrease in intrusion incidents
b) Increased incidents reported
c) Decrease in security policy changes
d) Increasing violations of access rules
Q) The information classification scheme should:
a) consider the possible impact of a security breach.
b) classify personal information in electronic form.
c) be performed by the head of information security.
d) Sort according to data compiled systems.
Q) Which of the following is the best method to provide a new user with the initial password to access the e-mail system?
a) Interoffice a strong password generated by the system with 30-day expiration
b) Giving a fictitious password over the telephone for immediate payment
c) Do not require passwords, but force the user to set up their own in 10 days
d) Set initial password equal to the user ID with a 30-day deadline
Q) An information security program should be sponsored by:
a) infrastructure management.
b) The company control service.
c) responsible for key business processes
d) management of information security.
Q) Which of the following is the most important element to be included in web development hosting agreements with third-party vendors?
a) Termination conditions
b) limits of liability
c) Service levels
d) privacy restrictions