Free Access to ISACA.CISM.v2023-01-28.q301 with Valid Practice Test (Page 21)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2023-01-28.q301 Dumps

««
«
…
16
17
18
19
20
21
22
23
24
25
…
»
»»

Question 96

Which of the following is an inherent weakness of signature-based intrusion detection systems?

A.A higher number of false positives
B.New attack methods will be missed
C.Long duration probing will be missed
D.Attack profiles can be easily spoofed

Correct Answer: B

Explanation/Reference:
Explanation:
Signature-based intrusion detection systems do not detect new attack methods for which signatures have not yet been developed. False positives are not necessarily any higher, and spoofing is not relevant in this case. Long duration probing is more likely to fool anomaly-based systems (boiling frog technique).

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 97

Successful social engineering attacks can BEST be prevented through:

A.preemployment screening.
B.close monitoring of users' access patterns.
C.periodic awareness training.
D.efficient termination procedures.

Correct Answer: C

Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Security awareness training is most effective in preventing the success of social engineering attacks by providing users with the awareness they need to resist such attacks. Screening of new employees, monitoring and rapid termination will not be effective against external attacks.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 98

Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?

A.Large percentage decrease in monthly change requests
B.Small number of change requests
C.Percentage of changes that include post-approval supplemental add-ons
D.High ratio of lines of code changed to total lines of code

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 99

Which of the following risks would BEST be assessed using quantitative risk assessment techniques?

A.Customer data stolen
B.An electrical power outage
C.A web site defaced by hackers
D.Loss of the software development team

Correct Answer: B

Explanation/Reference:
Explanation:
The effect of the theft of customer data or web site defacement by hackers could lead to a permanent decline in customer confidence, which does not lend itself to measurement by quantitative techniques.
Loss of a majority of the software development team could have similar unpredictable repercussions.
However, the loss of electrical power for a short duration is more easily measurable and can be quantified into monetary amounts that can be assessed with quantitative techniques.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 100

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

A.Improve the change control process
B.Update the threat landscape
C.Review the effectiveness of controls
D.Determine operational losses

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
16
17
18
19
20
21
22
23
24
25
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2023-01-28.q301 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter