
結果を保証するには最新2025年12月無料ISACA CISMで練習しよう
有効な問題最新版を無料で試そうCISM試験問題集解答
認定情報セキュリティマネージャー(CISM)は、情報システム監査および制御協会(ISACA)が提供する専門認定資格です。CISM認定は、組織の情報セキュリティプログラムを管理、設計、評価する責任を持つIT専門家を対象としています。CISM認定を持つ個人は、情報セキュリティ管理の知識と専門知識を示し、その分野のリーダーとして認められています。
CISM認定試験は150問の多肢選択問題から成り、情報セキュリティガバナンス、リスクマネジメント、情報セキュリティプログラムの開発と管理、事件管理と対応の4つの主要な分野をカバーしています。受験者は4時間以内に試験を完了し、800点満点中450点以上を取得する必要があります。この試験は複数の言語で提供され、世界中のテストセンターで受験することができます。CISM認定を取得することは、情報セキュリティへの取り組みを示し、個人に求職市場での競争力を与えます。
CISM認定は、組織の情報セキュリティプログラムの管理と実装を担当する専門家向けに設計されています。情報セキュリティ管理、情報セキュリティガバナンス、リスク管理、情報セキュリティプログラムの開発と管理、インシデント管理と対応という4つのドメインをカバーしています。この試験は包括的であり、セキュリティフレームワーク、リスク評価と管理、セキュリティプログラムの開発と実装、インシデント対応と管理など、情報セキュリティ管理に関連する幅広いトピックをカバーしています。
質問 # 111
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
- A. Security operations program
- B. Business impact analysis (BIA)
- C. Information security policy
- D. Security risk assessment
正解:C
解説:
Explanation
An information security policy is the MOST helpful for aligning security operations with the IT governance framework because it defines the security objectives, principles, standards, and guidelines that guide the security operations activities and processes. An information security policy also establishes the roles and responsibilities, authorities and accountabilities, and reporting and communication mechanisms for security operations. An information security policy should be aligned with the IT governance framework, which provides the direction, structure, and oversight for the effective management and delivery of IT services and resources. An information security policy should also be consistent with the enterprise governance framework, which sets the vision, mission, values, and goals of the organization12. A security risk assessment (A) is helpful for identifying and evaluating the security risks that may affect the security operations and the IT governance framework, but it is not the MOST helpful for aligning them. A security risk assessment should be based on the information security policy, which defines the risk appetite, tolerance, and criteria for the organization12. A security operations program (B) is helpful for implementing and executing the security operations activities and processes that support the IT governance framework, but it is not the MOST helpful for aligning them. A security operations program should be derived from the information security policy, which provides the strategic direction and guidance for the security operations12. A business impact analysis (BIA) (D) is helpful for determining the criticality and priority of the business processes and functions that depend on the security operations and the IT governance framework, but it is not the MOST helpful for aligning them. A BIA should be conducted in accordance with the information security policy, which specifies the business continuity and disaster recovery requirements and objectives for the organization12. References = 1: CISM Review Manual 15th Edition, page 75-76, 81-82, 88-89, 93-941; 2:
CISM Domain 1: Information Security Governance (ISG) [2022 update]2
質問 # 112
Which of the following needs to be established between an IT service provider and its clients to the BEST enable adequate continuity of service in preparation for an outage?
- A. Server maintenance plans
- B. Recovery time objectives
- C. Reciprocal site agreement
- D. Data retention policies
正解:B
解説:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
質問 # 113
Which of the following is the BEST method to determine whether an information security program meets an organization's business objectives?
- A. Perform a business impact analysis (BIA).
- B. Implement performance measures.
- C. Review against international security standards.
- D. Conduct an annual enterprise-wide security evaluation.
正解:B
質問 # 114
Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?
- A. Increase in false positives
- B. Increase in false negatives
- C. Decrease in false negatives
- D. Decrease in false positives
正解:B
解説:
False negatives are events that are not detected by the IDS, but should have been. An increase in false negatives indicates that the IDS is missing potential attacks or intrusions, which could compromise the security of the organization.
Reference = CISM Review Manual, 15th Edition, page 212; CISM Review Questions, Answers & Explanations Database, question ID 1001.
質問 # 115
Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
- A. A virtual private network (VPN) with multi-factor authentication (MFA)
- B. An identity and access management (IAM) system
- C. An intrusion prevention system (IPS)
- D. A security information and event management (SIEM) system
正解:D
解説:
A SIEM system is the best tool for providing an incident response team with the greatest insight into insider threat activity across multiple systems because it can collect, correlate, analyze, and report on security events and logs from various sources, such as network devices, servers, applications, and user activities. A SIEM system can also detect and alert on anomalous or suspicious behaviors, such as unauthorized access, data exfiltration, privilege escalation, or policy violations, that may indicate an insider threat. A SIEM system can also support forensic investigations and incident response actions by providing a centralized and comprehensive view of the security posture and incidents.
References: The CISM Review Manual 2023 defines SIEM as "a technology that provides real-time analysis of security alerts generated by network hardware and applications" and states that "SIEM systems can help identify insider threats by correlating user activity logs with other security events and detecting deviations from normal patterns" (p. 184). The CISM Review Questions, Answers & Explanations Manual 2023 also provides the following rationale for this answer: "A security information and event management (SIEM) system is the correct answer because it can provide the most insight into insider threat activity across multiple systems by collecting, correlating, analyzing, and reporting on security events and logs from various sources" (p. 95). Additionally, the Detecting and Identifying Insider Threats article from the CISA website states that
"threat detection and identification is the process by which persons who might present an insider threat risk due to their observable, concerning behaviors come to the attention of an organization or insider threat team.
Detecting and identifying potential insider threats requires both human and technological elements" and that
"technological elements include tools such as security information and event management (SIEM) systems, user and entity behavior analytics (UEBA) systems, and data loss prevention (DLP) systems, which can monitor, analyze, and alert on user activities and network events" (p. 1)1.
質問 # 116
An information security manager has observed multiple exceptions for a number of different security controls.
Which of the following should be the information security manager's FIRST course of action?
- A. Report the noncompliance to the board of directors.
- B. Inform respective risk owners of the impact of exceptions.
- C. Design mitigating controls for the exceptions.
- D. Prioritize the risk and implement treatment options.
正解:D
質問 # 117
Which of the following processes should be done NEXT after completing a business impact analysis (BIA)?
- A. Develop a business continuity plan (BCP).
- B. Identify resources for business recovery.
- C. Evaluate the disaster recovery plan (DRP).
- D. Develop the requirements for the incident response plan.
正解:A
質問 # 118
Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?
- A. Providing annual awareness training regarding incident response for team members
- B. Rehearsing incident response procedures, roles, and responsibilities
- C. Validating the incident response plan against industry best practices
- D. Defining incident severity levels during a business impact analysis (BIA)
正解:B
解説:
Section: INCIDENT MANAGEMENT AND RESPONSE
質問 # 119
Which of the following BEST determines an information asset's classification?
- A. Risk assessment from the data owner
- B. Criticality to a business process
- C. Value of the information asset in the marketplace
- D. Cost of producing the information asset
正解:B
解説:
According to the CISM Review Manual, 15th Edition1, information asset classification is the process of assigning a level of sensitivity to information assets based on their importance to the organization and the potential impact of unauthorized disclosure, modification or destruction. The criticality of an information asset to a business process is one of the key factors that determines its classification level.
Reference = 1: CISM Review Manual, 15th Edition, ISACA, 2016, Chapter 2, page 61.
質問 # 120
Which of the following is the PRIMARY reason for an Information security manager to present the business case for an Information security initiative to senior management?
- A. To demonstrate to management the due diligence involved with selecting the solution.
- B. To aid management in the decision -making process for purchasing the solution
- C. To represent stakeholders who will benefit from enhancements In information security
- D. To provide management with the status of the information security program
正解:B
質問 # 121
How would the information security program BEST support the adoption of emerging technologies?
- A. Developing an acceptable use policy
- B. Providing effective risk governance
- C. Developing an emerging technology roadmap
- D. Conducting a control assessment
正解:C
解説:
An emerging technology roadmap is a strategic plan that identifies the potential benefits, risks, and challenges of adopting new technologies in alignment with the organization's goals and objectives. It also defines the roles and responsibilities, processes, and controls for managing the technology lifecycle, from evaluation to implementation to maintenance. An emerging technology roadmap can help the information security program support the adoption of emerging technologies by ensuring that security requirements are considered and addressed at every stage, and that the technologies are aligned with the organization's risk appetite and compliance obligations.
Reference = CISM Review Manual, 15th Edition, page 97; Privacy, Security and Bias in Emerging Technologies; The Impact of Emerging Technology on the Future of Cybersecurity
質問 # 122
An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:
- A. establish baseline standards for all locations and add supplemental standards as required.
- B. bring all locations into conformity with a generally accepted set of industry best practices.
- C. bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
- D. establish a baseline standard incorporating those requirements that all jurisdictions have in common.
正解:A
解説:
Explanation/Reference:
Explanation:
It is more efficient to establish a baseline standard and then develop additional standards for locations that must meet specific requirements. Seeking a lowest common denominator or just using industry best practices may cause certain locations to fail regulatory compliance. The opposite approach-forcing all locations to be in compliance with the regulations places an undue burden on those locations.
質問 # 123
An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?
- A. Require management approval for policy exceptions.
- B. Implement a mobile device management (MDM) solution.
- C. Report violations to senior management.
- D. Provide awareness training to end users.
正解:D
質問 # 124
Which of the following is the MOST important reason to classify an incident after detection?
- A. To assign appropriate prioritization levels
- B. To ensure management is accurately informed
- C. To obtain funds for external forensic support
- D. To approve data breach notifications
正解:A
質問 # 125
In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOS important for the information security manager to ensure:
- A. the rationale for acceptance is periodically reviewed
- B. the acceptance is aligned with business strategy.
- C. change activities are documented
- D. compliance with the risk acceptance framework
正解:B
質問 # 126
The GREATEST benefit of choosing a private cloud over a public cloud would be:
- A. online service availability.
- B. collection of data forensic
- C. containment of customer data,
- D. server protection.
正解:C
質問 # 127
An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?
- A. Compensating controls
- B. Key risk indicators (KRIS)
- C. Responsible entities
- D. Potential business impact
正解:D
解説:
The most important information to communicate with regard to the open items from the risk register to senior management is the potential business impact of these risks. The potential business impact is the estimated consequence or loss that the organization may suffer if the risk materializes or occurs. The potential business impact can be expressed in quantitative or qualitative terms, such as financial, operational, reputational, legal, or strategic impact. Communicating the potential business impact of the open items from the risk register helps senior management to understand the severity and urgency of these risks, and to prioritize the risk response actions and resources accordingly. Communicating the potential business impact also helps senior management to align the risk management objectives and activities with the business objectives and strategies, and to ensure that the risk appetite and tolerance of the organization are respected and maintained.
Reference = CISM Review Manual, 16th Edition, Chapter 2: Information Risk Management, Section: Risk Assessment, page 831; CISM Review Manual, 16th Edition, Chapter 2: Information Risk Management, Section: Risk Reporting, page 1012.
質問 # 128
Which of the following has the MOST influence on the inherent risk of an information asset?
- A. Risk tolerance
- B. Return on investment (ROI)
- C. Business criticality
- D. Net present value (NPV)
正解:C
解説:
Explanation
Business criticality is the degree to which an asset is essential to the success of the business and the extent to which its loss or compromise could have a significant impact on the business. Business criticality is one of the main factors that help to determine the inherent risk of an asset, as assets that are more critical to the business tend to have a higher inherent risk.
質問 # 129
A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:
- A. the database becomes unavailable if the password of the application ID expires.
- B. users can gain direct access to the application ID and circumvent data controls.
- C. an incident involving unauthorized access to data cannot be tied to a specific user.
- D. when multiple sessions with the same application ID collide, the database locks up.
正解:C
解説:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
質問 # 130
A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
- A. notify law enforcement.
- B. take an image copy of the media.
- C. close the accounts receivable system.
- D. document how the attack occurred.
正解:B
解説:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
Taking an image copy of the media is a recommended practice to ensure legal admissibility. All of the other choices are subsequent and may be supplementary.
質問 # 131
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?
- A. While responding to the incident
- B. During a tabletop exercise
- C. After a risk reassessment
- D. During post-incident review
正解:D
解説:
During post-incident review is the best time to update the incident response plan after observing several deficiencies in the current plan while responding to a high-profile security incident. A post-incident review is a process of analyzing and evaluating the incident response activities, identifying the lessons learned, and documenting the recommendations and action items for improvement. Updating the incident response plan during post-incident review helps to ensure that the plan reflects the current best practices, addresses the gaps and weaknesses, and incorporates the feedback and suggestions from the incident response team and other stakeholders. Therefore, during post-incident review is the correct answer.
Reference:
https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdf
https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan
https://www.integrify.com/blog/posts/incident-response-plan-need-an-update/
質問 # 132
......
CISMブレーン問題集PDF、ISACA CISM試験問題詰合せ:https://jp.fast2test.com/CISM-premium-file.html
2025年最新のCISMサンプル問題は信頼され続けるCISMテストエンジン:https://drive.google.com/open?id=13N9cWFyEZuSI0-ncuF416bMxSqXQ6WlX