ISACA CISM 関連資格知識の困難度なので、試験の準備をやめます。実には、正確の方法と資料を探すなら、すべては問題ではりません。我々社はISACA CISM 関連資格知識に準備するあなたに怖さを取り除き、正確の方法と問題集を提供できます。ご購入の前後において、いつまでもあなたにヘルプを与えられます。あなたのISACA CISM 関連資格知識に合格するのは我々が与えるサプライズです。
試験科目：「Certified Information Security Manager」
問題と解答：全631問 CISM 日本語関連対策
NO.1 Which of the following is the MOST appropriate position to sponsor the design and
implementation of a new security infrastructure in a large global enterprise?
A. Chief security officer (CSO)
B. Chief operating officer (COO)
C. Chief privacy officer (CPO)
D. Chief legal counsel (CLC)
The chief operating officer (COO) is most knowledgeable of business operations and objectives. The
chief privacy officer (CPO) and the chief legal counsel (CLC) may not have the knowledge of the day-
to-day business operations to ensure proper guidance, although they have the same influence
within the organization as the COO. Although the chief security officer (CSO) is knowledgeable of
what is needed, the sponsor for this task should be someone with far-reaching influence across the
NO.2 The cost of implementing a security control should not exceed the:
A. asset value.
B. implementation opportunity costs.
C. annualized loss expectancy.
D. cost of an incident.
The cost of implementing security controls should not exceed the worth of the asset. Annualized
loss expectancy represents the losses drat are expected to happen during a single calendar year. A
security mechanism may cost more than this amount (or the cost of a single incident) and still be
considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an
item or the making of a business decision.
A. geographic coverage.
Privacy policies must contain notifications and opt-out provisions: they are a high-level
management statement of direction. They do not necessarily address warranties, liabilities or
geographic coverage, which are more specific.
NO.4 Which of the following roles would represent a conflict of interest for an information security
A. Evaluation of third parties requesting connectivity
B. Monitoring adherence to physical security controls
C. Final approval of information security policies
D. Assessment of the adequacy of disaster recovery plans
CISM 訓練 CISM 真実
Since management is ultimately responsible for information security, it should approve information
security policy statements; the information security manager should not have final approval.
Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring
of compliance with physical security controls are acceptable practices and do not present any
conflicts of interest.