Isaca Updated CISM Exam Questions and Answers by lennox

Zero-day attacks exploit unknown vulnerabilities for which patches and signatures do not yet exist. Therefore, behavior anomaly detection (C) is the most effective approach because it focuses on abnormal system behavior, not known attack patterns. USB controls (A) address a specific threat vector but do not broadly mitigate zero-day risks. Automated antivirus updates (B) and patching programs (D) are essential baseline controls, but they are reactive and ineffective against unknown exploits. CISM emphasizes a risk-based, layered defense strategy, where advanced detection capabilities are used to identify and respond to emerging threats that bypass traditional controls. Behavior-based detection improves resilience against evolving and unknown attack techniques.

The best reason to conduct a social engineering test in a call center is to identify candidates for additional security training because it helps to assess the level of awareness and skills of the call center staff in recognizing and resisting social engineering attacks, and provide them with the necessary training or education to improve their security posture. Minimizing the likelihood of successful attacks is not a reason to conduct a social engineering test, but rather a possible outcome or benefit of conducting such a test. Gaining funding for information security initiatives is not a reason to conduct a social engineering test, but rather a possible outcome or benefit of conducting such a test. Improving password policy is not a reason to conduct a social engineering test, but rather a possible outcome or benefit of conducting such a test. References: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/the-value-of-penetration-testing https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/security-scanning-versus-penetration-testing