Exin CITM Exam Dumps

In the Software Development Life Cycle (SDLC), the development phase typically includes code writing (A), testing (B), and documenting (C) to build and verify the software. Implementation (D) is part of the deployment phase, where the software is installed and made operational in the production environment, not part of development.

Requests for password resets from unknown individuals suggest social engineering attacks, such as phishing or impersonation, where attackers manipulate users to gain unauthorized access. An information security awareness program should focus on educating staff about social engineering tactics to recognize and prevent such incidents.

E-mail usage (A), instant messaging (B), and internet usage (C) may be vectors for attacks, but the core issue is social engineering, which encompasses tactics used across these channels.

A parallel test (A) in business continuity planning involves running systems at both the primary and alternate sites simultaneously to compare data and ensure the alternate site can handle operations effectively. This test verifies data replication and system functionality without interrupting normal operations, aligning with the managers' desire to compare data before a full interruption test.

Simulation test (B): This involves simulating a disaster scenario to test response procedures without activating the alternate site, so it doesn't focus on data comparison.

Structured walk-through test (C): This is a tabletop exercise where team members discuss and review the plan without executing systems or comparing data.

Checklist test (D): This involves reviewing the business continuity plan against a checklist to ensure completeness, not comparing data between sites.

According to ISO 22301 or business continuity management frameworks, a parallel test is used to validate recovery capabilities while maintaining operations at the primary site, making it ideal for the scenario described.

Security awareness programs require ongoing engagement to remain effective. If security incidents decrease initially but increase after eight months, the most likely cause is that message materials are few and static, and renewal is not taking place (C). Static content becomes outdated or ignored over time, reducing its impact. Regular updates, new campaigns, and varied delivery methods (e.g., videos, quizzes) are essential to maintain employee awareness and adapt to evolving threats, as per ISO/IEC 27001 or NIST security awareness guidelines.

Insufficient budget (A): While budget constraints could limit program scope, there's no evidence in the scenario to suggest this is the primary issue.

Scope too narrow (B): A narrow scope might limit effectiveness initially, but the initial success suggests the scope was adequate; the issue is sustaining engagement.

Lack of resources for instructor-led sessions (D): Instructor-led sessions are one delivery method, but the core issue is likely outdated content rather than delivery format.

A high failure rate of changes during Post Implementation Review (PIR) in ITIL's change management process suggests a deficiency in the assessment and evaluation of change requests (A). Proper assessment involves analyzing risks, impacts, and feasibility before approving changes. If this step is inadequate (e.g., overlooking conflicts or underestimating impacts), changes are more likely to fail, as they may not align with objectives or be poorly planned.

Insufficient resources (B): May cause delays but is less directly tied to failed objectives compared to poor assessment.

CAB meetings not taking place (C): The CAB reviews changes, but the scenario doesn't indicate meetings are absent; poor assessment can occur even with CAB involvement.

Insufficient budget (D): May limit implementation but is less likely the primary cause of failed objectives.