Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

CISM Certified Information Security Manager is now Stable and With Pass Result | Test Your Knowledge for Free

  1. Home
  2. Isaca
  3. Isaca Certification
  4. CISM
  5. Certified Information Security Manager
Exams4sure Dumps

CISM Practice Questions

Certified Information Security Manager

Last Update 3 days ago
Total Questions : 1044

Dive into our fully updated and stable CISM practice test platform, featuring all the latest Isaca Certification exam questions added this week. Our preparation tool is more than just a Isaca study aid; it's a strategic advantage.

Our free Isaca Certification practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about CISM. Use this test to pinpoint which areas you need to focus your study on.

CISM PDF

CISM PDF (Printable)
$69.65
$199
 Add to Cart

CISM Testing Engine

CISM PDF (Printable)
$78.75
$225
 Add to Cart

CISM PDF + Testing Engine

CISM PDF (Printable)
$87.15
$249
 Add to Cart
Question # 261

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

Options:

A.  

While responding to the incident

B.  

During a tabletop exercise

C.  

During post-incident review

D.  

After a risk reassessment

Discussion 0
Question # 262

As part of incident response activities, the BEST time to begin the recovery process is after:

Options:

A.  

The eradication phase has been completed

B.  

The incident response team has been established

C.  

The root cause has been determined

D.  

The incident manager has declared the incident

Discussion 0
Question # 263

To improve the efficiency of the development of a new software application, security requirements should be defined:

Options:

A.  

based on code review.

B.  

based on available security assessment tools.

C.  

after functional requirements.

D.  

concurrently with other requirements.

Discussion 0
Question # 264

Which of the following components of an information security risk assessment is MOST valuable to senior management?

Options:

A.  

Threat profile

B.  

Residual risk

C.  

Return on investment (ROI)

D.  

Mitigation actions

Discussion 0
Question # 265

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.  

Compatibility with legacy systems

B.  

Application of corporate hardening standards

C.  

Integration with existing access controls

D.  

Unknown vulnerabilities

Discussion 0
Question # 266

A global organization is considering its geopolitical security risks. Which of the following is the information security manager's BEST approach?

Options:

A.  

Seek advice from environmental and physical security experts

B.  

Implement a third-party risk management framework

C.  

Implement controls that deny access from specific jurisdictions

D.  

Seek advice from enterprise risk and legal experts

Discussion 0
Question # 267

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.  

Ensuring human safety

B.  

Identifying critical business processes

C.  

Ensuring the reliability of backup data

D.  

Securing critical information assets

Discussion 0
Question # 268

What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?

Options:

A.  

Perform a vulnerability assessment on the systems within the department.

B.  

Introduce additional controls to force compliance with policy.

C.  

Require department users to repeat security awareness training.

D.  

Report the policy violation to senior management.

Discussion 0
Question # 269

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:

A.  

Conduct an impact assessment.

B.  

Isolate the affected systems.

C.  

Rebuild the affected systems.

D.  

Initiate incident response.

Discussion 0
Question # 270

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

Options:

A.  

Mapping risk scenarios according to sensitivity of data

B.  

Reviewing mitigating and compensating controls for each risk scenario

C.  

Mapping the risk scenarios by likelihood and impact on a chart

D.  

Performing a risk assessment on the laaS provider

Discussion 0
Question # 271

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?

Options:

A.  

Isolate the PC from the network

B.  

Perform a vulnerability scan

C.  

Determine why the PC is not included in the inventory

D.  

Reinforce information security training

Discussion 0
Question # 272

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

Options:

A.  

Decrease in false positives

B.  

Increase in false positives

C.  

Increase in false negatives

D.  

Decrease in false negatives

Discussion 0
Question # 273

Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?

Options:

A.  

Security information and event management (SIEM)

B.  

Extended detection and response (XDR)

C.  

Endpoint detection and response (EDR)

D.  

Network intrusion detection system (NIDS)

Discussion 0
Question # 274

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

Options:

A.  

Senior management

B.  

Application owner

C.  

Information security manager

D.  

Legal representative

Discussion 0
Question # 275

A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Options:

A.  

Mitigate

B.  

Accept

C.  

Transfer

D.  

Avoid

Discussion 0
Question # 276

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Options:

A.  

Regulations and standards

B.  

People and culture

C.  

Executive and board directives

D.  

Processes and technology

Discussion 0
Question # 277

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Options:

A.  

Training project managers on risk assessment

B.  

Having the information security manager participate on the project steering committees

C.  

Applying global security standards to the IT projects

D.  

Integrating the risk assessment into the internal audit program

Discussion 0
Question # 278

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

Options:

A.  

Perform a patch update.

B.  

Conduct a risk assessment.

C.  

Perform a penetration test.

D.  

Conduct an impact assessment.

Discussion 0
Question # 279

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Options:

A.  

Obtain consensus on the strategy from the executive board.

B.  

Review alignment with business goals.

C.  

Define organizational risk tolerance.

D.  

Develop a project plan to implement the strategy.

Discussion 0
Question # 280

Which of the following is the PRIMARY role of the information security manager in application development?

Options:

A.  

To ensure security is integrated into the system development life cycle (SDLC)

B.  

To ensure compliance with industry best practice

C.  

To ensure enterprise security controls are implemented

D.  

To ensure control procedures address business risk

Discussion 0
Get CISM dumps and pass your exam in 24 hours!

Free Exams Sample Questions

Free SY0-701 Questions
Free Rev-Con-201 Questions
Free 2V0-13.25 Questions
Free ZDTE Questions
Free N10-009 Questions
Free 200-301 Questions
Free AZ-104 Questions
Free 350-401 Questions
Free 2V0-17.25 Questions
Free CMMC-CCP Questions
Free AIF-C01 Questions
Free CMMC-CCA Questions
Free AI-102 Questions
Free 312-50v13 Questions
Free ICWIM Questions
Free CKA Questions
Free SC-200 Questions
Free SC-300 Questions
Free OGEA-102 Questions
NGFW-Engineer Questions
ISA-IEC-62443 Questions
Free Agentforce Specialist Questions
Free Generative-AI-Leader Questions
Free FCSS_EFW_AD-7.6 Questions
Free Secure-Software-Design Questions
Free Data-Cloud-Consultant Questions
Free Workday-Pro-Integrations Questions
Free UAE-Financial-Rules-and-Regulations Questions
AWS-Solution-Architect-Associate Dumps
Professional-Cloud-Architect Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
ISO-IEC-27001-Lead-Implementer Dumps
Integration-Architect Dumps
CLF-C02 Dumps
JN0-105 Dumps
CDCP Dumps
CTA Dumps
NCP-MCI-6.10 Dumps
NCA-AIIO Dumps