Isaca CISM Dumps - Certified Information Security Manager PDF Sample Questions

discount banner
Exam Code:
CISM
Exam Name:
Certified Information Security Manager
801 Questions
Last Update Date : 04 February, 2025
PDF + Test Engine
$60 $78
Test Engine Only Demo
$50 $65
PDF Only Demo
$35 $45.5

Isaca CISM This Week Result

0

They can't be wrong

0

Score in Real Exam at Testing Centre

0

Questions came word by word from this dumps

Best Isaca CISM Dumps - pass your exam In First Attempt

Our CISM dumps are better than all other cheap CISM study material.

Only best way to pass your Isaca CISM is that if you will get reliable exam study materials. We ensure you that realexamdumps is one of the most authentic website for Isaca CISM exam question answers. Pass your CISM Certified Information Security Manager with full confidence. You can get free Certified Information Security Manager demo from realexamdumps. We ensure 100% your success in CISM Exam with the help of Isaca Dumps. you will feel proud to become a part of realexamdumps family.

Our success rate from past 5 year very impressive. Our customers are able to build their carrier in IT field.

Owl
Search

45000+ Exams

Buy

Desire Exam

Download

Exam

and pass your exam...

Related Exam

Realexamdumps Providing most updated CISM Question Answers. Here are a few exams:


Sample Questions

Realexamdumps Providing most updated CISM Question Answers. Here are a few sample questions:

Isaca CISM Sample Question 1

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?


Options:

A. Information security strategy
B. Current resourcing levels
C. Availability of potential resources
D. Information security incidents

Answer: C

Isaca CISM Sample Question 2

Which of the following is the BEST justification for making a revision to a password policy?


Options:

A. Audit recommendation
B. Industry best practice
C. A risk assessment
D. Vendor recommendation

Answer: D

Isaca CISM Sample Question 3

The PRIMARY goal of information security governance is to:


Options:

A. reduce risk to an acceptable level.
B. establish a security strategy.
C. align with business objectives.
D. align with business processes.

Answer: D

Isaca CISM Sample Question 4

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?


Options:

A. Develop a project plan to implement the strategy.
B. Review alignment with business goals.
C. Obtain consensus on the strategy from the executive board.
D. Define organizational risk tolerance.

Answer: B

Isaca CISM Sample Question 5

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?


Options:

A. A simulated denial of service (DoS) attack against the firewall
B. A validation of the current firewall rule set
C. A port scan of the firewall from an internal source
D. A ping test from an external source

Answer: C

Isaca CISM Sample Question 6

During the response to a serious security breach, who is the BEST organizational staff member to communicate with external entities?


Options:

A. The incident response team leader
B. The resource specified in the incident response plan
C. A dedicated public relations spokesperson
D. The resource designated by senior management

Answer: D

Isaca CISM Sample Question 7

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?


Options:

A. Execution of unauthorized commands
B. Prevention of authorized access
C. Unauthorized access to resources
D. Defacement of website content

Answer: C

Isaca CISM Sample Question 8

Which of the following is the BEST method to ensure compliance with password standards?


Options:

A. A user-awareness program
B. Using password-cracking software
C. Automated enforcement of password syntax rules
D. Implementing password-synchronization software

Answer: D

Isaca CISM Sample Question 9

Which of the following BEST enables the detection of advanced persistent threats (APTs)?


Options:

A. Vulnerability scanning
B. Periodic reviews of intrusion prevention system (IPS)
C. Security information and event management system (SIEM)
D. Internet gateway

Answer: B

Isaca CISM Sample Question 10

Which of the following is the MOST important output from a post-incident review?


Options:

A. Revised business impact analysis (BIA)
B. Compilation of incident-related costs
C. Repository of digital forensic artifacts
D. Documentation of lessons learned

Answer: E

Isaca CISM Sample Question 11

Which of the following is the GREATEST benefit of integrating information security governance into corporate governance?


Options:

A. Additional qualified information security professionals can be hired.
B. External cyber threats to the organization are identified more quickly.
C. Senior management commitment to information security is strengthened.
D. Information security projects are managed more efficiently.

Answer: D

Isaca CISM Sample Question 12

When a critical system incident is reported, the FIRST step of the incident handler should be to:


Options:

A. power off the system.
B. notify the appropriate parties.
C. determine the scope of the incident.
D. validate the incident.

Answer: E

Isaca CISM Sample Question 13

Which of the following is the MOST effective way to prevent information security incidents?


Options:

A. Implementing a security awareness training program for employees
B. Deploying a consistent incident response approach
C. Implementing a security information and event management (SIEM) tool
D. Deploying intrusion detection tools in the network environment

Answer: B

Isaca CISM Sample Question 14

Which of the following is MOST effective in reducing the financial I


Options:

A. An incident response plan
B. Backup and recovery strategy
C. A business continuity plan (BCP)
D. A data loss prevention (DLP) solution

Answer: B

Isaca CISM Sample Question 15

An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:


Options:

A. the business strategy includes exceptions to the encryption standard.
B. the implementation supports the business strategy.
C. data can be recovered if the encryption keys are misplaced.
D. a classification policy has been developed to incorporate the need for encryption.

Answer: C

Isaca CISM Sample Question 16

Which of the following is the MOST effective method of determining security priorities?


Options:

A. Gap analysis
B. Threat assessment
C. Impact analysis
D. Vulnerability assessment

Answer: D

Isaca CISM Sample Question 17

When considering whether to adopt bring your own device (BYOD). it is MOST important for the information security manager to ensure that:


Options:

A. security controls are applied to each device when joining the network.
B. the applications are tested prior to implementation.
C. users have read and signed acceptable use agreements.
D. business leaders have an understanding of security risks.

Answer: E

Isaca CISM Sample Question 18

The MOST important objective of security awareness training for business staff is to:


Options:

A. increase compliance.
B. understand intrusion methods.
C. modify behavior.
D. reduce negative audit findings.

Answer: D

Isaca CISM Sample Question 19

Human resources (HR) is evaluating potential Software as a Service (SaaS) cloud services. Which of the following should the information security manager do FIRST to support this effort?


Options:

A. Conduct a security audit on the cloud service providers.
B. Perform a risk assessment of adopting cloud services.
C. Perform a cost-benefit analysis of using cloud services.
D. Review the cloud service providers’ controls reports.

Answer: C

Isaca CISM Sample Question 20

Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?


Options:

A. Schedule the target end date for implementation activities.
B. Calculate the cost for each countermeasure.
C. Develop an implementation strategy.
D. Budget the total cost of implementation activities.

Answer: B

Isaca CISM Sample Question 21

Which of the following is a PRIMARY responsibility of the information security governance function?


Options:

A. Defining security strategies to support organizational programs
B. Administering information security awareness training
C. Ensuring adequate support for solutions using emerging technologies
D. Advising senior management on optimal levels of risk appetite and tolerance

Answer: B

Isaca CISM Sample Question 22

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?


Options:

A. Establish an audit committee.
B. Conduct a threat analysis.
C. Implement an information security awareness training program.
D. Create an information security steering committee.

Answer: D

Isaca CISM Sample Question 23

Which of the following BEST indicates the effectiveness of the vendor risk management process?


Options:

A. Increase in the percentage of vendors certified to a globally recognized securitystandard
B. Increase in the percentage of vendors that have reported security breaches
C. Increase in the percentage of vendors conducting mandatory security training
D. Increase in the percentage of vendors with a completed due diligence review

Answer: C

Isaca CISM Sample Question 24

Which of the following should be done FIRST when selecting performance metrics to report. on the vendor risk management process?


Options:

A. Identify the data owner.
B. Review the confidentiality requirements.
C. Identify the intended audience.
D. Select the data source.

Answer: D

Isaca CISM Sample Question 25

Which of the following is the MOST reliable way to ensure network security incidents are identified as soon as possible?


Options:

A. Conduct workshops and training sessions with end users.
B. Collect and correlate IT infrastructure event logs.
C. Install stateful inspection firewalls.
D. Train help desk staff to identify and prioritize security incidents.

Answer: C

Isaca CISM Sample Question 26

Which of the following is the BEST way to strengthen the security of corporate data on a personal mobile device?


Options:

A. Using containerized software
B. Mandating use of pre-approved devices
C. Implementing a strong password policy
D. Implementing multi-factor authentication

Answer: C

Isaca CISM Sample Question 27

When determining an acceptable risk level, which of the following is the MOST important consideration?


Options:

A. System criticalities
B. Threat profiles
C. Vulnerability scores
D. Risk matrices

Answer: B

Isaca CISM Sample Question 28

Which of the following is the MOST important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?


Options:

A. The ability to classify types of devices
B. The ability to remotely locate devices
C. The ability to centrally manage devices
D. The ability to restrict unapproved applications

Answer: C

Isaca CISM Sample Question 29

The business advantage of implementing authentication tokens is that they:


Options:

A. improve access security.
B. reduce administrative workload.
C. reduce overall cost.
D. provide nonrepudiation

Answer: B

Isaca CISM Sample Question 30

Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?


Options:

A. Require data to be transmitted over a secure connection.
B. Harden the communication infrastructure.
C. Enforce multi-factor authentication on both ands of the communication
D. Require files to be digitally signed before they are transmitted.

Answer: E

Isaca CISM Sample Question 31

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?


Options:

A. Right of the subscriber to conduct onsite audits of the vendor
B. Escrow of software code with conditions for code release
C. Commingling of subscribers’ data on the same physical server
D. Authority of the subscriber to approve access to its data

Answer: B

Isaca CISM Sample Question 32

An organization shares customer information across its globally dispersed branches. Which of the following should be the GREATEST concern to information security management?


Options:

A. Decentralization of information security
B. Cross-cultural differences between branches
C. Conflicting data protection regulations
D. Insecure wide area networks (WANS)

Answer: D

Isaca CISM Sample Question 33

Which of the following should be the MOST important consideration when reviewing an information security strategy?


Options:

A. New business initiatives
B. Changes to the security budget
C. Recent security incidents
D. Internal audit findings

Answer: B

Isaca CISM Sample Question 34

The BEST way to report to the board on the effectiveness of the information security program is to present:


Options:

A. a dashboard illustrating key performance metrics
B. a summary of the most recent audit findings.
C. A report of cost savings from process improvements.
D. peer-group industry benchmarks.

Answer: B

Isaca CISM Sample Question 35

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?


Options:

A. Configuration management
B. Risk management
C. Change management
D. Access control management

Answer: C

Isaca CISM Sample Question 36

Which of the following provides the MOST essential input for the development of an information security strategy?


Options:

A. Measurement of security performance against IT goals
B. Availability of capable information security resources
C. Results of a technology risk assessment
D. Results of an information security gap analysis

Answer: E

Isaca CISM Sample Question 37

Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?


Options:

A. Benchmarking against industry peers
B. Prioritization of action plans
C. Validation of current capabilities
D. Identification of threats and vulnerabilities

Answer: D

Isaca CISM Sample Question 38

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged.

Which of the following is the BEST automated control to resolve this issue?


Options:

A. Integrating automated service level agreement (SLA) reporting into the help desk ticketing system
B. Integrating incident response workflow into the help desk ticketing system
C. Implementing automated vulnerability scanning in the help desk workflow
D. Changing the default setting for all security incidents to the highest priority

Answer: B

Isaca CISM Sample Question 39

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?


Options:

A. Corresponding breaches associated with each vendor
B. Compensating controls in place to protect information security
C. Compliance requirements associated with the regulation
D. Criticality of the service to the organization

Answer: E

Isaca CISM Sample Question 40

Which of the following processes can be used to remediate identified technical vulnerabilities?


Options:

A. Enforcing baseline configurations
B. Updating the business impact analysis (BIA)
C. Conducting a risk assessment
D. Performing penetration testing

Answer: C

Isaca CISM Sample Question 41

Which of the following is the PRIMARY responsibility of an information security governance committee?


Options:

A. Reviewing monthly information security metrics
B. Reviewing the information security risk register
C. Discussing upcoming information security projects
D. Approving changes to the information security strategy

Answer: E


and so much more...