CISM Actual Exam Questions

Last updated on Nov. 25, 2024.
Vendor:Isaca
Exam Code:CISM
Exam Name:Certified Information Security Manager
Exam Questions:1250
 

Topic 1 - Single Topic

Question #1 Topic 1

An information security risk analysis BEST assists an organization in ensuring that:

  • A. the infrastructure has the appropriate level of access control.
  • B. cost-effective decisions are made with regard to which assets need protection
  • C. an appropriate level of funding is applied to security processes.
  • D. the organization implements appropriate security technologies
Reveal Solution Hide Solution   Discussion   14

Correct Answer: B 🗳️

Question #2 Topic 1

In a multinational organization, local security regulations should be implemented over global security policy because:

  • A. business objectives are defined by local business unit managers.
  • B. deploying awareness of local regulations is more practical than of global policy.
  • C. global security policies include unnecessary controls for local businesses.
  • D. requirements of local regulations take precedence.
Reveal Solution Hide Solution   Discussion   14

Correct Answer: D 🗳️

Question #3 Topic 1

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

  • A. conduct a cost-benefit analysis.
  • B. conduct a risk assessment.
  • C. interview senior management.
  • D. perform a gap analysis.
Reveal Solution Hide Solution   Discussion   64

Correct Answer: B 🗳️

Question #4 Topic 1

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

  • A. Access control management
  • B. Change management
  • C. Configuration management
  • D. Risk management
Reveal Solution Hide Solution   Discussion   10

Correct Answer: D 🗳️

Question #5 Topic 1

Which of the following is the BEST way to build a risk-aware culture?

  • A. Periodically change risk awareness messages.
  • B. Ensure that threats are communicated organization-wide in a timely manner.
  • C. Periodically test compliance with security controls and post results.
  • D. Establish incentives and a channel for staff to report risks.
Reveal Solution Hide Solution   Discussion   16

Correct Answer: D 🗳️

Question #6 Topic 1

What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?

  • A. Cancel the outsourcing contract.
  • B. Transfer the risk to the provider.
  • C. Create an addendum to the existing contract.
  • D. Initiate an external audit of the provider's data center.
Reveal Solution Hide Solution   Discussion   7

Correct Answer: C 🗳️

Question #7 Topic 1

An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?

  • A. Controls to be monitored
  • B. Reporting capabilities
  • C. The contract with the SIEM vendor
  • D. Available technical support
Reveal Solution Hide Solution   Discussion   16

Correct Answer: A 🗳️

Question #8 Topic 1

Which of the following is MOST likely to be included in an enterprise security policy?

  • A. Definitions of responsibilities
  • B. Retention schedules
  • C. System access specifications
  • D. Organizational risk
Reveal Solution Hide Solution   Discussion   5

Correct Answer: A 🗳️

Question #9 Topic 1

Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?

  • A. Develop a business case for funding remediation efforts.
  • B. Advise senior management to accept the risk of noncompliance.
  • C. Notify legal and internal audit of the noncompliant legacy application.
  • D. Assess the consequences of noncompliance against the cost of remediation.
Reveal Solution Hide Solution   Discussion   22

Correct Answer: D 🗳️

Question #10 Topic 1

Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

  • A. Review the third-party contract with the organization's legal department.
  • B. Communicate security policy with the third-party vendor.
  • C. Ensure security is involved in the procurement process.
  • D. Conduct an information security audit on the third-party vendor.
Reveal Solution Hide Solution   Discussion   29

Correct Answer: C 🗳️

file Viewing page 1 out of 125 pages.
Viewing questions 1-10 out of 1250 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago