Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu
sale

Want to Unlock All Questions for this Exam?

Full Exam Access, Discussions, No Robots Checks

27
Students signed up in the last 24H

Isaca CISM Exam Actual Questions

The questions for CISM were last updated on April 23, 2024.
  • Viewing page 1 out of 116 pages.
  • Viewing questions 1-10 out of 1157 questions
 

Topic 1 - Single Topic

Question #1 Topic 1

An information security risk analysis BEST assists an organization in ensuring that:

  • A. the infrastructure has the appropriate level of access control.
  • B. cost-effective decisions are made with regard to which assets need protection
  • C. an appropriate level of funding is applied to security processes.
  • D. the organization implements appropriate security technologies
Reveal Solution Hide Solution   Discussion   13

Correct Answer: B 🗳️

Question #2 Topic 1

In a multinational organization, local security regulations should be implemented over global security policy because:

  • A. business objectives are defined by local business unit managers.
  • B. deploying awareness of local regulations is more practical than of global policy.
  • C. global security policies include unnecessary controls for local businesses.
  • D. requirements of local regulations take precedence.
Reveal Solution Hide Solution   Discussion   12

Correct Answer: D 🗳️

Question #3 Topic 1

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

  • A. conduct a cost-benefit analysis.
  • B. conduct a risk assessment.
  • C. interview senior management.
  • D. perform a gap analysis.
Reveal Solution Hide Solution   Discussion   61

Correct Answer: D 🗳️

Question #4 Topic 1

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

  • A. Access control management
  • B. Change management
  • C. Configuration management
  • D. Risk management
Reveal Solution Hide Solution   Discussion   11

Correct Answer: D 🗳️

Question #5 Topic 1

Which of the following is the BEST way to build a risk-aware culture?

  • A. Periodically change risk awareness messages.
  • B. Ensure that threats are communicated organization-wide in a timely manner.
  • C. Periodically test compliance with security controls and post results.
  • D. Establish incentives and a channel for staff to report risks.
Reveal Solution Hide Solution   Discussion   20

Correct Answer: C 🗳️

Question #6 Topic 1

What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?

  • A. Cancel the outsourcing contract.
  • B. Transfer the risk to the provider.
  • C. Create an addendum to the existing contract.
  • D. Initiate an external audit of the provider's data center.
Reveal Solution Hide Solution   Discussion   8

Correct Answer: C 🗳️

Question #7 Topic 1

An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?

  • A. Controls to be monitored
  • B. Reporting capabilities
  • C. The contract with the SIEM vendor
  • D. Available technical support
Reveal Solution Hide Solution   Discussion   16

Correct Answer: A 🗳️

Question #8 Topic 1

Which of the following is MOST likely to be included in an enterprise security policy?

  • A. Definitions of responsibilities
  • B. Retention schedules
  • C. System access specifications
  • D. Organizational risk
Reveal Solution Hide Solution   Discussion   5

Correct Answer: A 🗳️

Question #9 Topic 1

Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?

  • A. Develop a business case for funding remediation efforts.
  • B. Advise senior management to accept the risk of noncompliance.
  • C. Notify legal and internal audit of the noncompliant legacy application.
  • D. Assess the consequences of noncompliance against the cost of remediation.
Reveal Solution Hide Solution   Discussion   20

Correct Answer: D 🗳️

Question #10 Topic 1

Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

  • A. Review the third-party contract with the organization's legal department.
  • B. Communicate security policy with the third-party vendor.
  • C. Ensure security is involved in the procurement process.
  • D. Conduct an information security audit on the third-party vendor.
Reveal Solution Hide Solution   Discussion   28

Correct Answer: B 🗳️

Next Questions

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel