Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 184

Which of the following is an input used to calculate system-level risk?

Options:

A.

Key risk indicators

B.

Business impact analysis

C.

System risk appetite

D.

System vulnerabilities

Buy Now
Question # 185

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

Options:

A.

IT strategy

B.

Security architecture

C.

Business case

D.

Risk assessment

Buy Now
Question # 186

Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy. What should the information security manager do NEXT?

Options:

A.

Develop a personal device policy

B.

Implement a mobile device management (MDM) solution

C.

Develop training specific to BYOD awareness

D.

Define control requirements

Buy Now
Question # 187

Which of the following should be done FIRST to prioritize response to incidents?

Options:

A.

Containment

B.

Escalation

C.

Analysis

D.

Triage

Buy Now
Question # 188

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Options:

A.

Lack of availability

B.

Lack of accountability

C.

Improper authorization

D.

Inadequate authentication

Buy Now
Question # 189

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Buy Now
Question # 190

In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or

Options:

A.

Security budget

B.

Risk register

C.

Risk score

D.

Laws and regulations

Buy Now
Question # 191

Which of the following is MOST important when conducting a forensic investigation?

Options:

A.

Analyzing system memory

B.

Documenting analysis steps

C.

Capturing full system images

D.

Maintaining a chain of custody

Buy Now
Question # 192

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Buy Now
Question # 193

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.

Wider range of capabilities

B.

Easier implementation across an organization

C.

Greater ability to focus on core business operations

D.

Lower cost of operations

Buy Now
Question # 194

Which of the following is the PRIMARY objective of a cyber resilience strategy?

Options:

A.

Employee awareness

B.

Business continuity

C.

Executive support

D.

Regulatory compliance

Buy Now
Question # 195

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Buy Now
Question # 196

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Options:

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Buy Now
Question # 197

Which of the following should be an information security manager ' s PRIMARY concern when an organization is expanding business to a new country?

Options:

A.

Compliance with local regulations

B.

Changes in IT infrastructure

C.

Cultural differences in the new country

D.

Ability to gather customer data

Buy Now
Question # 198

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Options:

A.

Asset classification

B.

Recovery time objectives (RTOs)

C.

Chain of custody

D.

Escalation procedures

Buy Now
Question # 199

Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?

Options:

A.

The risks are entered in the organization ' s risk register.

B.

The risks are reported to the business unit ' s senior management.

C.

The risks are escalated to the IT department for remediation.

D.

The risks are communicated to the central risk function.

Buy Now
Question # 200

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Options:

A.

Balanced scorecard

B.

Risk matrix

C.

Benchmarking

D.

Heat map

Buy Now
Question # 201

Which of the following BEST protects against emerging advanced persistent threat (APT) actors?

Options:

A.

Honeypot environment

B.

Updated security awareness materials

C.

Ongoing incident response training

D.

Proactive monitoring

Buy Now
Question # 202

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?

Options:

A.

Schedule patching based on the criticality.

B.

Install the patch immediately to eliminate the vulnerability.

C.

Conduct comprehensive testing of the patch.

D.

Validate the authenticity of the patch.

Buy Now
Question # 203

Which of the following is the PRIMARY reason for granting a security exception?

Options:

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249