Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 224

Which of the following is the MOST important factor of a successful information security program?

Options:

A.

The program follows industry best practices.

B.

The program is based on a well-developed strategy.

C.

The program is cost-efficient and within budget,

D.

The program is focused on risk management.

Buy Now
Question # 225

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization ' s information security policy,

Buy Now
Question # 226

Of the following, who is BEST suited to own the risk discovered in an application?

Options:

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Buy Now
Question # 227

Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?

Options:

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Buy Now
Question # 228

Which of the following BEST supports the adoption of effective information security practices throughout an organization?

Options:

A.

Business continuity measures

B.

A security-aware culture

C.

The latest security technologies

D.

Information security metrics

Buy Now
Question # 229

The PRIMARY objective of a post-incident review of an information security incident is to:

Options:

A.

update the risk profile

B.

minimize impact

C.

prevent recurrence.

D.

determine the impact

Buy Now
Question # 230

In order to understand an organization ' s security posture, it is MOST important for an organization ' s senior leadership to:

Options:

A.

evaluate results of the most recent incident response test.

B.

review the number of reported security incidents.

C.

ensure established security metrics are reported.

D.

assess progress of risk mitigation efforts.

Buy Now
Question # 231

Which of the following is an example of a deterrent control?

Options:

A.

Separation of responsibilities

B.

Periodic data restoration

C.

An intrusion detection system

D.

A warning banner

Buy Now
Question # 232

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

Options:

A.

Alignment with industry benchmarks

B.

Results of business impact analyses (BIAs)

C.

Possibility of reputational loss due to incidents

D.

Availability of security budget

Buy Now
Question # 233

An organization has identified a large volume of old data that appears to be unused. Which of the following should the information

security manager do NEXT?

Options:

A.

Consult the record retention policy.

B.

Update the awareness and training program.

C.

Implement media sanitization procedures.

D.

Consult the backup and recovery policy.

Buy Now
Question # 234

The BEST way to identify the risk associated with a social engineering attack is to:

Options:

A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Buy Now
Question # 235

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Options:

A.

Implement compensating controls.

B.

Communicate consequences for future instances.

C.

Enhance the data loss prevention (DLP) solution.

D.

Improve the security awareness training program.

Buy Now
Question # 236

A department has reported that a security control is no longer effective. Which of the following is the information security manager ' s BEST course of action?

Options:

A.

Replace the control

B.

Check for defense in depth

C.

Assess the control state

D.

Report the failure to management

Buy Now
Question # 237

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?

Options:

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization ' s incident response process.

Buy Now
Question # 238

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

Options:

A.

Purchase forensic standard operating procedures.

B.

Provide forensics training to the information security team.

C.

Ensure the incident response policy allows hiring a forensics firm.

D.

Retain a forensics firm prior to experiencing an incident.

Buy Now
Question # 239

Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?

Options:

A.

Contractual provisions for the right to audit

B.

Contractual provisions for data repatriation

C.

Effective data loss prevention (DLP) controls

D.

The purchase of cybersecurity insurance

Buy Now
Question # 240

What is the BEST way to address vulnerabilities associated with a recent increase in the number of zero-day attacks?

Options:

A.

Implement USB port control throughout the company.

B.

Implement automated antivirus updates.

C.

Implement a behavior anomaly detection solution.

D.

Develop a patching program.

Buy Now
Question # 241

Which of the following is the BEST approach for addressing noncompliance with security standards?

Options:

A.

Develop new security standards.

B.

Maintain a security exceptions process.

C.

Discontinue affected activities until security requirements can be met.

D.

Apply additional logging and monitoring to affected assets.

Buy Now
Question # 242

Labeling information according to its security classification:

Options:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Buy Now
Question # 243

How does an organization PRIMARILY benefit from the creation of an information security steering committee?

Options:

A.

An increase in information security risk awareness

B.

An increased alignment with industry security trends that impact the business

C.

An increased focus on information security resource management

D.

An increased alignment of information security with the business

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249