Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 244

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

Options:

A.

Senior management

B.

Application owner

C.

Information security manager

D.

Legal representative

Buy Now
Question # 245

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Buy Now
Question # 246

To ensure that a new application complies with information security policy, the BEST approach is to:

Options:

A.

review the security of the application before implementation.

B.

integrate functionality the development stage.

C.

perform a vulnerability analysis.

D.

periodically audit the security of the application.

Buy Now
Question # 247

Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?

Options:

A.

Conducting a business impact analysis (BIA) to understand business priorities

B.

Analyzing the integration of information security policies and practices within business processes

C.

Performing both quantitative and qualitative risk analyses

D.

Interviewing key personnel identified within the governance framework

Buy Now
Question # 248

Which of the following will have the MOST negative impact on the effectiveness of incident response processes?

Options:

A.

Ambiguous severity criteria

B.

High organizational risk tolerance

C.

Decentralized incident monitoring

D.

Manual incident reporting processes

Buy Now
Question # 249

How would the information security program BEST support the adoption of emerging technologies?

Options:

A.

Conducting a control assessment

B.

Developing an emerging technology roadmap

C.

Providing effective risk governance

D.

Developing an acceptable use policy

Buy Now
Question # 250

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

Options:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization ' s risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Buy Now
Question # 251

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

Options:

A.

Provide regular updates about the current state of the risks.

B.

Re-perform risk analysis at regular intervals.

C.

Assign a risk owner to each risk

D.

Create mitigating controls to manage the risks.

Buy Now
Question # 252

Which of the following BEST enables an organization to identify and contain security incidents?

Options:

A.

Risk assessments

B.

Threat modeling

C.

Continuous monitoring

D.

Tabletop exercises

Buy Now
Question # 253

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

Options:

A.

cause fewer potential production issues.

B.

require less IT staff preparation.

C.

simulate real-world attacks.

D.

identify more threats.

Buy Now
Question # 254

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager ' s MOST important course of action?

Options:

A.

Engage an independent audit of the third party ' s external provider.

B.

Recommend canceling the contract with the third party.

C.

Evaluate the third party ' s agreements with its external provider.

D.

Conduct an external audit of the contracted third party.

Buy Now
Question # 255

An organization has discovered that a server processing real-time visual data could be vulnerable to a lateral movement stage in a ransomware attack. Which of the following controls BEST mitigates this vulnerability?

Options:

A.

Network segmentation

B.

Data loss prevention (DLP)

C.

Encryption of data in transit

D.

Intrusion detection system (IDS)

Buy Now
Question # 256

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Options:

A.

Root cause analysis

B.

Post-incident review

C.

Chain of custody

D.

Incident logging

Buy Now
Question # 257

Which of the following factors would have the MOST significant impact on an organization ' s information security governance mode?

Options:

A.

Outsourced processes

B.

Security budget

C.

Number of employees

D.

Corporate culture

Buy Now
Question # 258

Which of the following is the MOST important function of an information security steering committee?

Options:

A.

Assigning data classifications to organizational assets

B.

Developing organizational risk assessment processes

C.

Obtaining multiple perspectives from the business

D.

Defining security standards for logical access controls

Buy Now
Question # 259

Which of the following should be the MOST important consideration when reviewing an information security strategy?

Options:

A.

Recent security incidents

B.

New business initiatives

C.

Industry security standards

D.

Internal audit findings

Buy Now
Question # 260

Which of the following metrics would provide an accurate measure of an information security program ' s performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Buy Now
Question # 261

Which of the following BEST enables an organization to increase information security control effectiveness?

Options:

A.

Reviewing control implementation progress

B.

Establishing risk metrics

C.

Performing criticality analysis of controls on a quarterly basis

D.

Reassigning control ownership for failing areas

Buy Now
Question # 262

Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?

Options:

A.

Adhere to regulatory requirements

B.

Conduct security awareness

C.

Document and distribute security procedures

D.

Communicate and enforce security policies

Buy Now
Question # 263

Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?

Options:

A.

Disconnect the system from the network.

B.

Change passwords on the compromised system.

C.

Restore the system from a known good backup.

D.

Perform operation system hardening.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249