Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 264

Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?

Options:

A.

Incident response plan can be activated in a timely manner.

B.

Incident metrics can be communicated.

C.

Risk response options can be identified quickly.

D.

Incident classification times can be improved.

Buy Now
Question # 265

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Options:

A.

Updated security policies

B.

Defined security standards

C.

Threat intelligence

D.

Regular antivirus updates

Buy Now
Question # 266

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Options:

A.

Install the OS, patches, and application from the original source.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Remove all signs of the intrusion from the OS and application.

Buy Now
Question # 267

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

EradicationB Recovery

B.

Lessons learned review

C.

Incident declaration

Buy Now
Question # 268

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Options:

A.

Obtain consensus on the strategy from the executive board.

B.

Review alignment with business goals.

C.

Define organizational risk tolerance.

D.

Develop a project plan to implement the strategy.

Buy Now
Question # 269

A balanced scorecard MOST effectively enables information security:

Options:

A.

risk management

B.

project management

C.

governance

D.

performance

Buy Now
Question # 270

Which of the following BEST enables the integration of information security governance into corporate governance?

Options:

A.

Well-decumented information security policies and standards

B.

An information security steering committee with business representation

C.

Clear lines of authority across the organization

D.

Senior management approval of the information security strategy

Buy Now
Question # 271

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Options:

A.

Security incident reporting procedures are followed.

B.

Security staff turnover is reduced.

C.

Information assets are classified appropriately.

D.

Access is granted based on task requirements.

Buy Now
Question # 272

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.

Administering information security awareness training

B.

Defining security strategies to support organizational programs

C.

Ensuring adequate support for solutions using emerging technologies

D.

Advising senior management on optimal levels of risk appetite and tolerance

Buy Now
Question # 273

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Options:

A.

number of impacted users.

B.

capability of incident handlers.

C.

type of confirmed incident.

D.

predicted incident duration.

Buy Now
Question # 274

Which of the following is the MOST common cause of cybersecurity breaches?

Options:

A.

Lack of adequate password rotation

B.

Human error

C.

Abuse of privileged accounts

D.

Lack of control baselines

Buy Now
Question # 275

The PRIMARY objective of timely declaration of a disaster is to:

Options:

A.

ensure engagement of business management in the recovery process.

B.

assess and correct disaster recovery process deficiencies.

C.

protect critical physical assets from further loss.

D.

ensure the continuity of the organization ' s essential services.

Buy Now
Question # 276

Which of the following is the BEST strategy when determining an organization’s approach to risk treatment?

Options:

A.

Advancing the maturity of existing controls based on risk tolerance

B.

Prioritizing controls that directly mitigate the organization ' s most critical risks

C.

Implementing risk mitigation controls that are considered quick wins

D.

Implementing a one-size-fits-all set of controls across all organizational units

Buy Now
Question # 277

Which of the following is MOST helpful in determining the criticality of an organization ' s business functions?

Options:

A.

Disaster recovery plan (DRP)

B.

Business impact analysis (BIA)

C.

Business continuity plan (BCP)

D.

Security assessment report (SAR)

Buy Now
Question # 278

Which of the following components of an information security risk assessment is MOST valuable to senior management?

Options:

A.

Threat profile

B.

Residual risk

C.

Return on investment (ROI)

D.

Mitigation actions

Buy Now
Question # 279

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization ' s hosted payroll service provider?

Options:

A.

Suspend the data exchange with the provider

B.

Notify appropriate regulatory authorities of the breach.

C.

Initiate the business continuity plan (BCP)

D.

Validate the breach with the provider

Buy Now
Question # 280

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

Options:

A.

Access to the hardware

B.

Data encryption

C.

Non-standard event logs

D.

Compressed customer data

Buy Now
Question # 281

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Buy Now
Question # 282

Which of the following has the GREATEST influence on the successful integration of information security within the business?

Options:

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Buy Now
Question # 283

A recovery point objective (RPO) is required in which of the following?

Options:

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249