Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 284

The categorization of incidents is MOST important for evaluating which of the following?

Options:

A.

Appropriate communication channels

B.

Allocation of needed resources

C.

Risk severity and incident priority

D.

Response and containment requirements

Buy Now
Question # 285

Which of the following is the BEST way to enhance training for incident response teams?

Options:

A.

Perform post-incident reviews.

B.

Establish incident key performance indicators (KPIs).

C.

Conduct interviews with organizational units.

D.

Participate in emergency response activities.

Buy Now
Question # 286

Which of the following is an example of risk mitigation?

Options:

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Buy Now
Question # 287

Which of the following should be done FIRST when establishing an information security governance framework?

Options:

A.

Evaluate information security tools and skills relevant for the environment.

B.

Gain an understanding of the business and cultural attributes.

C.

Contract a third party to conduct an independent review of the program.

D.

Conduct a cost-benefit analysis of the framework.

Buy Now
Question # 288

An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

Options:

A.

inventory sensitive customer data to be processed by the solution.

B.

determine information security resource and budget requirements.

C.

assess potential information security risk to the organization.

D.

develop information security requirements for the big data solution.

Buy Now
Question # 289

Which of the following is the MOST important consideration when evaluating the performance of existing security controls?

Options:

A.

Obtaining senior management support to facilitate testing

B.

Interviewing control owners to accurately collect metrics data

C.

Selecting testing methods that match the purpose of the testing

D.

Establishing testing scenarios based on international standards

Buy Now
Question # 290

An organization ' s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Options:

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Buy Now
Question # 291

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

Options:

A.

It identifies appropriate follow-up work to address shortcomings in the plan.

B.

It allows for greater participation and planning from the business side.

C.

It helps in assessing the availability of compatible backup hardware.

D.

It provides a low-cost method of assessing the BCP ' s completeness.

Buy Now
Question # 292

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Buy Now
Question # 293

A global organization is considering its geopolitical security risks. Which of the following is the information security manager ' s BEST approach?

Options:

A.

Seek advice from environmental and physical security experts

B.

Implement a third-party risk management framework

C.

Implement controls that deny access from specific jurisdictions

D.

Seek advice from enterprise risk and legal experts

Buy Now
Question # 294

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

Options:

A.

Centralized logging

B.

Time clock synchronization

C.

Available forensic tools

D.

Administrator log access

Buy Now
Question # 295

Which of the following is the GREATEST benefit of classifying information security incidents?

Options:

A.

Reporting capabilities

B.

Improved chain of custody

C.

Comprehensive documentation

D.

Prioritized recovery

Buy Now
Question # 296

Which of the following is the MOST important consideration when updating procedures for managing security devices?

Options:

A.

Updates based on the organization ' s security framework

B.

Notification to management of the procedural changes

C.

Updates based on changes m risk technology and process

D.

Review and approval of procedures by management

Buy Now
Question # 297

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

Options:

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Buy Now
Question # 298

What is the role of the information security manager in finalizing contract negotiations with service providers?

Options:

A.

To perform a risk analysis on the outsourcing process

B.

To obtain a security standard certification from the provider

C.

To update security standards for the outsourced process

D.

To ensure that clauses for periodic audits are included

Buy Now
Question # 299

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Options:

A.

Establish an organization-wide social media policy.

B.

Develop sanctions for misuse of social media sites.

C.

Monitor social media sites visited by employees.

D.

Restrict social media access on corporate devices.

Buy Now
Question # 300

An organization has identified an active cyberattack on its internal network. Which of the following considerations is MOST important to the success of the incident response?

Options:

A.

The data loss prevention tool is functioning properly

B.

Contact details for forensics support are readily available

C.

The recovery time objective can be met

D.

Communication to stakeholders is conducted through a separate channel

Buy Now
Question # 301

Which of the following is MOST important when responding to a major security incident?

Options:

A.

Contacting forensic investigators

B.

Following the escalation process

C.

Notifying law enforcement

D.

Identifying the indicators of compromise

Buy Now
Question # 302

An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager ' s BEST course of action?

Options:

A.

Assess business impact against security risk.

B.

Provide security awareness training to customers.

C.

Refer to industry best practices.

D.

Quantify the security risk to the business.

Buy Now
Question # 303

The BEST way to integrate information security governance with corporate governance is to ensure:

Options:

A.

the information security steering committee monitors compliance with security policies.

B.

management teams embed information security into business processes.

C.

awareness programs include industry best practice for information security governance.

D.

the information security program is included in regular external audits.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 6, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249