Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 24

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Buy Now
Question # 25

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

Options:

A.

A validation of the current firewall rule set

B.

A port scan of the firewall from an internal source

C.

A ping test from an external source

D.

A simulated denial of service (DoS) attack against the firewall

Buy Now
Question # 26

When evaluating cloud storage solutions, the FIRST consideration should be:

Options:

A.

The service level agreement (SLA) for encryption keys

B.

Alignment with the organization’s data classification policy

C.

How the organization’s sensitive data will be transferred

D.

The volume of data to be stored in the cloud

Buy Now
Question # 27

During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?

Options:

A.

Providing annual information security awareness training

B.

Conducting periodic vulnerability scanning

C.

Implementing a strict change control process

D.

Updating configuration baselines

Buy Now
Question # 28

The PRIMARY advantage of single sign-on (SSO) is that it will:

Options:

A.

increase efficiency of access management

B.

increase the security of related applications.

C.

strengthen user passwords.

D.

support multiple authentication mechanisms.

Buy Now
Question # 29

An information security program is BEST positioned for success when it is closely aligned with:

Options:

A.

information security best practices.

B.

recognized industry frameworks.

C.

information security policies.

D.

the information security strategy.

Buy Now
Question # 30

Which of the following should be the PRIMARY consideration for an information security manager when designing security controls for a newly acquired business application?

Options:

A.

Regulatory requirements on the organization

B.

Access management for the business application

C.

Business processes supported by the application

D.

The IT security architecture framework

Buy Now
Question # 31

Which of the following should be the PRIMARY goal of information security?

Options:

A.

Information management

B.

Regulatory compliance

C.

Data governance

D.

Business alignment

Buy Now
Question # 32

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Implement a SIEM solution.

B.

Perform a threat analysis.

C.

Establish performance metrics for the team.

D.

Perform a post-incident review.

Buy Now
Question # 33

Which of the following BEST supports effective communication during information security incidents?

Options:

A.

Frequent incident response training sessions

B.

Centralized control monitoring capabilities

C.

Responsibilities defined within role descriptions

D.

Predetermined service level agreements (SLAs)

Buy Now
Question # 34

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Options:

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Buy Now
Question # 35

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

Options:

A.

Set up communication channels for the target audience.

B.

Determine the needs and requirements of each audience.

C.

Create a comprehensive singular communication

D.

Invoke the organization ' s incident response plan.

Buy Now
Question # 36

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Buy Now
Question # 37

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider ' s business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider ' s incident response plan

Buy Now
Question # 38

Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?

Options:

A.

The incident response plan is aligned with the disaster recovery strategy

B.

The incident response process is regularly tested

C.

Incident response processes are documented and available to staff

D.

The incident response plan clearly outlines roles and responsibilities

Buy Now
Question # 39

A new type of ransomware has infected an organization ' s network. Which of the following would have BEST enabled the organization to detect this situation?

Options:

A.

Regular review of the threat landscape

B.

Periodic information security training for end users

C.

Use of integrated patch deployment tools

D.

Monitoring of anomalies in system behavior

Buy Now
Question # 40

The MOST important element in achieving executive commitment to an information security governance program is:

Options:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Buy Now
Question # 41

When mitigation is the chosen risk treatment, which of the following roles is responsible for effective implementation of the chosen treatment?

Options:

A.

Risk owner

B.

Control owner

C.

Business system owner

D.

Application owner

Buy Now
Question # 42

An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?

Options:

A.

Perform a vulnerability assessment

B.

Conduct an internal audit

C.

Conduct penetration testing

D.

Prepare compensating controls

Buy Now
Question # 43

What should an information security manager verify FIRST when reviewing an information asset management program?

Options:

A.

System owners have been identified.

B.

Key applications have been secured.

C.

Information assets have been classified.

D.

Information assets have been inventoried.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249