Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 44

Once a suite of security controls has been successfully implemented for an organization ' s business units, it is MOST important for the information security manager to:

Options:

A.

hand over the controls to the relevant business owners.

B.

ensure the controls are regularly tested for ongoing effectiveness.

C.

perform testing to compare control performance against industry levels.

D.

prepare to adapt the controls for future system upgrades.

Buy Now
Question # 45

Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?

Options:

A.

Ability to logically separate client data

B.

Ability to meet service level agreements (SLAs)

C.

Ability to meet business resiliency requirements

D.

Ability to enforce contractual obligations

Buy Now
Question # 46

Which of the following would MOST effectively ensure that a new server is appropriately secured?

Options:

A.

Performing secure code reviews

B.

Enforcing technical security standards

C.

Conducting penetration testing

D.

Initiating security scanning

Buy Now
Question # 47

After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?

Options:

A.

Notify affected stakeholders

B.

Conduct a vulnerability analysis

C.

Perform a root cause analysis

D.

Remove the threat

Buy Now
Question # 48

What is the PRIMARY objective of implementing standard security configurations?

Options:

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Minimize the operational burden of managing and monitoring unsupported systems.

C.

Control vulnerabilities and reduce threats from changed configurations.

D.

Compare configurations between supported and unsupported systems.

Buy Now
Question # 49

Which of the following is a PRIMARY reason for senior management to review reports on information security?

Options:

A.

To assess the effectiveness of the security program

B.

To ensure adequate security resources are available

C.

To confirm security audits are regularly performed

D.

To ensure security risk is managed cost-effectively

Buy Now
Question # 50

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Options:

A.

Identification of risk

B.

Analysis of control gaps

C.

Design of key risk indicators (KRIs)

D.

Selection of risk treatment options

Buy Now
Question # 51

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Options:

A.

Network address translation (NAT)

B.

Message hashing

C.

Transport Layer Security (TLS)

D.

Multi-factor authentication

Buy Now
Question # 52

Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?

Options:

A.

Information security manager

B.

IT risk manager

C.

Internal auditor

D.

Risk owner

Buy Now
Question # 53

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Create a security exception.

B.

Perform a gap analysis to determine needed resources.

C.

Perform a vulnerability assessment.

D.

Assess the risk to business operations.

Buy Now
Question # 54

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Options:

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Buy Now
Question # 55

Which of the following would provide the MOST effective security outcome in an organizations contract management process?

Options:

A.

Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage

B.

Ensuring security requirements are defined at the request-for-proposal (RFP) stage

C.

Extending security assessment to cover asset disposal on contract termination

D.

Extending security assessment to include random penetration testing

Buy Now
Question # 56

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Buy Now
Question # 57

To help ensure that an information security training program is MOST effective, its contents should be:

Options:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Buy Now
Question # 58

Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?

Options:

A.

Security information and event management (SIEM)

B.

Extended detection and response (XDR)

C.

Endpoint detection and response (EDR)

D.

Network intrusion detection system (NIDS)

Buy Now
Question # 59

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Buy Now
Question # 60

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Buy Now
Question # 61

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Buy Now
Question # 62

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Options:

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Buy Now
Question # 63

Which of the following is MOST important when designing an information security governance framework?

Options:

A.

Aligning with the information security strategy

B.

Assessing the availability of information security resources

C.

Aligning with industry best practice frameworks

D.

Assessing the current state of information security

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249