Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 64

Detailed business continuity plans (BCPs) should be PRIMARILY based on:

Options:

A.

strategies validated by senior management.

B.

capabilities of available local vendors.

C.

strategies that cover all applications.

D.

cost and resources needed to execute.

Buy Now
Question # 65

An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?

Options:

A.

Definition of when a disaster should be declared

B.

Requirements for regularly testing backups

C.

Recovery time objectives (RTOs)

D.

The disaster recovery communication plan

Buy Now
Question # 66

Which of the following is the MOST important consideration when defining control objectives?

Options:

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Buy Now
Question # 67

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Options:

A.

organizational alignment

B.

IT strategy alignment

C.

threats to the organization

D.

existing control costs

Buy Now
Question # 68

Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?

Options:

A.

Conduct a business impact analysis (BIA).

B.

Conduct periodic awareness training.

C.

Perform a security gap analysis.

D.

Perform network penetration testing.

Buy Now
Question # 69

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Buy Now
Question # 70

Which of the following is the BEST course of action when using a web application that has known vulnerabilities?

Options:

A.

Monitor application level logs.

B.

Deploy host-based intrusion detection.

C.

Deploy an application firewall.

D.

Install anti-spyware software.

Buy Now
Question # 71

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Options:

A.

Data owner

B.

Business owner

C.

Information security manager

D.

Compliance manager

Buy Now
Question # 72

A balanced scorecard MOST effectively enables information security:

Options:

A.

project management

B.

governance.

C.

performance.

D.

risk management.

Buy Now
Question # 73

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel ' s opinion on the standard ' s applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Buy Now
Question # 74

While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Options:

A.

Assign responsibility to the database administrator (DBA).

B.

Review the databases for sensitive content.

C.

Prepare a report of the databases for senior management.

D.

Assign the highest classification level to those databases.

Buy Now
Question # 75

An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?

Options:

A.

Perform a manual verification of file counts.

B.

Encrypt and back up the hard drive before copying.

C.

Use the same hardware for the image as the original.

D.

Perform digital hashing of the original and the image.

Buy Now
Question # 76

An incident response policy should include:

Options:

A.

A description of testing methodology.

B.

Notification requirements.

C.

An infrastructure diagram.

D.

Recovery time objectives (RTOs).

Buy Now
Question # 77

Which of the following should an information security manager do FIRST when creating an organization ' s disaster recovery plan (DRP)?

Options:

A.

Conduct a business impact analysis (BIA)

B.

Identify the response and recovery learns.

C.

Review the communications plan.

D.

Develop response and recovery strategies.

Buy Now
Question # 78

To optimize the implementation of information security governance in an organization, an information security manager should:

Options:

A.

Make gradual changes to governance to minimize employee resistance

B.

Ensure change control processes are in place

C.

Utilize existing governance structures when possible

D.

Implement processes consistent with international standards

Buy Now
Question # 79

Which of the following events is MOST likely to require an organization to revisit its information security framework?

Options:

A.

New services offered by IT

B.

Changes to the risk landscape

C.

A recent cybersecurity attack

D.

A new technology implemented

Buy Now
Question # 80

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Buy Now
Question # 81

Which of the following is the MOST effective way to detect security incidents?

Options:

A.

Analyze recent security risk assessments.

B.

Analyze security anomalies.

C.

Analyze penetration test results.

D.

Analyze vulnerability assessments.

Buy Now
Question # 82

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Buy Now
Question # 83

Which of the following BEST facilitates the development of a comprehensive information security policy?

Options:

A.

Alignment with an established information security framework

B.

An established internal audit program

C.

Security key performance indicators (KPIs)

D.

Areview of recent information security incidents

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249