Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 84

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Options:

A.

Formalizing a security strategy and program

B.

Developing an awareness program for staff

C.

Ensuring current documentation of security processes

D.

Establishing processes within the security operations team

Buy Now
Question # 85

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager ' s BEST course of action when developing security standards for mobile access to the organization ' s network?

Options:

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Buy Now
Question # 86

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

Options:

A.

Place the web server in quarantine.

B.

Rebuild the server from the last verified backup.

C.

Shut down the server in an organized manner.

D.

Rebuild the server with relevant patches from the original media.

Buy Now
Question # 87

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Buy Now
Question # 88

Which of the following should be the KEY consideration when creating an information security communication plan with industry peers?

Options:

A.

Balancing the benefits of information sharing with the drawbacks of sharing sensitive information

B.

Reducing the costs associated with information sharing by automating the process

C.

Ensuring information is detailed enough to be of use to other organizations

D.

Notifying the legal department whenever incident-related information is shared

Buy Now
Question # 89

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Buy Now
Question # 90

An organization has an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager ' s BEST course of action?

Options:

A.

Report the findings to senior management with recommendations.

B.

Implement a phishing reporting tool in the email system.

C.

Include regular phishing campaigns after each training session.

D.

Make the training program mandatory for all employees.

Buy Now
Question # 91

The PRIMARY goal when conducting post-incident reviews is to identify:

Options:

A.

Additional cybersecurity budget needs

B.

Weaknesses in incident response plans

C.

Information to be shared with senior management

D.

Individuals that need additional training

Buy Now
Question # 92

An organization that has recently suffered a cyberattack is considering engaging law enforcement. Which of the following is the MOST important course of action for the incident response team?

Options:

A.

Encrypt digital evidence

B.

Solicit input from senior management

C.

Engage legal counsel

D.

Hire a digital forensic expert for evidence analysis

Buy Now
Question # 93

An organization is in the process of selecting a third party to process customer information. Which of the following provides the BEST evidence that the third party’s controls will operate as required?

Options:

A.

Results of incident response tests

B.

An independent assessment

C.

An external vulnerability assessment

D.

An information security questionnaire

Buy Now
Question # 94

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Options:

A.

Security risk analysis

B.

Gap assessment

C.

Maturity assessment

D.

Vulnerability scan report

Buy Now
Question # 95

Which of the following BEST ensures information security governance is aligned with corporate governance?

Options:

A.

A security steering committee including IT representation

B.

A consistent risk management approach

C.

An information security risk register

D.

Integration of security reporting into corporate reporting

Buy Now
Question # 96

Which of the following is MOST important when developing an information security strategy?

Options:

A.

Engage stakeholders.

B.

Assign data ownership.

C.

Determine information types.

D.

Classify information assets.

Buy Now
Question # 97

Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Options:

A.

The framework defines managerial responsibilities for risk impacts to business goals.

B.

The framework provides direction to meet business goals while balancing risks and controls.

C.

The framework provides a roadmap to maximize revenue through the secure use of technology.

D.

The framework is able to confirm the validity of business goals and strategies.

Buy Now
Question # 98

Which of the following would BEST help to ensure appropriate security controls are built into software?

Options:

A.

Integrating security throughout the development process

B.

Performing security testing prior to deployment

C.

Providing standards for implementation during development activities

D.

Providing security training to the software development team

Buy Now
Question # 99

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Options:

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Buy Now
Question # 100

An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:

Options:

A.

determine the security exposures.

B.

assess the ability to integrate the security department operations.

C.

ensure compliance with international standards.

D.

evaluate the security policy and standards.

Buy Now
Question # 101

Which of the following is BEST used to determine the maturity of an information security program?

Options:

A.

Security budget allocation

B.

Organizational risk appetite

C.

Risk assessment results

D.

Security metrics

Buy Now
Question # 102

Which of the following is the PRIMARY benefit of a vulnerability scanning tool to an organization?

Options:

A.

Identifying potential risks posed by devices on the network

B.

Identifying vulnerabilities within organizational processes

C.

Ensuring complex vulnerabilities are not missed

D.

Automating the information security risk analysis program

Buy Now
Question # 103

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

the internal audit manager.

B.

the information security officer.

C.

the steering committee.

D.

the board of directors.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249