Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 104

An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?

Options:

A.

Using secure communication channels

B.

Establishing mutual non-disclosure agreements (NDAs)

C.

Requiring third-party privacy policies

D.

Obtaining industry references

Buy Now
Question # 105

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Buy Now
Question # 106

What should an information security manager do FIRST when an organization is planning to use a third-party cloud computing service for a critical business process?

Options:

A.

Identify the data to be hosted.

B.

Perform a gap analysis.

C.

Perform a risk assessment.

D.

Analyze the business requirements.

Buy Now
Question # 107

Which of the following backup methods requires the MOST time to restore data for an application?

Options:

A.

Full backup

B.

Incremental

C.

Differential

D.

Disk mirroring

Buy Now
Question # 108

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

Options:

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Buy Now
Question # 109

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

Options:

A.

Enterprise risk committee

B.

Information security steering committee

C.

Data privacy officer (DPO)

D.

Chief information security officer (CISO)

Buy Now
Question # 110

Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?

Options:

A.

The plan has summarized IT costs for implementation.

B.

The plan resolves all potential threats to business processes.

C.

The plan focuses on meeting industry best practices and industry standards.

D.

The plan is based on a review of threats and vulnerabilities.

Buy Now
Question # 111

Which of the following is MOST effective in monitoring an organization ' s existing risk?

Options:

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Buy Now
Question # 112

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Options:

A.

Implement a mobile device policy and standard.

B.

Provide employee training on secure mobile device practices.

C.

Implement a mobile device management (MDM) solution.

D.

Require employees to install an effective anti-malware app.

Buy Now
Question # 113

A hacking group has posted an organization’s employee data on social media. What should the information security manager do FIRST?

Options:

A.

Inform the impacted employees.

B.

Initiate the incident response process.

C.

Escalate to senior management.

D.

Engage a forensic analysis team.

Buy Now
Question # 114

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Options:

A.

Poor documentation of results and lessons learned

B.

Lack of communication to affected users

C.

Disruption to the production environment

D.

Lack of coordination among departments

Buy Now
Question # 115

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Options:

A.

Demonstrated return on security investment

B.

Reduction in inherent risk

C.

Results of an emerging threat analysis

D.

Review of security metrics trends

Buy Now
Question # 116

Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?

Options:

A.

Vulnerability scan

B.

Control self-assessment (CSA)

C.

Gap analysis

D.

Risk assessment

Buy Now
Question # 117

Which of the following should an information security manager do FIRST when there is a conflict between the organization ' s information security policy and a local regulation?

Options:

A.

Enforce the local regulation.

B.

Obtain legal guidance.

C.

Enforce the organization ' s information security policy.

D.

Obtain an independent assessment of the regulation.

Buy Now
Question # 118

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Options:

A.

Developing an information security policy based on risk assessments

B.

Establishing an information security steering committee

C.

Documenting the information security governance framework

D.

Implementing an information security awareness program

Buy Now
Question # 119

An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?

Options:

A.

Include the requirement in information security awareness materials

B.

Perform a policy compliance assessment

C.

Ensure the policy has been communicated to the system administrators

Buy Now
Question # 120

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Options:

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Buy Now
Question # 121

An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?

Options:

A.

Focus the review on the infrastructure with the highest risk

B.

Review controls listed in the vendor contract

C.

Determine whether the vendor follows the selected security framework rules

D.

Review the vendor ' s security policy

Buy Now
Question # 122

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Options:

A.

Incorporating lessons learned

B.

Implementing an IT resilience solution

C.

Implementing management reviews

D.

Documenting critical business processes

Buy Now
Question # 123

Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?

Options:

A.

Mapping the risks to the security classification scheme

B.

Illustrating risk on a heat map

C.

Mapping the risks to existing controls

D.

Providing a technical risk assessment report

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249