Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 124

A multinational organization is introducing a security governance framework. The information security manager ' s concern is that regional security practices differ. Which of the following should be evaluated FIRST?

Options:

A.

Local regulatory requirements

B.

Global framework standards

C.

Cross-border data mobility

D.

Training requirements of the framework

Buy Now
Question # 125

Of the following, who is responsible for ensuring security controls are aligned with business objectives and regulatory requirements?

Options:

A.

Risk owner

B.

Control owner

C.

Compliance manager

D.

Control assessor

Buy Now
Question # 126

A department has reported that a security control is no longer effective. Which of the following is the information security manager ' s BEST course of action?

Options:

A.

Assess the control state.

B.

Replace the control.

C.

Report the failure to management.

D.

Check for defense in depth.

Buy Now
Question # 127

Which of the following is the BEST reason for delaying the application of a critical security patch?

Options:

A.

Conflicts with the software development life cycle

B.

Lack of vulnerability management

C.

Resource limitations

D.

Technology interdependencies

Buy Now
Question # 128

When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

Options:

A.

Configuration management

B.

Risk management

C.

Access control management

D.

Change management

Buy Now
Question # 129

To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?

Options:

A.

Data storage procedures

B.

Data classification policy

C.

Results of penetration testing

D.

Features of data protection products

Buy Now
Question # 130

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Options:

A.

validate the confidentiality during analysis.

B.

reinstate original data when accidental changes occur.

C.

validate the integrity during analysis.

D.

provide backup in case of media failure.

Buy Now
Question # 131

What is the BEST way to reduce the impact of a successful ransomware attack?

Options:

A.

Perform frequent backups and store them offline.

B.

Purchase or renew cyber insurance policies.

C.

Include provisions to pay ransoms ih the information security budget.

D.

Monitor the network and provide alerts on intrusions.

Buy Now
Question # 132

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

Options:

A.

Conduct phishing awareness training.

B.

Implement disciplinary procedures.

C.

Establish an acceptable use policy.

D.

Assess and update spam filtering rules.

Buy Now
Question # 133

Which of the following is the MOST important reason for logging firewall activity?

Options:

A.

Metrics reporting

B.

Firewall tuning

C.

Intrusion prevention

D.

Incident investigation

Buy Now
Question # 134

An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?

Options:

A.

Business impact analysis (BIA)

B.

Business continuity plan (BCP)

C.

Incident response plan

D.

Disaster recovery plan (DRP)

Buy Now
Question # 135

Which of the following should be done FIRST to ensure information security is integrated into system development projects?

Options:

A.

Define security requirements

B.

Assign resources based on the business impact

C.

Review the security policy

D.

Embed a security representative in each project team

Buy Now
Question # 136

Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?

Options:

A.

Lack of knowledgeable personnel

B.

Lack of communication processes

C.

Lack of process documentation

D.

Lack of alignment with organizational goals

Buy Now
Question # 137

Which of the following BEST facilitates the effective execution of an incident response plan?

Options:

A.

The plan is based on risk assessment results.

B.

The response team is trained on the plan

C.

The plan is based on industry best practice.

D.

The incident response plan aligns with the IT disaster recovery plan (DRP).

Buy Now
Question # 138

Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization ' s business continuity plan (BCP) has not been reviewed or updated in more than a year?

Options:

A.

An outdated BCP may result in less efficient recovery if an actual incident occurs.

B.

The organization may suffer reputational damage for not following industry best practices.

C.

The audit finding may impact the overall risk rating of the organization.

D.

The lack of updates to the BCP may result in noncompliance with internal policies.

Buy Now
Question # 139

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:

A.

Storing the plan at an offsite location

B.

Communicating the plan to all stakeholders

C.

Updating the plan periodically

D.

Conducting a walk-through of the plan

Buy Now
Question # 140

Which of the following BEST ensures timely and reliable access to services?

Options:

A.

Nonrepudiation

B.

Authenticity

C.

Availability

D.

Recovery time objective (RTO)

Buy Now
Question # 141

Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?

Options:

A.

Senior management

B.

Information owner

C.

Business manager

D.

Information security manager

Buy Now
Question # 142

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Buy Now
Question # 143

Which of the following should be done FIRST when a SIEM flags a potential event?

Options:

A.

Validate the event is not a false positive.

B.

Initiate the incident response plan.

C.

Escalate the event to the business owner.

D.

Implement compensating controls.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249