Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 164

Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

Options:

A.

strategy.

B.

risk assessments.

C.

key performance indicators (KPIs).

D.

standards.

Buy Now
Question # 165

An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager ' s MAIN concern?

Options:

A.

Local regulations

B.

Data backup strategy

C.

Consistency in awareness programs

D.

Organizational reporting structure

Buy Now
Question # 166

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Options:

A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Buy Now
Question # 167

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Buy Now
Question # 168

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Options:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Buy Now
Question # 169

Which of the following establishes the minimum technical baseline for security controls?

Options:

A.

Procedures

B.

Policies

C.

Standards

D.

Guidelines

Buy Now
Question # 170

The PRIMARY purpose of implementing information security governance metrics is to:

Options:

A.

measure alignment with best practices.

B.

assess operational and program metrics.

C.

guide security towards the desired state.

D.

refine control operations.

Buy Now
Question # 171

Which of the following is the BEST source of information to support an organization ' s information security vision and strategy?

Options:

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Buy Now
Question # 172

Which of the following risks is an example of risk transfer?

Options:

A.

Utilizing third-party applications

B.

Moving risk ownership to another department

C.

Conducting off-site backups

D.

Purchasing cybersecurity insurance

Buy Now
Question # 173

Senior management wants to thoroughly test a disaster recovery plan (DRP) for a mission-critical system. Which of the following would provide the MOST reliable results?

Options:

A.

Full interruption test

B.

Parallel test

C.

Simulation test

D.

Structured walk-through

Buy Now
Question # 174

Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?

Options:

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Buy Now
Question # 175

Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?

Options:

A.

Provide regular security awareness training

B.

Require staff to sign confidentiality agreements

C.

Publish the information security policy on the corporate intranet

D.

Develop a RACI matrix for the organization

Buy Now
Question # 176

Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?

Options:

A.

Perform malware scanning

B.

Reimage the systems

C.

Block access to the impacted systems

D.

Perform a vulnerability assessment

Buy Now
Question # 177

The MOST important information for influencing management’s support of information security is:

Options:

A.

an demonstration of alignment with the business strategy.

B.

An identification of the overall threat landscape.

C.

A report of a successful attack on a competitor.

D.

An identification of organizational risks.

Buy Now
Question # 178

Which of the following is the BEST option to lower the cost to implement application security controls?

Options:

A.

Perform security tests in the development environment.

B.

Integrate security activities within the development process

C.

Perform a risk analysis after project completion.

D.

Include standard application security requirements

Buy Now
Question # 179

Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?

Options:

A.

Perform security testing on legacy systems

B.

Identify all information assets in the legacy environment

C.

Assign owners to be responsible for the transfer of each asset

D.

Conduct a business impact analysis (BIA)

Buy Now
Question # 180

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

Options:

A.

Cost of the attack to the organization

B.

Location of the attacker

C.

Method of operation used by the attacker

D.

Details from intrusion detection system (IDS) logs

Buy Now
Question # 181

Information security needs to invest in new tools to align with a recently updated bring your own device (BYOD) policy that now includes wearable technologies. Which of the following would BEST demonstrate return on investment (ROI) in risk management when presenting to the strategy committee for review?

Options:

A.

Business case

B.

Risk assessment

C.

Risk audit report

D.

Business impact analysis (BIA)

Buy Now
Question # 182

Which of the following is the MOST effective way to prevent information security incidents?

Options:

A.

Implementing a security information and event management (SIEM) tool

B.

Implementing a security awareness training program for employees

C.

Deploying a consistent incident response approach

D.

Deploying intrusion detection tools in the network environment

Buy Now
Question # 183

Which of the following is MOST important to have in place when conducting a security control assessment of a system?

Options:

A.

Control specifications

B.

Assurance test plan

C.

Scanning tools

D.

Security documentation

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 5, 2026
Questions: 1135
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249