Certified Information Security Manager
Last Update Jan 26, 2025
Total Questions : 801
We are offering FREE CISM Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CISM free exam questions and then go for complete pool of Certified Information Security Manager test questions that will help you more.
An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?
Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?
Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
The MOST important information for influencing management’s support of information security is:
Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?
Which of the following components of an information security risk assessment is MOST valuable to senior management?
Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?
What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
Which of the following BEST supports effective communication during information security incidents7
Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?
Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?
Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?
Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?
Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?
Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
Which of the following is the BEST indicator of a successful intrusion into an organization's systems?
How does an organization PRIMARILY benefit from the creation of an information security steering committee?
Which of the following will BEST enable an effective information asset classification process?
Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:
An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?
An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?
Which of the following roles is MOST appropriate to determine access rights for specific users of an application?
Which of the following is MOST important to include in an information security status report management?
Which of the following is a PRIMARY responsibility of the information security goxernance function?
An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?
Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?
Which of the following should an information security manager do FIRST after a new cybersecunty regulation has been introduced?
Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?
Which of the following is the MOST effective way to detect security incidents?
During which of the following development phases is it MOST challenging to implement security controls?
Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?
Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?
An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?
Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?
Which of the following is the BEST indication of an effective disaster recovery planning process?
Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?
Which of the following would be MOST useful to help senior management understand the status of information security compliance?
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or
When drafting the corporate privacy statement for a public website, which of the following MUST be included?
To help ensure that an information security training program is MOST effective, its contents should be:
An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
Which of the following should be the NEXT step after a security incident has been reported?
Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?
Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
Which of the following should be the PRIMARY goal of information security?
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
A PRIMARY benefit of adopting an information security framework is that it provides:
Which of the following factors would have the MOST significant impact on an organization's information security governance mode?
Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?
Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?
Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
Which of the following is MOST appropriate to communicate to senior management regarding information risk?
Embedding security responsibilities into job descriptions is important PRIMARILY because it:
An information security manager has identified that security risks are not being treated in a timely manner. Which of the following
An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?
Which is following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?
Which of the following control types should be considered FIRST for aligning employee behavior with an organization's information security objectives?
The PRIMARY reason for creating a business case when proposing an information security project is to:
Which of the following would be MOST helpful when creating information security policies?
An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
An online bank identifies a successful network attack in progress. The bank should FIRST:
Which of the following is a desired outcome of information security governance?
Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following is the BEST indication of an effective information security awareness training program?
An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?
Which of the following is the FIRST step to establishing an effective information security program?
Which of the following BEST supports the incident management process for attacks on an organization's supply chain?
The MOST important reason for having an information security manager serve on the change management committee is to:
Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?
An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?
What is the BEST way to reduce the impact of a successful ransomware attack?
Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?
Which of the following activities is designed to handle a control failure that leads to a breach?
Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?
Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?
In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:
Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?
If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?
Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?
Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?
Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?
When developing an asset classification program, which of the following steps should be completed FIRST?
Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
Which of the following provides the BEST assurance that security policies are applied across business operations?
Which of the following is MOST critical when creating an incident response plan?
Which of the following is the BEST indication ofa successful information security culture?
Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Which of the following should be the PRIMARY objective of the information security incident response process?
Which of the following BEST supports information security management in the event of organizational changes in security personnel?
Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?
Which of the following BEST indicates that information security governance and corporate governance are integrated?
Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?
Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
Management decisions concerning information security investments will be MOST effective when they are based on:
Which of the following is the BEST indicator of an organization's information security status?
The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
Which of the following is the MOST important factor of a successful information security program?
Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?
Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
The effectiveness of an information security governance framework will BEST be enhanced if:
Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?
ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?
An information security manager developing an incident response plan MUST ensure it includes:
Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
Which of the following will result in the MOST accurate controls assessment?
An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?
Which of the following is the BEST evidence of alignment between corporate and information security governance?
Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?
Which of the following processes BEST supports the evaluation of incident response effectiveness?
Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
Which of the following should be the PRIMARY consideration when developing an incident response plan?
Which of the following is MOST important for building 4 robust information security culture within an organization?
Which of the following BEST enables staff acceptance of information security policies?
How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?
Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?
The PRIMARY purpose for continuous monitoring of security controls is to ensure:
A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?
The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:
An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?
Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?
Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?
Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?
Which of the following has the MOST influence on the inherent risk of an information asset?
Which of the following is the BEST method to ensure compliance with password standards?
The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Which of the following BEST enables an organization to transform its culture to support information security?
Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Which of the following is the MOST effective way to prevent information security incidents?
Which of the following would BEST justify continued investment in an information security program?
A common drawback of email software packages that provide native encryption of messages is that the encryption:
Which of the following is MOST important to convey to employees in building a security risk-aware culture?
An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?
Which of the following is the BEST way to obtain support for a new organization-wide information security program?
Which of the following is a PRIMARY benefit of managed security solutions?
Of the following, whose input is of GREATEST importance in the development of an information security strategy?
Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?
What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?
Which of the following should be the PRIMARY basis for determining the value of assets?
Which of the following is the BEST approach to make strategic information security decisions?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
To support effective risk decision making, which of the following is MOST important to have in place?
Which of the following should be the FIRST step in developing an information security strategy?
An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?
Which of the following would BEST help to ensure appropriate security controls are built into software?
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
Which of the following is the MOST critical factor for information security program success?
Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?
Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
Which of the following roles is BEST able to influence the security culture within an organization?
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
To help ensure that an information security training program is MOST effective its contents should be
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
What should be an information security manager's MOST important consideration when developing a multi-year plan?
When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
Which of the following should be the PRIMARY objective of an information security governance framework?
While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?
During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?
When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:
Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:
Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?
When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?
Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
Which of the following is the BEST justification for making a revision to a password policy?
Which risk is introduced when using only sanitized data for the testing of applications?
What is the PRIMARY benefit to an organization that maintains an information security governance framework?
Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?
The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:
Which of the following backup methods requires the MOST time to restore data for an application?
An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
An organization has suffered from a large-scale security event impacting a critical system. Following the decision to restore the system at an alternate location, which plan should be invoked?
An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?
Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?
Which of the following BEST enables an organization to maintain legally admissible evidence7
Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?
An organization's information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?
Which of the following is MOST important when developing an information security strategy?
A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?