Certified Information Security Manager
Last Update May 1, 2024
Total Questions : 674
We are offering FREE CISM Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CISM free exam questions and then go for complete pool of Certified Information Security Manager test questions that will help you more.
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
Which of the following is the BEST indication that an organization has a mature information security culture?
Which of the following is the BEST evidence of alignment between corporate and information security governance?
Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?
An online bank identifies a successful network attack in progress. The bank should FIRST:
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
Prior to conducting a forensic examination, an information security manager should:
Which of the following is MOST effective in monitoring an organization's existing risk?
Which of the following is the BEST approach to make strategic information security decisions?
Which of the following should be given the HIGHEST priority during an information security post-incident review?
Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?
Which of the following is the GREATEST benefit of information asset classification?
Which of the following would BEST justify continued investment in an information security program?
An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?
Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?
Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?
Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:
Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?
Threat and vulnerability assessments are important PRIMARILY because they are:
Who is BEST suited to determine how the information in a database should be classified?
When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
The effectiveness of an information security governance framework will BEST be enhanced if:
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?
In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:
Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?
When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
An organization's quality process can BEST support security management by providing:
Which of the following is the MOST important consideration when establishing an organization's information security governance committee?
Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
Which of the following should be the PRIMARY consideration when developing an incident response plan?
Which of the following is the PRIMARY role of an information security manager in a software development project?
Which of the following BEST supports the incident management process for attacks on an organization's supply chain?
Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?
Which of the following is the BEST indication of effective information security governance?
The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?