Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 211

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:

A.

Authority of the subscriber to approve access to its data

B.

Right of the subscriber to conduct onsite audits of the vendor

C.

Commingling of subscribers' data on the same physical server

D.

Escrow of software code with conditions for code release

Buy Now
Questions 212

An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?

Options:

A.

Information security policies and procedures

B.

Business continuity plan (BCP)

C.

Incident communication plan

D.

Incident response training program

Buy Now
Questions 213

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Options:

A.

Maturity of the security policy

B.

Clarity of security roles and responsibilities

C.

Corporate culture

D.

Corporate risk framework

Buy Now
Questions 214

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Options:

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Buy Now
Questions 215

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Options:

A.

Industry benchmarks

B.

Security training test results

C.

Performance measures for existing controls

D.

Number of false positives

Buy Now
Questions 216

What type of control is being implemented when a security information and event management (SIEM) system is installed?

Options:

A.

Preventive

B.

Deterrent

C.

Detective

D.

Corrective

Buy Now
Questions 217

Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Penetration test results

D.

Vulnerability scan results

Buy Now
Questions 218

What is the PRIMARY objective of implementing standard security configurations?

Options:

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Minimize the operational burden of managing and monitoring unsupported systems.

C.

Control vulnerabilities and reduce threats from changed configurations.

D.

Compare configurations between supported and unsupported systems.

Buy Now
Questions 219

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Options:

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Buy Now
Questions 220

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Options:

A.

It transfers the risk associated with recovery to a third party.

B.

It lowers the annual cost to the business.

C.

It eliminates the need to maintain offsite facilities.

D.

It eliminates the need for the business to perform testing.

Buy Now
Questions 221

A balanced scorecard MOST effectively enables information security:

Options:

A.

risk management

B.

project management

C.

governance

D.

performance

Buy Now
Questions 222

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Buy Now
Questions 223

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Buy Now
Questions 224

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Buy Now
Questions 225

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees' roles

D.

based on recent incidents

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 14, 2024
Questions: 793

PDF + Testing Engine

$249
$99.6

Testing Engine

$225
$90

PDF (Q&A)

$199
$79.6