Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 16

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Buy Now
Questions 17

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Options:

A.

Host patching

B.

Penetration testing

C.

Infrastructure hardening

D.

Data classification

Buy Now
Questions 18

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Buy Now
Questions 19

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Options:

A.

Skills required for the incident response team

B.

A list of external resources to assist with incidents

C.

Service level agreements (SLAs)

D.

A detailed incident notification process

Buy Now
Questions 20

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.

Wider range of capabilities

B.

Easier implementation across an organization

C.

Greater ability to focus on core business operations

D.

Lower cost of operations

Buy Now
Questions 21

Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?

Options:

A.

To reduce risk mitigation costs

B.

To resolve vulnerabilities in enterprise architecture (EA)

C.

To manage the risk to an acceptable level

D.

To eliminate threats impacting the business

Buy Now
Questions 22

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Buy Now
Questions 23

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Options:

A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Buy Now
Questions 24

Which of the following sources is MOST useful when planning a business-aligned information security program?

Options:

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Buy Now
Questions 25

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Options:

A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Buy Now
Questions 26

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Buy Now
Questions 27

Which of the following is the BEST indication that an organization has a mature information security culture?

Options:

A.

Information security training is mandatory for all staff.

B.

The organization's information security policy is documented and communicated.

C.

The chief information security officer (CISO) regularly interacts with the board.

D.

Staff consistently consider risk in making decisions.

Buy Now
Questions 28

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Options:

A.

Document risk acceptances.

B.

Revise the organization's security policy.

C.

Assess the consequences of noncompliance.

D.

Conduct an information security audit.

Buy Now
Questions 29

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Options:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Buy Now
Questions 30

Relationships between critical systems are BEST understood by

Options:

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 12, 2024
Questions: 793

PDF + Testing Engine

$249
$99.6

Testing Engine

$225
$90

PDF (Q&A)

$199
$79.6