Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 1

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Buy Now
Questions 2

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Options:

A.

Process owners

B.

End users

C.

Security architects.

D.

Corporate auditors

Buy Now
Questions 3

A common drawback of email software packages that provide native encryption of messages is that the encryption:

Options:

A.

cannot encrypt attachments

B.

cannot interoperate across product domains.

C.

has an insufficient key length.

D.

has no key-recovery mechanism.

Buy Now
Questions 4

The PRIMARY advantage of single sign-on (SSO) is that it will:

Options:

A.

increase efficiency of access management

B.

increase the security of related applications.

C.

strengthen user passwords.

D.

support multiple authentication mechanisms.

Buy Now
Questions 5

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Buy Now
Questions 6

Which of the following BEST enables the integration of information security governance into corporate governance?

Options:

A.

Well-decumented information security policies and standards

B.

An information security steering committee with business representation

C.

Clear lines of authority across the organization

D.

Senior management approval of the information security strategy

Buy Now
Questions 7

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Options:

A.

validate the confidentiality during analysis.

B.

reinstate original data when accidental changes occur.

C.

validate the integrity during analysis.

D.

provide backup in case of media failure.

Buy Now
Questions 8

Which of the following is the MOST critical factor for information security program success?

Options:

A.

comprehensive risk assessment program for information security

B.

The information security manager's knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Buy Now
Questions 9

Which of the following BEST demonstrates the added value of an information security program?

Options:

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Buy Now
Questions 10

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor's independent control reports.

Buy Now
Questions 11

Which of the following should be the PRIMARY basis for an information security strategy?

Options:

A.

The organization's vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Buy Now
Questions 12

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

Options:

A.

Multi-factor authentication (MFA) system

B.

Identity and access management (IAM) system

C.

Privileged access management (PAM) system

D.

Governance, risk, and compliance (GRC) system

Buy Now
Questions 13

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Buy Now
Questions 14

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Conduct a penetration test of the vendor.

B.

Review the vendor's technical security controls

C.

Review the vendor contract

D.

Disconnect the real-time access

Buy Now
Questions 15

Which of the following should be the PRIMARY basis for determining the value of assets?

Options:

A.

Cost of replacing the assets

B.

Business cost when assets are not available

C.

Original cost of the assets minus depreciation

D.

Total cost of ownership (TCO)

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 13, 2024
Questions: 793

PDF + Testing Engine

$249
$99.6

Testing Engine

$225
$90

PDF (Q&A)

$199
$79.6