live chatMcAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Pass4Test 10%OFF Discount Code

ISACA Certified Information Security Manager - CISM Exam Questions

QUESTION NO: 1
Which of the following is the MOST important reason for an organization to communicate to affected parties that a security has occurred?
Correct Answer: B
QUESTION NO: 2
The chief information security officer (ClSO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy Which of the following is the MOST likely reason?
Correct Answer: D
QUESTION NO: 3
Which of the following is an organization's BEST approach for media communications when experiencing a disaster?
Correct Answer: B
QUESTION NO: 4
Which of the following should be the PRIMARY consideration when developing an incident response plan?
Correct Answer: C
QUESTION NO: 5
An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail Which of the following poses the GREATEST risk to the organization related to This event?
Correct Answer: A
QUESTION NO: 6
An organization has acquired a company in a foreign country to gain an advantage in a new market Which of the following is the FIRST step the information security manager should take?
Correct Answer: D
QUESTION NO: 7
When establishing escalation processes for an organization's computer security incident response team, the organization's procedures should:
Correct Answer: A
QUESTION NO: 8
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
Correct Answer: B
QUESTION NO: 9
When developing metrics related to an organization's information security program, what information will provide the MOST value to enable strategic decision-making?
Correct Answer: D
QUESTION NO: 10
Which of the following would be MOST helpful in gaming support for a business case for an Information security initiative9
Correct Answer: D
QUESTION NO: 11
Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?
Correct Answer: D
QUESTION NO: 12
An online payment provider's computer security incident response team has confirmed that a customer credit card database was breached. Which of the following would be MOST important to include in a report to senior management?
Correct Answer: B
QUESTION NO: 13
Which of the following is the MOST effective mechanism for communicating risk status and trends to senior management'?
Correct Answer: A
QUESTION NO: 14
An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:
Correct Answer: A
QUESTION NO: 15
A newly appointed information security manager has been asked to update all security-related policies and procedures that have been Static for five years or more. What is the BEST next step?
Correct Answer: B
QUESTION NO: 16
The likelihood of a successful intrusion is a function of:
Correct Answer: A
QUESTION NO: 17
Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
Correct Answer: A
QUESTION NO: 18
Which of the following should be of MOST influence to an information security manager when developing IT security policies?
Correct Answer: A
QUESTION NO: 19
Which of the following is MOST important lo track for determining the effectiveness of an information security program?
Correct Answer: A
QUESTION NO: 20
Which of the following is the information security manager's PRIMARY role in the information assets classification process?
Correct Answer: B
QUESTION NO: 21
Which of the following BEST enables effective information security governance9
Correct Answer: C
QUESTION NO: 22
Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?
Correct Answer: A
QUESTION NO: 23
Which of the following is the MOST likely outcome from the implementation of a security governance framework?
Correct Answer: B
QUESTION NO: 24
After a recent malware Incident an organization's IT steering committee has asked the information security manager for a presentation on the status of the information security program. Which of the following is MOST important to address in the presentation?
Correct Answer: B
QUESTION NO: 25
Which of the following BEST supports effective information security governance"*
Correct Answer: D
QUESTION NO: 26
An organization's head of information security has been tasked with creating an information security strategy What is the MOST important reason to include business representation?
Correct Answer: B
QUESTION NO: 27
Which of the following is the MOST important factor of a successful information security program?
Correct Answer: B
QUESTION NO: 28
A CEO requires that information security risk management is practiced at the organizational level through a central risk register. Which of the following is the MOST important reason to report a summary of this risk register to the board?
Correct Answer: C
QUESTION NO: 29
An organization is considering a self-service solution for the deployment of virtualized development servers.
Which of the following should be information security manager's PRIMARY concern?
Correct Answer: B
QUESTION NO: 30
Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness strategy?
Correct Answer: C
QUESTION NO: 31
The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:
Correct Answer: A
QUESTION NO: 32
An email digital signature will:
Correct Answer: B
QUESTION NO: 33
Which of the following is the GREATEST benefit of an information security architecture?
Correct Answer: D
QUESTION NO: 34
An organization must meet rigorous breach reporting standards in order to comply with regulatory requirements. Which of the following is the BEST way to minimize the organization's financial exposure if a service provider experiences a breach?
Correct Answer: C
QUESTION NO: 35
An information security manager has discovered an external break-in to the corporate network Which of the following actions should be taken FIRST?
Correct Answer: D
QUESTION NO: 36
Which is MOST important when contracting an external party to perform a penetration test?
Correct Answer: A
QUESTION NO: 37
A core business unit relies on an effective legacy system that does not meet the current security standards and threatens that enterprise network. Which of the following is the BEST course of action to address the situation?
Correct Answer: D
QUESTION NO: 38
Which of the following provides the MOST comprehensive understanding of an organization's information security posture?
Correct Answer: A
QUESTION NO: 39
Which of the following is the PRIMARY reason for conducting post-incident reviews?
Correct Answer: A
QUESTION NO: 40
A business unit is preparing the business case for acquiring an e-commerce solution Which of Ihe following should be provided by the information security manager?
Correct Answer: A
QUESTION NO: 41
Which of the following should be the PRIMARY input when defining the desired state of security within an organization?
Correct Answer: C
QUESTION NO: 42
Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
Correct Answer: D
QUESTION NO: 43
When implementing information security in system development projects, which of the following is the MOST effective approach for an information security manager with limited resources?
Correct Answer: A
QUESTION NO: 44
Which of the following information security metrics would be MOST meaningful to executive management in assessing the effectiveness of the information security strategy?
Correct Answer: B