Palo Alto












{if $isMobile==false}

CISM certification puts you in high demand with employers all across the world that value the success and skill it symbolizes. The CISM credential demonstrates that you have a broad understanding of technical skills as well as a grasp of business objectives related to data security.

refer a friend

Customer service

ISACA CISM Sample Questions:

01. IT-related risk management activities are MOST effective when they are:

a)treated as a distinct process

b)conducted by the IT department

c)communicated to all employees

d)integrated within business processes


02. A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization.

There is disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk.

Which of the following would be the BEST approach of the information security manager?

a)Acceptance of the business manager’s decision on the risk to the corporation

b)Acceptance of the information security manager’s decision on the risk to the corporation

c)Review of the risk assessment with executive management for final input

d)Create a new risk assessment and BIA to resolve the disagreement


03. Who is accountable for ensuring that information is categorized and that specific protective measures are taken?

a)The security officer

b)Senior management

c)The end user

d)The custodian


04. Abnormal server communication from inside the organization to external parties may be monitored to:

a)record the trace of advanced persistent threats

b)evaluate the process resiliency of server operations

c)verify the effectiveness of an intrusion detection system

d)support a nonrepudiation framework in e-commerce


05. Which of the following is the BEST way to detect an intruder who successfully penetrates a network before significant damage is inflicted?

a)Perform periodic penetration testing

b)Establish minimum security baselines

c)Implement vendor default settings

d)Install a honeypot on the network


06. To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices.

Which of the following BEST facilitates the correlation and review of these logs?

a)Database server

b)Domain name server

c) Time server

d)Proxy server


07. Which of the following authentication methods prevents authentication replay?

a)Password hash implementation

b)Challenge/response mechanism

c)Wired equivalent privacy encryption usage

d)Hypertext Transfer Protocol basic authentication


08. In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:

a)a strong authentication.

b)IP antispoofing filtering.

c)network encryption protocol.

d)access lists of trusted devices.


09. Which of the following BEST illustrates residual risk within an organization?

a)Risk management framework

b)Risk register

c)Business impact analysis

d)Heat map


10. The postincident review of a security incident revealed that there was a process that was not monitored. As a result monitoring functionality has been implemented.

Which of the following may BEST be expected from this remediation?

a)Reduction in total incident duration

b)Increase in risk tolerance

c)Facilitation of escalation

d)Improvement in identification


Question: 01
Answer: d
Question: 02
Answer: c
Question: 03
Answer: b
Question: 04
Answer: a
Question: 05
Answer: d
Question: 06
Answer: c
Question: 07
Answer: b
Question: 08
Answer: a
Question: 09
Answer: a
Question: 10
Answer: d


For those who want assistance with their preparation, SPOTO dumps will be the most useful alternative. When you take the SPOTO Dumps Exam with our Verified Exam Questions, you’ll notice that every question on the test matches to the SPOTO Dumps.

The Refer a Friend for a Special Discount promotion is still going on. Don’t miss it ↓

Latest Passing Report-100% pass guarantee

Please follow and like us:
Last modified: November 7, 2023



Write a Reply or Comment

Your email address will not be published.