DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Best CISM Practice Exams and Real Exam Simulations, Certified Information Security Manager | SPOTO

Unlock your potential with SPOTO's Best CISM Practice Exams and Real Exam Simulations. Our meticulously crafted practice tests cover a wide range of exam questions, including sample questions and online exam questions, ensuring thorough preparation. Dive into realistic mock exams that simulate the actual testing environment, allowing you to gauge your readiness. Access comprehensive exam materials and precise exam answers to enhance your understanding. Benefit from our free test offerings and valuable exam dumps, coupled with detailed exam questions and answers, to fine-tune your exam skills. With SPOTO, elevate your exam practice and streamline your exam preparation using our advanced exam simulator. Get ready to conquer the CISM certification exam confidently!
Take other online exams

Question #1
Which of the following is MOST appropriate for inclusion in an information security strategy?
A. Business controls designated as key controls
B. Security processes, methods, tools and techniques
C. Firewall rule sets, network defaults and intrusion detection system (IDS) settings
D. Budget estimates to acquire specific security tools
View answer
Correct Answer: B
Question #2
Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?
A. Layered defense strategy
B. System audit log monitoring
C. Signed acceptable use policy
D. High-availability systems
View answer
Correct Answer: C
Question #3
To determine the selection of controls required to meet business objectives, an information security manager should:
A. prioritize the use of role-based access controls
B. focus on key controls
C. restrict controls to only critical applications
D. focus on automated controls
View answer
Correct Answer: C
Question #4
For virtual private network (VPN) access to the corporate network, the information security manager is requiring strong authentication. Which of the following is the strongest method to ensure that logging onto the network is secure?
A. Biometrics
B. Symmetric encryption keys
C. Secure Sockets Layer (SSL)-based authentication
D. Two-factor authentication
View answer
Correct Answer: B
Question #5
Which of the following would be the BEST defense against sniffing?
A. Password protect the files
B. Implement a dynamic IP address scheme
C. Encrypt the data being transmitted
D. Set static mandatory access control (MAC) addresses
View answer
Correct Answer: D
Question #6
To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:
A. revise the information security program
B. evaluate a balanced business scorecard
C. conduct regular user awareness sessions
D. perform penetration tests
View answer
Correct Answer: A
Question #7
An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?
A. Design a training program for the staff involved to heighten information security awareness
B. Set role-based access permissions on the shared folder
C. The end user develops a PC macro program to compare sender and recipient file contents
D. Shared folder operators sign an agreement to pledge not to commit fraudulent activities
View answer
Correct Answer: B
Question #8
An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution? C.
A. Rewrite the application to conform to the upgraded operating system
B. Compensate for not installing the patch with mitigating controls
C. Alter the patch to allow the application to run in a privileged state
D. Run the application on a test platform; tune production to allow patch and application
View answer
Correct Answer: A
Question #9
The MOST effective use of a risk register is to:
A. identify risks and assign roles and responsibilities for mitigation
B. identify threats and probabilities
C. facilitate a thorough review of all IT-related risks on a periodic basis
D. record the annualized financial amount of expected losses due to risks
View answer
Correct Answer: B
Question #10
On which of the following should a firewall be placed?
A. Web server
B. Intrusion detection system (IDS) server
C. Screened subnet
D. Domain boundary
View answer
Correct Answer: A
Question #11
Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
A. Log all account usage and send it to their manager
B. Establish predetermined automatic expiration dates
C. Require managers to e-mail security when the user leaves
D. Ensure each individual has signed a security acknowledgement
View answer
Correct Answer: B
Question #12
In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
A. Implementing on-screen masking of passwords
B. Conducting periodic security awareness programs
C. Increasing the frequency of password changes
D. Requiring that passwords be kept strictly confidential
View answer
Correct Answer: B
Question #13
At what stage of the applications development process would encryption key management initially be addressed?
A. Requirements development
B. Deployment
C. Systems testing
D. Code reviews
View answer
Correct Answer: A
Question #14
Which of the following is the MOST important reason why information security objectives should be defined?
A. Tool for measuring effectiveness
B. General understanding of goals
C. Consistency with applicable standards
D. Management sign-off and support initiatives
View answer
Correct Answer: B
Question #15
B. Which of the following should be determined FIRST when establishing a business continuity program?
A. Cost to rebuild information processing facilities Incremental daily cost of the unavailability of systems
C. Location and cost of offsite recovery facilities
D. Composition and mission of individual recovery teams
View answer
Correct Answer: C
Question #16
Which of the following mechanisms is the MOST secure way to implement a secure wireless network?
A. Filter media access control (MAC) addresses
B. Use a Wi-Fi Protected Access (WPA2) protocol
C. Use a Wired Equivalent Privacy (WEP) key
D. Web-based authentication
View answer
Correct Answer: A
Question #17
When an emergency security patch is received via electronic mail, the patch should FIRST be:
A. loaded onto an isolated test machine
B. decompiled to check for malicious code
C. validated to ensure its authenticity
D. copied onto write-once media to prevent tampering
View answer
Correct Answer: C
Question #18
Data owners will determine what access and authorizations users will have by:
A. delegating authority to data custodian
B. cloning existing user accounts
C. determining hierarchical preferences
D. mapping to business needs
View answer
Correct Answer: A
Question #19
Which of the following actions should be taken when an online trading company discovers a network attack in progress?
A. Shut off all network access points
B. Dump all event logs to removable media
C. Isolate the affected network segment
D. Enable trace logging on all event
View answer
Correct Answer: B
Question #20
Which of the following is MOST effective in protecting against the attack technique known as phishing?
A. Firewall blocking rules
B. Up-to-date signature files
C. Security awareness training
D. Intrusion detection monitoring
View answer
Correct Answer: D
Question #21
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A. System analyst
B. Quality control manager
C. Process owner
D. Information security manager
View answer
Correct Answer: A
Question #22
Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
A. Adequate security policies and procedures
B. Periodic compliance reviews
C. Security steering committees
D. Security awareness campaigns
View answer
Correct Answer: B
Question #23
Which of the following is the BEST method to securely transfer a message?
A. Password-protected removable media
B. Facsimile transmission in a secured room
C. Using public key infrastructure (PKI) encryption
D. Steganography
View answer
Correct Answer: C
Question #24
The MOST appropriate role for senior management in supporting information security is the:
A. evaluation of vendors offering security products
B. assessment of risks to the organization
C. approval of policy statements and funding
D. monitoring adherence to regulatory requirements
View answer
Correct Answer: C
Question #25
At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?
A. Erase data and software from devices
B. Conduct a meeting to evaluate the test
C. Complete an assessment of the hot site provider
D. Evaluate the results from all test scripts
View answer
Correct Answer: C
Question #26
The MAIN goal of an information security strategic plan is to:
A. develop a risk assessment plan
B. develop a data protection plan
C. protect information assets and resources
D. establish security governance
View answer
Correct Answer: C
Question #27
Which of the following is MOST important for a successful information security program? C.
A. Adequate training on emerging security technologies
B. Open communication with key process owners Adequate policies, standards and procedures
D. Executive management commitment
View answer
Correct Answer: A
Question #28
Nonrepudiation can BEST be ensured by using:
A. strong passwords
B. a digital hash
C. symmetric encryption
D. digital signatures
View answer
Correct Answer: D
Question #29
A test plan to validate the security controls of a new system should be developed during which phase of the project? C.
A. Testing
B. Initiation Design
D. Development
View answer
Correct Answer: B
Question #30
Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?
A. SWOT analysis
B. Waterfall chart Gap analysis
D. Balanced scorecard
View answer
Correct Answer: B
Question #31
An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?
A. Key performance indicators (KPIs)
B. Business impact analysis (BIA)
C. Gap analysis
D. Technical vulnerability assessment
View answer
Correct Answer: D
Question #32
In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?
A. Encryption
B. Digital certificate
C. Digital signature
D. I lashing algorithm
View answer
Correct Answer: C
Question #33
Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion? C.
A. Patch management
B. Change management
C. Security baselines
D. Acquisition management
View answer
Correct Answer: D
Question #34
What is an appropriate frequency for updating operating system (OS) patches on production servers?
A. During scheduled rollouts of new applications
B. According to a fixed security patch management schedule
C. Concurrently with quarterly hardware maintenance
C.
D. Whenever important security patches are released
View answer
Correct Answer: B
Question #35
When implementing security controls, an information security manager must PRIMARILY focus on:
A. minimizing operational impacts
B. eliminating all vulnerabilities
C. usage by similar organizations
D. certification from a third party
View answer
Correct Answer: D
Question #36
The PRIMARY objective of an Internet usage policy is to prevent:
B.
A. access to inappropriate sites
C. violation of copyright laws
D. disruption of Internet access
View answer
Correct Answer: B
Question #37
The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
A. firewalls
C. decoy files
D. screened subnets
View answer
Correct Answer: C
Question #38
Security awareness training is MOST likely to lead to which of the following? Decrease in intrusion incidents
B. Increase in reported incidents
C. Decrease in security policy changes
D. Increase in access rule violations
View answer
Correct Answer: B
Question #39
Priority should be given to which of the following to ensure effective implementation of information security governance?
A. Consultation
B. Negotiation
C. Facilitation
D. Planning
View answer
Correct Answer: D
Question #40
In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement: D.
A. a strong authentication
B. IP antispoofing filtering
C. network encryption protocol
E.
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: