DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Best CISM Practice Questions and Exam Preparation Resources, Certified Information Security Manager | SPOTO

SPOTO presents the ultimate resource for CISM certification preparation with our Best CISM Practice Exams and Real Exam Simulations. Dive into our extensive collection of practice tests, including free test options, designed to hone your skills and boost confidence. Access exam dumps, sample questions, and detailed exam materials to reinforce your understanding of key concepts. Our mock exams offer a realistic exam experience, while comprehensive exam answers and questions ensure thorough preparation. Utilize our advanced exam simulator to simulate the exam environment and enhance your exam practice. With SPOTO, conquer the CISM exam with ease and precision!
Take other online exams

Question #1
Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?
A. Certificate-based authentication of web client
B. Certificate-based authentication of web server
C. Data confidentiality between client and web server
D. Multiple encryption algorithms
View answer
Correct Answer: B
Question #2
Security audit reviews should PRIMARILY:
A. ensure that controls operate as require
B. ensure that controls are cost-effectiv
C. focus on preventive control
D. ensure controls are technologically curren
View answer
Correct Answer: D
Question #3
Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
A. More uniformity in quality of service
B. Better adherence to policies
C. Better alignment to business unit needs
D. More savings in total operating costs
View answer
Correct Answer: B
Question #4
Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?
A. Applying patches
B. Changing access rules
C. Upgrading hardware
D. Backing up files
View answer
Correct Answer: D
Question #5
The security responsibility of data custodians in an organization will include:
A. assuming overall protection of information asset
B. determining data classification level
C. implementing security controls in products they instal
D. ensuring security measures are consistent with polic
View answer
Correct Answer: C
Question #6
The MOST important function of a risk management program is to:
A. quantify overall ris
B. minimize residual ris
C. eliminate inherent ris
D. maximize the sum of all annualized loss expectancies (ALEs)
View answer
Correct Answer: C
Question #7
The cost of implementing a security control should not exceed the:
A. annualized loss expectanc
B. cost of an inciden
C. asset valu
D. implementation opportunity cost
View answer
Correct Answer: D
Question #8
After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:
A. transferre
B. treate
C. accepte
D. terminate
View answer
Correct Answer: B
Question #9
Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?
A. Never use open source tools
B. Focus only on production servers
C. Follow a linear process for attacks
D. Do not interrupt production processes
View answer
Correct Answer: D
Question #10
Topic 5Which of the following is the MOST important reason to document information security incidents that are reported across theorganization?
A. Identify unmitigated risk
B. Prevent incident recurrence
C. Evaluate the security posture of the organization
D. Support business investments in security
View answer
Correct Answer: B
Question #11
The value of information assets is BEST determined by:
A. individual business manager
B. business systems analyst
C. information security managemen
D. industry averages benchmarkin
View answer
Correct Answer: B
Question #12
Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?
A. Business impact analysis (BIA)
B. Penetration testing
C. Audit and review
D. Threat analysis
View answer
Correct Answer: B
Question #13
Topic 5A measure of the effectiveness of the incident response capabilities of an organization is the:
A. time to closure of incidents
B. number of employees receiving incident response training
C. reduction of the annual loss expectancy (ALE)
D. number of incidents detected
View answer
Correct Answer: C
Question #14
A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
A. it simulates the real-1ife situation of an external security attac
B. human intervention is not required for this type of tes
C. less time is spent on reconnaissance and information gatherin
D. critical infrastructure information is not revealed to the teste
View answer
Correct Answer: C
Question #15
The configuration management plan should PRIMARILY be based upon input from:
A. business process owner
B. the information security manage
C. the security steering committe
D. IT senior managemen
View answer
Correct Answer: C
Question #16
The criticality and sensitivity of information assets is determined on the basis of:
A. threat assessmen
B. vulnerability assessmen
C. resource dependency assessmen
D. impact assessmen
View answer
Correct Answer: B
Question #17
Information security should be:
A. focused on eliminating all risk
B. a balance between technical and business requirement
C. driven by regulatory requirement
D. defined by the board of director
View answer
Correct Answer: B
Question #18
On a company's e-commerce web site, a good legal statement regarding data privacy should include:
A. a statement regarding what the company will do with the information it collect
B. a disclaimer regarding the accuracy of information on its web sit
C. technical information regarding how information is protecte
D. a statement regarding where the information is being hoste
View answer
Correct Answer: C
Question #19
Topic 5Which of the following is MOST important to ensuring that incident management plans are executed effectively?
A. An incident response maturity assessment has been conducted
B. A reputable managed security services provider has been engaged
C. The incident response team has the appropriate training
D. Management support and approval has been obtained
View answer
Correct Answer: A
Question #20
Topic 5Which of the following should be determined FIRST when establishing a business continuity program?
A. Cost to rebuild information processing facilities
B. Incremental daily cost of the unavailability of systems
C. Location and cost of offsite recovery facilities
D. Composition and mission of individual recovery teams
View answer
Correct Answer: B
Question #21
To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
A. end user
B. legal counse
C. operational unit
D. audit managemen
View answer
Correct Answer: A
Question #22
The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
A. return on investment (RO
B. a vulnerability assessmen
C. annual loss expectancy (ALE)
D. a business cas
View answer
Correct Answer: C
Question #23
Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
A. polic
B. strateg
C. guideline
D. baselin
View answer
Correct Answer: D
Question #24
Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?
A. Batch patches into frequent server updates
B. Initially load the patches on a test machine
C. Set up servers to automatically download patches
D. Automatically push all patches to the servers
View answer
Correct Answer: A
Question #25
To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
A. set their accounts to expire in six months or les
B. avoid granting system administration role
C. ensure they successfully pass background check
D. ensure their access is approved by the data owne
View answer
Correct Answer: D
Question #26
The BEST way to ensure that an external service provider complies with organizational security policies is to:
A. Explicitly include the service provider in the security policie
B. Receive acknowledgment in writing stating the provider has read all policie
C. Cross-reference to policies in the service level agreement
D. Perform periodic reviews of the service provide
View answer
Correct Answer: D
Question #27
Topic 5Which of the following should be an information security managers MOST important criterion for determining when to reviewthe incident response plan?
A. When missing information impacts recovery from an incident
B. At intervals indicated by industry best practice
C. Before an internal audit of the incident response process
D. When recovery time objectives (RTOs) are not met
View answer
Correct Answer: B
Question #28
An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:
A. references from other organization
B. past experience of the engagement tea
C. sample deliverabl
D. methodology used in the assessmen
View answer
Correct Answer: C
Question #29
Topic 5The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is thatthe system:
A. is not collecting logs from relevant devices
B. has not been updated with the latest patches
C. is hosted by a cloud service provider
D. has performance issues
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: