DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISM Dumps & Exam Questions 2024, Certified Information Security Manager | SPOTO

Enhance your CISM exam preparation with SPOTO's CISM Dumps & Exam Questions 2024. As a Certified Information Security Manager (CISM), you demonstrate advanced expertise in developing and managing enterprise information security programs. Access our comprehensive practice tests, including free test options, to delve into exam dumps and sample questions, reinforcing your understanding of key concepts. Engage in realistic mock exams to simulate the exam environment and refine your exam practice. Utilize our detailed exam materials and exam answers to further enhance your preparation. With SPOTO's exam preparation resources and advanced exam simulator, you'll be well-prepared to tackle the CISM exam confidently and succeed in your information security career.

Take other online exams

Question #1
Which of the following would be the MOST important goal of an information security governance program?
A. Review of internal control mechanisms
B. Effective involvement in business decision making
C. Total elimination of risk factors
D. Ensuring trust in data
View answer
Correct Answer: D

View The Updated CISM Exam Questions

SPOTO Provides 100% Real CISM Exam Questions for You to Pass Your CISM Exam!

Question #2
An incident response policy must contain: C.
A. updated call trees
B. escalation criteria
D. critical backup files inventory
View answer
Correct Answer: A
Question #3
Which of the following would BEST mitigate identified vulnerabilities in a timely manner?
A. Continuous vulnerability monitoring tool
B. Categorization of the vulnerabilities based on system’s criticality
C. Monitoring of key risk indicators (KRIs)
D. Action plan with responsibilities and deadlines
View answer
Correct Answer: C
Question #4
Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
B.
A. Tests are scheduled on weekends Network IP addresses are predefined
C. Equipment at the hot site is identical
D. Business management actively participates
View answer
Correct Answer: B
Question #5
Which of the following would BEST prepare an information security manager for regulatory reviews?
A. Assign an information security administrator as regulatory liaison
B. Perform self-assessments using regulatory guidelines and reports
C. Assess previous regulatory reports with process owners input
D. Ensure all regulatory inquiries are sanctioned by the legal department
View answer
Correct Answer: D
Question #6
An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
A. document and report the root cause of the incidents for senior management
B. identify security program gaps or systemic weaknesses that need correction
C. prepare properly vetted notifications regarding the incidents to external parties
D. identify who should be held accountable for the security incidents
View answer
Correct Answer: D
Question #7
What is the BEST way to ensure users comply with organizational security requirements for password complexity?
A. Include password construction requirements in the security standards
B. Require each user to acknowledge the password requirements
C. Implement strict penalties for user noncompliance
D. Enable system-enforced password configuration
View answer
Correct Answer: C
Question #8
Which of the following is the BEST indicator that security awareness training has been effective?
A. Employees sign to acknowledge the security policy
B. More incidents are being reported
C. A majority of employees have completed training
D. No incidents have been reported in three months
View answer
Correct Answer: D
Question #9
Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
View answer
Correct Answer: A
Question #10
Information security policies should:
A. address corporate network vulnerabilities
B. address the process for communicating a violation
C. be straightforward and easy to understand
D. be customized to specific groups and roles
View answer
Correct Answer: C
Question #11
When security policies are strictly enforced, the initial impact is that:
A. they may have to be modified more frequently
B. they will be less subject to challenge
C. the total cost of security is increased
D. the need for compliance reviews is decreased
View answer
Correct Answer: C
Question #12
The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
A. firewalls
B. bastion hosts
C. decoy files
D. screened subnets
View answer
Correct Answer: C
Question #13
Which of the following BEST ensures timely and reliable access to services?
A. Authenticity
B. Recovery time objective
C. Availability
D. Nonrepudiation
View answer
Correct Answer: A
Question #14
A post-incident review should be conducted by an incident management team to determine: D.
A. relevant electronic evidence
B. lessons learned
C. hacker's identity
E.
View answer
Correct Answer: C
Question #15
During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST help to prevent this occurrence?
A. Validation of senior management’s risk tolerance
B. Updates to the business impact analysis (BIA)
C. More effective disaster recovery plan (DRP) testing
D. Improvements to incident identification methods
View answer
Correct Answer: D
Question #16
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
A. Penetration attempts investigated
B. Violation log reports produced
C. Violation log entries
D. Frequency of corrective actions taken
View answer
Correct Answer: B
Question #17
Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
A. Adequate security policies and procedures
B. Periodic compliance reviews
C. Security steering committees
D. Security awareness campaigns
View answer
Correct Answer: A
Question #18
When training an incident response team, the advantage of using tabletop exercises is that they:
A. provide the team with practical experience in responding to incidents
B. ensure that the team can respond to any incident
C. remove the need to involve senior managers in the response process
D. enable the team to develop effective response interactions
View answer
Correct Answer: D
Question #19
Which of the following reduces the potential impact of social engineering attacks?
A. Compliance with regulatory requirements
B. Promoting ethical understanding
C. Security awareness programs
D. Effective performance incentives
View answer
Correct Answer: B
Question #20
What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement?
A. Perform a gap analysis
B. Complete a control assessment
C. Submit a business case to support compliance
D. Update the risk register
View answer
Correct Answer: D
Question #21
An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?
A. The costs associated with business process changes
B. Results of benchmarking against industry peers
C. The impact of organizational changes on the security risk profile
D. Security controls needed for risk mitigation
View answer
Correct Answer: C
Question #22
Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
A. Deleting database activity logs
B. Implementing database optimization tools
C. Monitoring database usage
D. Defining backup and recovery procedures
View answer
Correct Answer: D
Question #23
When segregation of duties concerns exists between IT support staff and end users, what would be a suitable compensating control?
A. Restricting physical access to computing equipment
B. Reviewing transaction and application logs
C. Performing background checks prior to hiring IT staff
D. Locking user sessions after a specified period of inactivity
View answer
Correct Answer: C
Question #24
When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:
A. give the business a measure of the organization’s overall readiness
B. provide participants with situations to ensure understanding of their roles
C. measure management engagement as part of an incident response team
D. challenge the incident response team to solve the problem under pressure
View answer
Correct Answer: D
Question #25
Security governance is MOST associated with which of the following IT infrastructure components?
A. Network
B. Application
C. Platform
D. Process
View answer
Correct Answer: A
Question #26
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A. System analyst
B. Quality control manager
C. Process owner
D. Information security manager
View answer
Correct Answer: D
Question #27
To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:
A. noncompliance issues are reported to senior management
B. information security management understands business performance issues
C. the security policy is changed to accommodate IT performance pressure
D. senior management provides guidance and dispute resolution
View answer
Correct Answer: D
Question #28
During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:
A. documents created during the incident
B. logs from systems involved
C. a consolidated event time line
D. interviews with personnel
View answer
Correct Answer: B
Question #29
Data owners are normally responsible for which of the following?
A. Applying emergency changes to application data
B. Administering security over database records
C. Migrating application code changes to production
D. Determining the level of application security required
View answer
Correct Answer: A
Question #30
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A. User management coordination does not exist
B. Specific user accountability cannot be established
C. Unauthorized users may have access to originate, modify or delete data
D. Audit recommendations may not be implemented
View answer
Correct Answer: B
Question #31
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A. Review the procedures for granting access
B. Establish procedures for granting emergency access
C. Meet with data owners to understand business needs
B.
D. Redefine and implement proper access rights
View answer
Correct Answer: A
Question #32
An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?
A. Conduct an evaluation of controls
B. Determine if the risk is within the risk appetite
C. Implement countermeasures to mitigate risk
D. Classify all identified risks
View answer
Correct Answer: C
Question #33
Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?
A. The business need for the function
B. The cost of the services
C. The vendor’s reputation in the industry
D. The ability to meet deliverables
View answer
Correct Answer: B
Question #34
The BEST approach in managing a security incident involving a successful penetration should be to:
A. allow business processes to continue during the response
B. allow the security team to assess the attack profile
C. permit the incident to continue to trace the source
D. examine the incident response process for deficiencies
View answer
Correct Answer: C
Question #35
Which of the following will protect the confidentiality of data transmitted over the Internet?
A. Message digests
B. Network address translation
C. Encrypting file system
D. IPsec protocol
View answer
Correct Answer: C
Question #36
Which of the following tasks should be performed once a disaster recovery plan has been developed?
A. Analyze the business impact
B. Define response team roles
C. Develop the test plan
D. Identify recovery time objectives
View answer
Correct Answer: A
Question #37
The BEST time to perform a penetration test is after:
A. an attempted penetration has occurred
B. an audit has reported weaknesses in security controls
C. various infrastructure changes are made
D. a high turnover in systems staff
View answer
Correct Answer: A
Question #38
Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?
A. A hot site facility will be shared in multiple disaster declarations
B. All equipment is provided "at time of disaster, not on floor"
C. The facility is subject to a "first-come, first-served" policy
D. Equipment may be substituted with equivalent model
View answer
Correct Answer: D
Question #39
Which of the following presents the GREATEST exposure to internal attack on a network?
A. User passwords are not automatically expired
B. All network traffic goes through a single switch
C. User passwords are encoded but not encrypted
D. All users reside on a single internal subnet
View answer
Correct Answer: D
Question #40
Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
A. Chief security officer (CSO)
B. Chief operating officer (COO)
C. Chief privacy officer (CPO)
D. Chief legal counsel (CLC)
View answer
Correct Answer: A
Question #41
03.Who is accountable for ensuring that information is categorized and that specific protective measures are taken?
A. he security officer
B. enior management
C. he end user
D. he custodian
View answer
Correct Answer: b
Question #42
B. In business-critical applications, user access should be approved by the:
A. information security manager
C. data custodian
D. business management
View answer
Correct Answer: C
Question #43
Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?
A. Internal audit signs off on security prior to implementation
B. Information security staff perform compliance reviews before production begins
C. Information security staff take responsibility for the design of system security
D. Business requirements must include security objectives
View answer
Correct Answer: B
Question #44
An information security manager learns that a departmental system is out of compliance with the information security policy’s password strength requirements. Which of the following should be the information security manager’s FIRST course of action?
A. Submit the issue to the steering committee for escalation
B. Conduct an impact analysis to quantify the associated risk
C. Isolate the non-compliant system from the rest of the network
D. Request risk acceptance from senior management
View answer
Correct Answer: A
Question #45
06.To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices.Which of the following BEST facilitates the correlation and review of these logs?
A. atabase server
B. omain name server
C. ime server
D. roxy server
View answer
Correct Answer: c
Question #46
09.Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
A. virtual private network (VPN) with multi-factor authentication
B. security information and event management (SIEM) system
C. n identity and access management (IAM) system
D. n intrusion prevention system (IPS)
View answer
Correct Answer: b
Question #47
02.In the Bell-LaPadula model, if a person has a clearance for one level, what level or levels can they access, and what additional requirements do they face?
A. hey can access only the specified level and must have a background check
B. hey can access the specified level and above and face no further requirements
C. hey can access the specified level and below and must have a need to know
D. hey can access every level, and they face no other requirements
View answer
Correct Answer: c
Question #48
Which of the following is MOST difficult to achieve in a public cloud-computing environment?
A. Cost reduction
B. Pay per use
C. On-demand provisioning
D. Ability to audit
View answer
Correct Answer: D
Question #49
An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?
A. Key customers
B. Executive management
C. System administrator
D. The business owner
View answer
Correct Answer: B
Question #50
Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:
A. perform a cost-benefit analysis
B. review firewall configuration
C. review the security policy
D. perform a risk assessment
View answer
Correct Answer: C
Question #51
The BEST way to facilitate the reporting and escalation of potential security incidents to appropriate stakeholders is to define incident classifications based on the:
A. technique used to launch the attack
B. vulnerability exploited by the attack
C. verified source and industry rating of the incident
D. severity and impact of the incident
View answer
Correct Answer: B
Question #52
The MOST important reason to use a centralized mechanism to identify information security incidents is to:
A. detect potential fraud
B. prevent unauthorized changes to networks
C. comply with corporate policies
D. detect threats across environments
View answer
Correct Answer: D
Question #53
05.Which of the following is the BEST way to detect an intruder who successfully penetrates a network before significant damage is inflicted?
A. erform periodic penetration testing
B. stablish minimum security baselines
C. mplement vendor default settings
D. nstall a honeypot on the network
View answer
Correct Answer: d
Question #54
Which of the following would BEST help to identify vulnerabilities introduced by changes to an organization’s technical infrastructure?
A. An intrusion detection system
B. Established security baselines
C. Penetration testing
D. Log aggregation and correlation
View answer
Correct Answer: D
Question #55
After detecting an advanced persistent threat (APT), which of the following should be the information security manager’s FIRST step?
A. Notify management
B. Contain the threat
C. Remove the threat
D. Perform root-cause analysis
View answer
Correct Answer: C

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: