DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISM Exam Questions 2024 Updated: Get Ready for Exams, Certified Information Security Manager | SPOTO

Prepare yourself for success in the CISM exam with SPOTO's updated 2024 exam questions. Our comprehensive practice tests cover all exam domains, including information risk management, governance, incident management, and program development and management. Access free sample questions to assess your knowledge and dive into our extensive exam dumps for a thorough review. With SPOTO's mock exams, simulate real exam scenarios and refine your exam-taking skills. Explore our curated exam materials, complete with detailed answers and explanations, to strengthen your understanding of key concepts. Whether you're practicing exam questions, reviewing sample scenarios, or honing your exam strategy, SPOTO's online exam simulator is your ultimate tool for effective CISM exam preparation.
Take other online exams

Question #1
What task should be performed once a security incident has been verified?
A. Identify the incident
B. Contain the incident
C. Determine the root cause of the incident
D. Perform a vulnerability assessment
View answer
Correct Answer: B

View The Updated CISM Exam Questions

SPOTO Provides 100% Real CISM Exam Questions for You to Pass Your CISM Exam!

Question #2
Which of the following recovery strategies has the GREATEST chance of failure?
A. Hot site
B. Redundant site
C. Reciprocal arrangement
D. Cold site
View answer
Correct Answer: C
Question #3
An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?
A. Right to audit
B. Nondisclosure agreement
C. Proper firewall implementation
D. Dedicated security manager for monitoring compliance
View answer
Correct Answer: A
Question #4
An organization has implemented an enterprise resource planning (ERP) system used by 500 employees from various departments. Which of the following access control approaches is MOST appropriate?
A. Rule-based
B. Mandatory
C. Discretionary
D. Role-based
View answer
Correct Answer: D
Question #5
An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to:
A. assess the security policy of the competitor
B. assess the key technical controls of the competitor
C. conduct a penetration test of the competitor
D. perform a security gap analysis on the competitor
View answer
Correct Answer: A
Question #6
When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:
A. this is a requirement of the security policy
B. software licenses may expire in the future without warning
C. the asset inventory must be maintained
D. service level agreements may not otherwise be met
View answer
Correct Answer: D
Question #7
When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:
A. access control matrix
B. encryption strength
C. authentication mechanism
D. data repository
View answer
Correct Answer: A
Question #8
Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?
A. The information security program manages risk within the business's risk tolerance
B. The information security team is able to provide key performance indicators (KPIs) to senior management
C. Business senior management supports the information security policies
D. Information security initiatives are directly correlated to business processes
View answer
Correct Answer: D
Question #9
Which of the following is the BEST type of access control for an organization with employees who move between departments?
A. Mandatory
B. Role-based
C. Identity
D. Discretionary
View answer
Correct Answer: C
Question #10
Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
A. Tabletop exercises
B. Forensics certification
C. Penetration tests
D. Disaster recovery drills
View answer
Correct Answer: A
Question #11
Which of the following are the MOST important individuals to include as members of an information security steering committee?
A. Direct reports to the chief information officer
B. IT management and key business process owners
C. Cross-section of end users and IT professionals
D. Internal audit and corporate legal departments
View answer
Correct Answer: B
Question #12
Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A. are compatible with the provider's own classification
B. are communicated to the provider
C. exceed those of the outsourcer
D. are stated in the contract
View answer
Correct Answer: D
Question #13
A desktop computer that was involved in a computer security incident should be secured as evidence by:
A. disconnecting the computer from all power sources
B. disabling all local user accounts except for one administrator
C. encrypting local files and uploading exact copies to a secure server
D. copying all files using the operating system (OS) to write-once media
View answer
Correct Answer: A
Question #14
Which of the following are the MOST important criteria when selecting virus protection software?
A. Product market share and annualized cost
B. Ability to interface with intrusion detection system (IDS) software and firewalls
C. Alert notifications and impact assessments for new viruses
D. Ease of maintenance and frequency of updates
View answer
Correct Answer: D
Question #15
Which of the following is the MOST beneficial outcome of testing an incident response plan?
A. Test plan results are documented
B. The plan is enhanced to reflect the findings of the test
C. Incident response time is improved
D. The response includes escalation to senior management
View answer
Correct Answer: C
Question #16
Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?
A. Preparedness tests
B. Paper tests
C. Full operational tests
D. Actual service disruption
View answer
Correct Answer: A
Question #17
An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resource to support clients. The BEST approach to obtain the support of business unit management would be to:
A. present an analysis of the cost and benefit of the changes
B. discuss the risk and impact of security incidents if not implemented
C. present industry benchmarking results to business units
D. elaborate on the positive impact to information security
View answer
Correct Answer: B
Question #18
Which of the following situations would be the MOST concern to a security manager?
A. Audit logs are not enabled on a production server
B. The logon ID for a terminated systems analyst still exists on the system
C. The help desk has received numerous results of users receiving phishing e-mails
D. A Trojan was found to be installed on a system administrator's laptop
View answer
Correct Answer: D
Question #19
Presenting which of the following to senior management will be MOST helpful in securing ongoing support for the information security strategy?
A. Historical security incidents
B. Return on security investment
C. Completed business impact analyses (BIAs)
D. Current vulnerability metrics
View answer
Correct Answer: B
Question #20
Which of the following is the BEST indication that an information security control is no longer relevant?
A. Users regularly bypass or ignore the control
B. The control does not support a specific business function
C. IT management does not support the control
D. Following the control costs the business more than not following it
View answer
Correct Answer: B
Question #21
Which of the following is the MOST important outcome of a well-implemented awareness program?
A. The board is held accountable for risk management
B. The number of reported security incidents steadily decreases
C. The number of successful social engineering attacks is reduced
D. Help desk response time to resolve incidents is improved
View answer
Correct Answer: B
Question #22
Which of the following is the MOST effective, positive method to promote security awareness?
A. Competitions and rewards for compliance
B. Lock-out after three incorrect password attempts
C. Strict enforcement of password formats
D. Disciplinary action for noncompliance
View answer
Correct Answer: A
Question #23
A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?
A. Run a port scan on the system
B. Disable the logon ID
C. Investigate the system logs
D. Validate the incident
View answer
Correct Answer: D
Question #24
A recent audit has identified that security controls by the organization’s policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?
A. Discuss the issue with the data owners to determine the reason for the exception
B. Discuss the issue with data custodians to determine the reason for the exception
C. Report the issue to senior management and request funding to fix the issue
D. Deny access to the application until the issue is resolved
View answer
Correct Answer: A
Question #25
To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
A. Database server
B. Domain name server (DNS)
C. Time server
D. Proxy server
View answer
Correct Answer: C
Question #26
An application system stores customer confidential data and encryption is not practical. The BEST measure to protect against data disclosure is:
A. regular review of access logs
B. single sign-on
C. nondisclosure agreements (NDA)
D. multi-factor access controls
View answer
Correct Answer: D
Question #27
When an information security manager presents an information security program status report to senior management, the MAIN focus should be:
A. critical risks indicators
B. key controls evaluation
C. key performance indicators (KPIs)
D. net present value (NPV)
View answer
Correct Answer: C
Question #28
Which of the following provides the BEST indication of strategic alignment between an organization’s information security program and business objectives?
A. A business impact analysis (BIA)
B. Security audit reports
C. A balanced scorecard
D. Key risk indicators (KRIs)
View answer
Correct Answer: C
Question #29
Which of the following statements indicates that a previously failing security program is becoming successful?
A. The number of threats has been reduced
B. More employees and stakeholders are attending security awareness programs
C. The number of vulnerability false positives is decreasing
D. Management's attention and budget are now focused on risk reduction
View answer
Correct Answer: A
Question #30
What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?
A. Establish and measure key performance indicators (KPIs)
B. Communicate incident response procedures to staff
C. Test incident response procedures regularly
D. Obtain senior management commitment
View answer
Correct Answer: C
Question #31
What is the MOST important factor for determining prioritization of incident response?
A. Service level agreements (SLAs) pertaining to the impacted systems
B. The potential impact to the business
C. The time to restore the impacted systems
D. The availability of specialized technical staff
View answer
Correct Answer: B
Question #32
A security team is conducting its annual disaster recovery test. Post-restoration testing shows the system response time is significantly slower due to insufficient bandwidth for Internet connectivity at the recovery center. Which of the following is the security manager's BEST course of action?
A. Halt the test until the network bandwidth is increased
B. Reduce the number of applications marked as critical
C. Document the deficiency for review by business leadership
D. Pursue risk acceptance for the slower response time
View answer
Correct Answer: C
Question #33
Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?
A. Storage as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Infrastructure as a Service (IaaS)
View answer
Correct Answer: D
Question #34
An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?
A. Communicate social media usage requirements and monitor compliance
B. Block workplace access to social media sites and monitor employee usage
C. Train employees how to set up privacy rules on social media sites
D. Scan social media sites for company-related information
View answer
Correct Answer: A
Question #35
Which of the following is the BEST indicator that an effective security control is built into an organization?
A. The monthly service level statistics indicate a minimal impact from security issues
B. The cost of implementing a security control is less than the value of the assets
C. The percentage of systems that is compliant with security standards
D. The audit reports do not reflect any significant findings on security
View answer
Correct Answer: A
Question #36
The BEST way to establish a security baseline is by documenting:
A. the organization’s preferred security level
B. a framework of operational standards
C. the desired range of security settings
D. a standard of acceptable settings
View answer
Correct Answer: B
Question #37
Inadvertent disclosure of internal business information on social media is BEST minimized by which of the following?
A. Developing social media guidelines
B. Educating users on social media risks
C. Limiting access to social media sites
D. Implementing data loss prevention (DLP) solutions
View answer
Correct Answer: B
Question #38
Reviewing which of the following would provide the GREATEST input to the asset classification process?
A. Risk assessment
B. Replacement cost of the asset
C. Sensitivity of the data
D. Compliance requirements
View answer
Correct Answer: C
Question #39
Which of the following activities is used to determine the effect of a disruptive event?
A. Maximum tolerable downtime assessment
B. Recovery time objective (RTO) analysis
C. Business impact analysis (BIA)
D. Incident impact analysis
View answer
Correct Answer: D
Question #40
Which of the following is the BEST mechanism to prevent data loss in the event personal computing equipment is stolen or lost?
A. Data encryption
B. Remote access to device
C. Data leakage prevention (DLP)
D. Personal firewall
View answer
Correct Answer: A
Question #41
In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?
A. Optimized
B. Managed
C. Defined
D. Repeatable
View answer
Correct Answer: B
Question #42
Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
A. Confirm the incident
B. Determine impact
C. Notify affected stakeholders
D. Isolate the incident
View answer
Correct Answer: A
Question #43
Which of the following metrics would provide management with the MOST useful information about the effectiveness of a security awareness program?
A. Increased number of downloads of the organization's security policy
B. Decreased number of security incidents
C. Increased number of reported security incidents
D. Decreased number of phishing attacks
View answer
Correct Answer: B
Question #44
Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?
A. Regular risk reporting
B. Risk monitoring processes
C. Change control procedures
D. Incident monitoring activities
View answer
Correct Answer: D
Question #45
Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?
A. Include security tasks into employee job descriptions
B. Include membership on project teams
C. Provide job rotation into the security organization
D. Increase security awareness training
View answer
Correct Answer: D
Question #46
The PRIMARY purpose of asset valuation for the management of information security is to:
A. prioritize risk management activities
B. eliminate the least significant assets
C. provide a basis for asset classification
D. determine the value of each asset
View answer
Correct Answer: D
Question #47
Which of the following is the PRIMARY role of a data custodian?
A. Validating information
B. Processing information
C. Classifying information
D. Securing information
View answer
Correct Answer: D
Question #48
Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration test?
A. To prevent exploitation by malicious parties
B. To aid in the success of the penetration
C. To evaluate detection and response capabilities
D. To reduce the scope and duration of the test
View answer
Correct Answer: C
Question #49
Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
A. Detailed technical recovery plans are maintained offsite
B. Network redundancy is maintained through separate providers
C. Hot site equipment needs are recertified on a regular basis
D. Appropriate declaration criteria have been established
View answer
Correct Answer: A
Question #50
Which of the following BEST enables an information security manager to communicate the capability of security program functions?
A. Security architecture diagrams
B. Security maturity assessments
C. Vulnerability scan results
D. Key risk indicators (KRIs)
View answer
Correct Answer: D
Question #51
Which of the following is the MOST appropriate party to approve an information security strategy?
A. Executive leadership team
B. Chief information officer
C. Information security management committee
D. Chief information security officer
View answer
Correct Answer: A
Question #52
Senior management is concerned a security solution may not adequately protect its multiple global data centers following recent industry breaches. What should be done NEXT?
A. Perform a gap analysis
B. Conduct a business impact analysis (BIA)
C. Perform a risk assessment
D. Require an internal audit review
View answer
Correct Answer: A
Question #53
The decision to escalate an incident should be based PRIMARILY on:
A. organizational hierarchy
B. prioritization by the information security manager
C. predefined policies and procedures
D. response team experience
View answer
Correct Answer: C
Question #54
The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:
A. is not collecting logs from relevant devices
B. has not been updated with the latest patches
C. is hosted by a cloud service provider
D. has performance issues
View answer
Correct Answer: A
Question #55
Which of the following is the MOST important influence to the continued success of an organization's information security strategy?
A. Information systems
B. Policy development
C. Security processes
D. Organizational culture
View answer
Correct Answer: D
Question #56
While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?
A. The test addresses the critical components
B. The test simulates actual prime-time processing conditions
C. The test is scheduled to reduce operational impact
D. The test involves IT members in the test process
View answer
Correct Answer: B
Question #57
Following a successful and well-publicized hacking incident, an organization has plans to improve application security. Which of the following is a security project risk?
A. Critical evidence may be lost
B. The reputation of the organization may be damaged
C. A trapdoor may have been installed in the application
D. Resources may not be available to support the implementation
View answer
Correct Answer: D
Question #58
Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:
A. service level agreements (SLAs)
B. acceptance of the organization’s security policies
C. contractual agreements
D. audit guidelines
View answer
Correct Answer: A
Question #59
The MAIN consideration when designing an incident escalation plan should be ensuring that:
A. appropriate stakeholders are involved
B. information assets are classified
C. requirements cover forensic analysis
D. high-impact risks have been identified
View answer
Correct Answer: A
Question #60
When preparing a strategy for protection from SQL injection attacks, it is MOST important for the information security manager to involve:
A. senior management
B. the security operations center
C. business owners
D. application developers
View answer
Correct Answer: A
Question #61
Which of the following helps to ensure that the appropriate resources are applied in a timely manner after an incident has occurred?
A. Initiate an incident management log
B. Define incident response teams
C. Broadcast an emergency message
D. Classify the incident
View answer
Correct Answer: B
Question #62
The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:
A. results of exit interviews
B. previous training sessions
C. examples of help desk requests
D. responses to security questionnaires
View answer
Correct Answer: C
Question #63
Which of the following is the MOST effective way to detect security incidents?
A. Analyze penetration test results
B. Analyze recent security risk assessments
C. Analyze vulnerability assessments
D. Analyze security anomalies
View answer
Correct Answer: D
Question #64
Which of the following is MOST likely to increase end user security awareness in an organization?
A. Simulated phishing attacks
B. Security objectives included in job descriptions
C. Red team penetration testing
D. A dedicated channel for reporting suspicious emails
View answer
Correct Answer: B
Question #65
When granting a vendor remote access to a system, which of the following is the MOST important consideration?
A. Session monitoring
B. Hard drive encryption
C. Multi-factor authentication
D. Password hashing
View answer
Correct Answer: A
Question #66
Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?
A. To allow for reactive initiatives
B. To update the roadmap according to current risks
C. To allocate resources for initiatives
D. To facilitate business plan reporting to management
View answer
Correct Answer: A
Question #67
For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?
A. Multiple failed login attempts on an employee’s workstation
B. Suspicious network traffic originating from the demilitarized zone (DMZ)
C. Several port scans of the web server
D. Anti-malware alerts on several employees’ workstations
View answer
Correct Answer: B
Question #68
Which of the following is the PRIMARY objective of incident classification?
A. Complying with regulatory requirements
B. Increasing response efficiency
C. Enabling incident reporting
D. Reducing escalations to management
View answer
Correct Answer: B
Question #69
Which of the following is MOST critical when creating an incident response plan?
A. Identifying what constitutes an incident
B. Identifying vulnerable data assets
C. Aligning with the risk assessment process
D. Documenting incident notification and escalation processes
View answer
Correct Answer: D
Question #70
Following a malicious security incident, an organization has decided to prosecute those responsible. Which of the following will BEST facilitate the forensic investigation?
A. Performing a backup of affected systems
B. Identifying the affected environment
C. Maintaining chain of custody
D. Determining the degree of loss
View answer
Correct Answer: C
Question #71
Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?
A. Identification of threats and vulnerabilities
B. Prioritization of action plans
C. Validation of current capabilities
D. Benchmarking against industry peers
View answer
Correct Answer: C
Question #72
Which of the following will BEST facilitate the understanding of information security responsibilities by users across the organization?
A. Conducting security awareness training with performance incentives
B. Communicating security responsibilities as an acceptable usage policy
C. Warning users that disciplinary action will be taken for violations
D. Incorporating information security into the organization's code of conduct
View answer
Correct Answer: A
Question #73
What is the BEST way to alleviate security team understaffing while retaining the capability in-house?
A. Hire a contractor that would not be included in the permanent headcount
B. Outsource with a security services provider while retaining the control internally
C. Establish a virtual security team from competent employees across the company
D. Provide cross training to minimize the existing resources gap
View answer
Correct Answer: C
Question #74
Which of the following is MOST effective against system intrusions?
A. Two-factor authentication
B. Continuous monitoring
C. Layered protection
D. Penetration testing
View answer
Correct Answer: C
Question #75
Which of the following would BEST enable effective decision-making?
A. A consistent process to analyze new and historical information risk
B. Annualized loss estimates determined from past security events
C. Formalized acceptance of risk analysis by business management
D. A universally applied list of generic threats, impacts, and vulnerabilities
View answer
Correct Answer: A
Question #76
Which of the following factors are the MAIN reasons why large networks are vulnerable?
A. Hacking and malicious software
B. Connectivity and complexity
C. Network operating systems and protocols
D. Inadequate training and user errors
View answer
Correct Answer: B
Question #77
When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure that the:
A. server is backed up to the network
B. server is unplugged from power
C. integrity of evidence is preserved
D. forensic investigation software is loaded on the server
View answer
Correct Answer: C
Question #78
An organization experienced a data breach and followed its incident response plan. Later it was discovered that the plan was incomplete, omitting a requirement to report the incident to the relevant authorities. In addition to establishing an updated incident response plan, which of the following would be MOST helpful in preventing a similar occurrence?
A. Attached reporting forms as an addendum to the incident response plan
B. Management approval of the incident reporting process
C. Ongoing evaluation of the incident response plan
D. Assignment of responsibility for communications
View answer
Correct Answer: D
Question #79
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
A. Disable remote access
B. Initiate a device reset
C. Initiate incident response
D. Conduct a risk assessment
View answer
Correct Answer: D
Question #80
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
A. Reporting capabilities
B. The contract with the SIEM vendor
C. Controls to be monitored
D. Available technical support
View answer
Correct Answer: C
Question #81
An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
A. Obtain documentation of the encryption management practices
B. Verify the provider follows a cloud service framework standard
C. Ensure an audit of the provider is conducted to identify control gaps
D. Review the provider's information security policies and procedures
View answer
Correct Answer: B
Question #82
Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
A. Average time to resolve an incident
B. Total number of reported incidents
C. Total number of incident responses
D. Average time to respond to an incident
View answer
Correct Answer: A
Question #83
From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often related to:
A. website transactions and taxation
B. lack of competition and free trade
C. encryption tools and personal data
D. software patches and corporate data
View answer
Correct Answer: C
Question #84
Which of the following is the FIRST step required to achieve effective performance measurement?
A. Select and place sensors
B. Implement control objectives
C. Validate and calibrate metrics
D. Define meaningful metrics
View answer
Correct Answer: D
Question #85
Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?
A. Providing annual awareness training regarding incident response for team members
B. Defining incident severity levels during a business impact analysis (BIA)
C. Validating the incident response plan against industry best practices
D. Rehearsing incident response procedures, roles, and responsibilities
View answer
Correct Answer: D

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: