DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISM Exam Success: Mock Tests & Study Resources, Certified Information Security Manager | SPOTO

Achieve CISM exam success with SPOTO's comprehensive mock tests and study resources. As a Certified Information Security Manager, you demonstrate advanced expertise in developing and managing enterprise information security programs. Our practice tests cover key exam topics such as information risk management, governance, incident management, and program development. Access free sample questions to assess your readiness and dive into our extensive exam dumps for a thorough review. With SPOTO's mock exams, simulate real exam scenarios and refine your exam-taking skills. Explore our curated exam materials, complete with detailed answers and explanations, to reinforce your understanding. Utilize our online exam simulator to practice exam questions, enhance your exam strategy, and prepare effectively for exam day.
Take other online exams

Question #1
An intrusion detection system (IDS) should:
A. run continuously
B. ignore anomalies
C. require a stable, rarely changed environment
D. be located on the network Real 280 Isaca CISM Exam
View answer
Correct Answer: C

View The Updated CISM Exam Questions

SPOTO Provides 100% Real CISM Exam Questions for You to Pass Your CISM Exam!

Question #2
Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
A. Ease of installation
B. Product documentation
C. Available support
D. System overhead
View answer
Correct Answer: A
Question #3
Attackers who exploit cross-site scripting vulnerabilities take advantage of:
A. a lack of proper input validation controls
B. weak authentication controls in the web application layer
C. flawed cryptographic secure sockets layer (SSL) implementations and short key lengths
D. implicit web application trust relationships
View answer
Correct Answer: A
Question #4
An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:
A. perform a comprehensive assessment of the organization's exposure to the hacker's techniques
B. initiate awareness training to counter social engineering
C. immediately advise senior management of the elevated risk
D. increase monitoring activities to provide early detection of intrusion
View answer
Correct Answer: D
Question #5
The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
A. ensure the provider is made liable for losses
B. recommend not renewing the contract upon expiration
C. recommend the immediate termination of the contract
D. determine the current level of security
View answer
Correct Answer: C
Question #6
To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?
A. Conducting a qualitative and quantitative risk analysis
B. Assigning value to the assets
C. Weighing the cost of implementing the plan vs
D. Conducting a business impact analysis (BIA)
View answer
Correct Answer: C
Question #7
What is the FIRST action an information security manager should take when a company laptop is reported stolen?
A. Evaluate the impact of the information loss B
C. Ensure compliance with reporting procedures
D. Disable the user account immediately
View answer
Correct Answer: B
Question #8
Security awareness training is MOST likely to lead to which of the following?
A. Decrease in intrusion incidents
B. Increase in reported incidents
C. Decrease in security policy changes
D. Increase in access rule violations
E.
View answer
Correct Answer: C
Question #9
If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
A. obtaining evidence as soon as possible
B. preserving the integrity of the evidence
C. disconnecting all IT equipment involved
D. reconstructing the sequence of events
View answer
Correct Answer: D
Question #10
When collecting evidence for forensic analysis, it is important to:
A. ensure the assignment of qualified personnel
B. request the IT department do an image copy
C. disconnect from the network and isolate the affected devices
D. ensure law enforcement personnel are present before the forensic analysis commences
View answer
Correct Answer: B
Question #11
When the computer incident response team (CIRT) finds clear evidence that a hacker has penetrated the corporate network and modified customer information, an information security manager should FIRST notify:
A. the information security steering committee
B. customers who may be impacted
C. data owners who may be impacted
D. regulatory- agencies overseeing privacy
View answer
Correct Answer: A
Question #12
Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?
A. Programming
B. Specification
C. User testing
D. Feasibility
View answer
Correct Answer: C
Question #13
Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
A. Patch management
B. Change management
C. Security metricsD
View answer
Correct Answer: B
Question #14
Real 262 Isaca CISM Exam An incident response policy must contain:
A. updated call trees
B. escalation criteria
C. press release templates
D. critical backup files inventory
View answer
Correct Answer: C
Question #15
The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:
A. periodically testing the incident response plans
B. regularly testing the intrusion detection system (IDS)
C. establishing mandatory training of all personnel
D. periodically reviewing incident response procedures
View answer
Correct Answer: D
Question #16
Isolation and containment measures lor a compromised computer have been taken and information security management is now investigating. What is the MOST appropriate next step?
A. Run a forensics tool on the machine to gather evidence
B. Reboot the machine to break remote connections
C. Make a copy of the whole system's memory
D. Document current connections and open Transmission Control Protocol/User Datagram Protocol (TCP/ I'DP) ports
View answer
Correct Answer: A
Question #17
Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?
A. Communicating specially drafted messages by an authorized person B
C. Referring the media to the authorities
D. Reporting the losses and recovery strategy to the media
View answer
Correct Answer: A
Question #18
Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender? D.
A. Biometric authentication
B. Embedded steganographic
C. Two-factor authenticationEmbedded digital signature
E.
View answer
Correct Answer: C
Question #19
Which of the following groups would be in the BEST position to perform a risk analysis for a business?
A. External auditors
B. A peer group within a similar businessC
D. A specialized management consultant
View answer
Correct Answer: B
Question #20
The effectiveness of virus detection software is MOST dependent on which of the following?
A. Packet filtering
B. Intrusion detection
C. Software upgradesD
D. Definition tables
View answer
Correct Answer: D
Question #21
In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:
A. original cost to acquire
B. cost of the software stored
C. annualized loss expectancy (ALE)
D. cost to obtain a replacement
View answer
Correct Answer: D
Question #22
Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?
A. Cost to build a redundant processing facility and invocation
B. Daily cost of losing critical systems and recovery time objectives (RTOs)
C. Infrastructure complexity and system sensitivity
D. Criticality results from the business impact analysis (BIA)
View answer
Correct Answer: C
Question #23
An extranet server should be placed:
A. outside the firewall
B. on the firewall server
C. on a screened subnet
D. on the external router
View answer
Correct Answer: C
Question #24
A. A company recently developed a breakthrough technology
B. Data classification policy
C. Encryption standards
D. Acceptable use policy
View answer
Correct Answer: D
Question #25
Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?
A. Intrusion detection system (IDS)
B. IP address packet filtering
C. Two-factor authentication
D. Embedded digital signature
View answer
Correct Answer: A
Question #26
When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?
A. Business continuity plan
B. Disaster recovery plan
C. Incident response plan
D. Vulnerability management plan
View answer
Correct Answer: D
Question #27
Real 271 Isaca CISM Exam Which of the following is MOST closely associated with a business continuity program?
A. Confirming that detailed technical recovery plans exist B
C. Updating the hot site equipment configuration every quarter
D. Developing recovery time objectives (RTOs) for critical functions
View answer
Correct Answer: B
Question #28
When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
A. Ensuring accessibility should a disaster occur
B. Versioning control as plans are modified
C. Broken hyperlinks to resources stored elsewhere D
View answer
Correct Answer: B
Question #29
Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
A. Patch management
B. Change management
C. Security baselines
D. Acquisition management
View answer
Correct Answer: A
Question #30
Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
A. Business impact analysis (BIA)
B. Risk assessment Real 287 Isaca CISM Exam
C. Vulnerability assessment
D. Business process mapping
View answer
Correct Answer: D
Question #31
When creating a forensic image of a hard drive, which of the following should be the FIRST step?
A. Identify a recognized forensics software tool to create the image
B. Establish a chain of custody log
C. Connect the hard drive to a write blocker
D. Generate a cryptographic hash of the hard drive contents
View answer
Correct Answer: B
Question #32
Risk acceptance is a component of which of the following?
A. Assessment
B. Mitigation
C. EvaluationD
View answer
Correct Answer: B
Question #33
An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
A. Unsure that critical data on the server are backed up
B. Shut down the compromised server
C. Initiate the incident response process
D. Shut down the network
View answer
Correct Answer: A
Question #34
A risk assessment should be conducted:
A. once a year for each business process and subprocess
B. every three to six months for critical business processes
C. by external parties to maintain objectivity
D. annually or whenever there is a significant change
View answer
Correct Answer: D
Question #35
The valuation of IT assets should be performed by:
A. an IT security manager
B. an independent security consultant
C. the chief financial officer (CFO)
D. the information owner
View answer
Correct Answer: C
Question #36
When a significant security breach occurs, what should be reported FIRST to senior management?
B.
A. A summary of the security logs that illustrates the sequence of events An explanation of the incident and corrective action taken
C. An analysis of the impact of similar attacks at other organizations
D. A business case for implementing stronger logical access controls
View answer
Correct Answer: C
Question #37
Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?
A. Setting up a backup site Real 295 Isaca CISM Exam
B. Maintaining redundant systems
C. Aligning with recovery time objectives (RTOs)
D. Data backup frequency
View answer
Correct Answer: B
Question #38
Which of the following application systems should have the shortest recovery time objective (RTO)?
A. Contractor payroll
B. Change management
C. E-commerce web site
D. Fixed asset system
View answer
Correct Answer: B
Question #39
What is the BEST method for mitigating against network denial of service (DoS) attacks? A. Ensure all servers are up-to-date on OS patches
B. Employ packet filtering to drop suspect packets
C. Implement network address translation to make internal addresses nonroutable
D. Implement load balancing for Internet facing devices
View answer
Correct Answer: D
Question #40
Real 293 Isaca CISM Exam The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:
A. regulatory' requirements
B. business requirements
C. financial value
D. IT resource availability
View answer
Correct Answer: B
Question #41
Which of the following would a security manager establish to determine the target for restoration of normal processing?
A. Recover time objective (RTO)
B. Maximum tolerable outage (MTO)
C. Recovery point objectives (RPOs)
D. Services delivery objectives (SDOs)
View answer
Correct Answer: A
Question #42
In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:
A. international standards
B. local regulations
C. generally accepted best practices
D. organizational security policies
View answer
Correct Answer: D
Question #43
An intranet server should generally be placed on the:
A. internal network
B. firewall server
D. primary domain controller
View answer
Correct Answer: C
Question #44
Which of the following results from the risk assessment process would BEST assist risk management decision making?
A. Control risk
B. Inherent risk
C. Risk exposure
D. Residual risk
View answer
Correct Answer: D
Question #45
Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?
A. Configuration of firewalls
B. Strength of encryption algorithms
C. Authentication within application
D. Safeguards over keys
View answer
Correct Answer: A
Question #46
Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
A. Detailed technical recovery plans are maintained offsite Real 267 Isaca CISM Exam
B. Network redundancy is maintained through separate providers
C. Hot site equipment needs are recertified on a regular basis D
View answer
Correct Answer: A
Question #47
Real 265 Isaca CISM Exam A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?
A. Quarantine all picture files stored on file servers
B. Block all e-mails containing picture file attachments
C. Quarantine all mail servers connected to the Internet
D. Block incoming Internet mail, but permit outgoing mail
View answer
Correct Answer: C
Question #48
Which of the following is MOST effective in protecting against the attack technique known as phishing?
A. Firewall blocking rules
B. Up-to-date signature files
C. Security awareness training
D. Intrusion detection monitoring
View answer
Correct Answer: B
Question #49
Which of (lie following would be the MOST relevant factor when defining the information classification policy? C.
A. Quantity of information
B. Available IT infrastructure Benchmarking
D. Requirements of data owners
View answer
Correct Answer: C
Question #50
When performing a risk assessment, the MOST important consideration is that:
A. management supports risk mitigation efforts
B. annual loss expectations (ALEs) have been calculated for critical assets
D. attack motives, means and opportunities be understood
View answer
Correct Answer: C
Question #51
A post-incident review should be conducted by an incident management team to determine: Real 263 Isaca CISM Exam
A. relevant electronic evidence
B. lessons learned
C. hacker's identity
D. areas affected
View answer
Correct Answer: B
Question #52
Which of the following has the highest priority when defining an emergency response plan? Real 290 Isaca CISM Exam
A. Critical data
B. Critical infrastructure
C. Safety of personnel
D. Vital records
View answer
Correct Answer: A
Question #53
Which of the following devices should be placed within a DMZ?
A. Proxy server
B. Application server
C. Departmental server
D. Data warehouse server
View answer
Correct Answer: A

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: