DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Comprehensive CISM Practice Tests and Exam Resources, Certified Information Security Manager | SPOTO

Prepare comprehensively for the Certified Information Security Manager (CISM) certification exam with SPOTO's comprehensive test questions and answers. Our practice tests cover a wide range of exam topics, including information risk management, governance, incident management, and program development. Access free sample questions to evaluate your knowledge, explore exam dumps for in-depth understanding, and take mock exams to simulate real testing scenarios. Utilize our curated exam materials with detailed answers and explanations to reinforce your learning. With SPOTO's online exam simulator, practice exam questions, refine your exam strategy, and prepare effectively for the CISM exam. Whether you're practicing exam questions, reviewing sample scenarios, or honing your exam strategy, SPOTO's comprehensive CISM exam test questions and answers will help you succeed.
Take other online exams
Question #1
The effectiveness of virus detection software is MOST dependent on which of the following?
A. Packet filtering
B. Intrusion detection
C. Software upgrades
D. D
View answer
Correct Answer: C
Question #2
A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?
A. Prevent the system from being accessed remotely
B. Create a strong random password
C. Ask for a vendor patch
D. Track usage of the account by audit trails
View answer
Correct Answer: D
Question #3
Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:
A. map the major threats to business objectives
B. review available sources of risk information
C. identify the value of the critical assets
D. determine the financial impact if threats materialize
View answer
Correct Answer: A
Question #4
Which of the following steps should be performed FIRST in the risk assessment process?
A. Staff interviews B
C. Asset identification and valuation
D. Determination of the likelihood of identified risks
View answer
Correct Answer: D
Question #5
Which of the following is responsible for legal and regulatory liability?
A. Chief security officer (CSO)
B. Chief legal counsel (CLC)
C. Board and senior management
D. Information security steering group
View answer
Correct Answer: C
Question #6
Which of the following attacks is BEST mitigated by utilizing strong passwords?
A. Man-in-the-middle attack Real 94 Isaca CISM Exam
B. Brute force attack
C. Remote buffer overflow
D. Root kit
View answer
Correct Answer: B
Question #7
An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:
A. perform a comprehensive assessment of the organization's exposure to the hacker's techniques
B. initiate awareness training to counter social engineering
C. immediately advise senior management of the elevated risk
D. increase monitoring activities to provide early detection of intrusion
View answer
Correct Answer: C
Question #8
What is the BEST defense against a Structured Query Language (SQL) injection attack?
A. Regularly updated signature files
B. A properly configured firewall
C. An intrusion detection system
D. Strict controls on input fields
View answer
Correct Answer: B
Question #9
Which of the following would BEST address the risk of data leakage?
A. File backup procedures
B. Database integrity checks
C. Acceptable use policies
D. Incident response procedures
View answer
Correct Answer: A
Question #10
A successful risk management program should lead to:
A. optimization of risk reduction efforts against cost
B. containment of losses to an annual budgeted amount
C. identification and removal of all man-made threats
D. elimination or transference of all organizational risks
View answer
Correct Answer: A
Question #11
Effective IT governance is BEST ensured by:
A. utilizing a bottom-up approach
B. management by the IT department
C. referring the matter to the organization's legal department
D. utilizing a top-down approach
View answer
Correct Answer: D
Question #12
Which of the following is the BEST justification to convince management to invest in an information security program?
A. Cost reduction
B. Compliance with company policies
C. Protection of business assets
D. Increased business value Real 51 Isaca CISM Exam
View answer
Correct Answer: D
Question #13
The purpose of a corrective control is to:
A. reduce adverse events
B. indicate compromise
C. mitigate impact
D. ensure compliance
View answer
Correct Answer: A
Question #14
An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
A. Rewrite the application to conform to the upgraded operating system
B. Compensate for not installing the patch with mitigating controls
C. Alter the patch to allow the application to run in a privileged state
D. Run the application on a test platform; tune production to allow patch and application
View answer
Correct Answer: A
Question #15
Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
A. Screened subnets
B. Information classification policies and procedures
C. Role-based access controls
D. Intrusion detection system (IDS)
View answer
Correct Answer: B
Question #16
In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:
A. prepare a security budget
B. conduct a risk assessment
C. develop an information security policy
D. obtain benchmarking information
View answer
Correct Answer: B
Question #17
Real 125 Isaca CISM Exam When implementing security controls, an information security manager must PRIMARILY focus on:
A. minimizing operational impacts
B. eliminating all vulnerabilities
C. usage by similar organizations
D. certification from a third party
View answer
Correct Answer: C
Question #18
When a significant security breach occurs, what should be reported FIRST to senior management? A. A summary of the security logs that illustrates the sequence of events
B. An explanation of the incident and corrective action taken
C. An analysis of the impact of similar attacks at other organizations
D. A business case for implementing stronger logical access controls
View answer
Correct Answer: D
Question #19
Which of the following devices should be placed within a demilitarized zone (DMZ )?
A. Network switch
B. Web server
C. Database server
D. File/print server
View answer
Correct Answer: C
Question #20
Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:
A. corporate internal auditor
B. System developers/analysts
C. key business process owners
D. corporate legal counsel
View answer
Correct Answer: D
Question #21
An information security program should be sponsored by:
A. infrastructure management
B. the corporate audit department
C. key business process owners
D. information security management
View answer
Correct Answer: A
Question #22
Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
A. Historical cost of the asset
B. Acceptable level of potential business impacts
C. Cost versus benefit of additional mitigating controls
D. Annualized loss expectancy (ALE)
View answer
Correct Answer: B
Question #23
Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?
A. Strategic business plan
B. Upcoming financial results
C. Customer personal information
D. Previous financial results
View answer
Correct Answer: B
Question #24
Which of the following authentication methods prevents authentication replay?
A. Password hash implementation
B. Challenge/response mechanism
C. Wired Equivalent Privacy (WEP) encryption usage
D. HTTP Basic Authentication
View answer
Correct Answer: A
Question #25
Which of the following is MOST essential for a risk management program to be effective?
A. Flexible security budget
B. Sound risk baseline C
D. Accurate risk reporting
View answer
Correct Answer: C
Question #26
Which of the following will BEST protect an organization from internal security attacks? Real 70 Isaca CISM Exam
A. Static IP addressing
B. Internal address translation
C. Prospective employee background checks
D. Employee awareness certification program
View answer
Correct Answer: C
Question #27
A border router should be placed on which of the following?
A. Web server
B. IDS server
C. Screened subnet
D. Domain boundary
View answer
Correct Answer: A
Question #28
Who can BEST advocate the development of and ensure the success of an information security program? Real 130 Isaca CISM Exam
A. Internal auditor
B. Chief operating officer (COO)
C. Steering committee
D. IT management
View answer
Correct Answer: C
Question #29
A risk management approach to information protection is: Real 123 Isaca CISM Exam
A. managing risks to an acceptable level, commensurate with goals and objectives
B. accepting the security posture provided by commercial security products
C. implementing a training program to educate individuals on information protection and risks
D. managing risk tools to ensure that they assess all information protection vulnerabilities
View answer
Correct Answer: C
Question #30
An outcome of effective security governance is: Real 39 Isaca CISM Exam
A. business dependency assessment B
C. risk assessment
D. planning
View answer
Correct Answer: B
Question #31
When developing an information security program, what is the MOST useful source of information for determining available resources?
A. Proficiency test
B. Job descriptions Real 47 Isaca CISM Exam
C. Organization chart
D. Skills inventory
View answer
Correct Answer: D
Question #32
After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?
A. Senior management B
C. IT audit manager
D. Information security officer (ISO)
View answer
Correct Answer: B
Question #33
When performing a risk assessment, the MOST important consideration is that:
A. management supports risk mitigation efforts
B. annual loss expectations (ALEs) have been calculated for critical assets
C. assets have been identified and appropriately valued
D. attack motives, means and opportunities be understood
View answer
Correct Answer: B
Question #34
To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business Real 124 Isaca CISM Exam continuity planning?
A. Conducting a qualitative and quantitative risk analysis
B. Assigning value to the assets
C. Weighing the cost of implementing the plan vs
D. Conducting a business impact analysis (BIA)
View answer
Correct Answer: A
Question #35
The BEST strategy for risk management is to:
A. achieve a balance between risk and organizational goals
B. reduce risk to an acceptable level
C. ensure that policy development properly considers organizational risks
D. ensure that all unmitigated risks are accepted by management
View answer
Correct Answer: C
Question #36
Real 87 Isaca CISM Exam In assessing risk, it is MOST essential to: A. provide equal coverage for all asset types.
B. use benchmarking data from similar organizations
C. consider both monetary value and likelihood of loss
D. focus primarily on threats and recent business losses
View answer
Correct Answer: C
Question #37
Which of the following is MOST important to the success of an information security program? A. Security' awareness training
B. Achievable goals and objectives
C. Senior management sponsorship
D. Adequate start-up budget and staffing
View answer
Correct Answer: A
Question #38
From an information security perspective, information that no longer supports the main purpose of the business should be:
A. analyzed under the retention policy
B. protected under the information classification policy
D. protected under the business impact analysis (BIA)
View answer
Correct Answer: A
Question #39
Which of the following is MOST effective in preventing security weaknesses in operating systems?
A. Patch management
B. Change management
C. Security baselines
D. Configuration management Real 137 Isaca CISM Exam
View answer
Correct Answer: C
Question #40
Which of the following is the BEST method to provide a new user with their initial password for e- mail system access? Real 143 Isaca CISM Exam
A. Interoffice a system-generated complex password with 30 days expiration
B. Give a dummy password over the telephone set for immediate expiration
C. Require no password but force the user to set their own in 10 days
D. Set initial password equal to the user ID with expiration in 30 days
View answer
Correct Answer: D
Question #41
Who can BEST approve plans to implement an information security governance framework?
A. Internal auditor
B. Information security management
C. Steering committee D
View answer
Correct Answer: B
Question #42
Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
A. Gantt chart
B. Waterfall chart
C. Critical path D
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.