DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest CISM Practice Materials & Exam Questions 2024, Certified Information Security Manager | SPOTO

Prepare for the ISACA CISM exam confidently with our latest CISM practice materials and exam questions for 2024. Our comprehensive resources cover crucial topics such as information security governance, risk management, incident management, and regulatory compliance. Access a wealth of exam preparation materials, including sample questions, mock exams, and online exam questions to enhance your understanding and readiness. Say goodbye to unreliable exam dumps and embrace trusted exam practice with SPOTO. With our exam simulator, you can simulate the exam environment and refine your skills effectively. Whether you're seeking exam answers or comprehensive exam materials, SPOTO provides the tools you need for success. Start with our free test to experience the quality of our practice tests firsthand and elevate your exam preparation to the next level.
Take other online exams

Question #1
An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:
A. eliminating the ris
B. transferring the ris
C. mitigating the ris
D. accepting the ris
View answer
Correct Answer: C
Question #2
An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?
A. Restrict account access to read only
B. Log all usage of this account
C. Suspend the account and activate only when needed
D. Require that a change request be submitted for each download
View answer
Correct Answer: D
Question #3
Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
A. Gantt chart
B. Waterfall chart
C. Critical path
D. Rapid Application Development (RAD)
View answer
Correct Answer: A
Question #4
The PRIMARY objective of an Internet usage policy is to prevent:
A. access to inappropriate site
B. downloading malicious cod
C. violation of copyright law
D. disruption of Internet acces
View answer
Correct Answer: C
Question #5
A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
A. meet with stakeholders to decide how to compl
B. analyze key risks in the compliance proces
C. assess whether existing controls meet the regulatio
D. update the existing security/privacy polic
View answer
Correct Answer: D
Question #6
In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
A. a strong authenticatio
B. IP antispoofing filterin
C. network encryption protoco
D. access lists of trusted device
View answer
Correct Answer: A
Question #7
Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
A. Card-key door locks
B. Photo identification
C. Biometric scanners
D. Awareness training
View answer
Correct Answer: C
Question #8
Of the following, retention of business records should be PRIMARILY based on:
A. periodic vulnerability assessmen
B. regulatory and legal requirement
C. device storage capacity and longevit
D. past litigatio
View answer
Correct Answer: D
Question #9
Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
A. Patch management
B. Change management
C. Security metrics
D. Version control
View answer
Correct Answer: C
Question #10
The FIRST step in developing an information security management program is to:
A. identify business risks that affect the organizatio
B. clarify organizational purpose for creating the progra
C. assign responsibility for the progra
D. assess adequacy of controls to mitigate business risk
View answer
Correct Answer: B
Question #11
Which of the following are likely to be updated MOST frequently?
A. Procedures for hardening database servers
B. Standards for password length and complexity
C. Policies addressing information security governance
D. Standards for document retention and destruction
View answer
Correct Answer: A
Question #12
Information security governance is PRIMARILY driven by:
A. technology constraint
B. regulatory requirement
C. litigation potentia
D. business strateg
View answer
Correct Answer: B
Question #13
When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?
A. The firewall should block all inbound traffic during the outage
B. All systems should block new logins until the problem is corrected
C. Access control should fall back to no synchronized mode
D. System logs should record all user activity for later analysis
View answer
Correct Answer: C
Question #14
The PRIMARY reason for initiating a policy exception process is when:
A. operations are too busy to compl
B. the risk is justified by the benefi
C. policy compliance would be difficult to enforc
D. users may initially be inconvenience
View answer
Correct Answer: C
Question #15
Successful implementation of information security governance will FIRST require:
A. security awareness trainin
B. updated security policie
C. a computer incident management tea
D. a security architectur
View answer
Correct Answer: B
Question #16
Information security managers should use risk assessment techniques to:
A. justify selection of risk mitigation strategie
B. maximize the return on investment (RO
C. provide documentation for auditors and regulator
D. quantify risks that would otherwise be subjectiv
View answer
Correct Answer: B
Question #17
The BEST way to ensure that information security policies are followed is to:
A. distribute printed copies to all employee
B. perform periodic reviews for complianc
C. include escalating penalties for noncomplianc
D. establish an anonymous hotline to report policy abuse
View answer
Correct Answer: D
Question #18
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A. generally accepted industry best practice
B. business requirement
C. legislative and regulatory requirement
D. storage availabilit
View answer
Correct Answer: D
Question #19
Which would be the BEST recommendation to protect against phishing attacks?
A. Install an antispam system
B. Publish security guidance for customers
C. Provide security awareness to the organization's staff
D. Install an application-level firewall
View answer
Correct Answer: D
Question #20
The MOST important characteristic of good security policies is that they:
A. state expectations of IT managemen
B. state only one general security mandat
C. are aligned with organizational goal
D. govern the creation of procedures and guideline
View answer
Correct Answer: D
Question #21
Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?
A. Most new viruses* signatures are identified over weekends
B. Technical personnel are not available to support the operation
C. Systems are vulnerable to new viruses during the intervening week
D. The update's success or failure is not known until Monday
View answer
Correct Answer: B
Question #22
An intrusion detection system should be placed:
A. outside the firewal
B. on the firewall serve
C. on a screened subne
D. on the external route
View answer
Correct Answer: C
Question #23
Data owners will determine what access and authorizations users will have by:
A. delegating authority to data custodia
B. cloning existing user account
C. determining hierarchical preference
D. mapping to business need
View answer
Correct Answer: D
Question #24
Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?
A. Utilize an intrusion detection syste
B. Establish minimum security baseline
C. Implement vendor recommended setting
D. Perform periodic penetration testin
View answer
Correct Answer: C
Question #25
When personal information is transmitted across networks, there MUST be adequate controls over:
A. change managemen
B. privacy protectio
C. consent to data transfe
D. encryption device
View answer
Correct Answer: B
Question #26
Nonrepudiation can BEST be assured by using:
A. delivery path tracin
B. reverse lookup translatio
C. out-of-hand channel
D. digital signature
View answer
Correct Answer: B
Question #27
Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A. are compatible with the provider's own classificatio
B. are communicated to the provide
C. exceed those of the outsource
D. are stated in the contrac
View answer
Correct Answer: D
Question #28
The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:
A. identifying vulnerabilities in the syste
B. sustaining the organization's security postur
C. the existing systems that will be affecte
D. complying with segregation of dutie
View answer
Correct Answer: B
Question #29
A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?
A. Prepare an impact assessment repor
B. Conduct a penetration tes
C. Obtain approval from senior managemen
D. Back up the firewall configuration and policy file
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: