DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master CISM Certification Questions & Study Resources, Certified Information Security Manager | SPOTO

Master the ISACA CISM certification exam with our comprehensive study resources and expertly crafted practice tests. Our materials cover essential topics such as information security governance, risk management, incident management, and regulatory compliance, ensuring thorough preparation. Access a plethora of exam preparation resources, including exam questions and answers, sample questions, and mock exams, to enhance your understanding and boost your confidence. Say goodbye to unreliable sources and embrace trusted exam practice with SPOTO. Utilize our exam simulator to simulate the exam environment and refine your exam-taking strategies effectively. Whether you're looking for exam materials or online exam questions, SPOTO provides the tools you need to succeed. Start with our free test to experience the quality of our practice tests firsthand and elevate your exam preparation to the next level.
Take other online exams

Question #1
When developing a new system, detailed information security functionality should FIRST be addressed:
A. as part of prototyping
B. during the system design phase
C. when system requirements are defined
D. as part of application development
View answer
Correct Answer: B
Question #2
When developing a security architecture, which of the following steps should be executed FIRST?
A. Developing security procedures
B. Defining a security policy
C. Specifying an access control methodology
D. Defining roles and responsibilities
View answer
Correct Answer: B
Question #3
Which of the following is the MOST reliable way to ensure network security incidents are identified as soon as possible?
A. Collect and correlate IT infrastructure event logs
B. Conduct workshops and training sessions with end users
C. Install stateful inspection firewalls
D. Train help desk staff to identify and prioritize security incidents
View answer
Correct Answer: A
Question #4
Which of the following is MOST important for the effectiveness of an incident response function?
A. Enterprise security management system and forensic tools
B. Establishing prior contacts with law enforcement
C. Training of all users on when and how to report
D. Automated incident tracking and reporting tools
View answer
Correct Answer: A
Question #5
An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:
A. prepare for criminal prosecution
B. document lessons learned
C. evaluate the impact
D. update information security policies
View answer
Correct Answer: C
Question #6
A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors?
A. System monitoring for traffic on network ports
B. Security code reviews for the entire application
C. Reverse engineering the application binaries
D. Running the application from a high-privileged account on a test system
View answer
Correct Answer: B
Question #7
Which of the following information security metrics is the MOST difficult to quantify?
A. Cost of security incidents prevented
B. Percentage of controls mapped to industry frameworks
C. Extent of employee security awareness
D. Proportion of control costs to asset value
View answer
Correct Answer: C
Question #8
Which is the MOST important to enable a timely response to a security breach?
A. Knowledge sharing and collaboration
B. Security event logging
C. Roles and responsibilities
D. Forensic analysis
View answer
Correct Answer: B
Question #9
Which of the following metrics provides the BEST indication of the effectiveness of a security awareness campaign?
A. The number of reported security events
B. Quiz scores for users who took security awareness classes
C. User approval rating of security awareness classes
D. Percentage of users who have taken the courses
View answer
Correct Answer: A
Question #10
Which of the following is the PRIMARY purpose for defining key performance indicators (KPIs) for a security program?
A. To compare security program effectiveness to best practice
B. To ensure controls meet regulatory requirements
C. To measure the effectiveness of the security program
D. To evaluate the performance of security staff
View answer
Correct Answer: C
Question #11
An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization. In this case the information security manager should:
A. use a qualitative method to assess the risk
B. use a quantitative method to assess the risk
C. put it in the priority list in order to gain time to collect more data
D. ask management to increase staff in order to collect more evidence on severity
View answer
Correct Answer: A
Question #12
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
A. Conducting tabletop exercises appropriate for the organization
B. Providing training from third-party forensics firms
C. Documenting multiple scenarios for the organization and response steps
D. Obtaining industry certifications for the response team
View answer
Correct Answer: A
Question #13
Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
A. policy
B. strategy
C. guidelineD
View answer
Correct Answer: A
Question #14
Which of the following is MOST critical for responding effectively to security breaches?
A. Root cause analysis
B. Evidence gathering
C. Management communication
D. Counterattack techniques
View answer
Correct Answer: A
Question #15
Which of the following is MOST important for effective communication during incident response?
A. Maintaining a relationship with media and law enforcement
B. Maintaining an updated contact list
C. Establishing a recovery time objective (RTO)
D. Establishing a mean time to resolve (MTTR) metric
View answer
Correct Answer: B
Question #16
An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:
A. use the test equipment in the warm site facility to read the tapes
B. retrieve the tapes from the warm site and test them
C. have duplicate equipment available at the warm site
D. inspect the facility and inventory the tapes on a quarterly basis
View answer
Correct Answer: B
Question #17
When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?
A. Business continuity coordinator
B. Information security manager
C. Business process owners
D. Industry averages benchmarks
View answer
Correct Answer: C
Question #18
After a server has been attacked, which of the following is the BEST course of action?
A. Conduct a security audit
B. Review vulnerability assessment
C. Isolate the system
D. Initiate incident response
View answer
Correct Answer: D
Question #19
Which of the following is the BEST method to reduce the number of incidents of employees forwarding spam and chain e-mail messages?
A. Acceptable use policy
B. Setting low mailbox limitsC
D. Taking disciplinary action
View answer
Correct Answer: C
Question #20
The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager
A. report risks in other departments
B. obtain support from other departments
C. report significant security risks
D. have knowledge of security standards
View answer
Correct Answer: C
Question #21
The PRIMARY focus of a training curriculum for members of an incident response team should be:
A. specific role training
B. external corporate communication
C. security awareness
D. technology training
View answer
Correct Answer: A
Question #22
Which of the following should be of GREATEST concern to a newly hired information security manager regarding security compliance?
A. Lack of risk assessments
B. Lack of standard operating procedures
C. Lack of security audits
D. Lack of executive support
View answer
Correct Answer: D
Question #23
An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?
A. Control owner responses based on a root cause analysis
B. The impact of noncompliance on the organization's risk profile
C. An accountability report to initiate remediation activities
D. A plan for mitigating the risk due to noncompliance
View answer
Correct Answer: B
Question #24
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
A. The data owner
B. Internal IT audit
C. The data custodian
D. The information security manager
View answer
Correct Answer: D
Question #25
While auditing a data center’s IT architecture, an information security manager discovers that required encryption for data communications has not been implemented. Which of the following should be done NEXT?
A. Evaluate compensating and mitigating controls
B. Perform a cost benefit analysis
C. Perform a business impact analysis (BIA)
D. Document and report the findings
View answer
Correct Answer: C
Question #26
What is the MOS T cost-effective means of improving security awareness of staff personnel?
A. Employee monetary incentives
B. User education and training
C. A zero-tolerance security policy
D. Reporting of security infractions
View answer
Correct Answer: B
Question #27
Which of the following is the MOST important outcome of testing incident response plans?
A. Staff is educated about current threats
B. An action plan is available for senior management
C. Areas requiring investment are identified
D. Internal procedures are improved
View answer
Correct Answer: D
Question #28
An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the BEST way to address this situation?
A. Communicate the responsibility and provide appropriate training
B. Publish an acceptable use policy and require signed acknowledgment
C. Turn on logging and record user activity
D. Implement a data loss prevention (DLP) solution
View answer
Correct Answer: A
Question #29
A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?
A. Holistic IRT
B. Central IRT
C. Coordinating IRT
D. Distributed IRT
View answer
Correct Answer: B
Question #30
An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?
A. IT management
B. Legal counsel
C. Executive management
D. Data owners
View answer
Correct Answer: D
Question #31
Which of the following presents the GREATEST information security concern when deploying an identity and access management solution?
A. Complying with the human resource policy
B. Supporting multiple user repositories
C. Supporting legacy applications
D. Gaining end user acceptance
View answer
Correct Answer: C
Question #32
The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
A. the existence of messages is unknown
B. required key sizes are smaller
C. traffic cannot be sniffed
D. reliability of the data is higher in transit
View answer
Correct Answer: A
Question #33
Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?
A. To mitigate technical risks
B. To have an independent certification of network security
C. To receive an independent view of security exposures
D. To identify a complete list of vulnerabilities
View answer
Correct Answer: C
Question #34
An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:
A. mobile device configuration
B. asset management guidelines
C. the business impact analysis (BIA)
D. incident classification
View answer
Correct Answer: D
Question #35
The MOST important reason for an information security manager to be involved in the change management process is to ensure that:
A. security controls are updated regularly
B. potential vulnerabilities are identified
C. risks have been evaluated
D. security controls drive technology changes
View answer
Correct Answer: D
Question #36
The BEST defense against phishing attempts within an organization is:
A. filtering of e-mail
B. an intrusion protection system (IPS)
C. strengthening of firewall rules
D. an intrusion detection system (IDS)
View answer
Correct Answer: A
Question #37
Which of the following should be an information security manager's MOST important concern to ensure admissibility of information security evidence from cyber crimes?
A. Chain of custody
B. Tools used for evidence analysis
C. Forensics contractors
D. Efficiency of the forensics team
View answer
Correct Answer: A
Question #38
An organization manages payroll and accounting systems for multiple client companies. Which of the following contract terms would indicate a potential weakness for a disaster recovery hot site?
A. Exclusive use of hot site is limited to six weeks (following declaration)
B. Timestamp of declaration will determine priority of access to facility
C. Work-area size is limited but can be augmented with nearby office space
D. Servers will be provided at time of disaster (not on floor)
View answer
Correct Answer: D
Question #39
When a security weakness is detected at facilities provided by an IT service provider, which of the following tasks must the information security manager perform FIRST?
A. Assess compliance with the service provider’s security policy
B. Advise the service provider of countermeasures
C. Confirm the service provider’s contractual obligations
D. Reiterate the relevant security policy and standards
View answer
Correct Answer: A
Question #40
Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?
A. The security strategy is benchmarked with similar organizations
B. The information security manager reports to the chief executive officer
C. Security strategy objectives are defined in business terms
D. An IT governance committee is in place
View answer
Correct Answer: C
Question #41
Why is "slack space" of value to an information security manager as pan of an incident investigation?
A. Hidden data may be stored there
B. The slack space contains login information
C. Slack space is encrypted
D. It provides flexible space for the investigation
View answer
Correct Answer: A
Question #42
An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?
A. Report the noncompliance to the board of directors
B. Inform respective risk owners of the impact of exceptions
C. Design mitigating controls for the exceptions
D. Prioritize the risk and implement treatment options
View answer
Correct Answer: D
Question #43
Which of the following metrics would be considered an accurate measure of an information security program's performance?
A. The number of key risk indicators (KRIs) identified, monitored, and acted upon
B. A combination of qualitative and quantitative trends that enable decision making
C. A single numeric score derived from various measures assigned to the security program
D. A collection of qualitative indicators that accurately measure security exceptions
View answer
Correct Answer: A
Question #44
Which of the following is the BEST way to define responsibility for information security throughout an organization?
A. Guidelines
B. Training
C. Standards
D. Policies
View answer
Correct Answer: D
Question #45
Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:
A. perform a cost-benefit analysis
B. review firewall configuration
C. review the security policy
D. perform a risk assessment
View answer
Correct Answer: C
Question #46
Which of the following should be the FIRST step of incident response procedures?
A. Classify the event depending on severity and type
B. Identify if there is a need for additional technical assistance
C. Perform a risk assessment to determine the business impact
D. Evaluate the cause of the control failure
View answer
Correct Answer: C
Question #47
Isolation and containment measures for a compromised computer has been taken and information security management is now investigating. What is the MOST appropriate next step?
A. Run a forensics tool on the machine to gather evidence
B. Reboot the machine to break remote connections
C. Make a copy of the whole system's memory
D. Document current connections and open Transmission Control Protocol/User Datagram Protocol (TCP/ I'DP) ports
View answer
Correct Answer: C
Question #48
When developing a classification method for incidents, the categories MUST be:
A. quantitatively defined
B. regularly reviewed
C. specific to situations
D. assigned to incident handlers
View answer
Correct Answer: A
Question #49
An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action?
A. Determine the classification level of the information
B. Seek business justification from the employee
C. Block access to the cloud storage service
D. Inform higher management a security breach
View answer
Correct Answer: A
Question #50
Which of the following is the MOST challenging aspect of securing Internet of Things (IoT) devices?
A. Training staff on IoT architecture
B. Updating policies to include IoT devices
C. Managing the diversity of IoT architecture
D. Evaluating the reputations of IoT vendors
View answer
Correct Answer: C
Question #51
An audit has determined that employee use of personal mobile devices to access the company email system is resulting in confidential data leakage. The information security manager’s FIRST course of action should be to:
A. treat the situation as a security incident to determine appropriate response
B. implement a data leakage prevention tool to stem further loss
C. isolate the mobile devices on the network for further investigation
D. treat the situation as a new risk and update the security risk register
View answer
Correct Answer: A
Question #52
Which of the following is the MAIN concern when securing emerging technologies?
A. Applying the corporate hardening standards
B. Integrating with existing access controls
C. Unknown vulnerabilities
D. Compatibility with legacy systems
View answer
Correct Answer: C
Question #53
An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
A. A Secure Sockets Layer (SSL) has been implemented for user authentication and remote administration of the firewall
B. Firewall policies are updated on the basis of changing requirements
C. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted
D. The firewall is placed on top of the commercial operating system with all installation options
View answer
Correct Answer: D
Question #54
Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
A. Activate the business continuity plan (BCP)
B. Update the business impact assessment
C. Inform senior management
D. Categorize incidents by the value of the affected asset
View answer
Correct Answer: D
Question #55
Which of the following BEST contributes to the successful management of security incidents?
A. Established procedures
B. Established policies
C. Tested controls
D. Current technologies
View answer
Correct Answer: B
Question #56
Which of the following is the MOST important consideration when establishing an information security governance framework?
A. Security steering committee meetings are held at least monthly
B. Members of the security steering committee are trained in information security
C. Business unit management acceptance is obtained
D. Executive management support is obtained
View answer
Correct Answer: D
Question #57
Which of the following is the MOST important security consideration when using Infrastructure as a Service (IaaS)?
A. Backup and recovery strategy
B. Compliance with internal standards
C. User access management
D. Segmentation among tenants
View answer
Correct Answer: D
Question #58
What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?
A. Engage an audit of the provider's data center
B. Recommend canceling the outsourcing contract
C. Apply remediation actions to counteract the breach
D. Determine the impact of the breach
View answer
Correct Answer: D
Question #59
It is suspected that key e-mails have been viewed by unauthorized parties. The e-mail administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing. Which of the following is the BEST recommended course of action to senior management?
A. Commence security training for staff at the organization
B. Arrange for an independent review
C. Rebuild the e-mail application
D. Restrict the distribution of confidential e-mails
View answer
Correct Answer: B
Question #60
The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?
A. Ensure better identification of incidents in the incident response plan
B. Discuss the definition of roles in the incident response plan
C. Require management approval of the incident response plan
D. Disseminate the incident response plan throughout the organization
View answer
Correct Answer: B
Question #61
What should be an information security manager's FIRST course of action upon learning of a security threat that has occurred in the industry for the first time?
A. Update the relevant information security policy
B. Perform a control gap analysis of the organization's environment
C. Revise the organization's incident response plan
D. Examine responses of victims that have been exposed to similar threats
View answer
Correct Answer: B
Question #62
Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
A. Number of successful disaster recovery tests
B. Percentage of outstanding high-risk audit issues
C. Frequency of updates to system software
D. Number of incidents resulting in disruptions
View answer
Correct Answer: D
Question #63
The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?
A. Formally document the decision
B. Review the risk monitoring plan
C. Perform a risk reassessment
D. Implement the recommendations
View answer
Correct Answer: A
Question #64
Cold sites for disaster recovery events are MOST helpful in situations in which a company:
A. has a limited budget for coverage
B. uses highly specialized equipment that must be custom manufactured
C. is located in close proximity to the cold site
D. does not require any telecommunications connectivity
View answer
Correct Answer: A
Question #65
Which of the following is MOST appropriate to include in an information security policy?
A. A set of information security controls to maintain regulatory compliance
B. The strategy for achieving security program outcomes desired by management
C. A definition of minimum level of security that each system must meet
D. Statements of management’s intent to support the goals of information security
View answer
Correct Answer: B
Question #66
The MOST important reason to have a well-documented and tested incident response plan in place is to:
A. standardize the chain of custody procedure
B. facilitate the escalation process
C. promote a coordinated effort
D. outline external communications
View answer
Correct Answer: C
Question #67
An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?
A. Refer to the incident response plan
B. Send out a breach notification to all parties involved
C. Contact the board of directors
D. Invoke the corporate communications plan
View answer
Correct Answer: D
Question #68
A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?
A. Ensure vulnerabilities found are resolved within acceptable timeframes
B. Request funding needed to resolve the top vulnerabilities
C. Report findings to senior management
D. Ensure a risk assessment is performed to evaluate the findings
View answer
Correct Answer: D
Question #69
Which of the following has the GREATEST influence on an organization's information security strategy?
A. The organization's risk tolerance
B. The organizational structure
C. Information security awareness
D. Industry security standards
View answer
Correct Answer: A
Question #70
The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:
A. including the CIO in the information security steering committee
B. conducting benchmarking with industry best practices
C. including information security metrics in the organizational metrics
D. performing periodic internal audits of the information security program
View answer
Correct Answer: C
Question #71
Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?
A. Review the service providers’ information security policies and procedures
B. Conduct regular vulnerability assessments on the service providers’ IT systems
C. Perform regular audits on the service providers’ applicable controls
D. Provide information security awareness training to service provider staff
View answer
Correct Answer: B
Question #72
Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?
A. Regulatory compliance
B. Business impact
C. Management support
D. Residual risk
View answer
Correct Answer: B
Question #73
An organization's information security manager has learned that similar organizations have become increasingly susceptible to spear phishing attacks. What is the BEST way to address this concern?
A. Update data loss prevention (DLP) rules for email
B. Include tips to identify threats in awareness training
C. Conduct a business impact analysis (BIA) of the threat
D. Create a new security policy that staff must read and sign
View answer
Correct Answer: B
Question #74
Which of the following is the PRIMARY purpose of establishing an information security governance framework?
A. To minimize security risks
B. To proactively address security objectives
C. To reduce security audit issues
D. To enhance business continuity planning
View answer
Correct Answer: A
Question #75
A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?
A. Quarantine all picture files stored on file servers
B. Block all e-mails containing picture file attachments
C. Quarantine all mail servers connected to the Internet
D. Block incoming Internet mail, but permit outgoing mail
View answer
Correct Answer: B
Question #76
An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?
A. Activate the organization’s incident response plan
B. Include security requirements in outsourcing contracts
C. Terminate the agreement with the third-party contractor
D. Limit access to the third-party contractor
View answer
Correct Answer: A
Question #77
When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?
A. Access logs
B. Audit reports
C. Access lists
D. Threat metrics
View answer
Correct Answer: A
Question #78
An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?
A. Data backup
B. Data transfer
C. Data classification
D. Data isolation
View answer
Correct Answer: D
Question #79
The PRIMARY goal of a security infrastructure design is the:
A. reduction of security incidents
B. protection of corporate assets
C. elimination of risk exposures
D. optimization of IT resources
View answer
Correct Answer: B
Question #80
A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
A. Risk assessment results
B. Severity criteria
C. Emergency call tree directory
D. Table of critical backup files
View answer
Correct Answer: B
Question #81
What should be an information security manager's PRIMARY objective in the event of a security incident?
A. Contain the threat and restore operations in a timely manner
B. Ensure that normal operations are not disrupted
C. Identify the source of the breach and how it was perpetrated
D. Identify lapses in operational control effectiveness
View answer
Correct Answer: A
Question #82
Which of the following is the MOST important criterion for complete closure of a security incident?
A. Level of potential impact
B. Root-cause analysis and lessons learned
C. Identification of affected resources
D. Documenting and reporting to senior management
View answer
Correct Answer: B
Question #83
Which of the following is a security manager’s FIRST priority after an organization’s critical system has been compromised?
A. Implement improvements to prevent recurrence
B. Restore the compromised system
C. Preserve incident-related data
D. Identify the malware that compromised the system
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: