DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your CISM Exam Prep: CISM Study Materials, Certified Information Security Manager | SPOTO

Achieve success in your CISM exam preparation with SPOTO's comprehensive study materials. Our meticulously curated resources cover all crucial topics, including information security governance, risk management, incident management, and regulatory compliance. Access a diverse range of exam preparation tools, such as sample questions and mock exams, to reinforce your understanding and sharpen your skills. Bid farewell to unreliable sources and embrace trusted exam practice with SPOTO. Utilize our exam simulator to replicate the exam environment and hone your exam-taking strategies effectively. Whether you're in need of exam materials or online exam questions, SPOTO provides the essential resources for success. Kickstart your preparation journey today with our free test and ensure you're fully prepared to pass the Certified Information Security Manager exam.
Take other online exams

Question #1
Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
A. Baseline security standards
B. System access violation logs
C. Role-based access controls
D. Exit routines
View answer
Correct Answer: C
Question #2
A security awareness program should:
A. present top management's perspective
B. address details on specific exploits
C. address specific groups and roles
D. promote security department procedures
View answer
Correct Answer: C
Question #3
Access control to a sensitive intranet application by mobile users can BEST be implemented through:
A. data encryption
B. digital signatures
C. strong passwords
D. two-factor authentication
View answer
Correct Answer: A
Question #4
How would an organization know if its new information security program is accomplishing its goals?
A. Key metrics indicate a reduction in incident impacts
B. Senior management has approved the program and is supportive of it
C. Employees are receptive to changes that were implemented
D. There is an immediate reduction in reported incidents
View answer
Correct Answer: A
Question #5
What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
A. Periodic review of network configuration
B. Review intrusion detection system (IDS) logs for evidence of attacks
C. Periodically perform penetration tests D
View answer
Correct Answer: A
Question #6
The BEST metric for evaluating the effectiveness of a firewall is the:
A. number of attacks blocked
B. number of packets dropped
C. average throughput rate
D. number of firewall rules
View answer
Correct Answer: A
Question #7
An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:
A. broken authentication
B. unvalidated input
C. cross-site scripting
D. structured query language (SQL) injection
View answer
Correct Answer: D
Question #8
The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to: Real 174 Isaca CISM Exam
A. ensure the confidentiality of sensitive material
B. provide a high assurance of identity
C. allow deployment of the active directory
D. implement secure sockets layer (SSL) encryption
View answer
Correct Answer: D
Question #9
The BEST time to perform a penetration test is after: A. an attempted penetration has occurred.
B. an audit has reported weaknesses in security controls
C. various infrastructure changes are made
D. a high turnover in systems staff
View answer
Correct Answer: B
Question #10
Which of the following events generally has the highest information security impact?
A. Opening a new office
B. Merging with another organization
C. Relocating the data center
D. Rewiring the network
View answer
Correct Answer: A
Question #11
Nonrepudiation can BEST be assured by using:
A. delivery path tracing
B. reverse lookup translation
C. out-of-hand channels
D. digital signatures
View answer
Correct Answer: B
Question #12
Which of the following environments represents the GREATEST risk to organizational security? A. Locally managed file server
B. Enterprise data warehouse
C. Load-balanced, web server cluster
D. Centrally managed data switch
View answer
Correct Answer: B
Question #13
Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:
A. assess the problems and institute rollback procedures, if needed
B. disconnect the systems from the network until the problems are corrected
C. immediately uninstall the patches from these systems
D. immediately contact the vendor regarding the problems that occurred
View answer
Correct Answer: D
Question #14
Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
A. Patch management
B. Change management
C. Security baselines Real 145 Isaca CISM Exam
D. Acquisition management
View answer
Correct Answer: B
Question #15
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to- date can be BEST achieved through which of the following?
A. Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B. Periodic audits of the disaster recovery/business continuity plans C
D. Inclusion as a required step in the system life cycle process
View answer
Correct Answer: A
Question #16
Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
A. Log all account usage and send it to their manager Real 153 Isaca CISM Exam
B. Establish predetermined automatic expiration dates
C. Require managers to e-mail security when the user leaves
D. Ensure each individual has signed a security acknowledgement
View answer
Correct Answer: A
Question #17
What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
A. Authentication
B. Encryption
C. Prohibit employees from copying data to l)SB devices D
View answer
Correct Answer: C
Question #18
Which of the following should be in place before a black box penetration test begins?
A. IT management approval
B. Proper communication and awareness training
C. A clearly stated definition of scope
D. An incident response plan
View answer
Correct Answer: C
Question #19
In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?
A. Encryption
B. Digital certificate
C. Digital signature
D. I lashing algorithm
View answer
Correct Answer: C
Question #20
Data owners are normally responsible for which of the following?
A. Applying emergency changes to application data
B. Administering security over database records C
D. Determining the level of application security required
View answer
Correct Answer: D
Question #21
In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the: Real 219 Isaca CISM Exam
A. testing time window prior to deployment
B. technical skills of the team responsible
C. certification of validity for deployment
D. automated deployment to all the servers
View answer
Correct Answer: A
Question #22
Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
A. User
B. Security
C. Operations
D. Database
View answer
Correct Answer: B
Question #23
The MOST important reason for formally documenting security procedures is to ensure: A. processes are repeatable and sustainable. Real 232 Isaca CISM Exam
B. alignment with business objectives
C. auditability by regulatory agencies
D. objective criteria for the application of metrics
View answer
Correct Answer: D
Question #24
The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
A. contribute cost-effective expertise not available internally
B. be made responsible for meeting the security program requirements
C. replace the dependence on internal resources
D. deliver more effectively on account of their knowledge
View answer
Correct Answer: A
Question #25
Which of the following would be the BEST metric for the IT risk management process?
A. Number of risk management action plans
B. Percentage of critical assets with budgeted remedial
C. Percentage of unresolved risk exposures
D. Number of security incidents identified
View answer
Correct Answer: B
Question #26
In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
A. Applying patches
B. Changing access rules
C. Upgrading hardware
D. Backing up files Real 188 Isaca CISM Exam
View answer
Correct Answer: B
Question #27
An organization without any formal information security program that has decided to implement information security best practices should FIRST:
A. invite an external consultant to create the security strategy
B. allocate budget based on best practices
C. benchmark similar organizations
D. define high-level business security requirements
View answer
Correct Answer: B
Question #28
Which of the following BEST provides message integrity, sender identity authentication and Real 164 Isaca CISM Exam nonrepudiation?
A. Symmetric cryptography
B. Public key infrastructure (PKI)
C. Message hashing
D. Message authentication code
View answer
Correct Answer: A
Question #29
An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:
A. source routing
B. broadcast propagation
C. unregistered ports
D. nonstandard protocols
View answer
Correct Answer: C
Question #30
A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
A. User B
C. Operations
D. Database
View answer
Correct Answer: B
Question #31
Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?
A. The right to conduct independent security reviews
B. A legally binding data protection agreement Real 217 Isaca CISM Exam
C. Encryption between the organization and the provider
D. A joint risk assessment of the system
View answer
Correct Answer: A
Question #32
Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
A. Restrict the available drive allocation on all PCs
B. Disable universal serial bus (USB) ports on all desktop devices
C. Conduct frequent awareness training with noncompliance penalties
D. Establish strict access controls to sensitive information
View answer
Correct Answer: B
Question #33
In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?
A. Procedural design Real 252 Isaca CISM Exam
B. Architectural design
C. System design specifications
D. Software development
View answer
Correct Answer: C
Question #34
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A. System analyst
B. Quality control manager Real 197 Isaca CISM Exam
C. Process owner
D. Information security manager
View answer
Correct Answer: B
Question #35
Which of the following is the BEST method to securely transfer a message?
A. Password-protected removable media
B. Facsimile transmission in a secured room
C. Using public key infrastructure (PKI) encryption
D. Steganography Real 180 Isaca CISM Exam
View answer
Correct Answer: D
Question #36
Which of the following areas is MOST susceptible to the introduction of security weaknesses? A. Database management
B. Tape backup management
C. Configuration management
D. Incident response management
View answer
Correct Answer: D
Question #37
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs? A. Penetration attempts investigated
B. Violation log reports produced
C. Violation log entries
D. Frequency of corrective actions taken
View answer
Correct Answer: B
Question #38
An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?
A. Right to audit
B. Nondisclosure agreement
C. Proper firewall implementation
D. Dedicated security manager for monitoring compliance
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: