DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your Exams with Comprehensive CISM Exam Questions & Answers, Certified Information Security Manager | SPOTO

Pass your Certified Information Security Manager (CISM) exam with confidence by utilizing SPOTO's comprehensive collection of exam questions and answers. Covering vital topics like information security governance, risk management, incident management, and regulatory compliance, our materials ensure thorough preparation for the exam. Access a variety of resources including sample questions, mock exams, and exam materials to enhance your understanding and refine your skills. SPOTO offers reliable exam practice, ensuring accurate and up-to-date content for effective preparation. With our exam simulator, you can replicate the exam environment and perfect your exam-taking strategies. Whether you're in need of online exam questions or exam dumps, SPOTO provides the essential tools for success. Start your exam preparation journey today with our free test and pave the way to passing your CISM exam.
Take other online exams

Question #1
An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?
A. Nothing, since a risk assessment was completed during developmen
B. A vulnerability assessment should be conducte
C. A new risk assessment should be performe
D. The new vendor's SAS 70 type II report should be reviewe
View answer
Correct Answer: B

View The Updated CISM Exam Questions

SPOTO Provides 100% Real CISM Exam Questions for You to Pass Your CISM Exam!

Question #2
Which of the following is MOST important to understand when developing a meaningful information security strategy?
A. Regulatory environment
B. International security standards
C. Organizational risks
D. Organizational goals
View answer
Correct Answer: D
Question #3
An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
A. corporate data privacy polic
B. data privacy policy where data are collecte
C. data privacy policy of the headquarters' countr
D. data privacy directive applicable globall
View answer
Correct Answer: A
Question #4
A business impact analysis (BIA) is the BEST tool for calculating:
A. total cost of ownershi
B. priority of restoratio
C. annualized loss expectancy (ALE)
D. residual ris
View answer
Correct Answer: B
Question #5
Information security projects should be prioritized on the basis of:
A. time required for implementatio
B. impact on the organizatio
C. total cost for implementatio
D. mix of resources require
View answer
Correct Answer: A
Question #6
Risk assessment is MOST effective when performed:
A. at the beginning of security program developmen
B. on a continuous basi
C. while developing the business case for the security progra
D. during the business change proces
View answer
Correct Answer: D
Question #7
Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?
A. Security compliant servers trend report
B. Percentage of security compliant servers
C. Number of security patches applied
D. Security patches applied trend report
View answer
Correct Answer: B
Question #8
The PRIMARY objective of a risk management program is to:
A. minimize inherent ris
B. eliminate business ris
C. implement effective control
D. minimize residual ris
View answer
Correct Answer: B
Question #9
In an organization, information systems security is the responsibility of:
A. all personne
B. information systems personne
C. information systems security personne
D. functional personne
View answer
Correct Answer: D
Question #10
Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
A. Patch management
B. Change management
C. Security baselines
D. Virus detection
View answer
Correct Answer: A
Question #11
Security monitoring mechanisms should PRIMARILY:
A. focus on business-critical informatio
B. assist owners to manage control risk
C. focus on detecting network intrusion
D. record all security violation
View answer
Correct Answer: A
Question #12
Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?
A. Manager
B. Custodian
C. User
D. Owner
View answer
Correct Answer: C
Question #13
A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:
A. authentication and authorizatio
B. confidentiality and integrit
C. confidentiality and nonrepudiatio
D. authentication and nonrepudiatio
View answer
Correct Answer: D
Question #14
A risk management approach to information protection is:
A. managing risks to an acceptable level, commensurate with goals and objective
B. accepting the security posture provided by commercial security product
C. implementing a training program to educate individuals on information protection and risk
D. managing risk tools to ensure that they assess all information protection vulnerabilitie
View answer
Correct Answer: C
Question #15
When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:
A. to u higher false reject rate (FRR)
B. to a lower crossover error rat
C. to a higher false acceptance rate (FAR)
D. exactly to the crossover error rat
View answer
Correct Answer: A
Question #16
Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?
A. Boundary router
B. Strong encryption
C. Internet-facing firewall
D. Intrusion detection system (IDS)
View answer
Correct Answer: D
Question #17
Which of the following would a security manager establish to determine the target for restoration of normal processing?
A. Recover)' time objective (RTO)
B. Maximum tolerable outage (MTO)
C. Recovery point objectives (RPOs)
D. Services delivery objectives (SDOs)
View answer
Correct Answer: BExplanati
Question #18
The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:
A. ensure the confidentiality of sensitive materia
B. provide a high assurance of identit
C. allow deployment of the active director
D. implement secure sockets layer (SSL) encryptio
View answer
Correct Answer: A
Question #19
Because of its importance to the business, an organization wants to quickly implement a technical solution which deviates from the company's policies. An information security manager should:
A. conduct a risk assessment and allow or disallow based on the outcom
B. recommend a risk assessment and implementation only if the residual risks are accepte
C. recommend against implementation because it violates the company's policie
D. recommend revision of current polic
View answer
Correct Answer: C
Question #20
After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to:
A. increase its customer awareness efforts in those region
B. implement monitoring techniques to detect and react to potential frau
C. outsource credit card processing to a third part
D. make the customer liable for losses if they fail to follow the bank's advic
View answer
Correct Answer: D
Question #21
The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
A. change the root password of the syste
B. implement multifactor authenticatio
C. rebuild the system from the original installation mediu
D. disconnect the mail server from the networ
View answer
Correct Answer: B
Question #22
In a business impact analysis, the value of an information system should be based on the overall cost:
A. of recover
B. to recreat
C. if unavailabl
D. of emergency operation
View answer
Correct Answer: B
Question #23
A risk analysis should:
A. include a benchmark of similar companies in its scop
B. assume an equal degree of protection for all asset
C. address the potential size and likelihood of los
D. give more weight to the likelihood v
E. the size of the los
View answer
Correct Answer: D

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: