DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare for CISM Exams Questions & Study Materials, Certified Information Security Manager | SPOTO

Prepare thoroughly for the Certified Information Security Manager (CISM) exams with SPOTO's comprehensive study materials and exam questions. Our meticulously curated resources cover all essential topics, including information security governance, risk management, incident management, and regulatory compliance. Access a variety of exam preparation tools, including sample questions and mock exams, to enhance your understanding and boost your confidence. Say goodbye to unreliable sources and embrace trusted exam practice with SPOTO. Utilize our exam simulator to replicate the exam environment and refine your exam-taking strategies effectively. Whether you're in need of exam materials or online exam questions, SPOTO provides the essential resources for success. Start your exam preparation journey today with our free test and ensure you're fully prepared to excel in the CISM exams.
Take other online exams

Question #1
The MOST important objective of a post incident review is to:
A. capture lessons learned to improve the process
B. develop a process for continuous improvement
C. develop a business case for the security program budget
D. identify new incident management tools
View answer
Correct Answer: A
Question #2
After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?
A. Calculating cost of the incident
B. Conducting a postmortem assessment
C. Preserving the evidence
D. Performing am impact analysis
View answer
Correct Answer: A
Question #3
Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:
A. compensating controls in the operational environment
B. commercial product compliance with corporate standards
C. more stringent source programming standards
D. security scanning of operational platforms
View answer
Correct Answer: D
Question #4
When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
A. submit the issue to the steering committee
B. conduct an impact analysis to quantify the risks
C. isolate the system from the rest of the network
D. request a risk acceptance from senior management
View answer
Correct Answer: A
Question #5
An information security program should focus on:
A. best practices also in place at peer companies
B. solutions codified in international standards
C. key controls identified in risk assessments
D. continued process improvement
View answer
Correct Answer: D
Question #6
Which of the following is the MOST important component of information security governance?
A. Approved Information security strategy
B. Documented information security policies
C. Comprehensive information security awareness program
D. Appropriate information security metrics
View answer
Correct Answer: A
Question #7
An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
A. an audit of the service provider uncovers no significant weakness
B. the contract includes a nondisclosure agreement (NDA) to protect the organization's intellectual property
C. the contract should mandate that the service provider will comply with security policies
D. the third-party service provider conducts regular penetration testing
View answer
Correct Answer: A
Question #8
Senior management asks the information security manager for justification before approving the acquisition of a new intrusion detection system (IDS). The BEST course of action is to provide:
A. documented industry best practices
B. a gap analysis against the new IDS controls
C. a business case
D. a business impact analysis (BIA)
View answer
Correct Answer: C
Question #9
Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:
A. executive management
B. chief information security officer (CISO)
C. board of directors
D. steering committee
View answer
Correct Answer: A
Question #10
A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?
A. Invalid logon attempts
B. Write access violations
C. Concurrent logons
D. Firewall logs
View answer
Correct Answer: A
Question #11
When creating a forensic image of a hard drive, which of the following should be the FIRST step?
A. Identify a recognized forensics software tool to create the image
B. Establish a chain of custody log
C. Connect the hard drive to a write blocker
D. Generate a cryptographic hash of the hard drive contents
View answer
Correct Answer: D
Question #12
Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?
A. Communicating specially drafted messages by an authorized person
B. Refusing to comment until recovery
C. Referring the media to the authorities
D. Reporting the losses and recovery strategy to the media
View answer
Correct Answer: C
Question #13
An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?
A. Follow the outsourcer’s response plan
B. Alert the appropriate law enforcement authorities
C. Refer to the organization’s response plan
D. Notify the outsourcer of the privacy breach
View answer
Correct Answer: D
Question #14
Security technologies should be selected PRIMARILY on the basis of their:
A. ability to mitigate business risks
B. evaluations in trade publications
C. use of new and emerging technologies
D. benefits in comparison to their costs
View answer
Correct Answer: A
Question #15
Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?
A. Conduct a risk assessment and develop an impact analysis
B. Update the risk register and review the information security strategy
C. Report the activity to senior management
D. Allow temporary use of the site and monitor for data leakage
View answer
Correct Answer: D
Question #16
Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
A. Make backups of the affected systems prior to transfer
B. Increase cyber insurance coverage
C. Identify all information assets in the legacy environment
D. Assign owners to be responsible for the transfer of each asset
View answer
Correct Answer: B
Question #17
Which of the following is characteristic of centralized information security management?
A. More expensive to administer
B. Better adherence to policies
C. More aligned with business unit needs
D. Faster turnaround of requests
View answer
Correct Answer: B
Question #18
A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
A. confirm the incident
B. notify senior management
C. start containment
D. notify law enforcement
View answer
Correct Answer: B
Question #19
Which of the following will BEST enable an effective information asset classification process?
A. Reviewing the recovery time objective (RTO) requirements of the asset
B. Analyzing audit findings
C. Including security requirements in the classification process
D. Assigning ownership
View answer
Correct Answer: A
Question #20
Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
A. Database administrator (DBA)
B. Finance department management
C. Information security manager
D. IT department management
View answer
Correct Answer: C
Question #21
Which of the following BEST ensures that security risks will be reevaluated when modifications in application developments are made?
A. A problem management process
B. Background screening
C. A change control process
D. Business impact analysis (BIA)
View answer
Correct Answer: B
Question #22
The PRIMARY focus of the change control process is to ensure that changes are:
A. authorized
B. applied
C. documented
D. tested
View answer
Correct Answer: C
Question #23
Which of the following is the MOST effective way to detect information security incidents?
A. Providing regular and up-to-date training for the incident response team
B. Establishing proper policies for response to threats and vulnerabilities
C. Performing regular testing of the incident response program
D. Educating and users on threat awareness and timely reporting
View answer
Correct Answer: B
Question #24
Which of the following threats is prevented by using token-based authentication?
A. Password sniffing attack on the network
B. Denial of service attack over the network
C. Main-in-the middle attack on the client
D. Session eavesdropping attack on the network
View answer
Correct Answer: D
Question #25
Which of the following architectures for e-business BEST ensures high availability?
A. Availability of an adjacent hot site and a standby server with mirrored copies of critical data
B. Intelligent middleware to direct transactions from a downed system to an alternative
C. A single point of entry allowing transactions to be received and processed quickly
D. Automatic failover to the web site of another e-business that meets the user’s needs
View answer
Correct Answer: A
Question #26
An unauthorized user gained access to a merchant's database server and customer credit card information. Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?
A. Shut down and power off the server
B. Duplicate the hard disk of the server immediately
C. Isolate the server from the network
D. Copy the database log file to a protected server
View answer
Correct Answer: D
Question #27
What is the PRIMARY role of the information security manager in the process of information classification within an organization?
A. Defining and ratifying the classification structure of information assets
B. Deciding the classification levels applied to the organization's information assets
C. Securing information assets in accordance with their classification
D. Checking if information assets have been classified properly
View answer
Correct Answer: A
Question #28
Nonrepudiation can BEST be assured by using:
A. delivery path tracing
B. reverse lookup translation
C. out-of-hand channels
D. digital signatures
View answer
Correct Answer: A
Question #29
A business case for investment in an information security management infrastructure MUST include:
A. evidence that the proposed infrastructure is certified
B. specifics on the security applications needed
C. data management methods currently in use
D. impact of noncompliance with applicable standards
View answer
Correct Answer: D
Question #30
Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
A. Business impact analysis (BIA)
B. Risk assessment
C. Vulnerability assessment
D. Business process mapping
View answer
Correct Answer: A
Question #31
Employees in a large multinational organization frequently travel among various geographic locations. Which type of authorization policy BEST addresses this practice?
A. Multilevel
B. Identity
C. Role-based
D. Discretionary
View answer
Correct Answer: B
Question #32
An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
A. Require annual signed agreements of adherence to security policies
B. Include penalties for noncompliance in the contracting agreement
C. Perform periodic security assessments of the contractors' activities
D. Conduct periodic vulnerability scans of the application
View answer
Correct Answer: C
Question #33
When reviewing the security controls of an application service provider, an information security manager discovers the provider's change management controls are insufficient. Changes to the provided application often occur spontaneously with no notification to clients. Which of the following would BEST facilitate a decision to continue or discontinue services with this provider?
A. Comparing the client organization's risk appetite to the disaster recovery plan of the service provider
B. Comparing the client organization's risk appetite to the criticality of the supplied application
C. Comparing the client organization's risk appetite to the frequency of application downtimes
D. Comparing the client organization's risk appetite to the vendor's change control policy
View answer
Correct Answer: B
Question #34
When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:
A. media coverage
B. availability of technical resources
C. incident response team
D. affected stakeholders
View answer
Correct Answer: B
Question #35
Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?
A. Following the principle of least privilege
B. Restricting the use of removable media
C. Applying data classification rules
D. Enforcing penalties for security policy violations
View answer
Correct Answer: C
Question #36
Which of the following would be the information security manager’s BEST course of action to gain approval for investment in a technical control?
A. Perform a cost-benefit analysis
B. Conduct a risk assessment
C. Calculate the exposure factor
D. Conduct a business impact analysis (BIA)
View answer
Correct Answer: B
Question #37
The PRIMARY goal in developing an information security strategy is to:
A. establish security metrics and performance monitoring
B. educate business process owners regarding their duties
C. ensure that legal and regulatory requirements are met
D. support the business objectives of the organization
View answer
Correct Answer: D
Question #38
Information classification is a fundamental step in determining:
A. whether risk analysis objectives are met
B. who has ownership of information
C. the type of metrics that should be captured
D. the security strategy that should be used
View answer
Correct Answer: C
Question #39
Which of the following is the BEST method to protect consumer private information for an online public website?
A. Encrypt consumer’s data in transit and at rest
B. Apply a masking policy to the consumer data
C. Use secure encrypted transport layer
D. Apply strong authentication to online accounts
View answer
Correct Answer: C
Question #40
Which of the following has the highest priority when defining an emergency response plan?
A. Critical data
B. Critical infrastructure
C. Safety of personnel
D. Vital records
View answer
Correct Answer: A
Question #41
When designing security controls, it is MOST important to:
A. apply a risk-based approach
B. focus on preventive controls
C. evaluate the costs associated with the controls
D. apply controls to confidential information
View answer
Correct Answer: A
Question #42
Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data loss?
A. An independent auditor for identification of control deficiencies
B. A damage assessment expert for calculating losses
C. A forensics expert for evidence management
D. A penetration tester to validate the attack
View answer
Correct Answer: B
Question #43
Which of the following is the MOST important consideration when selecting members for an information security steering committee?
A. Cross-functional composition
B. Information security expertise
C. Tenure in the organization
D. Business expertise
View answer
Correct Answer: B
Question #44
An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization’s information security manager?
A. The change did not include a proper assessment of risk
B. Documentation of the change was made after implementation
C. The information security manager did not review the change prior to implementation
D. The operations team implemented the change without regression testing
View answer
Correct Answer: A
Question #45
An organization has decided to implement a security information and event management (SIEM) system. It is MOST important for the organization to consider:
A. industry best practices
B. data ownership
C. log sources
D. threat assessments
View answer
Correct Answer: B
Question #46
Which of the following is an example of a corrective control?
A. Diverting incoming traffic upon responding to the denial of service (DoS) attack
B. Filtering network traffic before entering an internal network from outside
C. Examining inbound network traffic for viruses
D. Logging inbound network traffic
View answer
Correct Answer: C
Question #47
When aligning an organization's information security program with other risk and control activities, it is MOST important to:
A. develop an information security governance framework
B. have information security management report to the chief risk officer
C. ensure adequate financial resources are available
D. integrate security within the system development life cycle
View answer
Correct Answer: D
Question #48
Which of the following is the MOST effective approach for delivering security incident response training?
A. Perform role-playing exercises to simulate real-world incident response scenarios
B. Engage external consultants to present real-world examples within the industry
C. Include incident response training within new staff orientation
D. Provide on-the-job training and mentoring for the incident response team
View answer
Correct Answer: A
Question #49
Who is responsible for raising awareness of the need for adequate funding for risk action plans?
A. Chief information officer (CIO)
B. Chief financial officer (CFO)
C. Information security manager
D. Business unit management
View answer
Correct Answer: C
Question #50
A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:
A. data sharing complies with local laws and regulations at both locations
B. data is encrypted in transit and at rest
C. a nondisclosure agreement is signed
D. risk coverage is split between the two locations sharing data
View answer
Correct Answer: A
Question #51
An organization utilizes a third party to classify its customers' personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?
A. Include detailed documentation requirements within the formal statement of work
B. Submit a formal request for proposal (RFP) containing detailed documentation of requirements
C. Ensure a nondisclosure agreement is signed by both parties' senior management
D. Require the service provider to sign off on the organization's acceptable use policy
View answer
Correct Answer: A
Question #52
Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?
A. Verify the date that signature files were last pushed out
B. Use a recently identified benign virus to test if it is quarantined
C. Research the most recent signature file and compare to the console
D. Check a sample of servers that the signature files are current
View answer
Correct Answer: B
Question #53
An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:
A. perform a gap analysis of compliance requirements
B. assess the penalties for non-compliance
C. review the organization’s most recent audit report
D. determine the cost of compliance
View answer
Correct Answer: A
Question #54
Which of the following metrics is MOST appropriate for evaluating the incident notification process?
A. Average total cost of downtime per reported incident
B. Average number of incidents per reporting period
C. Elapsed time between response and resolution
D. Elapsed time between detection, reporting and response
View answer
Correct Answer: C
Question #55
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
A. Legal
B. Information security
C. Help desk
D. Human resources
View answer
Correct Answer: B
Question #56
When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?
A. Assigning responsibility for acquiring the data
B. Locating the data and preserving the integrity of the data
C. Creating a forensically sound image
D. Issuing a litigation hold to all affected parties
View answer
Correct Answer: C
Question #57
To ensure IT equipment meets organizational security standards, the MOST efficient approach is to:
A. assess security during equipment deployment
B. ensure compliance during user acceptance testing
C. assess the risks of all new equipment
D. develop an approved equipment list
View answer
Correct Answer: A
Question #58
A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager’s FIRST course of action?
A. Review the current security policy
B. Inform senior management of the new regulation
C. Update the security incident management process
D. Determine impact to the business
View answer
Correct Answer: A
Question #59
During the security review of organizational servers, it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:
A. copy sample files as evidence
B. remove access privileges to the folder containing the data
C. report this situation to the data owner
D. train the HR team on properly controlling file permissions
View answer
Correct Answer: B
Question #60
Which of the following should be the PRIMARY basis for an information security strategy?
A. The organization’s vision and mission
B. Information security policies
C. Results of a comprehensive gap analysis
D. Audit and regulatory requirements
View answer
Correct Answer: A
Question #61
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
A. Requiring the backup of the organization’s data by the user
B. Establishing the authority to remote wipe
C. Monitoring how often the smartphone is used
D. Developing security awareness training
View answer
Correct Answer: A
Question #62
Which of the following is a PRIMARY function of an incident response team?
A. To provide a business impact assessment
B. To provide effective incident mitigation
C. To provide a single point of contact for critical incidents
D. To provide a risk assessment for zero-day vulnerabilities
View answer
Correct Answer: C
Question #63
What of the following is MOST important to include in an information security policy?
A. Maturity levels
B. Best practices
C. Management objectives
D. Baselines
View answer
Correct Answer: B
Question #64
Which of the following would BEST help to ensure an organization’s security program is aligned with business objectives?
A. Security policies are reviewed and approved by the chief information officer
B. The security strategy is reviewed and approved by the organization’s executive committee
C. The organization’s board of directors includes a dedicated information security specialist
D. Project managers receive annual information security awareness training
View answer
Correct Answer: A
Question #65
Which of the following is the MOST important reason to monitor information risk on a continuous basis?
A. The risk profile can change over time
B. The effectiveness of controls can be verified
C. The cost of controls can be minimized
D. Risk assessment errors can be identified
View answer
Correct Answer: D
Question #66
Which of the following be MOST effective in reducing the financial impact following a security breach leading to data disclosure?
A. A business continuity plan
B. Backup and recovery strategy
C. A data loss prevention (DLP) solution
D. An incident response plan
View answer
Correct Answer: B
Question #67
The recovery point objective (RPO) is required in which of the following?
A. Information security plan
B. Incident response plan
C. Business continuity plan
D. Disaster recovery plan
View answer
Correct Answer: A
Question #68
Which of the following is the MOST effective method to prevent an SQL injection in an employee portal?
A. Reconfigure the database schema
B. Enforce referential integrity on the database
C. Conduct code reviews
D. Conduct network penetration testing
View answer
Correct Answer: A
Question #69
Which of the following should be the PRIMARY focus of a post-incident review following a successful response to a cybersecurity incident?
A. Which control failures contributed to the incident
B. How incident response processes were executed
C. What attack vectors were utilized
D. When business operations were restored
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: