Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISM Exam Dumps - Isaca Certification Questions and Answers

Question # 109

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.

Decrease in the number of security incidents

B.

Increase in the frequency of security incident escalations

C.

Reduction in the impact of security incidents

D.

Increase in the number of reported security incidents

Buy Now
Question # 110

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Options:

A.

Review independent security assessment reports for each vendor.

B.

Benchmark each vendor's services with industry best practices.

C.

Analyze the risks and propose mitigating controls.

D.

Define information security requirements and processes.

Buy Now
Question # 111

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Options:

A.

Patch management files

B.

Network system logs

C.

Configuration management files

D.

Intrusion detection system (IDS) logs

Buy Now
Question # 112

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Buy Now
Question # 113

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Buy Now
Question # 114

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

Which of the following would provide the MOST useful information for planning purposes? »

Options:

A.

Results from a business impact analysis (BIA)

B.

Deadlines and penalties for noncompliance

C.

Results from a gap analysis

D.

An inventory of security controls currently in place

Buy Now
Question # 115

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Buy Now
Question # 116

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Options:

A.

Install the OS, patches, and application from the original source.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Remove all signs of the intrusion from the OS and application.

Buy Now
Question # 117

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:

A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset's value is critical to risk management.

D.

The responsibility for security rests with all employees.

Buy Now
Question # 118

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.

control gaps are minimized.

B.

system availability.

C.

effectiveness of controls.

D.

alignment with compliance requirements.

Buy Now
Question # 119

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Buy Now
Question # 120

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Buy Now
Question # 121

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Buy Now
Question # 122

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?

Options:

A.

Identify the skill set of the provider's incident response team.

B.

Evaluate the provider's audit logging and monitoring controls.

C.

Review the provider’s incident definitions and notification criteria.

D.

Update the incident escalation process.

Buy Now
Question # 123

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents.

B.

identify vulnerabilities.

C.

identify control improvements.

D.

identify the root cause.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Apr 2, 2025
Questions: 801
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249