Isaca CISM Dumps
Exam: Certified Information Security Manager
|CISM Premium VCE File|
|CISM.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified CISM Exam Questions with 30-Days Free Updates
749 Questions & Answers
Free CISM Exam Questions in VCE Format
Isaca CISM Exam Tutorial
Question No : 1 - Topic 1
Who should be responsible for enforcing access rights to application data?
A. Data owners
B. Business process owners
C. The security steering committee
D. Security administrators
Question No : 2 - Topic 1
D. geographic coverage.
Question No : 3 - Topic 1
Investment in security technology and processes should be based on:
A. clear alignment with the goals and objectives of the organization.
B. success cases that have been experienced in previous projects.
C. best business practices.
D. safeguards that are inherent in existing technology.
Question No : 4 - Topic 1
A security manager is preparing a report to obtain the commitment of executive
management to a security program. Inclusion of which of the following would be of MOST
A. Examples of genuine incidents at similar organizations
B. Statement of generally accepted best practices
C. Associating realistic threats to corporate objectives
D. Analysis of current technological exposures
Question No : 5 - Topic 1
When a security standard conflicts with a business objective, the situation should be
A. changing the security standard.
B. changing the business objective.
C. performing a risk analysis.
D. authorizing a risk acceptance.
Question No : 6 - Topic 1
Minimum standards for securing the technical infrastructure should be defined in a security:
Question No : 7 - Topic 1
An information security manager must understand the relationship between information
security and business operations in order to:
A. support organizational objectives.
B. determine likely areas of noncompliance.
C. assess the possible impacts of compromise.
D. understand the threats to the business.
Question No : 8 - Topic 1
Which of the following should be the FIRST step in developing an information security
A. Perform a technical vulnerabilities assessment
B. Analyze the current business strategy
C. Perform a business impact analysis
D. Assess the current levels of security awareness
Question No : 9 - Topic 1
Information security governance is PRIMARILY driven by:
A. technology constraints.
B. regulatory requirements.
C. litigation potential.
D. business strategy.
Question No : 10 - Topic 1
When developing an information security program, what is the MOST useful source of
information for determining available resources?
A. Proficiency test
B. Job descriptions
C. Organization chart
D. Skills inventory
Question No : 11 - Topic 1
To justify its ongoing security budget, which of the following would be of MOST use to the
information security' department?
A. Security breach frequency
B. Annualized loss expectancy (ALE)
C. Cost-benefit analysis
D. Peer group comparison
Question No : 12 - Topic 1
Who should drive the risk analysis for an organization?
A. Senior management
B. Security manager
C. Quality manager
D. Legal department
Question No : 13 - Topic 1
Which of the following is characteristic of centralized information security management?
A. More expensive to administer
B. Better adherence to policies
C. More aligned with business unit needs
D. Faster turnaround of requests
Question No : 14 - Topic 1
Information security should be:
A. focused on eliminating all risks.
B. a balance between technical and business requirements.
C. driven by regulatory requirements.
D. defined by the board of directors.
Question No : 15 - Topic 1
Which of the following is the MOST important information to include in an information
A. Creation date
B. Author name
C. Initial draft approval date
D. Last review date
Question No : 16 - Topic 1
The MOST complete business case for security solutions is one that.
A. includes appropriate justification.
B. explains the current risk profile.
C. details regulatory requirements.
D. identifies incidents and losses.
Question No : 17 - Topic 1
Who in an organization has the responsibility for classifying information?
A. Data custodian
B. Database administrator
C. Information security officer
D. Data owner
Question No : 18 - Topic 1
When implementing effective security governance within the requirements of the
company's security strategy, which of the following is the MOST important factor to
A. Preserving the confidentiality of sensitive data
B. Establishing international security standards for data sharing
C. Adhering to corporate privacy standards
D. Establishing system manager responsibility for information security
Question No : 19 - Topic 1
Information security policy enforcement is the responsibility of the:
A. security steering committee.
B. chief information officer (CIO).
C. chief information security officer (CISO).
D. chief compliance officer (CCO).
Question No : 20 - Topic 1
An outcome of effective security governance is:
A. business dependency assessment
B. strategic alignment.
C. risk assessment.