Isaca CISM Dumps

Exam: Certified Information Security Manager

CISM Premium VCE File
CISM.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified CISM Exam Questions with 30-Days Free Updates
749 Questions & Answers

Free CISM Exam Questions in VCE Format
File Votes Size Last comment
2 687.96 KB  
Play Isaca CISM VCE files with Avanset VCE Simulator

Isaca CISM Exam Tutorial

Showing 1-20 of 631 Questions   (Page 1 out of 32)

Question No : 1 - Topic 1

Who should be responsible for enforcing access rights to application data?

A. Data owners
B. Business process owners
C. The security steering committee
D. Security administrators

Question No : 2 - Topic 1

The MOST important component of a privacy policy is:

A. notifications.
B. warranties.
C. liabilities.
D. geographic coverage.

Question No : 3 - Topic 1

Investment in security technology and processes should be based on:

A. clear alignment with the goals and objectives of the organization.
B. success cases that have been experienced in previous projects.
C. best business practices.
D. safeguards that are inherent in existing technology.

Question No : 4 - Topic 1

A security manager is preparing a report to obtain the commitment of executive
management to a security program. Inclusion of which of the following would be of MOST

A. Examples of genuine incidents at similar organizations
B. Statement of generally accepted best practices
C. Associating realistic threats to corporate objectives
D. Analysis of current technological exposures

Question No : 5 - Topic 1

When a security standard conflicts with a business objective, the situation should be
resolved by:

A. changing the security standard.
B. changing the business objective.
C. performing a risk analysis.
D. authorizing a risk acceptance.

Question No : 6 - Topic 1

Minimum standards for securing the technical infrastructure should be defined in a security:

A. strategy.
B. guidelines.
C. model.
D. architecture.

Question No : 7 - Topic 1

An information security manager must understand the relationship between information
security and business operations in order to:

A. support organizational objectives.
B. determine likely areas of noncompliance.
C. assess the possible impacts of compromise.
D. understand the threats to the business.

Question No : 8 - Topic 1

Which of the following should be the FIRST step in developing an information security

A. Perform a technical vulnerabilities assessment
B. Analyze the current business strategy
C. Perform a business impact analysis
D. Assess the current levels of security awareness

Question No : 9 - Topic 1

Information security governance is PRIMARILY driven by:

A. technology constraints.
B. regulatory requirements.
C. litigation potential.
D. business strategy.

Question No : 10 - Topic 1

When developing an information security program, what is the MOST useful source of
information for determining available resources?

A. Proficiency test
B. Job descriptions
C. Organization chart
D. Skills inventory

Question No : 11 - Topic 1

To justify its ongoing security budget, which of the following would be of MOST use to the
information security' department?

A. Security breach frequency
B. Annualized loss expectancy (ALE)
C. Cost-benefit analysis
D. Peer group comparison

Question No : 12 - Topic 1

Who should drive the risk analysis for an organization?

A. Senior management
B. Security manager
C. Quality manager
D. Legal department

Question No : 13 - Topic 1

Which of the following is characteristic of centralized information security management?

A. More expensive to administer
B. Better adherence to policies
C. More aligned with business unit needs
D. Faster turnaround of requests

Question No : 14 - Topic 1

Information security should be:

A. focused on eliminating all risks.
B. a balance between technical and business requirements.
C. driven by regulatory requirements.
D. defined by the board of directors.

Question No : 15 - Topic 1

Which of the following is the MOST important information to include in an information
security standard?

A. Creation date
B. Author name
C. Initial draft approval date
D. Last review date

Question No : 16 - Topic 1

The MOST complete business case for security solutions is one that.

A. includes appropriate justification.
B. explains the current risk profile.
C. details regulatory requirements.
D. identifies incidents and losses.

Question No : 17 - Topic 1

Who in an organization has the responsibility for classifying information?

A. Data custodian
B. Database administrator
C. Information security officer
D. Data owner

Question No : 18 - Topic 1

When implementing effective security governance within the requirements of the
company's security strategy, which of the following is the MOST important factor to

A. Preserving the confidentiality of sensitive data
B. Establishing international security standards for data sharing
C. Adhering to corporate privacy standards
D. Establishing system manager responsibility for information security

Question No : 19 - Topic 1

Information security policy enforcement is the responsibility of the:

A. security steering committee.
B. chief information officer (CIO).
C. chief information security officer (CISO).
D. chief compliance officer (CCO).

Question No : 20 - Topic 1

An outcome of effective security governance is:

A. business dependency assessment
B. strategic alignment.
C. risk assessment.
D. planning.

Showing 1-20 of 631 Questions   (Page 1 out of 32)

Site Search:



Exam-Labs PREMIUM Files

Get 10% Discount on all PREMIUM files!

Enter Your Email Address to Receive Your 10% Off Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.