ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 1)

Which of the following should be the FIRST step in developing an information security plan?

  1. Perform a technical vulnerabilities assessment
  2. Analyze the current business strategy
  3. Perform a business impact analysis
  4. Assess the current levels of security awareness

Answer(s): B

Explanation:

Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.



Senior management commitment and support for information security can BEST be obtained through presentations that:

  1. use illustrative examples of successful attacks.
  2. explain the technical risks to the organization.
  3. evaluate the organization against best security practices.
  4. tie security risks to key business objectives.

Answer(s): D

Explanation:

Senior management seeks to understand the business justification for investing in security. This can best be accomplished by tying security to key business objectives. Senior management will not be as interested in technical risks or examples of successful attacks if they are not tied to the impact on business environment and objectives. Industry best practices are important to senior management but, again, senior management will give them the right level of importance when they are presented in terms of key business objectives.



The MOST appropriate role for senior management in supporting information security is the:

  1. evaluation of vendors offering security products.
  2. assessment of risks to the organization.
  3. approval of policy statements and funding.
  4. monitoring adherence to regulatory requirements.

Answer(s): C

Explanation:

Since the members of senior management are ultimately responsible for information security, they are the ultimate decision makers in terms of governance and direction. They are responsible for approval of major policy statements and requests to fund the information security practice. Evaluation of vendors, assessment of risks and monitoring compliance with regulatory requirements are day-to-day responsibilities of the information security manager; in some organizations, business management is involved in these other activities, though their primary role is direction and governance.



Which of the following would BEST ensure the success of information security governance within an organization?

  1. Steering committees approve security projects
  2. Security policy training provided to all managers
  3. Security training available to all employees on the intranet
  4. Steering committees enforce compliance with laws and regulations

Answer(s): A

Explanation:

The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.



Information security governance is PRIMARILY driven by:

  1. technology constraints.
  2. regulatory requirements.
  3. litigation potential.
  4. business strategy.

Answer(s): D

Explanation:

Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy.



Share your comments for ISACA CISM exam with other users:

A
alma
8/25/2023 1:20:00 PM

just started preparing for the exam

C
CW
7/10/2023 6:46:00 PM

these are the type of questions i need.

N
Nobody
8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?

S
Salah
7/23/2023 9:46:00 AM

thanks for providing these questions

R
Ritu
9/15/2023 5:55:00 AM

interesting

R
Ron
5/30/2023 8:33:00 AM

these dumps are pretty good.

S
Sowl
8/10/2023 6:22:00 PM

good questions

B
Blessious Phiri
8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database

R
Richard
10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.

J
Janjua
5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps

M
Matt
12/30/2023 11:18:00 AM

if only explanations were provided...

R
Rasha
6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me

A
Anonymous
7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?

A
AJ
9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions

P
peter parker
8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?

B
Berihun
7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules

N
nspk
1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)

M
Muhammad Rawish Siddiqui
12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.

A
Anonymous
7/14/2023 3:17:00 AM

pls upload the questions

M
Mukesh
7/10/2023 4:14:00 PM

good questions

E
Elie Abou Chrouch
12/11/2023 3:38:00 AM

question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.

D
Damien
9/23/2023 8:37:00 AM

i need this exam pls

N
Nani
9/10/2023 12:02:00 PM

its required for me, please make it enable to access. thanks

E
ethiopia
8/2/2023 2:18:00 AM

seems good..

W
whoAreWeReally
12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.

V
vs
9/2/2023 12:19:00 PM

no comments

J
john adenu
11/14/2023 11:02:00 AM

nice questions bring out the best in you.

O
Osman
11/21/2023 2:27:00 PM

really helpful

E
Edward
9/13/2023 5:27:00 PM

question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you

M
Monti
5/24/2023 11:14:00 PM

iam thankful for these exam dumps questions, i would not have passed without this exam dumps.

A
Anon
10/25/2023 10:48:00 PM

some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?

P
PeterPan
10/18/2023 10:22:00 AM

are the question real or fake?

C
CW
7/11/2023 3:19:00 PM

thank you for providing such assistance.

M
Mn8300
11/9/2023 8:53:00 AM

nice questions

AI Tutor 👋 I’m here to help!