Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA Certified Information Security Manager CISM Exam Questions in PDF

Free ISACA CISM Dumps Questions (page: 10)

CISM PDF — 1716 Questions

Information security projects should be prioritized on the basis of:

  1. time required for implementation.
  2. impact on the organization.
  3. total cost for implementation.
  4. mix of resources required.

Answer(s): B

Explanation:

Information security projects should be assessed on the basis of the positive impact that they will have on the organization. Time, cost and resource issues should be subordinate to this objective.



Which of the following is the MOST important information to include in an information security standard?

  1. Creation date
  2. Author name
  3. Initial draft approval date
  4. Last review date

Answer(s): D

Explanation:

The last review date confirms the currency of the standard, affirming that management has reviewed the standard to assure that nothing in the environment has changed that would necessitate an update to the standard. The name of the author as well as the creation and draft dates are not that important.



Which of the following would BEST prepare an information security manager for regulatory reviews?

  1. Assign an information security administrator as regulatory liaison
  2. Perform self-assessments using regulatory guidelines and reports
  3. Assess previous regulatory reports with process owners input
  4. Ensure all regulatory inquiries are sanctioned by the legal department

Answer(s): B

Explanation:

Self-assessments provide the best feedback on readiness and permit identification of items requiring remediation. Directing regulators to a specific person or department, or assessing previous reports, is not as effective. The legal department should review all formal inquiries but this does not help prepare for a regulatory review.



An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:

  1. bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
  2. establish baseline standards for all locations and add supplemental standards as required.
  3. bring all locations into conformity with a generally accepted set of industry best practices.
  4. establish a baseline standard incorporating those requirements that all jurisdictions have in common.

Answer(s): B

Explanation:

It is more efficient to establish a baseline standard and then develop additional standards for locations that must meet specific requirements. Seeking a lowest common denominator or just using industry best practices may cause certain locations to fail regulatory compliance. The opposite approach—forcing all locations to be in compliance with the regulations places an undue burden on those locations.



Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?

  1. Ensure that all IT risks are identified
  2. Evaluate the impact of information security risks
  3. Demonstrate that IT mitigating controls are in place
  4. Suggest new IT controls to mitigate operational risk

Answer(s): B

Explanation:

The job of the information security officer on such a team is to assess the risks to the business operation. Choice A is incorrect because information security is not limited to IT issues. Choice C is incorrect because at the time a team is formed to assess risk, it is premature to assume that any demonstration of IT controls will mitigate business operations risk. Choice D is incorrect because it is premature at the time of the formation of the team to assume that any suggestion of new IT controls will mitigate business operational risk.



Viewing page 10 of 345

Share your comments for ISACA CISM exam with other users:

P
Philippe
1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.

CANADA
S
Sam
8/31/2023 10:32:00 AM

not bad but you question database from isaca

MALAYSIA
B
Brijesh kr
6/29/2023 4:07:00 AM

awesome contents

INDIA
J
JM
12/19/2023 1:22:00 PM

answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.

UNITED STATES
N
Neo
7/26/2023 9:36:00 AM

are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?

SOUTH AFRICA
B
Bilal
8/22/2023 6:33:00 AM

i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.

Anonymous
J
John
11/12/2023 8:48:00 PM

why only give explanations on some, and not all questions and their respective answers?

UNITED STATES
B
Biswa
11/20/2023 8:50:00 AM

refresh db knowledge

Anonymous
S
Shalini Sharma
10/17/2023 8:29:00 AM

interested for sap certification

JAPAN
E
ethan
9/24/2023 12:38:00 PM

could you please upload practice questions for scr exam ?

HONG KONG
V
vijay joshi
8/19/2023 3:15:00 AM

please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps

Anonymous
A
Ayodele Talabi
8/25/2023 9:25:00 PM

sweating! they are tricky

CANADA
R
Romero
3/23/2022 4:20:00 PM

i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.

UNITED STATES
J
John Kennedy
9/20/2023 3:33:00 AM

good practice and well sites.

Anonymous
N
Nenad
7/12/2022 11:05:00 PM

passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.

INDIA
L
Lucky
10/31/2023 2:01:00 PM

does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?

HONG KONG
P
Prateek
9/18/2023 11:13:00 AM

kindly share the dumps

UNITED STATES
I
Irfan
11/25/2023 1:26:00 AM

very nice content

Anonymous
P
php
6/16/2023 12:49:00 AM

passed today

Anonymous
D
Durga
6/23/2023 1:22:00 AM

hi can you please upload questions

Anonymous
J
JJ
5/28/2023 4:32:00 AM

please upload quetions

THAILAND
N
Norris
1/3/2023 8:06:00 PM

i passed my exam thanks to this braindumps questions. these questions are valid in us and i highly recommend it!

UNITED STATES
A
abuti
7/21/2023 6:10:00 PM

are they truely latest

Anonymous
C
Curtis Nakawaki
7/5/2023 8:46:00 PM

questions appear contemporary.

UNITED STATES
V
Vv
12/2/2023 6:31:00 AM

good to prepare in this site

UNITED STATES
P
praveenkumar
11/20/2023 11:57:00 AM

very helpful to crack first attempt

Anonymous
A
asad Raza
5/15/2023 5:38:00 AM

please upload this exam

CHINA
R
Reeta
7/17/2023 5:22:00 PM

please upload the c_activate22 dump questions with answer

SWEDEN
W
Wong
12/20/2023 11:34:00 AM

q10 - the answer should be a. if its c, the criteria will meet if either the prospect is not part of the suppression lists or if the job title contains vice president

MALAYSIA
D
david
12/12/2023 12:38:00 PM

this was on the exam as of 1211/2023

Anonymous
T
Tink
7/24/2023 9:23:00 AM

great for prep

GERMANY
J
Jaro
12/18/2023 3:12:00 PM

i think in question 7 the first answer should be power bi portal (not power bi)

Anonymous
9
9eagles
4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.

Anonymous
T
Tai
8/28/2023 5:28:00 AM

wonderful material

SOUTH AFRICA
AI Tutor 👋 I’m here to help!