Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA Certified Information Security Manager CISM Exam Questions in PDF

Free ISACA CISM Dumps Questions (page: 11)

CISM PDF — 1716 Questions

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

  1. Enhanced policy compliance
  2. Improved procedure flows
  3. Segregation of duties
  4. Better accountability

Answer(s): D

Explanation:

Without well-defined roles and responsibilities, there cannot be accountability. Choice A is incorrect because policy compliance requires adequately defined accountability first and therefore is a byproduct. Choice B is incorrect because people can be assigned to execute procedures that are not well designed. Choice C is incorrect because segregation of duties is not automatic, and roles may still include conflicting duties.



An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?

  1. Security metrics reports
  2. Risk assessment reports
  3. Business impact analysis (BIA)
  4. Return on security investment report

Answer(s): B

Explanation:

Performing a risk assessment will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management. Metrics reports are normally contained within the methodology of the risk assessment to give it credibility and provide an ongoing tool. The business impact analysis (BIA) covers continuity risks only. Return on security investment cannot be determined until a plan is developed based on the BIA.



Reviewing which of the following would BEST ensure that security controls are effective?

  1. Risk assessment policies
  2. Return on security investment
  3. Security metrics
  4. User access rights

Answer(s): C

Explanation:

Reviewing security metrics provides senior management a snapshot view and trends of an organization's security posture. Choice A is incorrect because reviewing risk assessment policies would not ensure that the controls are actually working. Choice B is incorrect because reviewing returns on security investments provides business justifications in implementing controls, but does not measure effectiveness of the control itself. Choice D is incorrect because reviewing user access rights is a joint responsibility of the data custodian and the data owner, and does not measure control effectiveness.



Which of the following is responsible for legal and regulatory liability?

  1. Chief security officer (CSO)
  2. Chief legal counsel (CLC)
  3. Board and senior management
  4. Information security steering group

Answer(s): C

Explanation:

The board of directors and senior management are ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.



While implementing information security governance an organization should FIRST:

  1. adopt security standards.
  2. determine security baselines.
  3. define the security strategy.
  4. establish security policies.

Answer(s): C

Explanation:

The first step in implementing information security governance is to define the security strategy based on which security baselines are determined. Adopting suitable security- standards, performing risk assessment and implementing security policy are steps that follow the definition of the security strategy.



Viewing page 11 of 345

Share your comments for ISACA CISM exam with other users:

A
Ali Azam
12/7/2023 1:51:00 AM

really helped with preparation of my scrum exam

Anonymous
J
Jerman
9/29/2023 8:46:00 AM

very informative and through explanations

Anonymous
J
Jimmy
11/4/2023 12:11:00 PM

prep for exam

INDONESIA
A
Abhi
9/19/2023 1:22:00 PM

thanks for helping us

Anonymous
M
mrtom33
11/20/2023 4:51:00 AM

i prepared for the eccouncil 350-401 exam. i scored 92% on the test.

Anonymous
J
JUAN
6/28/2023 2:12:00 AM

aba questions to practice

UNITED STATES
L
LK
1/2/2024 11:56:00 AM

great content

Anonymous
S
Srijeeta
10/8/2023 6:24:00 AM

how do i get the remaining questions?

INDIA
J
Jovanne
7/26/2022 11:42:00 PM

well formatted pdf and the test engine software is free. well worth the money i sept.

ITALY
C
CHINIMILLI SATISH
8/29/2023 6:22:00 AM

looking for 1z0-116

Anonymous
P
Pedro Afonso
1/15/2024 8:01:00 AM

in question 22, shouldnt be in the data (option a) layer?

Anonymous
P
Pushkar
11/7/2022 12:12:00 AM

the questions are incredibly close to real exam. you people are amazing.

INDIA
A
Ankit S
11/13/2023 3:58:00 AM

q15. answer is b. simple

UNITED STATES
S
S. R
12/8/2023 9:41:00 AM

great practice

FRANCE
M
Mungara
3/14/2023 12:10:00 AM

thanks to this exam dumps, i felt confident and passed my exam with ease.

UNITED STATES
A
Anonymous
7/25/2023 2:55:00 AM

need 1z0-1105-22 exam

Anonymous
N
Nigora
5/31/2022 10:05:00 PM

this is a beautiful tool. passed after a week of studying.

UNITED STATES
A
Av dey
8/16/2023 2:35:00 PM

can you please upload the dumps for 1z0-1096-23 for oracle

INDIA
M
Mayur Shermale
11/23/2023 12:22:00 AM

its intresting, i would like to learn more abouth this

JAPAN
J
JM
12/19/2023 2:23:00 PM

q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.

UNITED STATES
F
Freddie
12/12/2023 12:37:00 PM

helpful dump questions

SOUTH AFRICA
D
Da Costa
8/25/2023 7:30:00 AM

question 423 eigrp uses metric

Anonymous
B
Bsmaind
8/20/2023 9:22:00 AM

hello nice dumps

Anonymous
B
beau
1/12/2024 4:53:00 PM

good resource for learning

UNITED STATES
S
Sandeep
12/29/2023 4:07:00 AM

very useful

Anonymous
K
kevin
9/29/2023 8:04:00 AM

physical tempering techniques

Anonymous
B
Blessious Phiri
8/15/2023 4:08:00 PM

its giving best technical knowledge

Anonymous
T
Testbear
6/13/2023 11:15:00 AM

please upload

ITALY
S
shime
10/24/2023 4:23:00 AM

great question with explanation thanks!!

ETHIOPIA
T
Thembelani
5/30/2023 2:40:00 AM

does this exam have lab sections?

Anonymous
S
Shin
9/8/2023 5:31:00 AM

please upload

PHILIPPINES
P
priti kagwade
7/22/2023 5:17:00 AM

please upload the braindump for .net

UNITED STATES
R
Robe
9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.

Anonymous
C
Chiranthaka
9/20/2023 11:22:00 AM

very useful!

Anonymous
AI Tutor 👋 I’m here to help!