Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA Certified Information Security Manager CISM Exam Questions in PDF

Free ISACA CISM Dumps Questions (page: 12)

CISM PDF — 1716 Questions

The MOST basic requirement for an information security governance program is to:

  1. be aligned with the corporate business strategy.
  2. be based on a sound risk management approach.
  3. provide adequate regulatory compliance.
  4. provide best practices for security- initiatives.

Answer(s): A

Explanation:

To receive senior management support, an information security program should be aligned with the corporate business strategy. Risk management is a requirement of an information security program which should take into consideration the business strategy. Security governance is much broader than just regulatory compliance. Best practice is an operational concern and does not have a direct impact on a governance program.



Information security policy enforcement is the responsibility of the:

  1. security steering committee.
  2. chief information officer (CIO).
  3. chief information security officer (CISO).
  4. chief compliance officer (CCO).

Answer(s): C

Explanation:

Information security policy enforcement is the responsibility of the chief information security officer (CISO), first and foremost. The board of directors and executive management should ensure that a security policy is in line with corporate objectives. The chief information officer (CIO) and the chief compliance officer (CCO) are involved in the enforcement of the policy but are not directly responsible for it.



A good privacy statement should include:

  1. notification of liability on accuracy of information.
  2. notification that information will be encrypted.
  3. what the company will do with information it collects.
  4. a description of the information classification process.

Answer(s): C

Explanation:

Most privacy laws and regulations require disclosure on how information will be used. Choice A is incorrect because that information should be located in the web site's disclaimer. Choice B is incorrect because, although encryption may be applied, this is not generally disclosed. Choice D is incorrect because information classification would be contained in a separate policy.



Which of the following would be MOST effective in successfully implementing restrictive password policies?

  1. Regular password audits
  2. Single sign-on system
  3. Security awareness program
  4. Penalties for noncompliance

Answer(s): C

Explanation:

To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the end users. The best way to accomplish this is through a security awareness program. Regular password audits and penalties for noncompliance would not be as effective on their own; people would go around them unless forced by the system. Single sign-on is a technology solution that would enforce password complexity but would not promote user compliance. For the effort to be more effective, user buy-in is important.



When designing an information security quarterly report to management, the MOST important element to be considered should be the:

  1. information security metrics.
  2. knowledge required to analyze each issue.
  3. linkage to business area objectives.
  4. baseline against which metrics are evaluated.

Answer(s): C

Explanation:

The link to business objectives is the most important clement that would be considered by management. Information security metrics should be put in the context of impact to management objectives. Although important, the security knowledge required would not be the first element to be considered. Baselining against the information security metrics will be considered later in the process.



Viewing page 12 of 345

Share your comments for ISACA CISM exam with other users:

V
vladputin
7/20/2023 5:00:00 AM

is this real?

UNITED STATES
N
Nick W
9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it

Anonymous
N
Naveed
8/28/2023 2:48:00 AM

good questions with simple explanation

UNITED STATES
C
cert
9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s

Anonymous
Y
Yves
8/29/2023 8:46:00 PM

very inciting

Anonymous
M
Miguel
10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;

SPAIN
B
Byset
9/25/2023 12:49:00 AM

it look like real one

Anonymous
D
Debabrata Das
8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps

Anonymous
N
nITA KALE
8/22/2023 1:57:00 AM

i need dumps

Anonymous
C
CV
9/9/2023 1:54:00 PM

its time to comptia sec+

GREECE
S
SkepticReader
8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).

UNITED STATES
N
Nabin
10/16/2023 4:58:00 AM

helpful content

MALAYSIA
B
Blessious Phiri
8/15/2023 3:19:00 PM

oracle 19c is complex db

Anonymous
S
Sreenivas
10/24/2023 12:59:00 AM

helpful for practice

Anonymous
L
Liz
9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.

UNITED STATES
N
Namrata
7/15/2023 2:22:00 AM

helpful questions

Anonymous
L
lipsa
11/8/2023 12:54:00 PM

thanks for question

Anonymous
E
Eli
6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.

EUROPEAN UNION
O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

Anonymous
G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

UNITED STATES
R
ryo
9/10/2023 2:27:00 PM

very helpful

MEXICO
J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

PAKISTAN
R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

Anonymous
S
Synt
5/23/2023 9:33:00 PM

need to view

UNITED STATES
V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

CAMBODIA
T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

Anonymous
J
Jay
9/26/2023 8:00:00 AM

link plz for download

UNITED STATES
L
Leo
10/30/2023 1:11:00 PM

data quality oecd

Anonymous
B
Blessious Phiri
8/13/2023 9:35:00 AM

rman is one good recovery technology

Anonymous
D
DiligentSam
9/30/2023 10:26:00 AM

need it thx

Anonymous
V
Vani
8/10/2023 8:11:00 PM

good questions

NEW ZEALAND
F
Fares
9/11/2023 5:00:00 AM

good one nice revision

Anonymous
L
Lingaraj
10/26/2023 1:27:00 AM

i love this thank you i need

Anonymous
M
Muhammad Rawish Siddiqui
12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.

SAUDI ARABIA
AI Tutor 👋 I’m here to help!