Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA CISM Exam (page: 13)
ISACA Certified Information Security Manager
Updated on: 25-Dec-2025

Viewing Page 13 of 345
CISM PDF 1716 Questions

An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:

  1. corporate data privacy policy.
  2. data privacy policy where data are collected.
  3. data privacy policy of the headquarters' country.
  4. data privacy directive applicable globally.

Answer(s): B

Explanation:

As a subsidiary, the local entity will have to comply with the local law for data collected in the country. Senior management will be accountable for this legal compliance. The policy, being internal, cannot supersede the local law. Additionally, with local regulations differing from the country in which the organization is headquartered, it is improbable that a group wide policy will address all the local legal requirements. In case of data collected locally (and potentially transferred to a country with a different data privacy regulation), the local law applies, not the law applicable to the head office. The data privacy laws are country-specific.



A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:

  1. meet with stakeholders to decide how to comply.
  2. analyze key risks in the compliance process.
  3. assess whether existing controls meet the regulation.
  4. update the existing security/privacy policy.

Answer(s): C

Explanation:

If the organization is in compliance through existing controls, the need to perform other work related to the regulation is not a priority. The other choices are appropriate and important; however, they are actions that are subsequent and will depend on whether there is an existing control gap.



The PRIMARY objective of a security steering group is to:

  1. ensure information security covers all business functions.
  2. ensure information security aligns with business goals.
  3. raise information security awareness across the organization.
  4. implement all decisions on security management across the organization.

Answer(s): B

Explanation:

The security steering group comprises senior management of key business functions and has the primary objective to align the security strategy with the business direction. Option A is incorrect because all business areas may not be required to be covered by information security; but, if they do, the main purpose of the steering committee would be alignment more so than coverage. While raising awareness is important, this goal would not be carried out by the committee itself. The steering committee may delegate part of the decision making to the information security manager; however, if it retains this authority, it is not the primary' goal.



Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:

  1. baseline.
  2. strategy.
  3. procedure.
  4. policy.

Answer(s): D

Explanation:

A policy is a high-level statement of an organization's beliefs, goals, roles and objectives. Baselines assume a minimum security level throughout an organization. The information security strategy aligns the information security program with business objectives rather than making control statements. A procedure is a step-by- step process of how policy and standards will be implemented.



At what stage of the applications development process should the security department initially become involved?

  1. When requested
  2. At testing
  3. At programming
  4. At detail requirements

Answer(s): D

Explanation:

Information security has to be integrated into the requirements of the application's design. It should also be part of the information security governance of the organization. The application owner may not make a timely request for security involvement. It is too late during systems testing, since the requirements have already been agreed upon. Code reviews are part of the final quality assurance process.



Viewing Page 13 of 345



Share your comments for ISACA CISM exam with other users:

Chandra 11/28/2024 7:17:38 AM

This is the best and only way of passing this exam as it is extremely hard. Good questions and valid dump.
INDIA


Sunak 1/25/2025 9:17:57 AM

Can I use this dumps when I am taking the exam? I mean does somebody look what tabs or windows I have opened ?
BULGARIA


Frank 2/15/2024 11:36:57 AM

Finally got a change to write this exam and pass it! Valid and accurate!
CANADA


Anonymous User 2/2/2024 6:42:12 PM

Upload this exam please!
Anonymous


Nicholas 2/2/2024 6:17:08 PM

Thank you for providing these questions. It helped me a lot with passing my exam.
Anonymous


Timi 8/19/2023 5:30:00 PM

my first attempt
UNITED KINGDOM


Blessious Phiri 8/13/2023 10:32:00 AM

very explainable
Anonymous


m7md ibrahim 5/26/2023 6:21:00 PM

i think answer of q 462 is variance analysis
Anonymous


Tehu 5/25/2023 12:25:00 PM

hi i need see questions
Anonymous


Ashfaq Nasir 1/17/2024 1:19:00 AM

best study material for exam
Anonymous


Roberto 11/27/2023 12:33:00 AM

very interesting repository
ITALY


Nale 9/18/2023 1:51:00 PM

american history 1
Anonymous


Tanvi 9/27/2023 4:02:00 AM

good level of questions
Anonymous


Boopathy 8/17/2023 1:03:00 AM

i need this dump kindly upload it
Anonymous


s_123 8/12/2023 4:28:00 PM

do we need c# coding to be az204 certified
Anonymous


Blessious Phiri 8/15/2023 3:38:00 PM

excellent topics covered
Anonymous


Manasa 12/5/2023 3:15:00 AM

are these really financial cloud questions and answers, seems these are basic admin question and answers
Anonymous


Not Robot 5/14/2023 5:33:00 PM

are these comments real
Anonymous


kriah 9/4/2023 10:44:00 PM

please upload the latest dumps
UNITED STATES


ed 12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
UNITED STATES


Muru 12/29/2023 10:23:00 AM

looks interesting
Anonymous


Tech Lady 10/17/2023 12:36:00 PM

thanks! that’s amazing
Anonymous


Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Nobody 9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
Anonymous


Muhammad Rawish Siddiqui 12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.
SAUDI ARABIA


Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Mort 10/19/2023 7:09:00 PM

question: 162 should be dlp (b)
EUROPEAN UNION


Eknath 10/4/2023 1:21:00 AM

good exam questions
INDIA


Nizam 6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.
EUROPEAN UNION


poran 11/20/2023 4:43:00 AM

good analytics question
Anonymous


Antony 11/23/2023 11:36:00 AM

this looks accurate
INDIA


Ethan 8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).
Anonymous


nSiva 9/22/2023 5:58:00 AM

its useful.
UNITED STATES


Ranveer 7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
SOUTH AFRICA