Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA Certified Information Security Manager CISM Exam Questions in PDF

Free ISACA CISM Dumps Questions (page: 15)

CISM PDF — 1716 Questions

What is the PRIMARY role of the information security manager in the process of information classification within an organization?

  1. Defining and ratifying the classification structure of information assets
  2. Deciding the classification levels applied to the organization's information assets
  3. Securing information assets in accordance with their classification
  4. Checking if information assets have been classified properly

Answer(s): A

Explanation:

Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization. Choice B is incorrect because the final responsibility for deciding the classification levels rests with the data owners. Choice C is incorrect because the job of securing information assets is the responsibility of the data custodians. Choice D may be a role of an information security manager but is not the key role in this context.



Logging is an example of which type of defense against systems compromise?

  1. Containment
  2. Detection
  3. Reaction
  4. Recovery

Answer(s): B

Explanation:

Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.



Which of the following is MOST important in developing a security strategy?

  1. Creating a positive business security environment
  2. Understanding key business objectives
  3. Having a reporting line to senior management
  4. Allocating sufficient resources to information security

Answer(s): B

Explanation:

Alignment with business strategy is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.



Who is ultimately responsible for the organization's information?

  1. Data custodian
  2. Chief information security officer (CISO)
  3. Board of directors
  4. Chief information officer (CIO)

Answer(s): C

Explanation:

The board of directors is ultimately responsible for the organization's information and is tasked with responding to issues that affect its protection. The data custodian is responsible for the maintenance and protection of data. This role is usually filled by the IT department. The chief information security officer (CISO) is responsible for security and carrying out senior management's directives. The chief information officer (CIO) is responsible for information technology within the organization and is not ultimately responsible for the organization's information.



Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

  1. Alignment with industry best practices
  2. Business continuity investment
  3. Business benefits
  4. Regulatory compliance

Answer(s): D

Explanation:

Regulatory compliance can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements. Buy-in from business managers must be obtained by the information security manager when an information security governance measure is sought based on its alignment with industry best practices. Business continuity investment needs to be justified by business impact analysis. When an information security governance measure is sought based on qualitative business benefits, further analysis is required to determine whether the benefits outweigh the cost of the information security governance measure in question.



Viewing page 15 of 345

Share your comments for ISACA CISM exam with other users:

E
ed
12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs

UNITED STATES
M
Muru
12/29/2023 10:23:00 AM

looks interesting

Anonymous
T
Tech Lady
10/17/2023 12:36:00 PM

thanks! that’s amazing

Anonymous
M
Mike
8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.

UNITED STATES
N
Nobody
9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection

Anonymous
M
Muhammad Rawish Siddiqui
12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.

SAUDI ARABIA
E
Emmah
7/29/2023 9:59:00 AM

are these valid chfi questions

KENYA
M
Mort
10/19/2023 7:09:00 PM

question: 162 should be dlp (b)

EUROPEAN UNION
E
Eknath
10/4/2023 1:21:00 AM

good exam questions

INDIA
N
Nizam
6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.

EUROPEAN UNION
P
poran
11/20/2023 4:43:00 AM

good analytics question

Anonymous
A
Antony
11/23/2023 11:36:00 AM

this looks accurate

INDIA
E
Ethan
8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).

Anonymous
N
nSiva
9/22/2023 5:58:00 AM

its useful.

UNITED STATES
R
Ranveer
7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.

SOUTH AFRICA
S
Sanjay
8/15/2023 10:22:00 AM

informative for me.

UNITED STATES
T
Tom
12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"

JAPAN
A
Alex
11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.

Anonymous
F
Finn
5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.

IRLAND
A
AJ
7/13/2023 8:33:00 AM

great to find this website, thanks

UNITED ARAB EMIRATES
C
Curtis Nakawaki
6/29/2023 9:11:00 PM

examination questions seem to be relevant.

UNITED STATES
U
Umashankar Sharma
10/22/2023 9:39:00 AM

planning to take psm test

Anonymous
E
ED SHAW
7/31/2023 10:34:00 AM

please allow to download

UNITED STATES
A
AD
7/22/2023 11:29:00 AM

please provide dumps

UNITED STATES
A
Ayyjayy
11/6/2023 7:29:00 AM

is the answer to question 15 correct ? i feel like the answer should be b

BAHRAIN
B
Blessious Phiri
8/12/2023 11:56:00 AM

its getting more technical

Anonymous
J
Jeanine J
7/11/2023 3:04:00 PM

i think these questions are what i need.

UNITED STATES
A
Aderonke
10/23/2023 2:13:00 PM

helpful assessment

UNITED KINGDOM
T
Tom
1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?

KOREA REPUBLIC OF
V
Vinit N.
8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.

UNITED STATES
S
Sanyog Deshpande
9/14/2023 7:05:00 AM

good practice

UNITED STATES
T
Tyron
9/8/2023 12:12:00 AM

so far it is really informative

Anonymous
B
beast
7/30/2023 2:22:00 PM

hi i want it please please upload it

Anonymous
M
Mirex
5/26/2023 3:45:00 AM

am preparing for exam ,just nice questions

Anonymous
AI Tutor 👋 I’m here to help!