ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 18)

Which of the following is the MOST important to keep in mind when assessing the value of information?

  1. The potential financial loss
  2. The cost of recreating the information
  3. The cost of insurance coverage
  4. Regulatory requirement

Answer(s): A

Explanation:

The potential for financial loss is always a key factor when assessing the value of information. Choices B, C and D may be contributors, but not the key factor.



What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?

  1. Risk assessment report
  2. Technical evaluation report
  3. Business case
  4. Budgetary requirements

Answer(s): C

Explanation:

The information security manager needs to prioritize the controls based on risk management and the requirements of the organization. The information security manager must look at the costs of the various controls and compare them against the benefit the organization will receive from the security solution. The information security manager needs to have knowledge of the development of business cases to illustrate the costs and benefits of the various controls. All other choices are supplemental.



To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?

  1. Security breach frequency
  2. Annualized loss expectancy (ALE)
  3. Cost-benefit analysis
  4. Peer group comparison

Answer(s): C

Explanation:

Cost-benefit analysis is the legitimate way to justify budget. The frequency of security breaches may assist the argument for budget but is not the key tool; it does not address the impact. Annualized loss expectancy (ALE) does not address the potential benefit of security investment. Peer group comparison would provide a good estimate for the necessary security budget but it would not take into account the specific needs of the organization.



Which of the following situations would MOST inhibit the effective implementation of security governance?

  1. The complexity of technology
  2. Budgetary constraints
  3. Conflicting business priorities
  4. High-level sponsorship

Answer(s): D

Explanation:

The need for senior management involvement and support is a key success factor for the implementation of appropriate security governance. Complexity of technology, budgetary constraints and conflicting business priorities are realities that should be factored into the governance model of the organization, and should not be regarded as inhibitors.



What would be the MOST significant security risks when using wireless local area network (LAN) technology?

  1. Man-in-the-middle attack
  2. Spoofing of data packets
  3. Rogue access point
  4. Session hijacking

Answer(s): C

Explanation:

A rogue access point masquerades as a legitimate access point. The risk is that legitimate users may connect through this access point and have their traffic monitored. All other choices are not dependent on the use of a wireless local area network (LAN) technology.



Share your comments for ISACA CISM exam with other users:

S
SkepticReader
8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).

N
Nabin
10/16/2023 4:58:00 AM

helpful content

B
Blessious Phiri
8/15/2023 3:19:00 PM

oracle 19c is complex db

S
Sreenivas
10/24/2023 12:59:00 AM

helpful for practice

L
Liz
9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.

N
Namrata
7/15/2023 2:22:00 AM

helpful questions

L
lipsa
11/8/2023 12:54:00 PM

thanks for question

E
Eli
6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.

O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

R
ryo
9/10/2023 2:27:00 PM

very helpful

J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

S
Synt
5/23/2023 9:33:00 PM

need to view

V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

J
Jay
9/26/2023 8:00:00 AM

link plz for download

L
Leo
10/30/2023 1:11:00 PM

data quality oecd

B
Blessious Phiri
8/13/2023 9:35:00 AM

rman is one good recovery technology

D
DiligentSam
9/30/2023 10:26:00 AM

need it thx

V
Vani
8/10/2023 8:11:00 PM

good questions

F
Fares
9/11/2023 5:00:00 AM

good one nice revision

L
Lingaraj
10/26/2023 1:27:00 AM

i love this thank you i need

M
Muhammad Rawish Siddiqui
12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.

A
al
6/7/2023 10:25:00 AM

most answers not correct here

B
Bano
1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?

O
Oliviajames
10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!

D
Divya
8/27/2023 12:31:00 PM

all the best

K
KY
1/1/2024 11:01:00 PM

very usefull document

A
Arun
9/20/2023 4:52:00 PM

nice and helpful questions

J
Joseph J
7/11/2023 2:53:00 PM

i found the questions helpful

M
Meg
10/12/2023 8:02:00 AM

q 105 . ans is d

N
Navaneeth S
7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification

A
Aish
10/11/2023 5:27:00 AM

want to pass exm.

AI Tutor 👋 I’m here to help!