ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 239)

Which of the following approaches is BEST for selecting controls to minimize information security risks?

  1. Cost-benefit analysis
  2. Control-effectiveness
  3. Risk assessment
  4. Industry best practices

Answer(s): C



Which of the following is the MOST appropriate course of action when the risk occurrence rate is low but the impact is high?

  1. Risk transfer
  2. Risk acceptance
  3. Risk mitigation
  4. Risk avoidance

Answer(s): A



Which of the following is the MOST effective way to communicate information security risk to senior management?

  1. Business impact analysis
  2. Balanced scorecard
  3. Key performance indicators (KPIs)
  4. Heat map

Answer(s): A



Security risk assessments should cover only information assets that:

  1. are classified and labeled.
  2. are inside the organization.
  3. support business processes.
  4. have tangible value.

Answer(s): A



Which of the following is an indicator of improvement in the ability to identify security risks?

  1. Increased number of reported security incidents.
  2. Decreased number of staff requiring information security training.
  3. Decreased number of information security risk assessments.
  4. Increased number of security audit issues resolved.

Answer(s): D



Share your comments for ISACA CISM exam with other users:

M
Merry
7/30/2023 6:57:00 AM

good questions

V
VoiceofMidnight
12/17/2023 4:07:00 PM

Delayed the exam until December 29th.

U
Umar Ali
8/29/2023 2:59:00 PM

A and D are True

V
vel
8/28/2023 9:17:09 AM

good one with explanation

G
Gurdeep
1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.

AI Tutor 👋 I’m here to help!