Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA CISM Exam (page: 26)
ISACA Certified Information Security Manager
Updated on: 25-Dec-2025

Viewing Page 26 of 345
CISM PDF 1716 Questions

Effective IT governance is BEST ensured by:

  1. utilizing a bottom-up approach.
  2. management by the IT department.
  3. referring the matter to the organization's legal department.
  4. utilizing a top-down approach.

Answer(s): D

Explanation:

Effective IT governance needs to be a top-down initiative, with the board and executive management setting clear policies, goals and objectives and providing for ongoing monitoring of the same. Focus on the regulatory issues and management priorities may not be reflected effectively by a bottom-up approach. IT governance affects the entire organization and is not a matter concerning only the management of IT. The legal department is part of the overall governance process, but cannot take full responsibility.



The FIRST step to create an internal culture that focuses on information security is to:

  1. implement stronger controls.
  2. conduct periodic awareness training.
  3. actively monitor operations.
  4. gain the endorsement of executive management.

Answer(s): D

Explanation:

Endorsement of executive management in the form of policies provides direction and awareness. The implementation of stronger controls may lead to circumvention. Awareness training is important, but must be based on policies. Actively monitoring operations will not affect culture at all levels.



Which of the following is the BEST method or technique to ensure the effective implementation of aninformation security program?

  1. Obtain the support of the board of directors.
  2. Improve the content of the information security awareness program.
  3. Improve the employees' knowledge of security policies.
  4. Implement logical access controls to the information systems.

Answer(s): A

Explanation:

It is extremely difficult to implement an information security program without the aid and support of the board of directors. If they do not understand the importance of security to the achievement of the business objectives, other measures will not be sufficient. Options B and (' are measures proposed to ensure the efficiency of the information security program implementation, but are of less significance than obtaining the aid and support of the board of directors. Option D is a measure to secure the enterprise information, but by itself is not a measure to ensure the broader effectiveness of an information security program.



When an organization is implementing an information security governance program, its board of directors should be responsible for:

  1. drafting information security policies.
  2. reviewing training and awareness programs.
  3. setting the strategic direction of the program.
  4. auditing for compliance.

Answer(s): C

Explanation:

A board of directors should establish the strategic direction of the program to ensure that it is in sync with the company's vision and business goals. The board must incorporate the governance program into the overall corporate business strategy. Drafting information security policies is best fulfilled by someone such as a security manager with the expertise to bring balance, scope and focus to the policies. Reviewing training and awareness programs may best be handled by security management and training staff to ensure that the training is on point and follows best practices. Auditing for compliance is best left to the internal and external auditors to provide an objective review of the program and how it meets regulatory and statutory compliance.



A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BEST approach of the information security manager?

  1. Acceptance of the business manager's decision on the risk to the corporation
  2. Acceptance of the information security manager's decision on the risk to the corporation
  3. Review of the assessment with executive management for final input
  4. A new risk assessment and BIA are needed to resolve the disagreement

Answer(s): C

Explanation:

Executive management must be supportive of the process and fully understand and agree with the results since risk management decisions can often have a large financial impact and require major changes. Risk management means different things to different people, depending upon their role in the organization, so the input of executive management is important to the process.



Viewing Page 26 of 345



Share your comments for ISACA CISM exam with other users:

Curtis Nakawaki 7/5/2023 8:46:00 PM

questions appear contemporary.
UNITED STATES


Vv 12/2/2023 6:31:00 AM

good to prepare in this site
UNITED STATES


praveenkumar 11/20/2023 11:57:00 AM

very helpful to crack first attempt
Anonymous


asad Raza 5/15/2023 5:38:00 AM

please upload this exam
CHINA


Reeta 7/17/2023 5:22:00 PM

please upload the c_activate22 dump questions with answer
SWEDEN


Wong 12/20/2023 11:34:00 AM

q10 - the answer should be a. if its c, the criteria will meet if either the prospect is not part of the suppression lists or if the job title contains vice president
MALAYSIA


david 12/12/2023 12:38:00 PM

this was on the exam as of 1211/2023
Anonymous


Tink 7/24/2023 9:23:00 AM

great for prep
GERMANY


Jaro 12/18/2023 3:12:00 PM

i think in question 7 the first answer should be power bi portal (not power bi)
Anonymous


9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous


Tai 8/28/2023 5:28:00 AM

wonderful material
SOUTH AFRICA


VoiceofMidnight 12/29/2023 4:48:00 PM

i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!
UNITED STATES


A K 8/3/2023 11:56:00 AM

correct answer for question 92 is c -aws shield
Anonymous


Nitin Mindhe 11/27/2023 6:12:00 AM

great !! it is really good
IRELAND


BailleyOne 11/22/2023 1:45:00 AM

explanations for the answers are to the point.
Anonymous


patel 10/25/2023 8:17:00 AM

how can rea next
INDIA


MortonG 10/19/2023 6:32:00 PM

question: 128 d is the wrong answer...should be c
EUROPEAN UNION


Jayant 11/2/2023 3:15:00 AM

thanks for az 700 dumps
Anonymous


Bipul Mishra 12/14/2023 7:12:00 AM

thank you for this tableau dumps . it will helpfull for tableau certification
UNITED STATES


hello 10/31/2023 12:07:00 PM

good content
Anonymous


Matheus 9/3/2023 2:14:00 PM

just testing if the comments are real
UNITED STATES


yenvti2@gmail.com 8/12/2023 7:56:00 PM

very helpful for exam preparation
Anonymous


Miguel 10/5/2023 12:16:00 PM

question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5
SPAIN


Noushin 11/28/2023 4:52:00 PM

i think the answer to question 42 is b not c
CANADA


susan sandivore 8/28/2023 1:00:00 AM

thanks for the dump
Anonymous


Aderonke 10/31/2023 12:51:00 AM

fantastic assessments
Anonymous


Priscila 7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.
GERMANY


suresh 12/16/2023 10:54:00 PM

nice document
Anonymous


Wali 6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.
UNITED STATES


Nawaz 7/18/2023 1:10:00 AM

answers are correct?
UNITED STATES


das 6/23/2023 7:57:00 AM

can i belive this dump
INDIA


Sanjay 10/15/2023 1:34:00 PM

great site to practice for sitecore exam
INDIA


jaya 12/17/2023 8:36:00 AM

good for students
UNITED STATES


Bsmaind 8/20/2023 9:23:00 AM

nice practice dumps
Anonymous