Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA CISM Exam (page: 52)
ISACA Certified Information Security Manager
Updated on: 06-Apr-2026

Viewing Page 52 of 345
CISM PDF 1716 Questions

Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?

  1. Strategic business plan
  2. Upcoming financial results
  3. Customer personal information
  4. Previous financial results

Answer(s): D

Explanation:

Previous financial results are public; all of the other choices are private information and should only be accessed by authorized entities.



The PRIMARY purpose of using risk analysis within a security program is to:

  1. justify the security expenditure.
  2. help businesses prioritize the assets to be protected.
  3. inform executive management of residual risk value.
  4. assess exposures and plan remediation.

Answer(s): D

Explanation:

Risk analysis explores the degree to which an asset needs protecting so this can be managed effectively. Risk analysis indirectly supports the security expenditure, but justifying the security expenditure is not its primary purpose. Helping businesses prioritize the assets to be protected is an indirect benefit of risk analysis, but not its primary purpose. Informing executive management of residual risk value is not directly relevant.



Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?

  1. Defining job roles
  2. Performing a risk assessment
  3. Identifying data owners
  4. Establishing data retention policies

Answer(s): C

Explanation:

Identifying the data owners is the first step, and is essential to implementing data classification. Defining job roles is not relevant. Performing a risk assessment is important, but will require the participation of data owners (who must first be identified). Establishing data retention policies may occur after data have been classified.



An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:

  1. mitigate the impact by purchasing insurance.
  2. implement a circuit-level firewall to protect the network.
  3. increase the resiliency of security measures in place.
  4. implement a real-time intrusion detection system.

Answer(s): A

Explanation:

Since residual risk will always be too high, the only practical solution is to mitigate the financial impact by purchasing insurance.



What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?

  1. Business impact analyses
  2. Security gap analyses
  3. System performance metrics
  4. Incident response processes

Answer(s): B

Explanation:

A security gap analysis is a process which measures all security controls in place against typically good business practice, and identifies related weaknesses. A business impact analysis is less suited to identify security deficiencies. System performance metrics may indicate security weaknesses, but that is not their primary purpose. Incident response processes exist for cases where security weaknesses are exploited.



Viewing Page 52 of 345



Share your comments for ISACA CISM exam with other users:

Ashwini 12/17/2025 8:24:45 AM

Really helped
Anonymous


Jagadesh 12/16/2025 9:57:10 AM

Good explanation
INDIA


shobha 11/29/2025 2:19:59 AM

very helpful
INDIA


Pandithurai 11/12/2025 12:16:21 PM

Question 1, Ans is - Developer,Standard,Professional Direct and Premier
Anonymous


Einstein 11/8/2025 4:13:37 AM

Passed this exam in first appointment. Great resource and valid exam dump.
Anonymous


David 10/31/2025 4:06:16 PM

Today I wrote this exam and passed, i totally relay on this practice exam. The questions were very tough, these questions are valid and I encounter the same.
UNITED STATES


Thor 10/21/2025 5:16:29 AM

Anyone used this dump recently?
NEW ZEALAND


Vladimir 9/25/2025 9:11:14 AM

173 question is A not D
Anonymous


khaos 9/21/2025 7:07:26 AM

nice questions
Anonymous


Katiso Lehasa 9/15/2025 11:21:52 PM

Thanks for the practice questions they helped me a lot.
Anonymous


Einstein 9/2/2025 7:42:00 PM

Passed this exam today. All questions are valid and this is not something you can find in ChatGPT.
UNITED KINGDOM


vito 8/22/2025 4:16:51 AM

i need to pass exam for VMware 2V0-11.25
Anonymous


Matt 7/31/2025 11:44:40 PM

Great questions.
UNITED STATES


OLERATO 7/1/2025 5:44:14 AM

great dumps to practice for the exam
SOUTH AFRICA


Adekunle willaims 6/9/2025 7:37:29 AM

How reliable and relevant are these questions?? also i can see the last update here was January and definitely new questions would have emerged.
Anonymous


Alex 5/24/2025 12:54:15 AM

Can I trust to this source?
Anonymous


SPriyak 3/17/2025 11:08:37 AM

can you please provide the CBDA latest test preparation
UNITED STATES


Chandra 11/28/2024 7:17:38 AM

This is the best and only way of passing this exam as it is extremely hard. Good questions and valid dump.
INDIA


Sunak 1/25/2025 9:17:57 AM

Can I use this dumps when I am taking the exam? I mean does somebody look what tabs or windows I have opened ?
BULGARIA


Frank 2/15/2024 11:36:57 AM

Finally got a change to write this exam and pass it! Valid and accurate!
CANADA


Anonymous User 2/2/2024 6:42:12 PM

Upload this exam please!
Anonymous


Nicholas 2/2/2024 6:17:08 PM

Thank you for providing these questions. It helped me a lot with passing my exam.
Anonymous


Timi 8/19/2023 5:30:00 PM

my first attempt
UNITED KINGDOM


Blessious Phiri 8/13/2023 10:32:00 AM

very explainable
Anonymous


m7md ibrahim 5/26/2023 6:21:00 PM

i think answer of q 462 is variance analysis
Anonymous


Tehu 5/25/2023 12:25:00 PM

hi i need see questions
Anonymous


Ashfaq Nasir 1/17/2024 1:19:00 AM

best study material for exam
Anonymous


Roberto 11/27/2023 12:33:00 AM

very interesting repository
ITALY


Nale 9/18/2023 1:51:00 PM

american history 1
Anonymous


Tanvi 9/27/2023 4:02:00 AM

good level of questions
Anonymous


Boopathy 8/17/2023 1:03:00 AM

i need this dump kindly upload it
Anonymous


s_123 8/12/2023 4:28:00 PM

do we need c# coding to be az204 certified
Anonymous


Blessious Phiri 8/15/2023 3:38:00 PM

excellent topics covered
Anonymous


Manasa 12/5/2023 3:15:00 AM

are these really financial cloud questions and answers, seems these are basic admin question and answers
Anonymous