ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 54)

Which of the following would BEST address the risk of data leakage?

  1. File backup procedures
  2. Database integrity checks
  3. Acceptable use policies
  4. Incident response procedures

Answer(s): C

Explanation:

Acceptable use policies are the best measure for preventing the unauthorized disclosure of confidential information. The other choices do not address confidentiality of information.



A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to beprotected?

  1. Access control policy
  2. Data classification policy
  3. Encryption standards
  4. Acceptable use policy

Answer(s): B

Explanation:

Data classification policies define the level of protection to be provided for each category of data. Without this mandated ranking of degree of protection, it is difficult to determine what access controls or levels of encryption should be in place. An acceptable use policy is oriented more toward the end user and, therefore, would not specifically address what controls should be in place to adequately protect information.



What is the BEST technique to determine which security controls to implement with a limited budget?

  1. Risk analysis
  2. Annualized loss expectancy (ALE) calculations
  3. Cost-benefit analysis
  4. Impact analysis

Answer(s): C

Explanation:

Cost-benefit analysis is performed to ensure that the cost of a safeguard does not outweigh its benefit and that the best safeguard is provided for the cost of implementation. Risk analysis identifies the risks and suggests appropriate mitigation. The annualized loss expectancy (ALE) is a subset of a cost-benefit analysis. Impact analysis would indicate how much could be lost if a specific threat occurred.



A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action?

  1. A penetration test
  2. A security baseline review
  3. A risk assessment
  4. A business impact analysis (BIA)

Answer(s): C

Explanation:

A risk assessment will identify- the business impact of such vulnerability being exploited and is, thus, the
correct process. A penetration test or a security baseline review may identify the vulnerability but not the remedy. A business impact analysis (BIA) will more likely identify the impact of the loss of the mail server.



Which of the following measures would be MOST effective against insider threats to confidential information?

  1. Role-based access control
  2. Audit trail monitoring
  3. Privacy policy
  4. Defense-in-depth

Answer(s): A

Explanation:

Role-based access control provides access according to business needs; therefore, it reduces unnecessary- access rights and enforces accountability. Audit trail monitoring is a detective control, which is 'after the fact.' Privacy policy is not relevant to this risk. Defense-in-depth primarily focuses on external threats



Share your comments for ISACA CISM exam with other users:

A
Anuj
12/21/2023 1:30:00 PM

very helpful

G
Giri
9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more

A
Aaron
2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.

S
Sarwar
12/21/2023 4:54:00 PM

how i can see exam questions?

C
Chengchaone
9/11/2023 10:22:00 AM

can you please upload please?

M
Mouli
9/2/2023 7:02:00 AM

question 75: option c is correct answer

J
JugHead
9/27/2023 2:40:00 PM

please add this exam

S
sushant
6/28/2023 4:38:00 AM

please upoad

J
John
8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.

B
Blessious Phiri
8/14/2023 3:49:00 PM

expository experience

C
concerned citizen
12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.

D
deedee
12/23/2023 5:10:00 PM

great help!!!

S
Samir
8/1/2023 3:07:00 PM

very useful tools

S
Saeed
11/7/2023 3:14:00 AM

looks a good platform to prepare az-104

M
Matiullah
6/24/2023 7:37:00 AM

want to pass the exam

S
SN
9/5/2023 2:25:00 PM

good resource

Z
Zoubeyr
9/8/2023 5:56:00 AM

question 11 : d

U
User
8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.

C
CW
7/6/2023 7:37:00 PM

good questions. thanks.

F
Farooqi
11/21/2023 1:37:00 AM

good for practice.

I
Isaac
10/28/2023 2:30:00 PM

great case study

M
Malviya
2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.

R
rsmyth
5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk

K
Keny
6/23/2023 9:00:00 PM

thanks, very relevant

M
Muhammad Rawish Siddiqui
11/29/2023 12:14:00 PM

wrong answer. it is true not false.

J
Josh
7/10/2023 1:54:00 PM

please i need the mo-100 questions

V
VINNY
6/2/2023 11:59:00 AM

very good use full

A
Andy
12/6/2023 5:56:00 AM

very valid questions

M
Mamo
8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?

M
Marial Manyang
7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks

A
Amel Mhamdi
12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam

A
Angel
8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable

S
SH
5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now

S
sudhagar
9/6/2023 3:02:00 PM

question looks valid

AI Tutor 👋 I’m here to help!