ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 56)

The MAIN reason why asset classification is important to a successful information security program is because classification determines:

  1. the priority and extent of risk mitigation efforts.
  2. the amount of insurance needed in case of loss.
  3. the appropriate level of protection to the asset.
  4. how protection levels compare to peer organizations.

Answer(s): C

Explanation:

Protection should be proportional to the value of the asset. Classification is based upon the value of the asset to the organization. The amount of insurance needed in case of loss may not be applicable in each case. Peer organizations may have different classification schemes for their assets.



The BEST strategy for risk management is to:

  1. achieve a balance between risk and organizational goals.
  2. reduce risk to an acceptable level.
  3. ensure that policy development properly considers organizational risks.
  4. ensure that all unmitigated risks are accepted by management.

Answer(s): B

Explanation:

The best strategy for risk management is to reduce risk to an acceptable level, as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk. Achieving balance between risk and organizational goals is not always practical. Policy development must consider organizational risks as well as business objectives. It may be prudent to ensure that management understands and acceptsrisks that it is not willing to mitigate, but that is a practice and is not sufficient to l>e considered a strategy.



Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?

  1. Disclosure of personal information
  2. Sufficient coverage of the insurance policy for accidental losses
  3. Intrinsic value of the data stored on the equipment
  4. Replacement cost of the equipment

Answer(s): C

Explanation:

When mobile equipment is lost or stolen, the information contained on the equipment matters most in determining the impact of the loss. The more sensitive the information, the greater the liability. If staff carries mobile equipment for business purposes, an organization must develop a clear policy as to what information should be kept on the equipment and for what purpose. Personal information is not defined in the question as the data that were lost. Insurance may be a relatively smaller issue as compared with information theft or opportunity loss, although insurance is also an important factor for a successful business. Cost of equipment would be a less important issue as compared with other choices.



An organization has to comply with recently published industry regulatory requirements — compliance that potentially has high implementation costs. What should the information security manager do FIRST?

  1. Implement a security committee.
  2. Perform a gap analysis.
  3. Implement compensating controls.
  4. Demand immediate compliance.

Answer(s): B

Explanation:

Since they are regulatory requirements, a gap analysis would be the first step to determine the level of compliance already in place. Implementing a security committee or compensating controls would not be the first step. Demanding immediate compliance would not assess the situation.



Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?

  1. Annual loss expectancy (ALE) of incidents
  2. Frequency of incidents
  3. Total cost of ownership (TCO)
  4. Approved budget for the project

Answer(s): C

Explanation:

The total cost of ownership (TCO) would be the most relevant piece of information in that it would establish a cost baseline and it must be considered for the full life cycle of the control. Annual loss expectancy (ALE) and the frequency of incidents could help measure the benefit, but would have more of an indirect relationship as not all incidents may be mitigated by implementing a two-factor authentication system. The approved budget for the project may have no bearing on what the project may actually cost.



Share your comments for ISACA CISM exam with other users:

S
Sonbir
8/8/2023 1:04:00 PM

how to get system serial number using intune

M
Manju
10/19/2023 1:19:00 PM

is it really helpful to pass the exam

L
LeAnne Hair
8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review

A
Abdul SK
9/28/2023 11:42:00 PM

kindy upload

A
Aderonke
10/23/2023 12:53:00 PM

fantastic assessment on psm 1

S
SAJI
7/20/2023 2:51:00 AM

56 question correct answer a,b

R
Raj Kumar
10/23/2023 8:52:00 PM

thank you for providing the q bank

P
piyush keshari
7/7/2023 9:46:00 PM

true quesstions

B
B.A.J
11/6/2023 7:01:00 AM

i can´t believe ms asks things like this, seems to be only marketing material.

G
Guss
5/23/2023 12:28:00 PM

hi, could you please add the last update of ns0-527

R
Rond65
8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).

C
Cheers
12/13/2023 9:55:00 AM

sometimes it may be good some times it may be

S
Sumita Bose
7/21/2023 1:01:00 AM

qs 4 answer seems wrong- please check

A
Amit
9/7/2023 12:53:00 AM

very detailed explanation !

F
FisherGirl
5/16/2022 10:36:00 PM

the interactive nature of the test engine application makes the preparation process less boring.

C
Chiranthaka
9/20/2023 11:15:00 AM

very useful.

S
SK
7/15/2023 3:51:00 AM

complete question dump should be made available for practice.

G
Gamerrr420
5/25/2022 9:38:00 PM

i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.

K
Kudu hgeur
9/21/2023 5:58:00 PM

nice create dewey stefen

A
Anorag
9/6/2023 9:24:00 AM

i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.

N
Nathan
1/10/2023 3:54:00 PM

passed my exam today. this is a good start to 2023.

1
1
10/28/2023 7:32:00 AM

great sharing

A
Anand
1/20/2024 10:36:00 AM

very helpful

K
Kumar
6/23/2023 1:07:00 PM

thanks.. very helpful

U
User random
11/15/2023 3:01:00 AM

i registered for 1z0-1047-23 but dumps qre available for 1z0-1047-22. help me with this...

K
kk
1/17/2024 3:00:00 PM

very helpful

R
Raj
7/24/2023 10:20:00 AM

please upload oracle 1z0-1110-22 exam pdf

B
Blessious Phiri
8/13/2023 11:58:00 AM

becoming interesting on the logical part of the cdbs and pdbs

L
LOL what a joke
9/10/2023 9:09:00 AM

some of the answers are incorrect, i would be wary of using this until an admin goes back and reviews all the answers

M
Muhammad Rawish Siddiqui
12/9/2023 7:40:00 AM

question # 267: federated operating model is also correct.

M
Mayar
9/22/2023 4:58:00 AM

its helpful alot.

S
Sandeep
7/25/2022 11:58:00 PM

the questiosn from this braindumps are same as in the real exam. my passing mark was 84%.

E
Eman Sawalha
6/10/2023 6:09:00 AM

it is an exam that measures your understanding of cloud computing resources provided by aws. these resources are aligned under 6 categories: storage, compute, database, infrastructure, pricing and network. with all of the services and typees of services under each category

M
Mars
11/16/2023 1:53:00 AM

good and very useful

AI Tutor 👋 I’m here to help!