ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 60)

An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:

  1. eliminating the risk.
  2. transferring the risk.
  3. mitigating the risk.
  4. accepting the risk.

Answer(s): C

Explanation:

Risk can never be eliminated entirely. Transferring the risk gives it away such as buying insurance so the insurance company can take the risk. Implementing additional controls is an example of mitigating risk. Doing nothing to mitigate the risk would be an example of accepting risk.



Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?

  1. Manager
  2. Custodian
  3. User
  4. Owner

Answer(s): D

Explanation:

Although the information owner may be in a management position and is also considered a user, the information owner role has the responsibility for determining information classification levels. Management is responsible for higher-level issues such as providing and approving budget, supporting activities, etc. The information custodian is responsible for day-to-day security tasks such as protecting information, backing up information, etc. Users are the lowest level. They use the data, but do not classify the data. The owner classifies the data.



The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:

  1. determining the scope for inclusion in an information security program.
  2. defining the level of access controls.
  3. justifying costs for information resources.
  4. determining the overall budget of an information security program.

Answer(s): B

Explanation:

The assigned class of sensitivity and criticality of the information resource determines the level of access controls to be put in place. The assignment of sensitivity and criticality takes place with the information assets that have already been included in the information security program and has only an indirect bearing on the costs to be incurred. The assignment of sensitivity and criticality contributes to, but does not decide, the overall budget of the information security program.



An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?

  1. Key performance indicators (KPIs)
  2. Business impact analysis (BIA)
  3. Gap analysis
  4. Technical vulnerability assessment

Answer(s): C

Explanation:

Gap analysis would help identify the actual gaps between the desired state and the current implementation of information security management. BIA is primarily used for business continuity planning. Technical vulnerability assessment is used for detailed assessment of technical controls, which would come later in the process and would not provide complete information in order to identify gaps.



When performing a qualitative risk analysis, which of the following will BEST produce reliable results?

  1. Estimated productivity losses
  2. Possible scenarios with threats and impacts
  3. Value of information assets
  4. Vulnerability assessment

Answer(s): B

Explanation:

Listing all possible scenarios that could occur, along with threats and impacts, will better frame the range of risks and facilitate a more informed discussion and decision. Estimated productivity losses, value of information assets and vulnerability assessments would not be sufficient on their own.



Share your comments for ISACA CISM exam with other users:

B
BigMouthDog
1/22/2022 8:17:00 PM

hi team just want to know if there is any update version of the exam 350-401

F
francesco
10/30/2023 11:08:00 AM

helpful on 2017 scrum guide

A
Amitabha Roy
10/5/2023 3:16:00 AM

planning to attempt for the exam.

P
Prem Yadav
7/29/2023 6:20:00 AM

pleaseee upload

A
Ahmed Hashi
7/6/2023 5:40:00 PM

thanks ly so i have information cia

M
mansi
5/31/2023 7:58:00 AM

hello team, i need sap qm dumps for practice

J
Jamil aljamil
12/4/2023 4:47:00 AM

it’s good but not senatios based

C
Cath
10/10/2023 10:19:00 AM

q.119 - the correct answer is b - they are not captured in an update set as theyre data.

P
P
1/6/2024 11:22:00 AM

good matter

S
surya
7/30/2023 2:02:00 PM

please upload c_sacp_2308

S
Sasuke
7/11/2023 10:30:00 PM

please upload the dump. thanks very much !!

V
V
7/4/2023 8:57:00 AM

good questions

T
TTB
8/22/2023 5:30:00 AM

hi, could you please update the latest dump version

T
T
7/28/2023 9:06:00 PM

this question is keep repeat : you are developing a sales application that will contain several azure cloud services and handle different components of a transaction. different cloud services will process customer orders, billing, payment, inventory, and shipping. you need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using xml messages. what should you include in the recommendation?

G
Gurgaon
9/28/2023 4:35:00 AM

great questions

W
wasif
10/11/2023 2:22:00 AM

its realy good

S
Shubhra Rathi
8/26/2023 1:12:00 PM

oracle 1z0-1059-22 dumps

L
Leo
7/29/2023 8:48:00 AM

please share me the pdf..

A
AbedRabbou Alaqabna
12/18/2023 3:10:00 AM

q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app

R
Rohan Limaye
12/30/2023 8:52:00 AM

best to practice

A
Aparajeeta
10/13/2023 2:42:00 PM

so far it is good

V
Vgf
7/20/2023 3:59:00 PM

please provide me the dump

D
Deno
10/25/2023 1:14:00 AM

i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.

C
CiscoStudent
11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.

P
pankaj
9/28/2023 4:36:00 AM

it was helpful

U
User123
10/8/2023 9:59:00 AM

good question

V
vinay
9/4/2023 10:23:00 AM

really nice

U
Usman
8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity

Q
Q44
7/30/2023 11:50:00 AM

ans is coldline i think

A
Anuj
12/21/2023 1:30:00 PM

very helpful

G
Giri
9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more

A
Aaron
2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.

S
Sarwar
12/21/2023 4:54:00 PM

how i can see exam questions?

C
Chengchaone
9/11/2023 10:22:00 AM

can you please upload please?

AI Tutor 👋 I’m here to help!