Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA CISM Exam (page: 61)
ISACA Certified Information Security Manager
Updated on: 06-Apr-2026

Viewing Page 61 of 345
CISM PDF 1716 Questions

Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?

  1. User assessments of changes
  2. Comparison of the program results with industry standards
  3. Assignment of risk within the organization
  4. Participation by all members of the organization

Answer(s): D

Explanation:

Effective risk management requires participation, support and acceptance by all applicable members of the organization, beginning with the executive levels. Personnel must understand their responsibilities and be trained on how to fulfill their roles.



The MOST effective use of a risk register is to:

  1. identify risks and assign roles and responsibilities for mitigation.
  2. identify threats and probabilities.
  3. facilitate a thorough review of all IT-related risks on a periodic basis.
  4. record the annualized financial amount of expected losses due to risks.

Answer(s): C

Explanation:

A risk register is more than a simple list — it should lie used as a tool to ensure comprehensive documentation, periodic review and formal update of all risk elements in the enterprise's IT and related organization. Identifying risks and assigning roles and responsibilities for mitigation are elements of the register. Identifying threats and probabilities are two elements that are defined in the risk matrix, as differentiated from the broader scope of content in, and purpose for, the risk register. While the annualized loss expectancy (ALE) should be included in the register, this quantification is only a single element in the overall risk analysis program.



After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?

  1. Define security metrics
  2. Conduct a risk assessment
  3. Perform a gap analysis
  4. Procure security tools

Answer(s): B

Explanation:

When establishing an information security program, conducting a risk assessment is key to identifying the needs of the organization and developing a security strategy. Defining security metrics, performing a gap analysis and procuring security tools are all subsequent considerations.



Which of the following are the essential ingredients of a business impact analysis (B1A)?

  1. Downtime tolerance, resources and criticality
  2. Cost of business outages in a year as a factor of the security budget
  3. Business continuity testing methodology being deployed
  4. Structure of the crisis management team

Answer(s): A

Explanation:

The main purpose of a BIA is to measure the downtime tolerance, associated resources and criticality of a business function. Options B, C and D are all associated with business continuity planning, but are not related to the BIA.



A risk management approach to information protection is:

  1. managing risks to an acceptable level, commensurate with goals and objectives.
  2. accepting the security posture provided by commercial security products.
  3. implementing a training program to educate individuals on information protection and risks.
  4. managing risk tools to ensure that they assess all information protection vulnerabilities.

Answer(s): A

Explanation:

Risk management is identifying all risks within an organization, establishing an acceptable level of risk and effectively managing risks which may include mitigation or transfer. Accepting the security- posture provided by commercial security products is an approach that would be limited to technology components and may not address all business operations of the organization. Education is a part of the overall risk management process. Tools may be limited to technology and would not address non-technology risks.



Viewing Page 61 of 345



Share your comments for ISACA CISM exam with other users:

Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


Vey 5/27/2023 12:06:00 AM

highly appreciate for your sharing.
CAMBODIA


Tshepang 8/18/2023 4:41:00 AM

kindly share this dump. thank you
Anonymous


Jay 9/26/2023 8:00:00 AM

link plz for download
UNITED STATES


Leo 10/30/2023 1:11:00 PM

data quality oecd
Anonymous


Blessious Phiri 8/13/2023 9:35:00 AM

rman is one good recovery technology
Anonymous


DiligentSam 9/30/2023 10:26:00 AM

need it thx
Anonymous


Vani 8/10/2023 8:11:00 PM

good questions
NEW ZEALAND


Fares 9/11/2023 5:00:00 AM

good one nice revision
Anonymous


Lingaraj 10/26/2023 1:27:00 AM

i love this thank you i need
Anonymous


Muhammad Rawish Siddiqui 12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.
SAUDI ARABIA


al 6/7/2023 10:25:00 AM

most answers not correct here
Anonymous


Bano 1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?
UNITED STATES


Oliviajames 10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
UNITED STATES


Divya 8/27/2023 12:31:00 PM

all the best
UNITED STATES


KY 1/1/2024 11:01:00 PM

very usefull document
Anonymous


Arun 9/20/2023 4:52:00 PM

nice and helpful questions
INDIA


Joseph J 7/11/2023 2:53:00 PM

i found the questions helpful
UNITED STATES


Meg 10/12/2023 8:02:00 AM

q 105 . ans is d
INDIA


Navaneeth S 7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification
UNITED STATES


Aish 10/11/2023 5:27:00 AM

want to pass exm.
INDIA


Anonymous 6/12/2023 7:23:00 AM

are the answers correct?
INDIA


Kris 7/7/2023 9:43:00 AM

good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.
Anonymous


Meghraj mali 10/7/2023 1:47:00 PM

very nice question
CANADA


Noel 11/1/2022 9:14:00 PM

i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.
SOUTH AFRICA


Jas 10/25/2023 6:01:00 PM

165 should be apt
UNITED STATES


Neetu 6/22/2023 8:41:00 AM

please upload the dumps, real need of them
Anonymous


Mark 10/24/2023 1:34:00 AM

any recent feeedback?
UNITED STATES


Gopinadh 8/9/2023 4:05:00 AM

question number 2 is indicating you are giving proper questions. observe and change properly.
Anonymous


Santhi 1/1/2024 8:23:00 AM

passed today.40% questions were new.litwere case study,lots of new questions on afd,ratelimit,tm,lb,app gatway.got 2 set series of questions which are not present here.questions on azure cyclecloud, no.of vnet/vms required for implimentation,blueprints assignment/management group etc
INDIA


Raviraj Magadum 1/12/2024 11:39:00 AM

practice test
INDIA


sivaramakrishnan 7/27/2023 8:12:00 AM

want the dumps for emc content management server programming(cmsp)
Anonymous


Aderonke 10/23/2023 1:52:00 PM

brilliant and helpful
UNITED KINGDOM


Az 9/16/2023 2:43:00 PM

q75. azure files is pass
SWITZERLAND