Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA Certified Information Security Manager CISM Exam Questions in PDF

Free ISACA CISM Dumps Questions (page: 7)

CISM PDF — 1716 Questions

A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?

  1. Enforce the existing security standard
  2. Change the standard to permit the deployment
  3. Perform a risk analysis to quantify the risk
  4. Perform research to propose use of a better technology

Answer(s): C

Explanation:

Resolving conflicts of this type should be based on a sound risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. A blanket decision should never be given without conducting such an analysis. Enforcing existing standards is a good practice; however, standards need to be continuously examined in light of new technologies and the risks they present. Standards should not be changed without an appropriate risk assessment.



Acceptable levels of information security risk should be determined by:

  1. legal counsel.
  2. security management.
  3. external auditors.
  4. die steering committee.

Answer(s): D

Explanation:

Senior management, represented in the steering committee, has ultimate responsibility for determining what levels of risk the organization is willing to assume. Legal counsel, the external auditors and security management are not in a position to make such a decision.



The PRIMARY goal in developing an information security strategy is to:

  1. establish security metrics and performance monitoring.
  2. educate business process owners regarding their duties.
  3. ensure that legal and regulatory requirements are met
  4. support the business objectives of the organization.

Answer(s): D

Explanation:

The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.



Senior management commitment and support for information security can BEST be enhanced through:

  1. a formal security policy sponsored by the chief executive officer (CEO).
  2. regular security awareness training for employees.
  3. periodic review of alignment with business management goals.
  4. senior management signoff on the information security strategy.

Answer(s): C

Explanation:

Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer (CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment.



When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?

  1. Create separate policies to address each regulation
  2. Develop policies that meet all mandated requirements
  3. Incorporate policy statements provided by regulators
  4. Develop a compliance risk assessment

Answer(s): B

Explanation:

It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.



Viewing page 7 of 345

Share your comments for ISACA CISM exam with other users:

T
Thembelani
5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps

Anonymous
A
Anita
10/1/2023 4:11:00 PM

can i have the icdl excel exam

Anonymous
B
Ben
9/9/2023 7:35:00 AM

please upload it

Anonymous
A
anonymous
9/20/2023 11:27:00 PM

hye when will post again the past year question for this h13-311_v3 part since i have to for my test tommorow…thank you very much

Anonymous
R
Randall
9/28/2023 8:25:00 PM

on question 22, option b-once per session is also valid.

Anonymous
T
Tshegofatso
8/28/2023 11:51:00 AM

this website is very helpful

SOUTH AFRICA
P
philly
9/18/2023 2:40:00 PM

its my first time exam

SOUTH AFRICA
B
Beexam
9/4/2023 9:06:00 PM

correct answers are device configuration-enable the automatic installation of webview2 runtime. & policy management- prevent users from submitting feedback.

NEW ZEALAND
R
RAWI
7/9/2023 4:54:00 AM

is this dump still valid? today is 9-july-2023

SWEDEN
A
Annie
6/7/2023 3:46:00 AM

i need this exam.. please upload these are really helpful

PAKISTAN
S
Shubhra Rathi
8/26/2023 1:08:00 PM

please upload the oracle 1z0-1059-22 dumps

Anonymous
S
Shiji
10/15/2023 1:34:00 PM

very good questions

INDIA
R
Rita Rony
11/27/2023 1:36:00 PM

nice, first step to exams

Anonymous
A
Aloke Paul
9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...

CHINA
C
Calbert Francis
1/15/2024 8:19:00 PM

great exam for people taking 220-1101

UNITED STATES
A
Ayushi Baria
11/7/2023 7:44:00 AM

this is very helpfull for me

Anonymous
A
alma
8/25/2023 1:20:00 PM

just started preparing for the exam

UNITED KINGDOM
C
CW
7/10/2023 6:46:00 PM

these are the type of questions i need.

UNITED STATES
N
Nobody
8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?

Anonymous
S
Salah
7/23/2023 9:46:00 AM

thanks for providing these questions

Anonymous
R
Ritu
9/15/2023 5:55:00 AM

interesting

CANADA
R
Ron
5/30/2023 8:33:00 AM

these dumps are pretty good.

Anonymous
S
Sowl
8/10/2023 6:22:00 PM

good questions

UNITED STATES
B
Blessious Phiri
8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database

Anonymous
R
Richard
10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.

Anonymous
J
Janjua
5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps

GERMANY
M
Matt
12/30/2023 11:18:00 AM

if only explanations were provided...

FRANCE
R
Rasha
6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me

Anonymous
A
Anonymous
7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?

SPAIN
A
AJ
9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions

Anonymous
P
peter parker
8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?

Anonymous
B
Berihun
7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules

Anonymous
N
nspk
1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)

Anonymous
M
Muhammad Rawish Siddiqui
12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.

SAUDI ARABIA
AI Tutor 👋 I’m here to help!