ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 8)

Which of the following MOST commonly falls within the scope of an information security governance steering committee?

  1. Interviewing candidates for information security specialist positions
  2. Developing content for security awareness programs
  3. Prioritizing information security initiatives
  4. Approving access to critical financial systems

Answer(s): C

Explanation:

Prioritizing information security initiatives is the only appropriate item. The interviewing of specialists should be performed by the information security manager, while the developing of program content should be performed by the information security staff. Approving access to critical financial systems is the responsibility of individual system data owners.



Which of the following is the MOST important factor when designing information security architecture?

  1. Technical platform interfaces
  2. Scalability of the network
  3. Development methodologies
  4. Stakeholder requirements

Answer(s): D

Explanation:

The most important factor for information security is that it advances the interests of the business, as defined by stakeholder requirements. Interoperability and scalability, as well as development methodologies, are all important but are without merit if a technologically-elegant solution is achieved that does not meet the needs of the business.



Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?

  1. Knowledge of information technology platforms, networks and development methodologies
  2. Ability to understand and map organizational needs to security technologies
  3. Knowledge of the regulatory environment and project management techniques
  4. Ability to manage a diverse group of individuals and resources across an organization

Answer(s): B

Explanation:

Information security will be properly aligned with the goals of the business only with the ability to understand and map organizational needs to enable security technologies. All of the other choices are important but secondary to meeting business security needs.



Which of the following are likely to be updated MOST frequently?

  1. Procedures for hardening database servers
  2. Standards for password length and complexity
  3. Policies addressing information security governance
  4. Standards for document retention and destruction

Answer(s): A

Explanation:

Policies and standards should generally be more static and less subject to frequent change. Procedures on the other hand, especially with regard to the hardening of operating systems, will be subject to constant change; as operating systems change and evolve, the procedures for hardening will have to keep pace.



Who should be responsible for enforcing access rights to application data?

  1. Data owners
  2. Business process owners
  3. The security steering committee
  4. Security administrators

Answer(s): D

Explanation:

As custodians, security administrators are responsible for enforcing access rights to data. Data owners are responsible for approving these access rights. Business process owners are sometimes the data owners as well, and would not be responsible for enforcement. The security steering committee would not be responsible for enforcement.



Share your comments for ISACA CISM exam with other users:

L
Limbo
10/9/2023 3:08:00 AM

this is way too informative

T
Tejasree
8/26/2023 1:46:00 AM

very helpfull

Y
Yolostar Again
10/12/2023 3:02:00 PM

q.189 - answers are incorrect.

S
Shikha Bakra
9/10/2023 5:16:00 PM

awesome job in getting these questions

K
Kevin
10/20/2023 2:01:00 AM

i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you

D
D Mario
6/19/2023 10:38:00 PM

grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.

B
Bharat Kumar Saraf
10/31/2023 4:36:00 AM

some of the answers are incorrect. need to be reviewed.

J
JP
7/13/2023 12:21:00 PM

so far so good

K
Kiky V
8/8/2023 6:32:00 PM

i am really liking it

T
trying
7/28/2023 12:37:00 PM

thanks good stuff

E
exampei
10/4/2023 2:40:00 PM

need dump c_tadm_23

E
Eman Sawalha
6/10/2023 6:18:00 AM

next time i will write a full review

J
johnpaul
11/15/2023 7:55:00 AM

first time using this site

O
omiornil@gmail.com
7/25/2023 9:36:00 AM

please sent me oracle 1z0-1105-22 pdf

J
John
8/29/2023 8:59:00 PM

very helpful

K
Kvana
9/28/2023 12:08:00 PM

good info about oml

C
Checo Lee
7/3/2023 5:45:00 PM

very useful to practice

D
dixitdnoh@gmail.com
8/27/2023 2:58:00 PM

this website is very helpful.

S
Sanjay
8/14/2023 8:07:00 AM

good content

B
Blessious Phiri
8/12/2023 2:19:00 PM

so challenging

P
PAYAL
10/17/2023 7:14:00 AM

17 should be d ,for morequery its scale out

K
Karthik
10/12/2023 10:51:00 AM

nice question

G
Godmode
5/7/2023 10:52:00 AM

yes.

B
Bhuddhiman
7/30/2023 1:18:00 AM

good mateial

K
KJ
11/17/2023 3:50:00 PM

good practice exam

S
sowm
10/29/2023 2:44:00 PM

impressivre qustion

C
CW
7/6/2023 7:06:00 PM

questions seem helpful

L
luke
9/26/2023 10:52:00 AM

good content

Z
zazza
6/16/2023 9:08:00 AM

question 21 answer is alerts

A
Abwoch Peter
7/4/2023 3:08:00 AM

am preparing for exam

M
mohamed
9/12/2023 5:26:00 AM

good one thanks

M
Mfc
10/23/2023 3:35:00 PM

only got thru 5 questions, need more to evaluate

W
Whizzle
7/24/2023 6:19:00 AM

q26 should be b

S
sarra
1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.

AI Tutor 👋 I’m here to help!