ISACA Certified Information Security Manager CISM Dumps in PDF

Free ISACA CISM Real Questions (page: 9)

The chief information security officer (CISO) should ideally have a direct reporting relationship to the:

  1. head of internal audit.
  2. chief operations officer (COO).
  3. chief technology officer (CTO).
  4. legal counsel.

Answer(s): B

Explanation:

The chief information security officer (CISO) should ideally report to as high a level within the organization as possible. Among the choices given, the chief operations officer (COO) would have not only the appropriate level but also the knowledge of day-to-day operations. The head of internal audit and legal counsel would make good secondary choices, although they would not be as knowledgeable of the operations. Reporting to the chief technology officer (CTO) could become problematic as the CTO's goals for the infrastructure might, at times, run counter to the goals of information security.



Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?

  1. Update platform-level security settings
  2. Conduct disaster recovery test exercises
  3. Approve access to critical financial systems
  4. Develop an information security strategy paper

Answer(s): D

Explanation:

Developing a strategy paper on information security would be the most appropriate. Approving access would be the job of the data owner. Updating platform-level security and conducting recovery test exercises would be less essential since these are administrative tasks.



Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

  1. assessing the frequency of incidents.
  2. quantifying the cost of control failures.
  3. calculating return on investment (ROI) projections.
  4. comparing spending against similar organizations.

Answer(s): C

Explanation:

Calculating the return on investment (ROI) will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.



When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

  1. aligned with the IT strategic plan.
  2. based on the current rate of technological change.
  3. three-to-five years for both hardware and software.
  4. aligned with the business strategy.

Answer(s): D

Explanation:

Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.



Which of the following is the MOST important information to include in a strategic plan for information security?

  1. Information security staffing requirements
  2. Current state and desired future state
  3. IT capital investment requirements
  4. information security mission statement

Answer(s): B

Explanation:

It is most important to paint a vision for the future and then draw a road map from the stalling point to the desired future state. Staffing, capital investment and the mission all stem from this foundation.



Share your comments for ISACA CISM exam with other users:

S
sushant
6/28/2023 4:52:00 AM

good questions

A
A\MAM
6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes

U
unanimous
12/15/2023 6:38:00 AM

very nice very nice

A
akminocha
9/28/2023 10:36:00 AM

please help us with 1z0-1107-2 dumps

J
Jefi
9/4/2023 8:15:00 AM

please upload the practice questions

T
Thembelani
5/30/2023 2:45:00 AM

need this dumps

A
Abduraimov
4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.

P
Puneeth
10/5/2023 2:06:00 AM

new to this site but i feel it is good

A
Ashok Kumar
1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.

M
Merry
7/30/2023 6:57:00 AM

good questions

V
VoiceofMidnight
12/17/2023 4:07:00 PM

Delayed the exam until December 29th.

U
Umar Ali
8/29/2023 2:59:00 PM

A and D are True

V
vel
8/28/2023 9:17:09 AM

good one with explanation

G
Gurdeep
1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.

AI Tutor 👋 I’m here to help!