Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CISM

ISACA Certified Information Security Manager CISM Exam Questions in PDF

Free ISACA CISM Dumps Questions (page: 9)

CISM PDF — 1716 Questions

The chief information security officer (CISO) should ideally have a direct reporting relationship to the:

  1. head of internal audit.
  2. chief operations officer (COO).
  3. chief technology officer (CTO).
  4. legal counsel.

Answer(s): B

Explanation:

The chief information security officer (CISO) should ideally report to as high a level within the organization as possible. Among the choices given, the chief operations officer (COO) would have not only the appropriate level but also the knowledge of day-to-day operations. The head of internal audit and legal counsel would make good secondary choices, although they would not be as knowledgeable of the operations. Reporting to the chief technology officer (CTO) could become problematic as the CTO's goals for the infrastructure might, at times, run counter to the goals of information security.



Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?

  1. Update platform-level security settings
  2. Conduct disaster recovery test exercises
  3. Approve access to critical financial systems
  4. Develop an information security strategy paper

Answer(s): D

Explanation:

Developing a strategy paper on information security would be the most appropriate. Approving access would be the job of the data owner. Updating platform-level security and conducting recovery test exercises would be less essential since these are administrative tasks.



Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

  1. assessing the frequency of incidents.
  2. quantifying the cost of control failures.
  3. calculating return on investment (ROI) projections.
  4. comparing spending against similar organizations.

Answer(s): C

Explanation:

Calculating the return on investment (ROI) will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.



When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

  1. aligned with the IT strategic plan.
  2. based on the current rate of technological change.
  3. three-to-five years for both hardware and software.
  4. aligned with the business strategy.

Answer(s): D

Explanation:

Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.



Which of the following is the MOST important information to include in a strategic plan for information security?

  1. Information security staffing requirements
  2. Current state and desired future state
  3. IT capital investment requirements
  4. information security mission statement

Answer(s): B

Explanation:

It is most important to paint a vision for the future and then draw a road map from the stalling point to the desired future state. Staffing, capital investment and the mission all stem from this foundation.



Viewing page 9 of 345

Share your comments for ISACA CISM exam with other users:

S
SPriyak
3/17/2025 11:08:37 AM

can you please provide the CBDA latest test preparation

UNITED STATES
C
Chandra
11/28/2024 7:17:38 AM

This is the best and only way of passing this exam as it is extremely hard. Good questions and valid dump.

INDIA
S
Sunak
1/25/2025 9:17:57 AM

Can I use this dumps when I am taking the exam? I mean does somebody look what tabs or windows I have opened ?

BULGARIA
F
Frank
2/15/2024 11:36:57 AM

Finally got a change to write this exam and pass it! Valid and accurate!

CANADA
A
Anonymous User
2/2/2024 6:42:12 PM

Upload this exam please!

Anonymous
N
Nicholas
2/2/2024 6:17:08 PM

Thank you for providing these questions. It helped me a lot with passing my exam.

Anonymous
T
Timi
8/19/2023 5:30:00 PM

my first attempt

UNITED KINGDOM
B
Blessious Phiri
8/13/2023 10:32:00 AM

very explainable

Anonymous
M
m7md ibrahim
5/26/2023 6:21:00 PM

i think answer of q 462 is variance analysis

Anonymous
T
Tehu
5/25/2023 12:25:00 PM

hi i need see questions

Anonymous
A
Ashfaq Nasir
1/17/2024 1:19:00 AM

best study material for exam

Anonymous
R
Roberto
11/27/2023 12:33:00 AM

very interesting repository

ITALY
N
Nale
9/18/2023 1:51:00 PM

american history 1

Anonymous
T
Tanvi
9/27/2023 4:02:00 AM

good level of questions

Anonymous
B
Boopathy
8/17/2023 1:03:00 AM

i need this dump kindly upload it

Anonymous
S
s_123
8/12/2023 4:28:00 PM

do we need c# coding to be az204 certified

Anonymous
B
Blessious Phiri
8/15/2023 3:38:00 PM

excellent topics covered

Anonymous
M
Manasa
12/5/2023 3:15:00 AM

are these really financial cloud questions and answers, seems these are basic admin question and answers

Anonymous
N
Not Robot
5/14/2023 5:33:00 PM

are these comments real

Anonymous
K
kriah
9/4/2023 10:44:00 PM

please upload the latest dumps

UNITED STATES
E
ed
12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs

UNITED STATES
M
Muru
12/29/2023 10:23:00 AM

looks interesting

Anonymous
T
Tech Lady
10/17/2023 12:36:00 PM

thanks! that’s amazing

Anonymous
M
Mike
8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.

UNITED STATES
N
Nobody
9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection

Anonymous
M
Muhammad Rawish Siddiqui
12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.

SAUDI ARABIA
E
Emmah
7/29/2023 9:59:00 AM

are these valid chfi questions

KENYA
M
Mort
10/19/2023 7:09:00 PM

question: 162 should be dlp (b)

EUROPEAN UNION
E
Eknath
10/4/2023 1:21:00 AM

good exam questions

INDIA
N
Nizam
6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.

EUROPEAN UNION
P
poran
11/20/2023 4:43:00 AM

good analytics question

Anonymous
A
Antony
11/23/2023 11:36:00 AM

this looks accurate

INDIA
E
Ethan
8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).

Anonymous
N
nSiva
9/22/2023 5:58:00 AM

its useful.

UNITED STATES
AI Tutor 👋 I’m here to help!