ISACA CISM Certified Information Security Manager Online Training
ISACA CISM Online Training
The questions for CISM were last updated at Dec 03,2025.
- Exam Code: CISM
- Exam Name: Certified Information Security Manager
- Certification Provider: ISACA
- Latest update: Dec 03,2025
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations.
Which of the following would be of MOST concern to senior management?
- A . The organization uses a decentralized privacy governance structure
- B . Privacy policies ire only reviewed annually
- C . The organization doe* not have a dedicated privacy officer
- D . The privacy program does not include a formal warning component
Executive management is considering outsourcing all IT operations.
Which of the following functions should remain internal?
- A . Data encryption
- B . Data ownership
- C . Data custodian
- D . Data monitoring
Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
- A . Average time to resolve an incident
- B . Total number of reported incidents
- C . Total number of incident responses
- D . Average time to respond to an incident
Senior management has approved employees working off-site by using a virtual private network (VPN) connection.
It is MOST important for the information security manager to periodically:
- A . perform a cost-benefit analysis.
- B . perform a risk assessment.
- C . review firewall configuration.
- D . review the security policy.
The success of a computer forensic investigation depends on the concept of:
- A . chain of evidence.
- B . chain of attack.
- C . forensic chain
- D . evidence of attack.
Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?
- A . The patch should be applied to critical systems.
- B . The patch should be validated using a hash algorithm.
- C . The patch should be evaluated in a testing environment.
- D . The patch should be deployed quickly to systems that are vulnerable.
Which of the following will BEST help to ensure security is addressed when developing a custom application?
- A . Conducting security training for the development staff
- B . Integrating security requirements into the development process
- C . Requiring a security assessment before implementation
- D . Integrating a security audit throughout the development process
Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA).
Which of the following is the information security manager’s BEST course of action?
- A . Inform the legal department of the deficiency
- B . Analyze and report the issue to server management
- C . Require the application owner to implement the controls.
- D . Assess and present the risks to the application owner
Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?
- A . Disaster recovery plan
- B . Identity and access management
- C . Vendor’s information security policy
- D . A risk assessment
When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?
- A . Provide security training for developers.
- B . Prepare detailed acceptance criteria
- C . Adhere to change management processes.
- D . Perform a security gap analysis.
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
