ISACA CISM Certified Information Security Manager Online Training
ISACA CISM Online Training
The questions for CISM were last updated at Sep 06,2025.
- Exam Code: CISM
- Exam Name: Certified Information Security Manager
- Certification Provider: ISACA
- Latest update: Sep 06,2025
Which of the following is the MOST useful metric for determining how well firewall logs are being monitored?
- A . The number of port scanning attempts
- B . The number of log entries reviewed
- C . The number of investigated alerts
- D . The number of dropped malformed packets
As part of an international expansion plan, an organization has acquired a company located in another jurisdiction.
Which of the following would be the BEST way to maintain an effective information security program?
- A . Determine new factors that could influence the information security strategy.
- B . Implement the current information security program in the acquired company.
- C . Merge the two information security programs to establish continuity.
- D . Ensure information security s included in any change control efforts
Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?
- A . Users must agree to allow the mobile device to be wiped if it is lost
- B . Email must be stored in an encrypted format on the mobile device
- C . A senior manager must approve each new connection
- D . Email synchronization must be prevented when connected to a public Wi-Fi hotspot.
An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients.
The BEST approach to obtain the support of business management would be to:
- A . Present an analysis of the cost and benefit of the changes
- B . Elaborate on the positive impact to information security
- C . Present industry benchmarking results to business units
- D . Discuss the risk and impact of security incidents if not implemented
Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?
- A . Recovery time objectives (RTOs)
- B . Mission, goals and objectives
- C . Incident response maturity assessment
- D . Documentation from preparedness tests
Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
- A . Existence of an industry-accepted framework
- B . Up-to-date policy and procedures documentation
- C . A report on the maturity of controls
- D . Results of an independent assessment
Over the last year, an information security manager has performed risk assessments on multiple third-party vendors.
Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
- A . Criticality of the service to the organization
- B . Compliance requirements associated with the regulation
- C . Compensating controls in place to protect information security
- D . Corresponding breaches associated with each vendor
After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?
- A . Risk heat map
- B . Recent audit results
- C . Balanced scorecard
- D . Gap analysis
Which of the following is the BEST method to defend against social engineering attacks?
- A . Monitor for unauthorized access attempts and failed logins.
- B . Employ the use of a web-content filtering solution.
- C . Communicate guideline to limit information posted to public sites
- D . Periodically perform antivirus scans to identify malware
Which of the following would provide the MOST useful input when creating an information security program?
- A . Business case
- B . Information security budget
- C . Key risk indicators (KRls)
- D . Information security strategy
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
