ISACA CISM Certified Information Security Manager Online Training
ISACA CISM Online Training
The questions for CISM were last updated at Sep 07,2025.
- Exam Code: CISM
- Exam Name: Certified Information Security Manager
- Certification Provider: ISACA
- Latest update: Sep 07,2025
The PRIMARY benefit of integrating information security activities into change management processes is to:
- A . provide greater accountability for security-related changes In the business
- B . protect the organization from unauthorized changes.
- C . protect the business from collusion and compliance threats.
- D . ensure required controls are Included in changes.
Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:
- A . has a clearly defined charier and meeting protocols.
- B . includes a mix of members from all levels of management.
- C . conducts frequent reviews of the security policy.
- D . has established relationships with external professionals.
Which of the following is an information security manager’s BEST course of action to address a significant materialized risk that was not prevented by organizational controls?
- A . Update the business impact analysis (BIA)
- B . Update the risk register.
- C . Perform root cause analysis.
- D . Invoke the incident response plan.
Which of the following control type is the FIRST consideration for aligning employee behavior with an organization’s information security objectives?
- A . Physical security control
- B . Directive security
- C . Technical security controls
- D . Logical access control
Which of the following would BEST justify spending for a compensating control?
- A . Risk analysis
- B . Vulnerability analysis
- C . Threats analysis
- D . Peer benchmarking
To gain a clear understanding of the impact that a new regulatory will have on an organization’s security control, an information manager should FIRST.
- A . Conduct a risk assessment
- B . Interview senior management
- C . Perform a gap analysis
- D . Conduct a cost-benefit analysis
An emergency change was made to an IT system as a result of a failure.
Which of the following should be of GREATEST concern to the organizations information security manager?
- A . The change did not include a proper assessment of risk.
- B . Documentation of the change was made after implementation.
- C . The operations team implemented the change without regression testing,
- D . The information security manager did not review the change prior to implementation.
The PRIMARY purpose of vulnerability assessments is to:
- A . provide clear evidence that the system is sufficiently secure.
- B . test intrusion detection systems (IDS) and response procedures
- C . detect deficiencies that could lead to a system compromise.
- D . determine the impact of potential threats,
A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.
- A . Change the password policy to improve the customer experience
- B . Reach alternative secure of identify verification
- C . Recommended implementing two-factor authentication.
- D . Evaluate the impact of the customer’s experience on business revenue.
Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
- A . Implement more stringent countermeasures.
- B . Evaluate whether an excessive level of control is being applied.
- C . Ask senior management to increase the acceptable risk levels
- D . Ask senior management to lower the acceptable risk levels.
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
