ISACA CISM Certified Information Security Manager Online Training
ISACA CISM Online Training
The questions for CISM were last updated at Feb 13,2025.
- Exam Code: CISM
- Exam Name: Certified Information Security Manager
- Certification Provider: ISACA
- Latest update: Feb 13,2025
Which of the following MOST effectively prevents internal users from modifying sensitive data?
- A . Network segmentation
- B . Role-based access controls
- C . Multi-factor authentication –
- D . Acceptable use policies
A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that
- A . any alteration of the bid will invalidate the signature.
- B . the signature can be authenticated even if no encryption is used,
- C . the bid cannot be forged even if the keys are compromised.
- D . the bid and the signature can be copied from one document to another
Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?
- A . Security controls offered by the provider are inadequate
- B . Service level agreements (SLAs) art not well defined.
- C . Data retention policies may be violated.
- D . There is no right to audit the security of the provider
An access rights review revealed that some former employees’ access is still active.
Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?
- A . Implement a periodic recertification program.
- B . Initiate an access control policy review.
- C . Validate HR offboarding processes.
- D . Conduct a root cause analysis.
Which of the following is the MOST effective approach for integrating security into application development?
- A . Including security in user acceptance testing sign-off
- B . Performing vulnerability scans
- C . Defining security requirements
- D . Developing security models in parallel
Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?
- A . Change management
- B . Problem management
- C . Configuration management
- D . Incident management
The MOST important factors in determining the scope and timing for testing a business continuity plan are:
- A . the experience level of personnel and the function location.
- B . prior testing results and the degree of detail of the business continuity plan
- C . the importance of the function to be tested and the cost of testing,
- D . manual processing capabilities and the test location
A threat intelligence report indicates there has been a significant rise in the number of attacks targeting the industry.
What should the information security manager do NEXT?
- A . Discuss the risk with senior management.
- B . Conduct penetration testing to identity vulnerabilities.
- C . Allocate additional resources to monitor perimeter security systems,
- D . Update the organization’s security awareness campaign.
Which of the following is the MOST effective way to detect social engineering attacks?
- A . Implement real-time monitoring of security-related events.
- B . Encourage staff to report any suspicious activities.
- C . Implement an acceptable use policy.
- D . Provide incident management training to all start.
A third-party contract signed by a business unit manager failed to specify information security requirements.
Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?
- A . Inform business unit management of the information security requirements.
- B . Provide information security training to the business units
- C . Integrate information security into the procurement process
- D . Involve the information security team in contract negotiations