ISACA CISM Certified Information Security Manager Online Training
ISACA CISM Online Training
The questions for CISM were last updated at Apr 26,2025.
- Exam Code: CISM
- Exam Name: Certified Information Security Manager
- Certification Provider: ISACA
- Latest update: Apr 26,2025
When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
- A . implement controls to mitigate the risk.
- B . monitor for business changes.
- C . review the residual risk level
- D . report compliance to management
Which of the following is the BEST way to prevent employees from making unauthorized comments to the media about security incidents in progress?
- A . Establish standard media responses for employees to control the message
- B . Communicate potential disciplinary actions for noncompliance.
- C . Include communication policies In regular information security training
- D . training Implement controls to prevent discussion with media during an Incident.
Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?
- A . Vulnerability assessment results
- B . Application security policy
- C . A business case
- D . Internal audit reports
An information security manager is concerned that executive management does not support information security initiatives.
Which of the following is the BEST way to address this situation?
- A . Revise the information security strategy to meet executive management’s expectations.
- B . Escalate noncompliance concerns to the internal audit manager
- C . Report the risk and status of the information security program to the board.
- D . Demonstrate alignment of the information security function with business needs.
Which of the following is the PRIMARY objective of a business impact analysis (BIA):
- A . Define the recovery point objective (RPO).
- B . Determine recovery priorities.
- C . Confirm control effectiveness.
- D . Analyze vulnerabilities
Which of the following should be define* I FIRST when creating an organization’s information security strategy?
- A . Budget
- B . Policies and processes
- C . Objectives
- D . Organizational structures
Meeting which of the following security objectives BEST ensures that information is protected against unauthorized modification?
- A . Availability
- B . Integrity
- C . Confidentiality
- D . Authenticity
Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?
- A . Provide information security awareness training.
- B . Conduct a business impact analysis (BIA).
- C . Facilitate the creation of an information security steering group
- D . Conduct information security briefings for executives
Senior management learns of several web application security incidents and wants to know the exposure risk to the organization.
What is the information security manager’s BEST course of action?
- A . Perform a vulnerability assessment.
- B . Review audit logs from IT systems.
- C . Activate the incident response plan
- D . Assess IT system configurations
A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:
- A . generating hash output that is the same size as the original message,
- B . requiring the recipient to use a different hash algorithm,
- C . using the senders public key to encrypt the message.
- D . using a secret key m conjunction with the hash algorithm.
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
