CISM Free Practice Question Answers According To Exams Pattern
                     Isaca
CISM Dumps
Certified Information Security
 Manager
Verified By Experts
Get Prepared And Pass Your Exam.
 
Question: 1 
   
Which of the following is MOST important to consider when determining asset valuation? 
 
A. Cost of insurance premiums 
B. Potential business loss 
C. Asset classification level 
D. Asset recovery cost 
 
Answer: B     
 
Question: 2 
   
Within a security governance framework, which of the following is the MOST important characteristic of 
the information security committee? The committee: 
 
A. has a clearly defined charier and meeting protocols. 
B. includes a mix of members from all levels of management. 
C. conducts frequent reviews of the security policy. 
D. has established relationships with external professionals. 
 
Answer: B     
 
Question: 3 
   
An organization has an approved bring your own device (BYOD) program. Which of the following is the 
MOST effective method to enforce application control on personal devices? 
 
A. Implement a mobile device management solution. 
B. Implement a web application firewall. 
C. Educate users regarding the use of approved applications. 
D. Establish a mobile device acceptable use policy 
 
Answer: A     
 
Question: 4 
   
A new program has been implemented to standardize security configurations across a multinational 
organization Following implementation, the configuration standards should: 
 
 
A. remain unchanged to avoid variations across the organization 
B. be updated to address emerging threats and vulnerabilities. 
C. be changed for different subsets of the systems to minimize impact, 
D. not deviate from industry best practice baselines. 
 
Answer: B     
 
Question: 5 
   
An organization has detected sensitive data leakage caused by an employee of a third-party contractor. 
What is the BEST course of action to address this issue? 
 
A. Activate the organization's incident response plan. 
B. Limit access to the third-party contractor 
C. Include security requirements in outsourcing contracts 
D. Terminate the agreement with the third-party contractor 
 
Answer: A     
 
Question: 6 
   
Which of the following MOST effectively prevents internal users from modifying sensitive data? 
 
A. Network segmentation 
B. Role-based access controls 
C. Multi-factor authentication - 
D. Acceptable use policies 
 
Answer: B     
 
Question: 7 
   
Which of the following should be PRIMARILY included in a security training program for business process 
owners? 
 
A. Application recovery time 
B. Impact of security risks 
C. Application vulnerabilities 
D. List of security incidents reported 
 
Answer: B     
 
 
Question: 8 
   
Which of the following is a PRIMARY responsibility of an information security governance committee? 
 
A. Approving the purchase of information security technologies 
B. Approving the information security awareness training strategy 
C. Reviewing the information security strategy 
D. Analyzing information security policy compliance reviews 
 
Answer: C     
 
Question: 9 
   
Which of the following is the MOST important reason to document information security incidents that 
are reported across the organization? 
 
A. Prevent incident recurrence. 
B. Identify unmitigated risk. 
C. Support business investments in security 
D. Evaluate the security posture of the organization. 
 
Answer: A     
 
Question: 10 
   
Which of the following is the MOST important consideration when determining the approach for gaining 
organization-wide acceptance of an information security plan? 
 
A. Mature security policy 
B. Information security roles and responsibilities 
C. Organizational information security awareness 
D. Organizational culture 
 
Answer: D