ISACA Certified Information Security Manager - CISM Exam Practice Test

Which is MOST important when aligning security priorities with business unit strategies?
Correct Answer: D
What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?
Correct Answer: A
Which of the following BEST facilitates the monitoring of risk across an organization?
Correct Answer: B
Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?
Correct Answer: D
Which of the following is the MOST important reason for an organization to communicate to affected parties that a security has occurred?
Correct Answer: B
Which of the following elements of risk is MOST difficult to quantify?
Correct Answer: D
An organization Is storing accounting data in an external cloud environment. Which of the following is the MOST important riskrelated consideration?
Correct Answer: A
Which of the following should be an information security manager s MOST important consideration when conducting a physical security review of a potential outsourced data center?
Correct Answer: C
An organization is considering moving to a cloud service provider for the storage of sensitive data. Which of the following should be considered FIRST?
Correct Answer: C
Recovery time objectives (RTOs) are an output of which of the following?
Correct Answer: C
Which of the following BEST enables an information security manager to communicate the capability of security program functions?
Correct Answer: B
Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?
Correct Answer: D
An intrusion prevention system (IPS) has reported a significant increase in the number of hacking attempts over the past month, though no systems have actually been compromised. Which of the following should the information security manager do FIRST?
Correct Answer: B
The fundamental purpose of establishing security metrics is to:
Correct Answer: B
Which of the following is MOST important to have in place to effectively manage security incidents that could potentially escalate to disasters?
Correct Answer: B
Which of the following is MOST important to implement when using a service account for infrastructure administration?
Correct Answer: D
Which of the following BEST demonstrates return on investment (ROI) for an information security initiative?
Correct Answer: A
Which of the following is the PRIMARY reason to include message templates for communications with external parties in an incident response plan?
Correct Answer: C
Which of the following is the BEST way to integrate information security into corporate governance?
Correct Answer: D
Which of the following is the MAIN reason for integrating an organization's incident response plan with its business continuity process?
Correct Answer: C
Which of the following should be done FIRST when considering a new security initiative?
Correct Answer: B
An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail Which of the following poses the GREATEST risk to the organization related to This event?
Correct Answer: B
An organization has announced new initiatives to establish a big data platform and develop mobile apps. What is the FIRST step when defining new human resource requirements?
Correct Answer: B
Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?
Correct Answer: A
Which of the following is the GREATEST concern with employees investigating and responding to security breaches they report'?
Correct Answer: A
An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?
Correct Answer: C
What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Correct Answer: B
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
Correct Answer: A
When outsourcing application development to a third party, which of the following is the BEST way to ensure the organization's security requirements are met?
Correct Answer: A
Which of the following provides the BEST evidence that a control is being applied effectively?
Correct Answer: A
Which of the following is the BEST indicator of an organization's information security status?
Correct Answer: C
The PRIMARY purpose of implementing information security governance metrics is to:
Correct Answer: C
The BEST way to avoid session hijacking is to use:
Correct Answer: C
A senior executive asks the information security manager to bypass the organization's Internet traffic filters due to a business need.
Which of the following should be the information security manager's NEXT course of action?
Correct Answer: D
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Correct Answer: B
Which of the following should be done FIRST when implementing an information security strategy?
Correct Answer: D
A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?
Correct Answer: B
An organization is adopting a standardized corporate chat messaging technology to help facilitate communication among business units. Which of the following is an ESSENTIAL task associated with this initiative?
Correct Answer: D
The MOST important objective of security awareness training for business staff is to:
Correct Answer: A
The use of digital signatures ensures that a message:
Correct Answer: A
Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)*?
Correct Answer: A
The business advantage of implementing authentication tokens is that they:
Correct Answer: A
What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
Correct Answer: C
A corporate web site has become compromised as a result of a malicious attack. Which of the following should the information security manager do FIRST?
Correct Answer: C
Which of the following would BEST enable an effective response to a network-based attack?
Correct Answer: A