Enhance your career with CISM PDF Dumps - True ISACA Exam Questions
New (2023) Download free CISM PDF for ISACA Practice Tests
What Are the Primary Sections Featured in the Isaca CISM Exam?
Adding this certification into your profile verifies that you have a broad set of skills that you can apply for solving different issues in the workplace. And these are covered in the domains of the the CISM exam. Let's go into these one by one.
- Information security program development and management
For the third section, it's all about program development and administration. At this point, one becomes more competent in the scope of an information security program as well as the entire management framework. Additionally, there will be a comprehensive elaboration of the list of operational and administrative activities, together with typical program challenges, controls, and countermeasures. The general security infrastructure and architecture are also vital topics.
- Information risk management
CISM ensures that you get the right skills essential for risk management. Mastering the tools and techniques related to this particular process helps you easily distinguish, evaluate, and control possible threats that may affect the business' operations and financial flow. Another thing that makes this area more challenging is the extensive sources of threats, which may include management errors, legal liabilities, and even natural disasters. As a result, it's important to know the entire risk management frameworks, along with related functionalities such as security control selection, risk visibility, reporting, and actions.
- Information security governance
Information security governance, in general, is the way you utilize and lead the company's methodology to security. Proper handling of this crucial aspect greatly affects the core security activities of the business. In addition, it allows a smooth-sailing flow of security details within the organization. Aside from aligning the security with the key objectives, it's also significant to have a profound comprehension of the structural processes, security roles, and control frameworks.
- Information security incident management
Now, we're down to the last part of the exam and that is IS incident management. This domain requires candidates to know critical information about incident management as a whole. From there, it underscores one's skills in dealing with incident metrics, indicators, response methodologies, response plans, and management resources. Other areas that need your attention are business continuity, disaster recovery procedures, and post-incident activities. Being able to expound on the present situation of incident response is substantial too.
The benefits of earning a CISM certification are numerous. It demonstrates a candidate's commitment to and knowledge of information security management, which can lead to increased job opportunities and higher salaries. It also provides a competitive advantage over other professionals in the field, as well as a sense of personal and professional achievement. Furthermore, CISM certification holders are required to maintain their certification through continuing education, ensuring they stay up-to-date with the latest developments and trends in information security management.
NEW QUESTION # 229
Which of the following is the PRIMARY advantage of desk checking a business continuity plan (BCP)?
- A. Assesses the availability and compatibility a backup hardware
- B. Provides a low-cost method of assessing the BCP's completeness
- C. Ensures that appropriate follow-up work is performed on noted issues
- D. Allows for greater participation be management and the IT department
Answer: C
NEW QUESTION # 230
It is MOST important that information security architecture be aligned with which of the following?
- A. Industry best practices
- B. Information security best practices
- C. Information technology plans
- D. Business objectives and goals
Answer: D
Explanation:
Information security architecture should always be properly aligned with business goals and objectives. Alignment with IT plans or industry and security best practices is secondary by comparison.
NEW QUESTION # 231
When a critical incident cannot be contained in a timely manner and the affected system needs to be taken offline, which of the following stakeholders MUST receive priority communication?
- A. Senior management
- B. Business process owner
- C. System end-users
- D. System administrator
Answer: B
NEW QUESTION # 232
It is MOST important that information security architecture be aligned with which of the following?
- A. Industry best practices
- B. Information security best practices
- C. Information technology plans
- D. Business objectives and goals
Answer: D
Explanation:
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
Information security architecture should always be properly aligned with business goals and objectives.
Alignment with IT plans or industry and security best practices is secondary by comparison.
NEW QUESTION # 233
Which of the following is the MOST effective mitigation strategy to protect confidential information from insider threats?
- A. Performing an entitlement review process
- B. Implementing authentication mechanism
- C. Defining segregation of duties
- D. Establishing authorization controls
Answer: D
NEW QUESTION # 234
Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
- A. Customer data stolen
- B. An electrical power outage
- C. A web site defaced by hackers
- D. Loss of the software development team
Answer: B
Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
The effect of the theft of customer data or web site defacement by hackers could lead to a permanent decline in customer confidence, which does not lend itself to measurement by quantitative techniques. Loss of a majority of the software development team could have similar unpredictable repercussions. However, the loss of electrical power for a short duration is more easily measurable and can be quantified into monetary amounts that can be assessed with quantitative techniques.
NEW QUESTION # 235
If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
- A. obtaining evidence as soon as possible.
- B. disconnecting all IT equipment involved.
- C. reconstructing the sequence of events.
- D. preserving the integrity of the evidence.
Answer: D
Explanation:
Explanation
The integrity of evidence should be kept, following the appropriate forensic techniques to obtain the evidence and a chain of custody procedure to maintain the evidence (in order to be accepted in a court of law). All other options are pan of the investigative procedure, but they are not as important as preserving the integrity of the evidence.
NEW QUESTION # 236
The PRIMARY objective of performing a post-incident review is to:
- A. identify the root cause.
- B. identify vulnerabilities
- C. identify control improvements.
- D. re-evaluate the impact of incidents
Answer: A
Explanation:
The primary objective of performing a post-incident review is to identify the root cause of the incident. After an incident has occurred, the post-incident review process involves gathering and analyzing evidence to determine the cause of the incident. This analysis will help to identify both the underlying vulnerability that allowed the incident to occur, as well as any control improvements that should be implemented to prevent similar incidents from occurring in the future. Additionally, the post-incident review process can also be used to re-evaluate the impact of the incident, as well as any potential implications for the organization.
NEW QUESTION # 237
Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?
- A. Performing security audits on the outsourcing vendor s IT environment
- B. Reflecting monitoring requirements m the contractual indemnity agreement
- C. including security requirements and right to audit within the contract
- D. Monitoring security incidents and periodic security reports from the outsourcing vendor
Answer: C
NEW QUESTION # 238
At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?
- A. Conduct a meeting to evaluate the test
- B. Complete an assessment of the hot site provider
- C. Erase data and software from devices
- D. Evaluate the results from all test scripts
Answer: C
Explanation:
For security and privacy reasons, all organizational data and software should be erased prior to departure. Evaluations can occur back at the office after everyone is rested, and the overall results can be discussed and compared objectively.
NEW QUESTION # 239
Which of the following is the PRIMARY responsibility of the information security steering committee?
- A. Reviewing business cases where benefits have not been realized
- B. Developing security polices aligned with the corporate and IT strategies
- C. Developing and presenting business cases for security initiatives
- D. Identifying risks associated with new security initiatives
Answer: B
Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
NEW QUESTION # 240
When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
- A. conduct an impact analysis to quantify the risks.
- B. request a risk acceptance from senior management.
- C. submit the issue to the steering committee.
- D. isolate the system from the rest of the network.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
An impact analysis is warranted to determine whether a risk acceptance should be granted and to demonstrate to the department the danger of deviating from the established policy. Isolating the system would not support the needs of the business. Any waiver should be granted only after performing an impact analysis.
NEW QUESTION # 241
Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
- A. The application is configured with restrictive access controls
- B. The business process has only one level of error checking
- C. Server-based malware protection is not enforced
- D. The application does not use a secure communications protocol
Answer: A
Explanation:
Explanation
The greatest concern for an information security manager in this situation would be the security of the data that is being processed by the third-party service provider working from a remote site. This could be a concern because the data may not be adequately protected from unauthorized access, manipulation, or theft. A secure communications protocol should be used to ensure the confidentiality and integrity of the data in transit.
Additionally, the information security manager should ensure that the third-party service provider has appropriate security controls in place to protect the data, such as access controls, error checking, and malware protection. This information can be found in the ISACA's Certified Information Security Manager (CISM) Study Manual, Section 5.2.
NEW QUESTION # 242
Which of the following has the MOST influence on an organization's adoption of information security policies?
- A. Established key performance indicators (KPIs)
- B. Demonstrated senior management commitment
- C. Enforcement of penalties for noncompliance
- D. A comprehensive security awareness program
Answer: B
NEW QUESTION # 243
Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?
- A. A hot site facility will be shared in multiple disaster declarations
- B. The facility is subject to a "first-come, first-served" policy
- C. Equipment may be substituted with equivalent model
- D. All equipment is provided "at time of disaster, not on floor"
Answer: D
Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
Equipment provided "at time of disaster (ATOD), not on floor" means that the equipment is not available but will be acquired by the commercial hot site provider ON a best effort basis. This leaves the customer at the mercy of the marketplace. If equipment is not immediately available, the recovery will be delayed. Many commercial providers do require sharing facilities in cases where there are multiple simultaneous declarations, and that priority may be established on a first-come, first-served basis. It is also common for the provider to substitute equivalent or better equipment, as they are frequently upgrading and changing equipment.
NEW QUESTION # 244
Which of the following is MOST important to ensure when considering exceptions to an information security policy?
- A. Exceptions undergo regular review.
- B. Exceptions are based on data classification.
- C. Exceptions reflect the organizational risk appetite.
- D. Exceptions are approved by executive management.
Answer: C
NEW QUESTION # 245
To determine the selection of controls required to meet business objectives, an information security manager should:
- A. restrict controls to only critical applications.
- B. prioritize the use of role-based access controls.
- C. focus on key controls.
- D. focus on automated controls.
Answer: C
Explanation:
Key controls primarily reduce risk and are most effective for the protection of information assets. The other choices could be examples of possible key controls.
NEW QUESTION # 246
An organization with a strict need-to-know information access policy is about to launch a knowledge management intranet. Which of the following is the MOST important activity to ensure compliance with existing security policies?
- A. Change organization policy to allow wider use of the new web site.
- B. Ensure that access to the web site is limited to senior managers and the board.
- C. Develop a control procedure to check content before it is published.
- D. Password-protect documents that contain confidential information.
Answer: C
NEW QUESTION # 247
The MAIN reason for an information security manager to monitor industry level changes in the business and IT is to:
- A. update information security policies in accordance with the changes
- B. change business objectives based on potential impact
- C. evaluate the effect of the changes on the levels of residual risk.
- D. identify changes in the risk environment
Answer: D
NEW QUESTION # 248
An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?
- A. Intrusion detection system (IDS)
- B. Antivirus software
- C. File integrity monitoring (FIM) software.
- D. Security information and event management (SIEM) tool
Answer: D
NEW QUESTION # 249
Which of the following should be the PRIMARY consideration when selecting a recovery site?
- A. Geographical location
- B. Recovery point objective
- C. Regulatory requirements
- D. Recovery time objective
Answer: D
Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
NEW QUESTION # 250
......
The ISACA CISM exam consists of 150 multiple-choice questions that test candidates on four domains: Information Security Governance, Risk Management, Information Security Program Development and Management, and Information Security Incident Management. CISM exam is administered in a computer-based format and takes four hours to complete. To be eligible for the CISM certification, candidates must have at least five years of experience in information security management, with at least three years of experience in the four domains covered in the exam.
100% Free CISM Files For passing the exam Quickly: https://www.prepawaytest.com/ISACA/CISM-practice-exam-dumps.html
CISM Dumps Questions Study Exam Guide : https://drive.google.com/open?id=1co0BbUneOwC6R6nGrRmfacVzj1usgQF0