Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 97

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Full Access
Question # 98

Which of the following events is MOST likely to require an organization to revisit its information security framework?

A.

New services offered by IT

B.

Changes to the risk landscape

C.

A recent cybersecurity attack

D.

A new technology implemented

Full Access
Question # 99

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Full Access
Question # 100

An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?

A.

The individual who has the most privileges within the application

B.

The individual who manages the process supported by the application

C.

The individual responsible for providing support for the application

D.

The individual who manages users of the application

Full Access
Question # 101

The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

A.

scope of the business continuity program.

B.

resources needed for business recovery.

C.

recovery time objective (RTO).

D.

scope of the incident response plan.

Full Access
Question # 102

A finance department director has decided to outsource the organization ' s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?

A.

Determine the required security controls for the new solution

B.

Review the disaster recovery plans (DRPs) of the providers

C.

Obtain audit reports on the service providers ' hosting environment

D.

Align the roles of the organization ' s and the service providers ' stats.

Full Access
Question # 103

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

A.

Documentation of control procedures

B.

Standardization of compliance requirements

C.

Automation of controls

D.

Integration of assurance efforts

Full Access
Question # 104

Following an employee security awareness training program, what should be the expected outcome?

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Full Access
Go to page: