Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 113

For which of the following is it MOST important that system administrators be restricted to read-only access?

A.

User access log files

B.

Administrator user profiles

C.

Administrator log files

D.

System logging options

Full Access
Question # 114

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

A.

Determine which country ' s information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Full Access
Question # 115

Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?

A.

Maturity of incident response activities

B.

Threat environment

C.

Quantity of impacted assets

D.

Incident impact

Full Access
Question # 116

An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager ' s BEST approach for communicating the implications of this transition to the board of directors?

A.

Present a diagram of core Zero Trust logical components to help visualize the architectural changes

B.

Summarize the training plan and end user feedback in an internal portal and send the link to the board

C.

Prepare a report on the Zero Trust implementation that includes a status dashboard and timeline

D.

Provide an outline of the business impact in terms of risk reduction and changes in user experience

Full Access
Question # 117

Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

A.

Average return on investment (ROI) associated with security initiatives

B.

Average number of security incidents across business units

C.

Mean time to resolution (MTTR) for enterprise-wide security incidents

D.

Number of vulnerabilities identified for high-risk information assets

Full Access
Question # 118

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

A.

Improved staff attendance in awareness sessions

B.

Decreased number of phishing emails received

C.

Improved feedback on the anti-phishing campaign

D.

Decreased number of incidents that have occurred

Full Access
Question # 119

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

A.

Implement the application and request the cloud service provider to fix the vulnerability.

B.

Assess whether the vulnerability is within the organization ' s risk tolerance levels.

C.

Commission further penetration tests to validate initial test results,

D.

Postpone the implementation until the vulnerability has been fixed.

Full Access
Question # 120

An organization has identified a weakness in the ability of its employees to identify and report cybersecurity incidents. Although training materials have been provided, employees show a lack of interest. Which of the following is the information security manager’s BEST course of action?

A.

Block network access until security awareness training is complete.

B.

Conduct an enterprise cybersecurity risk assessment.

C.

Obtain key stakeholder and leadership support.

D.

Send an email mandating training for the employees.

Full Access
Go to page: