Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 121

Which of the following BEST ensures information security governance is aligned with corporate governance?

A.

A security steering committee including IT representation

B.

A consistent risk management approach

C.

An information security risk register

D.

Integration of security reporting into corporate reporting

Full Access
Question # 122

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Full Access
Question # 123

Which of the following should be the PRIMARY basis for establishing metrics that measure the effectiveness of an information security program?

A.

Residual risk

B.

Regulatory requirements

C.

Risk tolerance

D.

Control objectives

Full Access
Question # 124

Which of the following is the BEST option to lower the cost to implement application security controls?

A.

Perform security tests in the development environment.

B.

Integrate security activities within the development process

C.

Perform a risk analysis after project completion.

D.

Include standard application security requirements

Full Access
Question # 125

Relationships between critical systems are BEST understood by

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Full Access
Question # 126

To confirm that a third-party provider complies with an organization ' s information security requirements, it is MOST important to ensure:

A.

security metrics are included in the service level agreement (SLA).

B.

contract clauses comply with the organization ' s information security policy.

C.

the information security policy of the third-party service provider is reviewed.

D.

right to audit is included in the service level agreement (SLA).

Full Access
Question # 127

Threat and vulnerability assessments are important PRIMARILY because they are:

A.

used to establish security investments

B.

the basis for setting control objectives.

C.

elements of the organization ' s security posture.

D.

needed to estimate risk.

Full Access
Question # 128

Which of the following is the MAIN feature of a web application firewall?

A.

Modifying its predefined configuration automatically based on malicious traffic

B.

Restricting external traffic within a private network

C.

Redirecting distributed denial-of-service attacks

D.

Filtering incoming Hypertext Transfer Protocol traffic

Full Access
Go to page: