Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 129

Which of the following is the MOST important consideration when evaluating the performance of existing security controls?

A.

Obtaining senior management support to facilitate testing

B.

Interviewing control owners to accurately collect metrics data

C.

Selecting testing methods that match the purpose of the testing

D.

Establishing testing scenarios based on international standards

Full Access
Question # 130

Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?

A.

Stakeholder plan

B.

Escalation plan

C.

Up-to-date risk register

D.

Asset classification

Full Access
Question # 131

Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Penetration test results

D.

Vulnerability scan results

Full Access
Question # 132

Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?

A.

Demonstrate the effectiveness of business continuity plans (BCPs).

B.

Report key performance indicator (KPI) trends.

C.

Demonstrate that the program enables business activities.

D.

Provide evidence of increased security events at peer organizations.

Full Access
Question # 133

Which of the following BEST ensures timely and reliable access to services?

A.

Nonrepudiation

B.

Authenticity

C.

Availability

D.

Recovery time objective (RTO)

Full Access
Question # 134

An organization has decided to implement an Internet of Things (IoT) solution to remain competitive in the market. Which of the following should information security do FIRST?

A.

Recalculate risk profile

B.

Implement compensating controls

C.

Reassess risk tolerance levels

D.

Update the security architecture

Full Access
Question # 135

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

A.

Demonstrated return on security investment

B.

Reduction in inherent risk

C.

Results of an emerging threat analysis

D.

Review of security metrics trends

Full Access
Question # 136

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

A.

Average total cost of downtime per reported incident

B.

Elapsed time between response and resolution

C.

Average number of incidents per reporting period

D.

Elapsed time between detection, reporting, and response

Full Access
Go to page: