Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 145

An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?

A.

To facilitate the continuous improvement of the IT organization

B.

To ensure controls align with security needs

C.

To create and document required IT capabilities

D.

To prioritize security risks on a longer scale than the one-year plan

Full Access
Question # 146

Network isolation techniques are immediately implemented after a security breach to:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Full Access
Question # 147

Which of the following is the MOST important reason to ensure information security is aligned with the organization ' s strategy?

A.

To identify the organization ' s risk tolerance

B.

To improve security processes

C.

To align security roles and responsibilities

D.

To optimize security risk management

Full Access
Question # 148

A PRIMARY purpose of creating security policies is to:

A.

define allowable security boundaries.

B.

communicate management ' s security expectations.

C.

establish the way security tasks should be executed.

D.

implement management ' s security governance strategy.

Full Access
Question # 149

Which is MOST important to identify when developing an effective information security strategy?

A.

Security awareness training needs

B.

Potential savings resulting from security governance

C.

Business assets to be secured

D.

Residual risk levels

Full Access
Question # 150

What is the BEST way to inform senior management of the value of information security?

A.

Present the benefits of security awareness training

B.

Describe how security enables business objectives

C.

Describe potential impact of compromises

D.

Present anticipated return on security investment

Full Access
Question # 151

Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?

A.

Including a situational forecast

B.

Using appropriate language for the target audience

C.

Including trend charts for metrics

D.

Using a rating system to demonstrate program effectiveness

Full Access
Question # 152

Which of the following would BEST enable the help desk to recognize an information security incident?

A.

Train the help desk to review the call logs.

B.

Require the help desk to participate in post-incident reviews.

C.

Provide the help desk with criteria for security incidents.

D.

Include members of the help desk on the security incident response team.

Full Access
Go to page: