Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 177

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

A.

Maturity of the security policy

B.

Clarity of security roles and responsibilities

C.

Corporate culture

D.

Corporate risk framework

Full Access
Question # 178

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

A.

Industry benchmarks

B.

Key performance indicators (KPIs)

C.

Business impact analysis (BIA) results

D.

Risk assessment results

Full Access
Question # 179

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Full Access
Question # 180

The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:

A.

Higher exposure to threats

B.

Diversity of operating systems

C.

Lack of accountability

D.

Complexity of support

Full Access
Question # 181

What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?

A.

Perform a vulnerability assessment on the systems within the department.

B.

Introduce additional controls to force compliance with policy.

C.

Require department users to repeat security awareness training.

D.

Report the policy violation to senior management.

Full Access
Question # 182

Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?

A.

Adhere to regulatory requirements

B.

Conduct security awareness

C.

Document and distribute security procedures

D.

Communicate and enforce security policies

Full Access
Question # 183

Which of the following BEST facilitates an information security manager ' s efforts to obtain senior management commitment for an information security program?

A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Full Access
Question # 184

A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager ' s FIRST step in addressing the issue should be to:

A.

require that the change be reversed

B.

review the change management process

C.

perform an analysis of the change

D.

report the event to senior management

Full Access
Go to page: