Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 185

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Full Access
Question # 186

A security incident has been reported within an organization When should an information security manager contact the information owner?

A.

After the incident has been mitigated

B.

After the incident has been confirmed.

C.

After the potential incident has been togged

D.

After the incident has been contained

Full Access
Question # 187

Which of the following BEST enables the assignment of risk and control ownership?

A.

Aligning to an industry-recognized control framework

B.

Adopting a risk management framework

C.

Obtaining senior management buy-in

D.

Developing an information security strategy

Full Access
Question # 188

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

A.

Senior management

B.

Application owner

C.

Information security manager

D.

Legal representative

Full Access
Question # 189

Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?

A.

Root cause analysis

B.

Continuous log monitoring

C.

Penetration testing

D.

Computer forensics

Full Access
Question # 190

To inform a risk treatment decision, which of the following should the information security manager compare with the organization ' s risk appetite?

A.

Gap analysis results

B.

Level of residual risk

C.

Level of risk treatment

D.

Configuration parameters

Full Access
Question # 191

Which of the following should an information security manager do FIRST when creating an organization ' s disaster recovery plan (DRP)?

A.

Conduct a business impact analysis (BIA)

B.

Identify the response and recovery learns.

C.

Review the communications plan.

D.

Develop response and recovery strategies.

Full Access
Question # 192

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

A.

Cost of replacing the asset

B.

Cost of additional mitigation

C.

Annual loss expectancy (ALE)

D.

Annual rate of occurrence

Full Access
Go to page: