Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 209

What should be an information security manager ' s FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

A.

Define the issues to be addressed.

B.

Perform a cost-benefit analysis.

C.

Calculate the total cost of ownership (TCO).

D.

Conduct a feasibility study.

Full Access
Question # 210

When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:

A.

Meets internal requirements

B.

Complies with industry standards

C.

Achieves projected financial benefits

D.

Delivers anticipated risk reduction

Full Access
Question # 211

Which of the following is the PRIMARY objective of the incident management recovery phase?

A.

To recover business operation support

B.

To perform a lessons-learned review

C.

To document actions taken to restore IT systems

D.

To bring IT services back online

Full Access
Question # 212

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

A.

Conduct a threat analysis.

B.

Implement an information security awareness training program.

C.

Establish an audit committee.

D.

Create an information security steering committee.

Full Access
Question # 213

After a server has been attacked, which of the following is the BEST course of action?

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Full Access
Question # 214

Which of the following should an information security manager do FIRST when noncompliance with security standards is identified?

A.

Report the noncompliance to senior management.

B.

Validate the noncompliance.

C.

Include the noncompliance in the risk register.

D.

Implement compensating controls to mitigate the noncompliance.

Full Access
Question # 215

Which of the following should be the PRIMARY objective of the information security incident response process?

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Full Access
Question # 216

Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

A.

The organization ' s risk tolerance

B.

The organization ' s mission

C.

Resource availability

D.

Incident response team training

Full Access
Go to page: