Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 233

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Full Access
Question # 234

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

A.

To assess service level agreements

B.

To provide metrics to senior management

C.

To estimate the recovery time objective

D.

To evaluate how personnel react to the situation

Full Access
Question # 235

An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?

A.

Focus the review on the infrastructure with the highest risk

B.

Review controls listed in the vendor contract

C.

Determine whether the vendor follows the selected security framework rules

D.

Review the vendor ' s security policy

Full Access
Question # 236

An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?

A.

Include the requirement in information security awareness materials

B.

Perform a policy compliance assessment

C.

Ensure the policy has been communicated to the system administrators

Full Access
Question # 237

An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Full Access
Question # 238

Which of the following is the MOST effective way to increase security awareness in an organization?

A.

Implement regularly scheduled information security audits.

B.

Require signed acknowledgment of information security policies.

C.

Conduct periodic simulated phishing exercises.

D.

Include information security requirements in job descriptions.

Full Access
Question # 239

Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?

A.

Conducting a business impact analysis (BIA) to understand business priorities

B.

Analyzing the integration of information security policies and practices within business processes

C.

Performing both quantitative and qualitative risk analyses

D.

Interviewing key personnel identified within the governance framework

Full Access
Question # 240

Which of the following should be of GREATEST concern to an information security manager when evaluating a cloud service provider?

A.

Data retention policies are not documented

B.

There is no right to audit the security of the provider

C.

The provider is new to the market and lacks references

D.

Security controls offered by the provider are inadequate

Full Access
Go to page: