Free CISM Braindumps

  • Exam Number: CISM
  • Provider: ISACA
  • Questions: 1519
  • Updated On: 13-Jan-2021

Question: 1

Which of the following should be the FIRST step in developing an information security plan?

  1. Perform a technical vulnerabilities assessment
  2. Analyze the current business strategy
  3. Perform a business impact analysis
  4. Assess the current levels of security awareness

Answer(s): B


Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.

Question: 2

Which of the following characteristics is MOST important to a bank in a high-value online financial transaction system?

  1. Identification
  2. Confidentiality
  3. Authentication
  4. Audit monitoring

Answer(s): B

Question: 3

Which of the following messages would be MOST effective in obtaining senior management’s commitment to information security management?

  1. Effective security eliminates risk to the business
  2. Adopt a recognized framework with metrics
  3. Security is a business product and not a process
  4. Security supports and protects the business

Answer(s): A

Question: 4

Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

  1. Warm
  2. Redundant
  3. Shared
  4. Mobile

Answer(s): A

Reference: and-cold-site-for-disaster-recovery

Question: 5

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

  1. Automation of controls
  2. Documentation of control procedures
  3. Integration of assurance efforts
  4. Standardization of compliance requirements

Answer(s): D

Question: 6

Which of the following is MOST important for an information security manager to regularly report to senior management?

  1. Results of penetration tests
  2. Audit reports
  3. Impact of unremediated risks
  4. Threat analysis reports

Answer(s): C

Question: 7

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

  1. Evaluate the cost of information security integration
  2. Assess the business objectives of the processes
  3. Identify information security risk associated with the processes
  4. Benchmark the processes with best practice to identify gaps

Answer(s): B

Question: 8

A global organization processes and stores large volumes of personal data. Which of the following would be the MOST important attribute in creating a data access policy?

  1. Availability
  2. Integrity
  3. Reliability
  4. Confidentiality

Answer(s): D

Question: 9

Which of the following will BEST protect confidential data when connecting large wireless networks to an existing wired-network infrastructure?

  1. Mandatory access control (MAC) address filtering
  2. Strong passwords
  3. Virtual private network (VPN)
  4. Firewall

Answer(s): A

Question: 10

An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:

  1. perform a gap analysis of compliance requirements.
  2. assess the penalties for non-compliance.
  3. review the organization’s most recent audit report.
  4. determine the cost of compliance.

Answer(s): A

Get The Premium Version
 Test Questions PDF from

 Test Questions PDF from