Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 19 )

Updated On: 17-Feb-2026
Page 19 of 345
PDF with 1716 Questions

Which of the following is the MOST important to keep in mind when assessing the value of information?

  1. The potential financial loss
  2. The cost of recreating the information
  3. The cost of insurance coverage
  4. Regulatory requirement

Answer(s): A

Explanation:

The potential for financial loss is always a key factor when assessing the value of information. Choices B, C and D may be contributors, but not the key factor.



What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?

  1. Risk assessment report
  2. Technical evaluation report
  3. Business case
  4. Budgetary requirements

Answer(s): C

Explanation:

The information security manager needs to prioritize the controls based on risk management and the requirements of the organization. The information security manager must look at the costs of the various controls and compare them against the benefit the organization will receive from the security solution. The information security manager needs to have knowledge of the development of business cases to illustrate the costs and benefits of the various controls. All other choices are supplemental.



To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?

  1. Security breach frequency
  2. Annualized loss expectancy (ALE)
  3. Cost-benefit analysis
  4. Peer group comparison

Answer(s): C

Explanation:

Cost-benefit analysis is the legitimate way to justify budget. The frequency of security breaches may assist the argument for budget but is not the key tool; it does not address the impact. Annualized loss expectancy (ALE) does not address the potential benefit of security investment. Peer group comparison would provide a good estimate for the necessary security budget but it would not take into account the specific needs of the organization.



Which of the following situations would MOST inhibit the effective implementation of security governance?

  1. The complexity of technology
  2. Budgetary constraints
  3. Conflicting business priorities
  4. High-level sponsorship

Answer(s): D

Explanation:

The need for senior management involvement and support is a key success factor for the implementation of appropriate security governance. Complexity of technology, budgetary constraints and conflicting business priorities are realities that should be factored into the governance model of the organization, and should not be regarded as inhibitors.



What would be the MOST significant security risks when using wireless local area network (LAN) technology?

  1. Man-in-the-middle attack
  2. Spoofing of data packets
  3. Rogue access point
  4. Session hijacking

Answer(s): C

Explanation:

A rogue access point masquerades as a legitimate access point. The risk is that legitimate users may connect through this access point and have their traffic monitored. All other choices are not dependent on the use of a wireless local area network (LAN) technology.






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion