Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 68 )

Updated On: 21-Feb-2026
Page 68 of 345
PDF with 1716 Questions

An information security manager is preparing a presentation to obtain support for a security initiative. Which of the following would be the BEST way to obtain management’s commitment for the initiative?

  1. Include historical data of reported incidents
  2. Provide the estimated return on investment
  3. Provide an analysis of current risk exposures
  4. Include industry benchmarking comparisons

Answer(s): C



Which of the following is the MOST significant security risk in IT asset management?

  1. IT assets may be used by staff for private purposes
  2. Unregistered IT assets may not be supported
  3. Unregistered IT assets may not be included in security documentation
  4. Unregistered IT assets may not be configured properly

Answer(s): A



Which of the following is the MOST effective method of preventing deliberate internal security breaches?

  1. Screening prospective employees
  2. Well-designed firewall system
  3. Well-designed intrusion detection system (IDS)
  4. Biometric security access control

Answer(s): B


Reference:

https://www.techrepublic.com/article/strategies-for-preventing-internal-security-breaches-in-a-growing-business/



A business previously accepted the risk associated with a zero-day vulnerability. The same vulnerability was recently exploited in a high-profile attack on another organization in the same industry. Which of the following should be the information security manager’s FIRST course of action?

  1. Reassess the risk in terms of likelihood and impact
  2. Develop best and worst case scenarios
  3. Report the breach of the other organization to senior management
  4. Evaluate the cost of remediating the vulnerability

Answer(s): A



To effectively manage an organization’s information security risk, it is MOST important to:

  1. periodically identify and correct new systems vulnerabilities
  2. assign risk management responsibility to end users
  3. benchmark risk scenarios against peer organizations
  4. establish and communicate risk tolerance

Answer(s): A






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion