Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 7 )

Updated On: 17-Feb-2026
Page 7 of 345
PDF with 1716 Questions

The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:

  1. storage capacity and shelf life.
  2. regulatory and legal requirements.
  3. business strategy and direction.
  4. application systems and media.

Answer(s): D

Explanation:

Long-term retention of business records may be severely impacted by changes in application systems and media. For example, data stored in nonstandard formats that can only be read and interpreted by previously decommissioned applications may be difficult, if not impossible, to recover. Business strategy and direction do not generally apply, nor do legal and regulatory requirements. Storage capacity and shelf life are important but secondary issues.



Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?

  1. More uniformity in quality of service
  2. Better adherence to policies
  3. Better alignment to business unit needs
  4. More savings in total operating costs

Answer(s): C

Explanation:

Decentralization of information security management generally results in better alignment to business unit needs. It is generally more expensive to administer due to the lack of economies of scale. Uniformity in quality of service tends to vary from unit to unit.



Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

  1. Chief security officer (CSO)
  2. Chief operating officer (COO)
  3. Chief privacy officer (CPO)
  4. Chief legal counsel (CLC)

Answer(s): B

Explanation:

The chief operating officer (COO) is most knowledgeable of business operations and objectives. The chief privacy officer (CPO) and the chief legal counsel (CLC) may not have the knowledge of the day- to-day business operations to ensure proper guidance, although they have the same influence within the organization as the COO. Although the chief security officer (CSO) is knowledgeable of what is needed, the sponsor for this task should be someone with far-reaching influence across the organization.



Which of the following would be the MOST important goal of an information security governance program?

  1. Review of internal control mechanisms
  2. Effective involvement in business decision making
  3. Total elimination of risk factors
  4. Ensuring trust in data

Answer(s): D

Explanation:

The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance. Review of internal control mechanisms relates more to auditing, while the total elimination of risk factors is not practical or possible. Proactive involvement in business decision making implies that security needs dictate business needs when, in fact, just the opposite is true. Involvement in decision making is important only to ensure business data integrity so that data can be trusted.



Relationships among security technologies are BEST defined through which of the following?

  1. Security metrics
  2. Network topology
  3. Security architecture
  4. Process improvement models

Answer(s): C

Explanation:

Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain the use and relationships of security technologies.

Process improvement models and network topology diagrams also do not describe the use and relationships of these technologies.






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion