• Home
  • Articles
  • Get Ready to Pass the CISM exam with ISACA Latest Practice Exam [Q315-Q339]

Get Ready to Pass the CISM exam with ISACA Latest Practice Exam [Q315-Q339]

Share

Get Ready to Pass the CISM exam with ISACA Latest Practice Exam

Get Prepared for Your CISM Exam With Actual ISACA Study Guide!

NEW QUESTION # 315
When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?

  • A. Centralizing security management
  • B. Implementing sanctions for noncompliance
  • C. Policy enforcement by IT management
  • D. Periodic compliance reviews

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
By centralizing security management, the organization can ensure that security standards are applied to all systems equally and in line with established policy. Sanctions for noncompliance would not be the best way to correct poor management practices caused by work overloads or insufficient knowledge of security practices.
Enforcement of policies is not solely the responsibility of IT management. Periodic compliance reviews would not correct the problems, by themselves, although reports to management would trigger corrective action such as centralizing security management.


NEW QUESTION # 316
When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

  • A. three-to-five years for both hardware and software.
  • B. aligned with the IT strategic plan.
  • C. based on the current rate of technological change.
  • D. aligned with the business strategy.

Answer: D

Explanation:
Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.


NEW QUESTION # 317
A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?

  • A. Review customers' security policies.
  • B. Design single sign-on (SSO) or federated access.
  • C. Develop access control requirements for each system and application.
  • D. Conduct a risk assessment to determine security risks and mitigating controls.

Answer: D


NEW QUESTION # 318
An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

  • A. Perform a gap analysis.
  • B. Validate the relevance of the information.
  • C. Conduct an information security audit.
  • D. Inform senior management

Answer: B

Explanation:
Explanation
The first step the information security manager should take upon learning of the potential threat is to validate the relevance of the information. This should involve researching the threat to evaluate its potential impact on the organization and to determine the accuracy of the threat intelligence. Once the information is validated, the information security manager can then take action, such as informing senior management, conducting an information security audit, or performing a gap analysis.


NEW QUESTION # 319
An information security manager developing an incident response plan ensure it includes:

  • A. a business impact analysis
  • B. an inventory of critical data
  • C. criteria for escalation
  • D. critical infrastructure diagrams

Answer: C


NEW QUESTION # 320
Which of the following is a function of the information security steering committee?

  • A. Monitor regulatory requirements.
  • B. Align the security framework with security standards.
  • C. Align security strategy with business objectives.
  • D. Deliver external communication during incident response.

Answer: C


NEW QUESTION # 321
Which of the following is MOST likely to drive an update to the information security strategy?

  • A. A new chief technology officer has been hired.
  • B. Management has decided to implement an emerging technology.
  • C. A major business application has been upgraded.
  • D. A recent penetration test has uncovered a control weakness.

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 322
The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

  • A. compliance with industry regulations.
  • B. level of support from senior management.
  • C. timeliness m responding to attacks.
  • D. key performance indicators (KPIs).

Answer: B


NEW QUESTION # 323
Acceptable risk is achieved when:

  • A. residual risk is minimized.
  • B. transferred risk is minimized.
  • C. control risk is minimized.
  • D. inherent risk is minimized.

Answer: A

Explanation:
Residual risk is the risk that remains after putting into place an effective risk management program; therefore, acceptable risk is achieved when this amount is minimized. Transferred risk is risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk. Control risk is the risk that controls may not prevent/detect an incident with a measure of control effectiveness. Inherent risk cannot be minimized.


NEW QUESTION # 324
Which of the following is the PRIMARY benefit of implementing an information security governance framework?

  • A. The framework provides direction to meet business goals while balancing risks and controls.
  • B. The framework is able to confirm the validity of business goals and strategies.
  • C. The framework defines managerial responsibilities for risk impacts to business goals.
  • D. The framework provides a roadmap to maximize revenue through the secure use of technology.

Answer: A

Explanation:
An information security governance framework is a set of principles, policies, standards, and processes that guide the development, implementation, and management of an effective information security program that supports the organization's objectives and strategy. The framework provides direction to meet business goals while balancing risks and controls, as it helps to align the information security activities with the business needs, priorities, and risk appetite, and to ensure that the security resources and investments are optimized and justified.
Reference = CISM Review Manual 2022, page 321; CISM Exam Content Outline, Domain 1, Knowledge Statement 1.22; CISM domain 1: Information security governance Updated 2022


NEW QUESTION # 325
The effectiveness of virus detection software is MOST dependent on which of the following?

  • A. Intrusion detection
  • B. Software upgrades
  • C. Packet filtering
  • D. Definition tables

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The effectiveness of virus detection software depends on virus signatures which are stored in virus definition tables. Software upgrades are related to the periodic updating of the program code, which would not be as critical. Intrusion detection and packet filtering do not focus on virus detection.


NEW QUESTION # 326
A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:

  • A. implement two-factor authentication.
  • B. assess alignment with business objectives.
  • C. escalate the request to senior management
  • D. perform a risk assessment

Answer: D


NEW QUESTION # 327
An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior managements.

  • A. Control owner responses based on a root cause analysis
  • B. An accountability risk to initiate remediation activities
  • C. A plan for mitigating the risk due to noncompliance
  • D. The impact of noncompliance on the organization's risk profile

Answer: D


NEW QUESTION # 328
The BEST time to ensure that a corporation acquires secure software products when outsourcing software development is during:

  • A. security policy development.
  • B. contract performance audits.
  • C. contract negotiation.
  • D. corporate security reviews.

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation/Reference:


NEW QUESTION # 329
An organization's quality process can BEST support security management by providing:

  • A. guidance for security strategy.
  • B. a repository for security systems documentation.
  • C. security configuration controls.
  • D. assurance that security requirements are met.

Answer: D

Explanation:
An organization's quality process can BEST support security management by providing assurance that security requirements are met. This means that the quality process can be used to ensure that security controls are being implemented as intended and that they are achieving the desired results. This helps to ensure that the organization is properly protected and that it is in compliance with security regulations and standards.


NEW QUESTION # 330
Which of the following sources is MOST useful when planning a business-aligned information security program?

  • A. Security risk register
  • B. Business impact analysis (BIA)
  • C. Enterprise architecture (EA)
  • D. Information security policy

Answer: B

Explanation:
A business-aligned information security program is one that supports the organization's business objectives and aligns the information security strategy with the business functions. A business impact analysis (BIA) is a process that identifies the critical business processes, assets, and functions of an organization, and assesses their potential impact in the event of a disruption or loss. A BIA helps to prioritize the information security requirements and controls that are needed to protect the organization's critical assets and functions from various threats and risks. Therefore, a BIA is one of the most useful sources when planning a business-aligned information security program. Reference = CISM Review Manual 15th Edition, page 254; CISM Review Questions, Answers & Explanations Database - 12 Month Subscription, QID 229.
The most useful source when planning a business-aligned information security program is a Business Impact Analysis (BIA). A BIA is a process of identifying and evaluating the potential effects of disruptions to an organization's operations, and helps to identify the security controls and measures that should be implemented to reduce the impact of those disruptions. The BIA should include an assessment of the organization's information security posture, including its security policies, risk register, and enterprise architecture. With this information, organizations can develop an information security program that is aligned to the organization's business objectives.


NEW QUESTION # 331
Which of the following should be given the HIGHEST priority during an information security post-incident review?

  • A. Documenting actions taken in sufficient detail
  • B. Updating key risk indicators (KRIs)
  • C. Evaluating incident response effectiveness
  • D. Evaluating the performance of incident response team members

Answer: C

Explanation:
An information security post-incident review is a process that aims to identify the root causes, impacts, lessons learned, and improvement actions of a security incident. The highest priority during a post-incident review should be evaluating the effectiveness of the incident response, which means assessing how well the incident response plan, procedures, roles, resources, and communication were executed and aligned with the business objectives and requirements. Evaluating the incident response effectiveness can help to identify the gaps, weaknesses, strengths, and opportunities for improvement in the incident response process and capabilities. Documenting actions taken in sufficient detail, updating key risk indicators (KRIs), and evaluating the performance of incident response team members are also important activities during a post-incident review, but they are not as critical as evaluating the incident response effectiveness, which can provide a holistic and strategic view of the incident response maturity and value.
Reference =
ISACA, CISM Review Manual, 16th Edition, 2020, page 2411
ISACA, CISM Review Questions, Answers & Explanations Database - 12 Month Subscription, 2020, question ID 2192 During post-incident reviews, the highest priority should be given to evaluating the effectiveness of the incident response effort. This includes assessing the accuracy of the response to the incident, the timeliness of the response, and the efficiency of the response. It is important to assess the effectiveness of the response in order to identify areas for improvement and ensure that future responses can be more effective. Documenting the actions taken in sufficient detail, updating key risk indicators (KRIs), and evaluating the performance of incident response team members are all important components of a post-incident review, but evaluating incident response effectiveness should be given the highest priority.


NEW QUESTION # 332
While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

  • A. Assign responsibility to the database administrator (DBA).
  • B. Prepare a report of the databases for senior management.
  • C. Assign the highest classification level to those databases.
  • D. Review the databases for sensitive content.

Answer: A

Explanation:
Information asset classification is the process of identifying, labeling, and categorizing information assets based on their value, sensitivity, and criticality to the organization. Information asset classification helps to establish appropriate security controls, policies, and procedures for protecting the information assets from unauthorized access, use, disclosure, modification, or destruction. One of the key elements of information asset classification is assigning owners to each information asset. Owners are responsible for managing the information asset throughout its lifecycle, including defining its security requirements, implementing security controls, monitoring its usage and performance, reporting any incidents or breaches, and ensuring compliance with legal and regulatory obligations. Therefore, assigning responsibility to the database administrator (DBA) is the best way to address the situation where several production databases do not have owners assigned to them. Reference = CISM Review Manual 15th Edition1, page 256; Information Asset and Security Classification Procedure2.


NEW QUESTION # 333
Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

  • A. Security baselines
  • B. Security incident details
  • C. Security risk exposure
  • D. Security metrics

Answer: D

Explanation:
Security metrics are the most important to include in a report to key stakeholders regarding the effectiveness of an information security program because they provide objective and measurable evidence of security performance and progress. Security metrics can include measures such as the number and severity of security incidents, the level of compliance with security policies and standards, the effectiveness of security controls, and the return on investment (ROI) of security initiatives. The other choices may also be included in a security report, but security metrics are the most important.
An information security program is a set of policies, procedures, standards, guidelines, and tools that aim to protect an organization's information assets from threats and ensure compliance with laws and regulations.
The effectiveness of an information security program depends on various factors, such as the organization's risk appetite, business objectives, resources, culture, and external environment. Regular reporting to key stakeholders, such as senior management, the board of directors, and business partners, is critical to maintaining their support and buy-in for the program. The report should provide clear and concise information on the program's status, achievements, challenges, and future plans, and it should be tailored to the audience's needs and expectations.


NEW QUESTION # 334
Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

  • A. Contact forensic investigators.
  • B. Follow the escalation process.
  • C. Notify law enforcement.
  • D. Identify the indicators of compromise.

Answer: B

Explanation:
Explanation
When responding to a major security incident that could disrupt the business, the information security manager's most important course of action is to follow the escalation process. The escalation process is a predefined set of steps and procedures that define who should be notified, when, how, and with what information in the event of a security incident. The escalation process helps to ensure that the appropriate stakeholders, such as senior management, business units, legal counsel, public relations, and external parties, are informed and involved in the incident response process. The escalation process also helps to coordinate the actions and decisions of the incident response team and the business continuity team, and to align the incident response objectives with the business priorities and goals. The escalation process should be documented and communicated as part of the incident response plan, and should be reviewed and updated regularly to reflect the changes in the organization's structure, roles, and responsibilities.
References =
CISM Review Manual 15th Edition, page 1631
CISM 2020: Incident Management and Response, video 32
Incident Response Models3


NEW QUESTION # 335
A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

  • A. impact on network capacity
  • B. decrease in end user productivity
  • C. higher costs in supporting end users
  • D. lack of a device management solution

Answer: D

Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation/Reference: https://www.isaca.org/Journal/archives/2013/Volume-4/Pages/Leveraging-and-Securing-the-Bring- Your-Own-Device-and-Technology-Approach.aspx


NEW QUESTION # 336
An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

  • A. Lack of accountability
  • B. Lack of availability
  • C. Inadequate authentication
  • D. Improper authorization

Answer: A

Explanation:
The greatest concern with the situation of privileged employee access requests to production servers being approved but not logged is the lack of accountability, which means the inability to trace or verify the actions and decisions of the privileged users. Lack of accountability can lead to security risks such as unauthorized changes, data breaches, fraud, or misuse of privileges. Logging user actions is a key component of privileged access management (PAM), which helps to monitor, detect, and prevent unauthorized privileged access to critical resources. The other options, such as lack of availability, improper authorization, or inadequate authentication, are not directly related to the situation of not logging user actions. References:
* https://www.microsoft.com/en-us/security/business/security-101/what-is-privileged-access- management-pam
* https://www.ekransystem.com/en/blog/privileged-user-monitoring-best-practices
* https://www.beyondtrust.com/resources/glossary/privileged-access-management-pam


NEW QUESTION # 337
Which of the following should be the PRIMARY consideration when implementing a data loss prevention (DLP) solution?

  • A. Data ownership
  • B. Data storage capabilities
  • C. Data classification
  • D. Selection of tools

Answer: C


NEW QUESTION # 338
Which of the following is the MOST important step in risk ranking?

  • A. Vulnerability analysis
  • B. Threat assessment
  • C. Mitigation cost
  • D. Impact assessment

Answer: D

Explanation:
Section: INFORMATION RISK MANAGEMENT


NEW QUESTION # 339
......


To be eligible for the CISM exam, candidates must have at least five years of experience in information security management, with at least three years of experience in the role of information security manager. CISM exam consists of 150 multiple-choice questions, and candidates are given four hours to complete the exam. CISM exam covers four domains: information security governance, risk management, information security program development and management, and information security incident management. CISM exam is rigorous and requires a deep understanding of the principles and best practices of information security management, making it a challenging but rewarding certification to achieve.

 

Pass Your Next CISM Certification Exam Easily & Hassle Free: https://practicetorrent.exam4pdf.com/CISM-dumps-torrent.html

Related Articles

more
ISACA CISM Certification Practice Exam

The interactive and intelligence features of our test engine can allow self-assessment practice. You can set the time by yourself for each test. The simulate test environment will help you to be familiar with the real test in advance.

Latest Exam Questions

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Exam4PDF NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy