ISACA Certified Information Security Manager - CISM Exam Practice Test
An information security manager has completed a risk assessment for a business information system. Of the following, who is BEST positioned to decide on the implementation of mitigating controls?
Correct Answer: D
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following risk assessment findings for an online-only business should be given the HIGHEST priority to address availability concerns?
Correct Answer: A
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A department has reported that a security control is no longer effective. Which of the following is the information security manager's BEST course of action?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following should be the PRIMARY objective for creating a culture of security within an organization?
Correct Answer: B
Vote an answer
An organization has been adhering to the requirements of stringent cybersecurity legislation in one of its local markets and a change to the legislation has recently occurred. Which of the following should the organization do FIRST?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?
Correct Answer: D
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following should an information security manager do FIRST when developing an organization's disaster recovery plan (DRP)?
Correct Answer: A
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
An organization received a regulatory fine for failing to report a security incident on time, and the root cause was determined to be the misclassification of the incident. Which of the following is the BEST way to address this issue?
Correct Answer: C
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).