ISACA CISM Certification Sample Questions

CISM Dumps, CISM PDF, CISM VCE, ISACA Information Security Manager VCEThe purpose of this Sample Question Set is to provide you with information about the ISACA Information Security Manager (CISM) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISM certification test. To get familiar with real exam environment, we suggest you try our Sample ISACA CISM Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISACA Certified Information Security Manager (CISM) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISACA Information Security Manager exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium ISACA CISM Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISACA CISM Sample Questions:

01. Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
a) Conduct awareness sessions on intellectual property policy
b) Require all employees to sign a nondisclosure agreement
c) Promptly remove all access when an employee leaves the organization
d) Restrict access to a need-to-know basis
02. What is the best approach to the development of an organization’s security incident response plan?
a) Developing separate security incident recordkeeping
b) Developing a general IR plan and leaving the details to subject matter experts
c) Developing detailed playbooks and relying on the organization’s crisis management plan
d) Leveraging the organization’s crisis management plan
03. An organization's information security strategy should be based on:
a) managing risk relative to business objectives.
b) managing risk to a zero level and minimizing insurance premiums.
c) avoiding occurrence of risks so that insurance is not required.
d) transferring most risks to insurers and saving on control costs.
04. When an emergency security patch is received via electronic mail, the patch should FIRST be:
a) loaded onto an isolated test machine.
b) decompiled to check for malicious code.
c) validated to ensure its authenticity.
d) copied onto write-once media to prevent tampering.
05. The criticality and sensitivity of information assets is determined on the basis of:
a) threat assessment.
b) vulnerability assessment.
c) resource dependency assessment.
d) impact assessment.
06. Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
a) Gap analysis
b) Regression analysis
c) Risk analysis
d) Business impact analysis
07. In a business impact analysis, the value of an information system should be based on the overall cost:
a) of recovery.
b) to recreate.
c) if unavailable.
d) of emergency operations.
08. Who can BEST advocate the development of and ensure the success of an information security program?
a) Internal auditor
b) Chief operating officer (COO)
c) Steering committee
d) IT management
09. A common concern with poorly written web applications is that they can allow an attacker to:
a) gain control through a buffer overflow.
b) conduct a distributed denial of service (DoS) attack.
c) abuse a race condition.
d) inject structured query language (SQL) statements.
10. In an audit of the user account deprovisioning process for a financial application, three out of ten randomly selected samples indicated that user accounts were not terminated within the 24-hour control limit. How should the audit proceed from this point?
a) Publish audit findings and declare the control as ineffective.
b) Select another sample of ten records and publish audit findings based on the twenty samples.
c) Test all remaining termination requests to see if more were missed.
d) Publish audit findings and declare the control as effective.


Question: 01
Answer: d
Question: 02
Answer: d
Question: 03
Answer: a
Question: 04
Answer: c
Question: 05
Answer: d
Question: 06
Answer: d
Question: 07
Answer: c
Question: 08
Answer: c
Question: 09
Answer: d
Question: 10
Answer: c

Note: For any error in ISACA Certified Information Security Manager (CISM) certification exam sample questions, please update us by writing an email on

Rating: 4.7 / 5 (51 votes)