ISACA CISM Certification Sample Questions

CISM Dumps, CISM PDF, CISM VCE, ISACA Information Security Manager VCE, ISACA Information Security Manager PDFThe purpose of this Sample Question Set is to provide you with information about the ISACA Information Security Manager (CISM) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISM certification test. To get familiar with real exam environment, we suggest you try our Sample ISACA Information Security Manager Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISACA Certified Information Security Manager (CISM) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISACA Information Security Manager exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium ISACA CISM Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISACA CISM Sample Questions:

01. IT-related risk management activities are MOST effective when they are:
a) treated as a distinct process
b) conducted by the IT department
c) communicated to all employees
d) integrated within business processes
 
02. A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization.
There is disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk.
Which of the following would be the BEST approach of the information security manager?
a) Acceptance of the business manager’s decision on the risk to the corporation
b) Acceptance of the information security manager’s decision on the risk to the corporation
c) Review of the risk assessment with executive management for final input
d) Create a new risk assessment and BIA to resolve the disagreement
 
03. Who is accountable for ensuring that information is categorized and that specific protective measures are taken?
a) The security officer
b) Senior management
c) The end user
d) The custodian
 
04. Abnormal server communication from inside the organization to external parties may be monitored to:
a) record the trace of advanced persistent threats
b) evaluate the process resiliency of server operations
c) verify the effectiveness of an intrusion detection system
d) support a nonrepudiation framework in e-commerce
 
05. Which of the following is the BEST way to detect an intruder who successfully penetrates a network before significant damage is inflicted?
a) Perform periodic penetration testing
b) Establish minimum security baselines
c) Implement vendor default settings
d) Install a honeypot on the network
 
06. To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices.
Which of the following BEST facilitates the correlation and review of these logs?
a) Database server
b) Domain name server
c) Time server
d) Proxy server
 
07. Which of the following authentication methods prevents authentication replay?
a) Password hash implementation
b) Challenge/response mechanism
c) Wired equivalent privacy encryption usage
d) Hypertext Transfer Protocol basic authentication
 
08. In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
a) Conducting periodic security awareness programs
b) Implementing on-screen masking of passwords
c) Increasing the frequency of password changes
d) Requiring that passwords be kept strictly confidential
 
09. Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
a) User ad hoc reporting is not logged
b) Network traffic is through a single switch
c) Operating system security patches have not been applied
d) Database security defaults to ERP settings
 
10. The postincident review of a security incident revealed that there was a process that was not monitored. As a result monitoring functionality has been implemented.
Which of the following may BEST be expected from this remediation?
a) Reduction in total incident duration
b) Increase in risk tolerance
c) Facilitation of escalation
d) Improvement in identification

Answers:

Question: 01
Answer: d
Question: 02
Answer: c
Question: 03
Answer: b
Question: 04
Answer: a
Question: 05
Answer: d
Question: 06
Answer: c
Question: 07
Answer: b
Question: 08
Answer: a
Question: 09
Answer: c
Question: 10
Answer: d

Note: For any error in ISACA Certified Information Security Manager (CISM) certification exam sample questions, please update us by writing an email on feedback@edusum.com.

Rating: 4.6 / 5 (125 votes)