ISACA CISM Certification Sample Questions

CISM Dumps, CISM PDF, CISM VCE, ISACA Information Security Manager VCEThe purpose of this Sample Question Set is to provide you with information about the ISACA Information Security Manager (CISM) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISM certification test. To get familiar with real exam environment, we suggest you try our Sample ISACA CISM Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISACA Certified Information Security Manager (CISM) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISACA Information Security Manager exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium ISACA CISM Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISACA CISM Sample Questions:

01. Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
a) Conduct awareness sessions on intellectual property policy
b) Require all employees to sign a nondisclosure agreement
c) Promptly remove all access when an employee leaves the organization
d) Restrict access to a need-to-know basis
 
02. Reviewing which of the following would BEST ensure that security controls are effective?
a) Risk assessment policies
b) Return on security investment
c) Security metrics
d) User access rights
 
03. An organization's information security strategy should be based on:
a) managing risk relative to business objectives.
b) managing risk to a zero level and minimizing insurance premiums.
c) avoiding occurrence of risks so that insurance is not required.
d) transferring most risks to insurers and saving on control costs.
 
04. When an emergency security patch is received via electronic mail, the patch should FIRST be:
a) loaded onto an isolated test machine.
b) decompiled to check for malicious code.
c) validated to ensure its authenticity.
d) copied onto write-once media to prevent tampering.
 
05. The criticality and sensitivity of information assets is determined on the basis of:
a) threat assessment.
b) vulnerability assessment.
c) resource dependency assessment.
d) impact assessment.
 
06. Which one of the following does NOT describe the terms under which a contractual agreement must be made?
a) Mutual
b) Free
c) Communicated to each other
d) Unilateral
 
07. In a business impact analysis, the value of an information system should be based on the overall cost:
a) of recovery.
b) to recreate.
c) if unavailable.
d) of emergency operations.
 
08. Who can BEST advocate the development of and ensure the success of an information security program?
a) Internal auditor
b) Chief operating officer (COO)
c) Steering committee
d) IT management
 
09. Data owners will determine what access and authorizations users will have by:
a) delegating authority to data custodian.
b) cloning existing user accounts.
c) determining hierarchical preferences.
d) mapping to business needs.
 
10. Reviewing which of the following would BEST ensure that security controls are effective?
a) Risk assessment policies
b) Return on security investment
c) Security metrics
d) User access rights

Answers:

Question: 01
Answer: d
Question: 02
Answer: c
Question: 03
Answer: a
Question: 04
Answer: c
Question: 05
Answer: d
Question: 06
Answer: d
Question: 07
Answer: c
Question: 08
Answer: c
Question: 09
Answer: d
Question: 10
Answer: c

Note: For any error in ISACA Certified Information Security Manager (CISM) certification exam sample questions, please update us by writing an email on feedback@edusum.com.

Rating: 4.9 / 5 (42 votes)