
[2021] CISM Actual Exam Dumps, CISM Practice Test
TrainingDump CISM dumps & Isaca Certification sure practice dumps
Conclusion
Unlocking your potential becomes much easier when your tank is filled with the best CISM test prep materials. The knowledge you will find in each of the resources presented above is crucial to your success both in the exam process and in the actual field as a Certified Information Security Manager. Don’t get too caught up in reading and memorizing the concepts. Once you think you’ve gained mastery in each domain, try the practice quizzes. That is the surest way to know whether you have really understood the entirety of the exam and its tasks. Let these materials power you up so you can claim your deserved success very soon!
CISM (Certified Information Security Manager) is a certification intended for those professionals who are involved in the information security management. This certificate is issued by ISACA, and it will help you demonstrate your commitment to information security, identify critical issues within your company, enhance security programs, and bring you the credibility to support information security. This option can bring you the visibility you need.
Exam details
ISACA CISM is used to be a manual exam, but over the years it has evolved into a Computer-Based Testing method, which ensures even more accuracy and reliability for its candidates. It is consisting of 150 questions that you need to clear within 240 minutes. This exam is available in various languages, such as Chinese, English, Japanese, Korean, and Spanish. It is held at the PSI testing centers around the world.
The exam voucher is valid for one year after it is released. For the ISACA members, the price of the CISM test is $575, but the non-members should pay $760. To pass this certification exam, an individual should score at least 450 points or higher.
NEW QUESTION 667
Which of the following BEST demonstrates alignment between information security governance and corporate governance?
- A. Mean time to resolution for enterprise-wide security incidents
- B. Average number of security incidents across business units
- C. Security project justifications provided in terms of business value
- D. Number of vulnerabilities identified for high-risk information assets
Answer: C
Explanation:
Section: INFORMATION SECURITY GOVERNANCE
NEW QUESTION 668
Recovery point objectives (RPOs) can be used to determine which of the following?
- A. Maximum tolerable downtime
- B. Maximum tolerable period of data loss
- C. Baseline for operational resiliency
- D. Time to restore backups
Answer: B
Explanation:
Explanation
The RPO is determined based on the acceptable data loss in the case of disruption of operations. It indicates the farthest point in time prior to the incident to which it is acceptable to recover the data. RPO effectively quantifies the permissible amount of data loss in the case of interruption. It also dictates the frequency of backups required for a given data set since the smaller the allowable gap in data, the more frequent that backups must occur.
NEW QUESTION 669
The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
- A. determine the current level of security.
- B. recommend not renewing the contract upon expiration.
- C. ensure the provider is made liable for losses.
- D. recommend the immediate termination of the contract.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
It is important to ensure that adequate levels of protection are written into service level agreements (SLAs) and other outsourcing contracts. Information must be obtained from providers to determine how that outsource provider is securing information assets prior to making any recommendation or taking any action in order to support management decision making. Choice A is not acceptable in most situations and therefore not a good answer.
NEW QUESTION 670
An information security program should be sponsored by:
- A. infrastructure management.
- B. information security management.
- C. the corporate audit department.
- D. key business process owners.
Answer: D
Explanation:
The information security program should ideally be sponsored by business managers, as represented by key business process owners. Infrastructure management is not sufficiently independent and lacks the necessary knowledge regarding specific business requirements. A corporate audit department is not in as good a position to fully understand how an information security program needs to meet the needs of the business. Audit independence and objectivity will be lost, impeding traditional audit functions. Information security implements and executes the program. Although it should promote it at all levels, it cannot sponsor the effort due to insufficient operational knowledge and lack of proper authority.
NEW QUESTION 671
Which of the following BEST illustrates residual risk within an organization?
- A. Risk register
- B. Business impact analysis
- C. Heat map
- D. Risk management framework
Answer: D
Explanation:
Section: INFORMATION RISK MANAGEMENT
NEW QUESTION 672
The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
- A. required key sizes are smaller.
- B. reliability of the data is higher in transit.
- C. traffic cannot be sniffed.
- D. the existence of messages is unknown.
Answer: D
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
The existence of messages is hidden when using steganography. This is the greatest risk. Keys are relevant for encryption and not for steganography. Sniffing of steganographic traffic is also possible. Option D is not relevant.
NEW QUESTION 673
Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?
- A. Maximum tolerable outage (MTO)
- B. Cost-benefit analysis of mitigating controls
- C. Annual loss expectancy (ALE)
- D. Approved annual budget
Answer: B
NEW QUESTION 674
An organization manages payroll and accounting systems for multiple client companies. Which of the following contract terms would indicate a potential weakness for a disaster recovery hot site?
- A. Work-area size is limited but can be augmented with nearby office space.
- B. Exclusive use of hot site is limited to six weeks (following declaration).
- C. Servers will be provided at time of disaster (not on floor).
- D. Timestamp of declaration will determine priority of access to facility.
Answer: C
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
NEW QUESTION 675
Which of the following is the GREATEST risk associated with the installation of an intrusion prevention system (IPS)?
- A. Critical business processes may be blocked.
- B. Data links can no longer be encrypted end-to-end.
- C. IPS logfiles may become too large to process.
- D. Staff may not be able to access the Internet.
Answer: A
NEW QUESTION 676
When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:
- A. media coverage
- B. availability of technical resources.
- C. affected stakeholders
- D. incident response team
Answer: C
NEW QUESTION 677
When is the BEST time to identify the potential regulatory risk a new service provider presents to the organization?
- A. During business case analysis
- B. During integration planning
- C. During due diligence
- D. During contract negotiations
Answer: A
NEW QUESTION 678
Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:
- A. acceptance of the organization's security policies
- B. audit guidelines
- C. contractual agreements
- D. service level agreements (SLAs)
Answer: D
NEW QUESTION 679
An organization is leveraging tablets to replace desktop computers shared by shift-basd staff. These tables contain critical business data and are inherently at increased risk of the ..
- A. Create an acceptable use policy.
- B. Deploy mobile device management (MDM).
- C. Implement remote wipe capability.
- D. Conduct a mobile device risk assessment.
Answer: C
NEW QUESTION 680
To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
- A. Review the security status of the service provider.
- B. Review samples of service level reports from the service provider.
- C. Request that the service provider comply with information security policy.
- D. Assess the level of security awareness of the service provider.
Answer: C
NEW QUESTION 681
An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:
- A. implementing appropriate controls to reduce risk.
- B. proving information security's protective abilities.
- C. strong protection of information resources.
- D. conflicting security controls with organizational needs.
Answer: D
Explanation:
Explanation/Reference:
Explanation:
The needs of the organization were not taken into account, so there is a conflict. This example is not strong protection, it is poorly configured. Implementing appropriate controls to reduce risk is not an appropriate control as it is being used. This does not prove the ability to protect, but proves the ability to interfere with business.
NEW QUESTION 682
What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?
- A. Perform a gap analysis,
- B. Submit a business case to support compliance.
- C. Complete a control assessment.
- D. Update the risk register.
Answer: A
NEW QUESTION 683
Which of the following is the KST way to align security and business strategies?
- A. Integrate information security governance into corporate governance
- B. Include security risk as part of corporate risk management,
- C. Establish key performance indicators (KPls) for business through security processes.
- D. Develop a balanced scorecard for security
Answer: C
NEW QUESTION 684
Which of the following is the MOST important influence to the continued success of an organization's information security strategy?
- A. Policy development
- B. Organizational culture
- C. Security processes
- D. Information systems
Answer: B
NEW QUESTION 685
Successful implementation of information security governance will FIRST require:
- A. updated security policies.
- B. a computer incident management team.
- C. security awareness training.
- D. a security architecture.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Updated security policies are required to align management objectives with security procedures; management objectives translate into policy, policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
NEW QUESTION 686
When developing an information security strategy, the important requirement is that:
- A. standards capture the intent of management.
- B. the desired outcome is known.
- C. a schedule is developed to achieve objectives.
- D. critical success factors (CSFs) are developed.
Answer: A
NEW QUESTION 687
Retention of business records should PRIMARILY be based on:
- A. business strategy and direction.
- B. business ease and value analysis.
- C. storage capacity and longevity.
- D. regulatory and legal requirements.
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.
NEW QUESTION 688
......
CISM Actual Questions and Braindumps: https://www.trainingdump.com/ISACA/CISM-practice-exam-dumps.html
Pass CISM Exam with Updated CISM Exam Dumps PDF 2021: https://drive.google.com/open?id=1R0AJfYhTSxrLj65r_TXXnKFnNyMe5fUT