• support@dumpspool.com

PDF Only

$35.00 Free Updates Upto 90 Days

  • CISM Dumps PDF
  • 674 Questions
  • Updated On April 15, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • CISM Question Answers
  • 674 Questions
  • Updated On April 15, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • CISM Practice Questions
  • 674 Questions
  • Updated On April 15, 2024
Check Our Free Isaca CISM Online Test Engine Demo.

How to pass Isaca CISM exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Isaca CISM Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Isaca CISM Dumps are Worth it?

Did we mention our latest CISM Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Isaca Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Certified Information Security Manager Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Certified Information Security Manager Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get CISM Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CISM exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

ISACA CISM Exam Overview:

Aspect Details
Exam Cost $575 (for ISACA members) $760 (for non-members)
Total Time 4 hours
Available Languages English
Passing Marks Scaled score of 450 out of 800
Exam Format Multiple choice questions
Exam Domains 4 (Information Security Governance, Information Risk Management, Information Security Program Development and Management, Information Security Incident Management)

ISACA Certified Information Security Manager (CISM) Exam Topics Breakdown

Content Area Percentage
Information Security Governance 24 Establishing and maintaining an information security governance framework and supporting processes.
Information Risk Management 30 Identifying and managing information security risks to achieve business objectives.
Information Security Program Development and Management 27 Developing and managing an information security program that aligns with the organization's objectives and compliance requirements.
Information Security Incident Management 19 Planning, establishing, and managing the capability to detect, respond to, and recover from information security incidents.
Isaca CISM Sample Question Answers

Question # 1

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?   

A.    Performing penetration tests against the network to demonstrate business vulnerability  
 B.    Highlighting competitor performance regarding network best security practices   
C.    Demonstrating that targeted security controls tie to business objectives   
D.    Presenting comparable security implementation estimates from several vendors  

Question # 2

The effectiveness of an information security governance framework will BEST be enhanced if:

 A.    consultants review the information security governance framework.   
B.    a culture of legal and regulatory compliance is promoted by management.  
 C.    risk management is built into operational and strategic activities.   
D.    IS auditors are empowered to evaluate governance activities  

Question # 3

What is the PRIMARY objective of performing a vulnerability assessment following a business system update? 

  A.    Determine operational losses.   
B.    Improve the change control process.   
C.    Update the threat landscape.  
 D.    Review the effectiveness of controls  

Question # 4

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?   

A.          Projected Increase in maturity level   
B.          Estimated reduction in risk   
C.          Projected costs over time   
D.          Estimated increase in efficiency  

Question # 5

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should: 

  A.    review access rights as the acquisition integration occurs.   
B.    perform a risk assessment of the access rights.   
C.    escalate concerns for conflicting access rights to management.  
 D.    implement consistent access control standards.  

Question # 6

Which of the following is the BEST indication of effective information security governance? 

A.          Information security is considered the responsibility of the entire information security team.   
B.          Information security controls are assigned to risk owners.   
C.          Information security is integrated into corporate governance.   
D.          Information security governance is based on an external security framework.  

Question # 7

Which of the following analyses will BEST identify the external influences to an organization's information security?   

A.          Business impact analysis (BIA)  
 B.          Gap analysis   
C.          Threat analysis   
D.          Vulnerability analysis  

Question # 8

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?  

 A.          Purchase cyber insurance   
B.          Encrypt sensitive production data   
C.          Perform Integrity checks on backups   
D.          Maintain multiple offline backups   

Question # 9

Which of the following is the BEST indication of an effective information security awareness training program?   

A.    An increase in the frequency of phishing tests   
B.    An increase in positive user feedback   
C.    An increase in the speed of incident resolution 
  D.    An increase in the identification rate during phishing simulations  

Question # 10

What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?  

 A.    Monitor the network.   
B.    Perform forensic analysis.   
C.    Disconnect the device from the network,   
D.    Escalate to the incident response team  

Question # 11

A Seat a-hosting organization's data center houses servers, appli BEST approach for developing a physical access control policy for the organization?   

A.          Review customers’ security policies.  
 B.          Conduct a risk assessment to determine security risks and mitigating controls.   
C.          Develop access control requirements for each system and application.
A.          Design single sign-on (SSO) or federated access.  

Question # 12

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?  

 A.    Establishing the authority to remote wipe   
B.    Developing security awareness training   
C.    Requiring the backup of the organization's data by the user   
D.    Monitoring how often the smartphone is used  

Question # 13

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?   

A.    Determine whether the organization can benefit from adopting the new standard.   
B.    Obtain legal counsel's opinion on the standard's applicability to regulations,   
C.    Perform a risk assessment on the new technology.   
D.    Review industry specialists’ analyses of the new standard.  

Question # 14

Which of the following is the BEST tool to monitor the effectiveness of information security governance? 

A.    Key performance indicators (KPIs)   
B.    Balanced scorecard   
C.    Business impact analysis (BIA)   
D.    Risk profile  

Question # 15

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?   

A.          Alive demonstration of the third-party supplier's security capabilities   
B.          The ability to i third-party supplier's IT systems and processes   
C.          Third-party security control self-assessment (CSA) results  
 D.          An independent review report indicating compliance with industry standards  

Question # 16

Which of the following is an example of risk mitigation? 

A.    Purchasing insurance   
B.    Discontinuing the activity associated with the risk  
 C.    Improving security controls   
D.    Performing a cost-benefit analysis  

Question # 17

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:   

A.    a control self-assessment (CSA) process.   
B.    automated reporting to stakeholders.   
C.    a monitoring process for the security policy.  
 D.    metrics for each milestone.  

Question # 18

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)? 

  A.          Regulatory requirements are being met.   
B.          Internal compliance requirements are being met.   
C.          Risk management objectives are being met.  
 D.          Business needs are being met.  

Question # 19

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?  

 A.          The information security strategy   
B.          Losses due to security incidents  
 C.          The results of a risk assessment   
D.          Security investment trends in the industry  

Question # 20

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?   

A.          Developing an information security policy based on risk assessments   
B.          Establishing an information security steering committee   
C.          Documenting the information security governance framework   
D.          Implementing an information security awareness program  

Question # 21

Which of the following provides the BEST assurance that security policies are applied across business operations?   

A.    Organizational standards are included in awareness training.
A.    Organizational standards are enforced by technical controls.   
B.    Organizational standards are required to be formally accepted.   
C.     Organizational standards are documented in operational procedures.  

Question # 22

A balanced scorecard MOST effectively enables information security: 

A.    risk management   
B.    project management  
 C.    governance   
D.    performance  

Question # 23

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?   

A.          Publish adopted information security standards.   
B.          Perform annual information security compliance reviews.   
C.          Implement an information security governance framework.   
D.          Define penalties for information security noncompliance.  

Question # 24

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?  

 A.          Security policy   
B.          Risk management framework   
C.          Risk appetite  
 D.          Security standards  

Question # 25

Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks? 

A.          Capability maturity model   
B.          Vulnerability assessment   
C.          IT security risk and exposure   
D.          Business impact analysis (BIA)  

Question # 26

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?   

 A.    The benefit is greater than the potential risk.   
B.    USB storage devices are enabled based on user roles.   
C.    Users accept the risk of noncompliance.   
D.    Access is restricted to read-only.  

Question # 27

 An online bank identifies a successful network attack in progress. The bank should FIRST:

 A.    isolate the affected network segment.   
B.    report the root cause to the board of directors.   
C.    assess whether personally identifiable information (Pll) is compromised.   
D.    shut down the entire network.

Question # 28

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:  

 A.    the incident response process to stakeholders   
B.    adequately staff and train incident response teams.c
C.    develop effective escalation and response procedures.   
D.     make tabletop testing more effective.  

Question # 29

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?   

A.    Define the issues to be addressed.   
B.    Perform a cost-benefit analysis.   
C.    Calculate the total cost of ownership (TCO).   
D.    Conduct a feasibility study.  

Question # 30

Which of the following is the BEST approach to make strategic information security decisions? 

A.    Establish regular information security status reporting.   
B.    Establish an information security steering committee.   
C.    Establish business unit security working groups.   
D.    Establish periodic senior management meetings.  

Question # 31

A recovery point objective (RPO) is required in which of the following? 

A.          Disaster recovery plan (DRP)   
B.          Information security plan   
C.          Incident response plan   
D.          Business continuity plan (BCP)  

Question # 32

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?   

A.          Metrics to drive the information security program   
B.          Information security policies   
C.          A defined security organizational structure   
D.          An information security strategy  

Question # 33

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?   

A.    Conduct an impact assessment.   
B.    Isolate the affected systems.   
C.    Rebuild the affected systems.  
 D.    Initiate incident response.  

Question # 34

Which of the following documents should contain the INITIAL prioritization of recovery of services? 

A.          IT risk analysis  
 B.          Threat assessment   
C.          Business impact analysis (BIA)   
D.          Business process map  

Question # 35

Which of the following is MOST helpful for aligning security operations with the IT governance framework? 

A.          Security risk assessment   
B.          Security operations program   
C.          Information security policy   
D.          Business impact analysis (BIA)  

Question # 36

Which of the following activities is designed to handle a control failure that leads to a breach?

 A.    Risk assessment   
B.    Incident management   
C.    Root cause analysis    
D.    Vulnerability management  

Question # 37

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?   

A.          Revise the policy.   
B.          Perform a root cause analysis.   
C.          Conduct a risk assessment,   
D.          Communicate the acceptable use policy.  

Question # 38

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?   

A.    Adopt the cloud provider's incident response procedures.   
B.    Transfer responsibility for incident response to the cloud provider.   
C.    Continue using the existing incident response procedures.   
D.    Revise incident response procedures to encompass the cloud environment.  

Question # 39

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?   

A.          Store disaster recovery documentation in a public cloud.   
B.          Maintain an outsourced contact center in another country.   
C.          Require disaster recovery documentation be stored with all key decision makers.   
D.          Provide annual disaster recovery training to appropriate staff.  

Question # 40

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?   

A.    Monitor the effectiveness of controls   
B.    Update the risk assessment framework  
 C.    Review the inherent risk level   
D.    Review the risk probability and impact  

Question # 41

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?   

A.    Enforce the policy.  
 B.    Modify the policy.   
C.    Present the risk to senior management.   
D.    Create an exception for the deviation.  

Question # 42

Of the following, who is in the BEST position to evaluate business impacts? 

A.    Senior management  
B.    Information security manager    
C.    IT manager   
D.    Process manager  

Question # 43

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?  

 A.    Require remote wipe capabilities for devices.
A.    Conduct security awareness training.   
B.    Review and update existing security policies.   
C.     Enforce passwords and data encryption on the devices.  

Question # 44

Which of the following should be the PRIMARY consideration when developing an incident response plan?

 A.    The definition of an incident   
B.    Compliance with regulations   
C.    Management support   
D.    Previously reported incidents  

Question # 45

Which of the following would be MOST helpful to identify worst-case disruption scenarios? 

A.          Business impact analysis (BIA)  
 B.          Business process analysis   
C.          SWOT analysis   
D.          Cast-benefit analysis  

Question # 46

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?   

A.    Decrease in the number of security incidents   
B.    Increase in the frequency of security incident escalations   
C.    Reduction in the impact of security incidents   
D.    Increase in the number of reported security incidents  

Question # 47

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?   

A.    Cost of the attack to the organization   
B.    Location of the attacker   
C.    Method of operation used by the attacker   
D.    Details from intrusion detection system (IDS) logs  

Question # 48

Which of the following BEST indicates that information security governance and corporate governance are integrated?   

A.          The information security team is aware of business goals.   
B.          The board is regularly informed of information security key performance indicators (KPIs),   
C.          The information security steering committee is composed of business leaders.   
D.          A cost-benefit analysis is conducted on all information security initiatives.  

Question # 49

Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?   

A.    To identify the organization's risk tolerance   
B.    To improve security processes   
C.    To align security roles and responsibilities   
D.    To optimize security risk management  

Question # 50

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?   

A.    Patch management files   
B.    Network system logs   
C.    Configuration management files   
D.    Intrusion detection system (IDS) logs  

Question # 51

Which of the following is the MOST important consideration when determining which type of failover site to employ?   

A.    Reciprocal agreements   
B.    Disaster recovery test results  
 C.    Recovery time objectives (RTOs)   
D.    Data retention requirements  

Question # 52

Penetration testing is MOST appropriate when a: 

A.          new system is about to go live.   
B.          new system is being designed.   
C.          security policy is being developed.  
 D.          security incident has occurred,  

Question # 53

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?   

A.          Establish key risk indicators (KRIs).   
B.          Use quantitative risk assessment methods.   
C.          Provide regular reporting on risk treatment to senior management  
 D.          Require steering committee approval of risk treatment plans.  

Question # 54

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?   

A.    Multi-factor authentication   
B.    Digital encryption   
C.    Data masking   
D.    Digital signatures

Question # 55

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?   

A.          Review independent security assessment reports for each vendor.   
B.          Benchmark each vendor's services with industry best practices.   
C.          Analyze the risks and propose mitigating controls.   
D.          Define information security requirements and processes.  

Question # 56

Which of the following processes BEST supports the evaluation of incident response effectiveness?

 A.    Root cause analysis   
B.    Post-incident review   
C.    Chain of custody   
D.    Incident logging  

Question # 57

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?   

A.          Each process is assigned to a responsible party.   
B.          The contact list is regularly updated.   
C.          Minimum regulatory requirements are maintained.
D.          Senior management approval has been documented.  

Question # 58

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:   

A.          validate the confidentiality during analysis.   
B.          reinstate original data when accidental changes occur.   
C.          validate the integrity during analysis.   
D.          provide backup in case of media failure.  

Question # 59

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?   

A.          Regulatory requirements   
B.          Compliance acceptance   
C.          Management support   
D.          Budgetary approval  

Question # 60

Threat and vulnerability assessments are important PRIMARILY because they are: 

A.    used to establish security investments   
B.    the basis for setting control objectives.   
C.    elements of the organization's security posture.   
D.    needed to estimate risk.  

Question # 61

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?   

A.    Refer the issue to internal audit for a recommendation.
A.    Re-classify the data and increase the security level to meet business risk.   
B.    Instruct the relevant system owners to reclassify the data.   
C.     Complete a risk assessment and refer the results to the data owners.  

Question # 62

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?   

A.    Initiate incident response.   
B.    Disable remote   
C.    Initiate a device reset.   
D.    Conduct a risk assessment.  

Question # 63

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:   

A.    best practices.   
B.    control framework   
C.    regulatory requirements.   
D.    cost-benefit analysis,  

Question # 64

Which of the following is the MOST important detail to capture in an organization's risk register? 

A.    Risk appetite   
B.    Risk severity level   
C.    Risk acceptance criteria   
D.    Risk ownership  

Question # 65

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?   

A.    Recommend canceling the outsourcing contract.   
B.    Request an independent review of the provider's data center.   C.    Notify affected customers of the data breach.   D.    Determine the extent of the impact to the organization.  Answer: D
C.    Notify affected customers of the data breach.   
D.    Determine the extent of the impact to the organization.  

Question # 66

A balanced scorecard MOST effectively enables information security: 

A.    project management   
B.    governance.   
C.    performance.   
D.    risk management.  

Question # 67

Which of the following is MOST effective in monitoring an organization's existing risk? 

A.    Periodic updates to risk register
B.    Risk management dashboards   
C.    Security information and event management (SIEM) systems   
D.     Vulnerability assessment results  

Question # 68

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?   

A.    Enable multi-factor authentication on user and admin accounts.   
B.    Review access permissions annually or whenever job responsibilities change   
C.    Lock out accounts after a set number of unsuccessful login attempts.   
D.    Delegate the management of access permissions to an independent third party.  

Question # 69

The PRIMARY advantage of involving end users in continuity planning is that they: 

A.    have a better understanding of specific business needs.   
B.    are more objective than information security management.   
C.    can see the overall impact to the business.   
D.    can balance the technical and business risks.  

Question # 70

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:   

A.    cause fewer potential production issues.   
B.    require less IT staff preparation.   
C.    simulate real-world attacks.   
D.    identify more threats.  

Question # 71

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?  

 A.          Identify the skill set of the provider's incident response team.   
B.          Evaluate the provider's audit logging and monitoring controls.  
 C.          Review the provider’s incident definitions and notification criteria.   
D.          Update the incident escalation process.  

Question # 72

Which of the following is the PRIMARY objective of incident triage? 

A.    Coordination of communications   
B.    Mitigation of vulnerabilities   
C.    Categorization of events   
D.    Containment of threats  

Question # 73

Which of the following is the BEST indication ofa successful information security culture? 

A.          Penetration testing is done regularly and findings remediated.   
B.          End users know how to identify and report incidents.   
C.          Individuals are given roles based on job functions.   
D.          The budget allocated for information security is sufficient.  

Question # 74

Which of the following is the MOST important criterion when deciding whether to accept residual risk? 

A.    Cost of replacing the asset   
B.    Cost of additional mitigation   
C.    Annual loss expectancy (ALE)   
D.    Annual rate of occurrence  

Question # 75

Which of the following sources is MOST useful when planning a business-aligned information security program?   

A.          Security risk register   
B.          Information security policy   
C.          Business impact analysis (BIA)   
D.          Enterprise architecture (EA)  

Question # 76

Recovery time objectives (RTOs) are BEST determined by: 

A.    business managers   
B.    business continuity officers
C.    executive management   
D.     database administrators (DBAs).  

Question # 77

Which of the following is the PRIMARY role of an information security manager in a software development project?   

A.    To enhance awareness for secure software design   
B.    To assess and approve the security application architecture   
C.    To identify noncompliance in the early design stage   
D.    To identify software security weaknesses  

Question # 78

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?  

 A.          The information security manager   
B.          The data owner   
C.          The application owner   
D.          The security engineer  

Question # 79

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?   

A.    The application does not use a secure communications protocol   
B.    The application is configured with restrictive access controls   
C.    The business process has only one level of error checking   
D.    Server-based malware protection is not enforced  

Question # 80

Which of the following would BEST help to ensure appropriate security controls are built into software?

 A.          Integrating security throughout the development process   
B.          Performing security testing prior to deployment   
C.          Providing standards for implementation during development activities   
D.          Providing security training to the software development team  

Question # 81

Implementing the principle of least privilege PRIMARILY requires the identification of: 

A.    job duties
B.    data owners   
C.    primary risk factors.   
D.     authentication controls  

Question # 82

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?   

A.          Availability of resources   
B.          Root cause analysis results   
C.          Adverse effects on the business  
 D.          Legal and regulatory requirements  

Question # 83

  Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?   

A.    Containment   
B.    Recovery   
C.    Eradication   
D.    Identification  

Question # 84

Which of the following would be MOST useful to help senior management understand the status of information security compliance?   

A.          Industry benchmarks   
B.          Key performance indicators (KPIs)   
C.          Business impact analysis (BIA) results  
 D.          Risk assessment results  

Question # 85

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

A.    Storing the plan at an offsite location   
B.    Communicating the plan to all stakeholders   
C.    Updating the plan periodically  
 D.    Conducting a walk-through of the plan  

Question # 86

Which of the following is the GREATEST benefit of information asset classification? 

A.          Helping to determine the recovery point objective (RPO)  
B.         Providing a basis for implementing a need-to-know policy   
C.          Supporting segregation of duties   
D.           Defining resource ownership  

Question # 87

Which of the following is the MOST important issue in a penetration test? 

A.    Having an independent group perform the test   
B.    Obtaining permission from audit   
C.    Performing the test without the benefit of any insider knowledge  
 D.    Having a defined goal as well as success and failure criteria  

Question # 88

The PRIMARY objective of a post-incident review of an information security incident is to: 

A.    update the risk profile   
B.    minimize impact   
C.    prevent recurrence.   
D.    determine the impact  

Question # 89

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?   

A.    Embedding compliance requirements within operational processes   
B.    Engaging external experts to provide guidance on changes in compliance requirements   
C.    Performing periodic audits for compliance with legal and regulatory requirements   
D.    Assigning the operations manager accountability for meeting compliance requirements  

Question # 90

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:   

A.    evaluate results of the most recent incident response test.   
B.    review the number of reported security incidents.   
C.    ensure established security metrics are reported.
D.    assess progress of risk mitigation efforts.  

Question # 91

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?   

A.          Scan the entire application using a vulnerability scanning tool.   
B.          Run the application from a high-privileged account on a test system.   
C.          Perform security code reviews on the entire application.   
D.          Monitor Internet traffic for sensitive information leakage.  

Question # 92

Which of the following is the BEST indication that an organization has a mature information security culture? 

A.    Information security training is mandatory for all staff.
B.    The organization's information security policy is documented and communicated.    
C.    The chief information security officer (CISO) regularly interacts with the board.    
D.     Staff consistently consider risk in making decisions.  

Question # 93

Network isolation techniques are immediately implemented after a security breach to: 

A.    preserve evidence as required for forensics   
B.    reduce the extent of further damage.   
C.    allow time for key stakeholder decision making.   
D.    enforce zero trust architecture principles.   

Question # 94

An anomaly-based intrusion detection system (IDS) operates by gathering data on: 

A.    normal network behavior and using it as a baseline lor measuring abnormal activity   
B.    abnormal network behavior and issuing instructions to the firewall to drop rogue connections   
C.    abnormal network behavior and using it as a baseline for measuring normal activity   
D.    attack pattern signatures from historical data  

Question # 95

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?   

A.    Existence of a right-to-audit clause   
B.    Results of the provider's business continuity tests   
C.    Technical capabilities of the provider  
D.    Existence of the provider's incident response plan  

Question # 96

Labeling information according to its security classification: 

A.          enhances the likelihood of people handling information securely.   
B.          reduces the number and type of countermeasures required.   
C.          reduces the need to identify baseline controls for each classification.   
D.          affects the consequences if information is handled insecurely.  

Question # 97

Which of the following events would MOST likely require a revision to the information security program? 

A.          An increase in industry threat level .   
B.          A significant increase in reported incidents   
C.          A change in IT management   
D.          A merger with another organization  

Question # 98

Which of the following backup methods requires the MOST time to restore data for an application? 

A.    Full backup   
B.    Incremental   
C.    Differential     
D.    Disk mirroring  

Question # 99

The MOST important element in achieving executive commitment to an information security governance program is:   

A.          a defined security framework.   
B.          a process improvement model   
C.          established security strategies.   
D.          identified business drivers.  

Question # 100

Which of the following is a desired outcome of information security governance?

 A.    Penetration test   
B.    Improved risk management   
C.    Business agility   
D.    A maturity model

Question # 101

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?   

A.    Conduct a penetration test of the vendor.   
B.    Review the vendor's technical security controls   
C.    Review the vendor contract   
D.    Disconnect the real-time access  

Question # 102

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:   

A.    the chief risk officer (CRO).   
B.    business senior management.   
C.    the information security manager.   
D.    the compliance officer.  

Question # 103

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:  

 A.    increasing budget and staffing levels for the incident response team.   
B.    implementing an intrusion detection system (IDS).   
C.    revalidating and mitigating risks to an acceptable level.   
D.    testing the business continuity plan (BCP).  

Question # 104

The BEST way to identify the risk associated with a social engineering attack is to: 

A.          monitor the intrusion detection system (IDS),   
B.          review single sign-on (SSO) authentication lags.  
 C.          test user knowledge of information security practices.   
D.          perform a business risk assessment of the email filtering system.

Question # 105

Which of the following should be the FIRST step in developing an information security strategy? 

A.          Determine acceptable levels of information security risk   
B.          Create a roadmap to identify security baselines and controls   
C.          Perform a gap analysis based on the current state   
D.          Identify key stakeholders to champion information security  

Question # 106

When collecting admissible evidence, which of the following is the MOST important requirement? 

A.    Need to know   
B.    Preserving audit logs
C.    Due diligence   
D.     Chain of custody  

Question # 107

When deciding to move to a cloud-based model, the FIRST consideration should be: 

A.    storage in a shared environment.   
B.    availability of the data.   
C.    data classification.   
D.    physical location of the data.   

Question # 108

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?  

 A.    Wipe and reset the endpoint device.   
B.    Isolate the endpoint device.   
C.    Power off the endpoint device.   
D.    Run a virus scan on the endpoint device.  

Question # 109

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:   

A.    the organization has the required funds to implement the plan.   
B.    compliance with legal and regulatory requirements.   
C.    staff participation in information security efforts.   
D.    the plan aligns with corporate governance.  

Question # 110

The PRIMARY objective of performing a post-incident review is to: 

A.    re-evaluate the impact of incidents.   
B.    identify vulnerabilities.   
C.    identify control improvements.   
D.    identify the root cause.  

Question # 111

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?   

A.    Establishing risk metrics   
B.    Training on risk management procedures
C.    Reporting on documented deficiencies   
D.     Assigning a risk owner  

Question # 112

Which of the following is the BEST justification for making a revision to a password policy?

 A.          Industry best practice   
B.          A risk assessment   
C.          Audit recommendation   
D.          Vendor recommendation  

Question # 113

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.   Which of the following should be given immediate focus?   

A.    Moving to a zero trust access model   
B.    Enabling network-level authentication   
C.    Enhancing cyber response capability  
 D.    Strengthening endpoint security  

Question # 114

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?   

A.    Post-incident review   
B.    Eradication   
C.    Containment  
 D.    Identification  

Question # 115

Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?   

A.    Review the previous risk assessment and countermeasures.   
B.    Perform a new risk assessment,   
C.    Evaluate countermeasures to mitigate new risks.   
D.    Transfer the new risk to a third party.  

Question # 116

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?   

A.          Disaster recovery plan (DRP)   
B.          Incident response plan   
C.          Business continuity plan (BCP)   
D.          Business contingency plan  

Question # 117

Which of the following is the BEST approach for governing noncompliance with security requirements? 

A.          Base mandatory review and exception approvals on residual risk,   
B.          Require users to acknowledge the acceptable use policy.   
C.          Require the steering committee to review exception requests.   
D.          Base mandatory review and exception approvals on inherent risk.  

Question # 118

Relationships between critical systems are BEST understood by 

A.          evaluating key performance indicators (KPIs)   
B.          performing a business impact analysis (BIA)  
 C.          developing a system classification scheme   
D.          evaluating the recovery time objectives (RTOs)  

Question # 119

Which of the following BEST facilitates the effective execution of an incident response plan? 

A.    The plan is based on risk assessment results.   
B.    The response team is trained on the plan   
C.    The plan is based on industry best practice.   
D.    The incident response plan aligns with the IT disaster recovery plan (DRP).  

Question # 120

Which of the following BEST facilitates effective incident response testing? 

A.    Including all business units in testing   
B.    Simulating realistic test scenarios   
C.    Reviewing test results quarterly   
D.    Testing after major business changes  

Question # 121

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

A.    Documentation of control procedures   
B.    Standardization of compliance requirements   
C.    Automation of controls   
D.    Integration of assurance efforts  

Question # 122

  Which of the following is the BEST way to obtain support for a new organization-wide information security program?   

A.    Benchmark against similar industry organizations   
B.    Deliver an information security awareness campaign.  
 C.    Publish an information security RACI chart.  
 D.    Establish an information security strategy committee.  

Question # 123

When developing a categorization method for security incidents, the categories MUST:   

A.          align with industry standards.   
B.          be created by the incident handler.   
C.          have agreed-upon definitions.   
D.          align with reporting requirements.  

Question # 124

A PRIMARY purpose of creating security policies is to: 

A.    define allowable security boundaries.   
B.    communicate management's security expectations.   
C.    establish the way security tasks should be executed.   
D.    implement management's security governance strategy.  

Question # 125

Which of the following is the BEST evidence of alignment between corporate and information security governance?   

A.          Security key performance indicators (KPIs)   
B.          Project resource optimization   
C.          Regular security policy reviews   
D.          Senior management sponsorship  

Question # 126

Who is BEST suited to determine how the information in a database should be classified? 

A.    Database analyst   
B.    Database administrator (DBA)   
C.    Information security analyst   
D.    Data owner  

Question # 127

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?  

 A.    Document risk acceptances.   
B.    Revise the organization's security policy.   
C.    Assess the consequences of noncompliance.   
D.    Conduct an information security audit.  

Question # 128

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:   

A.    change activities are documented.   
B.    the rationale for acceptance is periodically reviewed.   
C.    the acceptance is aligned with business strategy.   
D.    compliance with the risk acceptance framework.  

Question # 129

A penetration test was conducted by an accredited third party Which of the following should be the information security manager's FIRST course of action?   

A.    Ensure a risk assessment is performed to evaluate the findings   
B.    Ensure vulnerabilities found are resolved within acceptable timeframes   
C.    Request funding needed to resolve the top vulnerabilities   
D.    Report findings to senior management  

Question # 130

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?   

A.    Providing ongoing training to the incident response team  
 B.    Implementing proactive systems monitoring   
C.    Implementing a honeypot environment
D.    Updating information security awareness materials  

Question # 131

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?   

A.    Prevent the user from using personal mobile devices.   
B.    Report the incident to the police.   
C.    Wipe the device remotely.   
D.    Remove user's access to corporate data.  

Question # 132

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?   

A.    Evaluate privacy technologies required for data protection.   
B.    Encrypt all personal data stored on systems and networks.  
 C.    Update disciplinary processes to address privacy violations.   
D.    Create an inventory of systems where personal data is stored.  

Question # 133

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:   

A.          notify the business process owner.   
B.          follow the business continuity plan (BCP).   
C.          conduct an incident forensic analysis.
D.          follow the incident response plan.  

Question # 134

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:   

A.    results of exit interviews.   
B.    previous training sessions.   
C.    examples of help desk requests.   
D.    responses to security questionnaires.  

Question # 135

Which of the following BEST ensures timely and reliable access to services? 

A.    Nonrepudiation   
B.    Authenticity   
C.    Availability   
D.    Recovery time objective (RTO)