CISM by ISACA Actual Free Exam Questions And Answers

Question 1

Which of the following is the PRIMARY responsibility of an information security governance committee?

A. Discussing upcoming information security projects

B. Reviewing the information security risk register

C. Reviewing monthly information security metrics

D. Approving changes to the information security strategy

Discussion 0

Correct Answer: D Vote an answer

Question 2

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

A. Direction from senior management

B. Determination of recovery point objective (RPO)

C. Results of recovery testing

D. Impact of service interruption

Discussion 0

Correct Answer: D Vote an answer

Question 3

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

A. review the state of security awareness.

B. perform a gap analysis.

C. review information security policies.

D. perform a risk assessment.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?

A. Create contingency plans.

B. Develop service level agreements (SLAs).

C. Stipulate insurance requirements.

D. Require nondisclosure agreements (NDAs).

Discussion 0

Correct Answer: A Vote an answer

Question 5

Which of the following is MOST important to consider when defining control objectives?

A. An information security framework

B. The organization's risk appetite

C. Control recommendations from a recent audit

D. Industry best practices

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:

A. penetration testing.

B. behavior analysis.

C. data packet analysis.

D. signature analysis.

Discussion 0

Correct Answer: B Vote an answer

Question 7

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

A. A properly configured firewall

B. Employee training on ransomware

C. A properly tested offline backup system

D. A continual server replication process

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

A. Recovery time objective (RTO)

B. Security audit reports

C. Technological capabilities

D. Escalation processes

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

Which of the following should be the FIRST step when performing triage of a malware incident?

A. Comparing backup against production

B. Preserving the forensic image

C. Removing the malware

D. Containing the affected system

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 10

Which of the following parties should be responsible for determining access levels to an application that processes client information?

A. Business unit management

B. The information security tear

C. The identity and access management team

D. The business client

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

ISACA Certified Information Security Manager - CISM Exam Practice Test

Contact Us

Useful Links

Latest Updated