CISM Question #229: Real Exam Question with Answer & Explanation

Sign in or unlock CISM to reveal the answer and full explanation for question #229. The question stem and answer options stay visible for context.

Submitted by rania.sa· Apr 18, 2026Information Security Program Development and Management

Question

An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?

Options

AVulnerabilities are identified by internal staff rather than by external consultants.
BIdentified vulnerabilities are not logged and resolved in a timely manner.
CThe number of vulnerabilities identified exceeds industry benchmarks.
DIdentified vulnerabilities are not published and communicated in awareness programs.

Unlock CISM to see the answer

You've previewed enough free CISM questions. Unlock CISM for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISM - $49.99 / 30 days Sign in

Topics

#Vulnerability Management#Program Effectiveness#Risk Remediation#Security Audit Findings

Full CISM Practice Browse All CISM Questions