Browse Exams Pricing

ExamsCISMQuestions

CISM Exam Questions

989 real CISM exam questions with expert-verified answers and explanations. Page 11 of 20.

Question #501Information Security Risk Management
Which of the following is the MOST important element in developing an effective business continuity plan (BCP)?
Business Continuity Plan (BCP)Business Impact Analysis (BIA)Risk AssessmentContinuity Management
Question #502Information Security Risk Management
Which of the following is the BEST way for an information security manager to identify emerging risk to an organization?
Emerging Risk IdentificationThreat IntelligenceRisk MonitoringSecurity Risk Management
Question #503Information Security Incident Management
Which of the following provides the MOST effective response against ransomware attacks?
RansomwareIncident ResponseData RecoveryBackup and Restoration
Question #504Information Security Incident Management
To ensure alignment between the disaster recovery plan (DRP) and incident response plan, which of the following is MOST important for the information security manager to verify?
DRP-IRP AlignmentIncident ManagementDisaster RecoveryPlan Coordination
Question #505Information Security Incident Management
Which of the following is MOST likely to take place during the containment phase of incident response?
Incident Response PhasesContainmentStakeholder CommunicationIncident Management Process
Question #506Information Security Program Development and Management
The PRIMARY objective of an organized phishing simulation is to test the:
Phishing simulationSecurity awarenessUser trainingProgram effectiveness
Question #507Information Security Incident Management
Which of the following should be done FIRST when a system is infected with malware?
Malware infectionIncident responseContainmentSystem isolation
Question #508Information Security Incident Management
Which of the following should occur NEXT after a successful malware attack in one segment of an organization's network has been confirmed and contained?
Incident Response LifecycleContainmentEradicationMalware Incident
Question #509Incident Management
Which of the following should be the MOST important consideration of business continuity management?
Business Continuity ManagementHuman SafetyDisaster Recovery PrinciplesPriority Setting
Question #510Information Security Risk Management
An information security manager's cost estimate for a multi-component identity and access management (IAM) initiative is too expensive and complex for a single implementation. What...
PrioritizationRisk ManagementIAMSecurity Program Management
Question #511Information Security Risk Management
The integration of information security risk management processes into corporate risk management will MOST likely provide:
Risk Management IntegrationEnterprise RiskInformation Security ControlsCorporate Risk Management
Question #512Incident Management
Which of the following is the PRIMARY reason to use a phased incident recovery approach?
Incident RecoveryPhased RecoveryCritical System RestorationRecovery Prioritization
Question #513Information Security Program Development and Management
Which of the following is the FIRST step when creating security baselines?
Security BaselinesSecurity ControlsInformation Security ProgramStandardization
Question #514Information Security Risk Management
Which of the following is MOST important to consider when outsourcing a customer service function that processes sensitive data?
Outsourcing SecurityThird-Party Risk ManagementData ProtectionVendor Due Diligence
Question #515Information Security Incident Management
Which type of backup BEST enables an organization to recover data after a ransomware attack?
Offline backupRansomware recoveryData recoveryDisaster recovery
Question #516Information Security Risk Management
An organization has identified IT failures in a call center application. Of the following, who should own this risk?
risk ownershipbusiness riskoperational riskroles and responsibilities
Question #517Information Security Risk Management
Which of the following is the MOST important action for an information security manager upon receiving information about an emerging threat?
Emerging threatsRisk assessment processSecurity manager responsibilitiesThreat response prioritization
Question #518Information Security Governance
Which of the following attributes is MOST important to consider when planning to adopt a recognized standard or framework for information security?
Information Security FrameworksStrategic PlanningOrganizational NeedsGovernance
Question #519Information Security Governance
Which of the following is MOST important when performing asset classification?
Asset ClassificationAsset OwnershipSecurity GovernanceRoles and Responsibilities
Question #520Information Security Incident Management
Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of a compromised endpoint?
Incident ResponseDigital ForensicsChain of CustodyEvidence Handling
Question #521Information Security Incident Management
Which of the following should be done FIRST once a cybersecurity attack has been confirmed?
Incident ResponseContainmentFirst Responder Actions
Question #522Information Security Governance
What will BEST facilitate the success of new security initiatives?
Security GovernanceBusiness AlignmentStrategic SecurityStakeholder Engagement
Question #523Information Security Incident Management
Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?
SIEMSecurity MonitoringIncident DetectionAlert Correlation
Question #524Information Security Incident Management
Which of the following BEST demonstrates the effectiveness of an organization's incident response capabilities?
Incident ResponsePerformance MetricsEffectiveness MeasurementIncident Closure
Question #525Information Security Governance
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall...
International complianceRegulatory requirementsSecurity strategyRisk mitigation
Question #526Information Security Program Development and Management
Which of the following is the MOST effective method to facilitate adoption of a security program?
Security Program AdoptionStakeholder CollaborationOrganizational Buy-inProgram Management
Question #527Information Security Incident Management
Which of the following is established during the preparation phase of an incident response plan?
Incident Response PlanningPreparation PhaseStakeholder Communication
Question #528Information Security Risk Management
An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:
Risk acceptanceCompliance riskCost-benefit analysisRegulatory compliance
Question #529Information Security Governance
What is the MOST important consideration for an organization operating in a highly regulated market when new regulatory requirements with high impact to the business need to be imp...
Regulatory ComplianceGap AnalysisCompliance ManagementImplementation Planning
Question #530Information Security Governance
Which of the following is the MOST important consideration when establishing an information security governance framework?
Information Security GovernanceRoles and ResponsibilitiesGovernance FrameworkAccountability
Question #531Information Security Program
Which of the following is MOST important to convey to employees in building a security risk- aware culture?
Security CultureEmployee AwarenessShared Responsibility
Question #532Information Security Incident Management
Which of the following should be done FIRST after a ransomware incident has been successfully contained?
Incident Response ProcessForensic AnalysisRansomwareContainment Phase
Question #533Information Security Risk Management
During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
Due diligenceAcquisition securityRisk assessmentM&A security
Question #534Information Security Program Development and Management
Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
Stakeholder ManagementOrganizational Buy-inSecurity Program LeadershipCommunication Strategy
Question #535Information Security Governance
Which of the following would be MOST important to include in a proposal justifying investments for an organization's information security program?
Security program justificationBusiness alignmentInvestment proposalValue proposition
Question #536Information Security Risk Management
Which of the following should be an information security manager's PRIMARY focus when preparing for the rollout of a bring your own device (BYOD) program?
BYODRisk AssessmentProgram PlanningSecurity Management
Question #537Information Security Incident Management
An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
Forensic ImagingEvidence IntegrityDigital HashingIncident Response
Question #538Information Security Program
Which of the following activities is BEST performed by someone other than the system administrator to ensure the separation of duties?
Separation of DutiesInternal ControlsSystem AdministrationSecurity Operations
Question #539Information Security Incident Management
Which of the following BEST enables an organization to transition smoothly to contingency plans in the event of a business disruption?
Disaster Recovery ProceduresBusiness ContinuityContingency PlanningIncident Recovery
Question #540Information Security Risk Management
Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?
Risk ResponseRisk AcceptanceRisk TreatmentRisk Management Strategy
Question #541Information Security Incident Management
An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of po...
Privilege managementAccess controlPolicy violationIncident response
Question #542Information Security Program Development and Management
Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?
Funding information securityBusiness caseResource allocationStrategic alignment
Question #543Information Security Governance
Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?
Program AlignmentOrganizational StrategyBusiness RiskSecurity Governance
Question #544Information Security Program Development and Management
Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service vendor?
Vendor ManagementManaged Security Services (MSSP)Security ObjectivesOutsourcing Evaluation
Question #545Information Security Risk Management
For vulnerabilities classified as high or critical, which of the following vulnerability characteristics is MOST important to consider when prioritizing remediation actions?
Vulnerability PrioritizationRisk AssessmentExploitability
Question #546Information Security Governance
Which of the following observations should be of GREATEST concern to an IS auditor reviewing an organization's enterprise architecture (EA) program?
Enterprise ArchitectureIT GovernanceArchitecture ReviewRoles and Responsibilities
Question #547Information Security Program Development and Management
Which of the following should be the GREATEST concern to an IS auditor evaluating an organization's policies?
Security PoliciesPolicy EvaluationControl AdequacyIS Audit Concerns
Question #548Information Security Incident Management
A successful breach of an organization's web application platform was detected and logged in a SIEM platform, but the security team was unaware of the event due to a large number o...
Incident ResponseSecurity OperationsSIEM OptimizationAutomated Alerting
Question #549Information Security Incident Management
A robotic process automation (RPA) assisting in monthly bank reconciliation failed to detect a deposit of client funds into the incorrect escrow account. Which type of audit should...
Operational auditRPA auditingInternal controlsAudit types
Question #550Information Security Governance
When performing a data classification project, an information security manager should:
Data ClassificationInformation OwnersRoles and ResponsibilitiesInformation Governance

PreviousPage 11 of 20Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.