Browse Exams Pricing

ExamsCISMQuestions

CISM Exam Questions

989 real CISM exam questions with expert-verified answers and explanations. Page 14 of 20.

Question #651Information Security Risk Management
An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:
Risk evaluationPolicy developmentSocial media securityInformation security planning
Question #652Information Security Incident Management
Which of the following has the GREATEST impact on the ability to successfully execute a disaster recovery plan (DRP)?
Disaster Recovery PlanPlan CommunicationStakeholder ManagementExecution Effectiveness
Question #653Information Security Program Development and Management
In a Zero Trust architecture, which of the following is the MOST important consideration to prevent the lateral movement of a threat actor within an organization's network?
Zero TrustMicrosegmentationLateral Movement PreventionNetwork Security
Question #654Information Security Governance
Which of the following is the MOST important reason for an information security manager to understand legal and regulatory compliance requirements?
Legal & Regulatory ComplianceSecurity StrategyInformation Security GovernanceCompliance Management
Question #655Information Security Incident Management
Which of the following is an objective of incident containment procedures?
Incident containmentIncident responseIncident management objectives
Question #656Information Security Incident Management
Which of the following is the PRIMARY objective of incident remediation?
Incident RemediationIncident Response ObjectivesSystem IntegrityIncident Management Process
Question #657Information Security Incident Management
Which of the following BEST minimizes disruptions to service operations associated with the loss of information caused by ransomware?
Business Continuity PlanRansomware ResponseService DisruptionIncident Recovery
Question #658Information Security Program
An organization has invested heavily in technical and physical controls but continues to have an unacceptable level of incidents. Which of the following is MOST likely to improve t...
Security Awareness TrainingHuman Factors in SecurityIncident PreventionInformation Security Program
Question #659Information Security Governance
Which of the following stakeholders is in the BEST position to implement the controls needed to appropriately protect data?
Data owner responsibilitiesStakeholder rolesData protectionInformation security governance
Question #660Information Security Risk Management
The PRIMARY reason to conduct application security and penetration testing for internet-facing applications is to:
Application SecurityPenetration TestingVulnerability AssessmentExternal Threats
Question #661Information Security Incident Management
Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?
Incident ClassificationIncident CategorizationIncident Impact
Question #662Information Security Risk Management
An organization has recently purchased cybersecurity insurance after the board voiced concern about the potential for a security breach. With this response to the perceived risk, t...
Risk managementRisk transferCybersecurity insuranceAccountability
Question #663Information Security Governance
Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?
information security governancestrategic alignmentbusiness integrationsecurity objectives
Question #664Information Security Program Development and Management
Which of the following should an information security manager do FIRST when developing an organization's disaster recovery plan (DRP)?
Disaster Recovery PlanningBusiness Impact Analysis (BIA)Business Continuity Management (BCM)DRP Development
Question #665Information Security Program Development and Management
When is the BEST time to verify that a production system's security mechanisms meet control objectives?
Continuous MonitoringControl EffectivenessSecurity AssuranceAutomated Security
Question #666Information Security Governance
Which of the following is MOST important for an information security manager to consider when developing an information security strategy?
Information security strategyOrganizational objectivesRisk appetiteSecurity governance
Question #667Information Security Incident Management
Which of the following metrics would BEST measure the reliability and resilience of digital systems?
System ReliabilitySystem ResilienceMetricsAvailability
Question #668Information Security Program Development and Management
Which of the following provides the BEST guidance when creating a new security program?
Security program developmentInformation security frameworksProgram guidanceCISM domain 2
Question #669Information Security Governance
An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager's BEST approach for communicating the implications of this...
Zero TrustStakeholder CommunicationRisk ManagementBusiness Impact
Question #670Information Security Program Development and Management
Which of the following is the BEST way to integrate information security into the organization's change management life cycle?
Change ManagementSecurity IntegrationProcess IntegrationSecurity Program Management
Question #671Information Security Incident Management
Which of the following is MOST difficult to measure following an information security breach?
breach costsreputational damageincident impactcost measurement
Question #672Information Security Incident Management
An organization identified a security breach resulting from an employee clicking on a malicious link within an email and failing to report it. Which of the following would BEST ena...
Phishing awarenessSecurity awareness trainingIncident reportingIncident detection
Question #673Information Security Risk Management
Which of the following is MOST likely to ensure vulnerabilities are resolved over time?
Vulnerability Management SystemRisk RemediationContinuous ImprovementSecurity Operations
Question #674Information Security Governance
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
Management SupportSecurity Strategy ImplementationOrganizational Buy-inGovernance
Question #675Information Security Risk Management
Which of the following is the BEST way to stay current with emerging risks to an organization?
Threat intelligenceEmerging risksRisk monitoringRisk identification
Question #676Information Security Risk Management
An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager s...
Risk AssessmentBig Data SecurityNew Technology AdoptionProject Feasibility
Question #677Information Security Incident Management
Which of the following is the PRIMARY reason for conducting an incident response tabletop exercise?
Incident ResponseTabletop ExerciseTeam PreparednessSecurity Training
Question #678Information Security Incident Management
Which of the following BEST indicates that an emerging IT-related threat has impacted an organization?
Incident detectionThreat indicatorsSecurity monitoringAnomaly detection
Question #679Information Security Incident Management
Which of the following is the BEST source of information to help prioritize resources during disaster recovery planning?
Business Impact Analysis (BIA)Disaster Recovery PlanningResource PrioritizationBusiness Continuity Planning
Question #680Information Security Risk Management
An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software sec...
Third-party risk managementSoftware security assuranceVendor security assessmentRisk mitigation
Question #681Information Security Program Development and Management
An organization dealing with an increased number of successful phishing attacks has requested that the information security manager take action to address the problem. Which of the...
Security AwarenessPhishing MitigationHuman FactorsSecurity Program Effectiveness
Question #682Information Security Risk Management
An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?
Threat identificationSecurity terminologyRisk management concepts
Question #683Information Security Governance
What is the BEST way to inform senior management of the value of information security?
Communicating valueBusiness alignmentStrategic communicationSecurity leadership
Question #684Information Security Program Development and Management
An information security manager is drafting a data protection policy for a Software as a Service (SaaS) platform. Which of the following is the MOST important consideration?
data protection policydata retentionSaaS securitycompliance
Question #685Information Security Incident Management
Which of the following should be an information security manager's FIRST course of action when a potential business breach is discovered in a critical business system?
Incident ResponseBreach DetectionIncident ValidationFirst Response Actions
Question #686Information Security Program Development and Management
Which of the following would BEST support the business case for an increase in the information security budget?
Budget JustificationCost-Benefit AnalysisResource AllocationBusiness Case
Question #687Information Security Incident Management
While responding to a security incident, the response team realizes the cost of the resolution might exceed the value of the asset. Which of the following should be the response te...
Incident EscalationIncident Response ProcessManagement ReportingResource Allocation
Question #688Information Security Incident Management
When developing an incident response plan, which of the following is the MOST effective way to ensure incidents common to the organization are handled properly?
Incident ResponseIncident DrillsPlan TestingOperational Effectiveness
Question #689Information Security Governance
What should be the PRIMARY objective of an information security policy?
Information Security PolicyManagement ExpectationsSecurity GovernancePolicy Objective
Question #690Information Security Governance
Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?
Cloud SecurityContractual ObligationsLegal and Regulatory ComplianceCross-border Data
Question #691Information Security Risk Management
Which of the following is the BEST way to help ensure third-party vendors maintain adequate information security controls to protect the organization's assets?
Vendor Risk ManagementThird-Party SecuritySecurity AuditsInformation Security Assurance
Question #692Information Security Governance
Which of the following is the MOST important consideration related to the retention of business records?
Record RetentionLegal ComplianceRegulatory ComplianceData Governance
Question #693Information Security Risk Management
Which of the following is the MOST useful input for a business impact analysis (BIA) being conducted by an e-commerce business?
Business Impact Analysis (BIA)Asset InventoryRisk ManagementBusiness Continuity Planning
Question #694Information Security Risk Management
Which of the following is the BEST strategy when determining an organization's approach to risk treatment?
Risk TreatmentRisk PrioritizationCritical Risks
Question #695Information Security Governance
Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?
Organizational CultureSecurity PoliciesPolicy EnforcementSecurity Governance
Question #696Information Security Risk Management
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of t...
Risk ManagementCompensating ControlsRisk AppetiteControl Effectiveness
Question #697Information Security Incident Management
A corporate laptop is discovered to have been compromised. The incident has been contained, and the laptop is in the possession of the incident response team. Which of the followin...
Incident Response ProcessDigital ForensicsEvidence PreservationContainment
Question #698Information Risk Management
Which of the following is the PRIMARY goal of a business impact analysis (BIA)?
Business Impact Analysis (BIA)Criticality PrioritizationBusiness Continuity Planning (BCP)Disaster Recovery Planning (DRP)
Question #699Information Risk Management
Which of the following risk responses is an example of risk transfer?
Risk ManagementRisk ResponseRisk TransferCybersecurity Insurance
Question #700Information Security Risk Management
Which of the following is the MOST common contributor to cybersecurity breaches?
Cybersecurity breachesHuman errorBreach causesThreat vectors

PreviousPage 14 of 20Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.