Browse Exams Pricing

ExamsCISMQuestions

CISM Exam Questions

989 real CISM exam questions with expert-verified answers and explanations. Page 16 of 20.

Question #751Information Security Governance
What is the information security steering committee's PRIMARY role in the development of security policies?
Information Security Steering CommitteeSecurity Policy DevelopmentBusiness AlignmentGovernance Role
Question #752Information Security Risk Management
Which of the following is the GREATEST threat posed by quantum computing technology for information security?
Quantum ComputingCryptographyEmerging ThreatsInformation Confidentiality
Question #753Information Security Incident Management
After an incident has been remediated, which of the following is the MOST important area of focus for the information security manager?
Incident ManagementLessons LearnedPost-incident reviewContinuous Improvement
Question #754Information Security Risk Management
Which of the following is the responsibility of a risk owner?
Risk OwnerRisk Management RolesControl MonitoringRisk Accountability
Question #755Information Security Program Development and Management
When defining a security baseline, it is MOST important that the baseline:
Security BaselinesConfiguration ManagementStandardizationInformation Security Program
Question #756Information Security Risk Management
An organization has adopted a generative AI system. Which of the following is MOST important to enable the organization to manage potential risks?
Generative AIRisk ManagementRisk AssessmentAI Security
Question #757Information Security Governance
Which of the following should be the PRIMARY area of focus when creating a data retention policy for the services that an organization provides?
Data Retention PolicyBusiness AlignmentInformation Security GovernancePolicy Development
Question #758Information Security Risk Management
Which of the following should be the MOST important consideration when prioritizing risk remediation?
Risk prioritizationRisk remediationRisk toleranceRisk management
Question #759Information Security Incident Management
Which of the following would BEST address the risk of a system failing to detect a breach?
Breach detectionLog monitoringSecurity operationsDetective controls
Question #760Incident Management
The PRIMARY goal when conducting post-incident reviews is to identify:
Incident responsePost-incident reviewLessons learnedIncident plan improvement
Question #761Information Security Program Development and Management
Which of the following is a prerequisite for formulating a business continuity plan (BCP)?
Business Continuity Planning (BCP)Recovery Time Objective (RTO)Business Impact Analysis (BIA)Planning prerequisites
Question #762Information Security Risk Management
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Emerging Technologies SecurityVulnerability ManagementRisk MitigationRisk Assessment
Question #763Information Security Incident Management
Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?
Incident ResponseIR TestingBreach ManagementProgram Effectiveness
Question #764Information Security Risk Management
Which of the following is the MOST common contributor to cybersecurity breaches?
Human errorCybersecurity breachesBreach causes
Question #765Information Security Governance
Which of the following BEST enables an organization to transform its culture to support information security?
Information security cultureManagement buy-inGovernanceOrganizational change
Question #766Information Security Incident Management
The PRIMARY benefit of determining the severity level of a reported incident is that the severity level can be used to:
Incident ManagementIncident ResponseIncident SeverityEscalation Procedures
Question #767Information Security Risk Management
Of the following, who is BEST positioned to approve specific information security risk treatment options?
Risk ownershipRisk treatmentRoles and responsibilities
Question #768Information Security Program Development and Management
An organization has identified a weakness in the ability of its employees to identify and report cybersecurity incidents. Although training materials have been provided, employees...
Security awarenessLeadership supportProgram managementEmployee engagement
Question #769Information Security Incident Management
Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?
Incident ManagementSIEMSecurity OperationsIncident Prioritization
Question #770Information Security Risk Management
A serious vulnerability was detected in a business application that can be exploited by external attackers to compromise the system. What is the information security manager's BEST...
Risk communicationRoles and responsibilitiesVulnerability managementRisk ownership
Question #771Information Security Risk Management
Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?
Risk assessmentSecurity postureInformation security managementInitial assessment
Question #772Information Security Risk Management
The PRIMARY purpose of vulnerability identification is to:
Vulnerability ManagementVulnerability IdentificationRemediation
Question #773Information Security Risk Management
Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?
Access ControlLeast PrivilegeCloud SecurityRisk Mitigation
Question #774Information Security Risk Management
When mitigation is the chosen risk treatment, which of the following roles is responsible for effective implementation of the chosen treatment?
Risk Management RolesControl OwnershipRisk TreatmentRoles and Responsibilities
Question #775Information Security Risk Management
Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?
Key Risk IndicatorsKRI DevelopmentRisk MonitoringRisk Management Challenges
Question #776Information Security Governance
Which of the following should be the MOST important consideration when reviewing an information security strategy?
Information Security StrategyBusiness AlignmentStrategic ReviewGovernance
Question #777Information Security Program Development and Management
Which of the following provides the MOST assurance that a third-party hosting provider will be able to meet availability requirements?
SLAThird-party risk managementAvailabilityContractual agreements
Question #778Information Security Incident Management
Which of the following tools would be MOST helpful to an incident response team?
Incident ResponseSecurity ToolsEndpoint SecurityEDR
Question #779Information Security Program Development and Management
A business continuity plan (BCP) should contain:
Business Continuity PlanningBCP ActivationResilience Planning
Question #780Information Security Incident Management
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
Incident ResponseCloud SecurityVendor ManagementEscalation Procedures
Question #781Information Security Incident Management
Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?
Incident ResponseContainment PhaseCyber Incident ManagementIncident Lifecycle
Question #782Information Security Risk Management
An organization has decided to implement an Internet of Things (IoT) solution to remain competitive in the market. Which of the following should information security do FIRST?
Risk assessmentNew technology riskIoT securityRisk management lifecycle
Question #783Information Security Risk Management
What should be an information security manager's FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?
Risk assessmentControl bypassNoncomplianceInformation security management
Question #784Information Security Risk Management
Which of the following risks is an example of risk transfer?
Risk TransferRisk Response StrategiesCybersecurity Insurance
Question #785Information Security Risk Management
Which of the following is the MOST common cause of cybersecurity breaches?
Human errorBreach causesCybersecurity incidents
Question #786Information Security Governance
What is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?
Stakeholder engagementSecurity policyPolicy developmentOrganizational buy-in
Question #787Information Security Program Development and Management
An organization requires that business-critical applications be recovered within 30 minutes in the event of a disaster. Which of the following metrics should be in the business con...
Business Continuity PlanRecovery Time ObjectiveDisaster RecoveryApplication Recovery
Question #788Information Security Governance
A new information security reporting requirement will soon become effective. Which of the following should be the information security manager's FIRST action?
Regulatory complianceLegal & regulatory requirementsInformation security governanceCompliance management
Question #789Information Security Governance
Which of the following is the MOST important reason for an information security manager to archive and retain the organization's electronic communication and email data?
Data RetentionLegal ComplianceE-discoveryInformation Governance
Question #790Information Security Program Development and Management
Which of the following should be of GREATEST concern regarding an organization's security controls?
Security ControlsControl MonitoringKey Control IndicatorsControl Effectiveness
Question #791Information Security Incident Management
Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?
Incident recognitionService desk trainingIncident responseTimeliness
Question #792Information Security Program Development and Management
Which of the following provides the MOST comprehensive understanding of an organization's information security posture?
Security AssessmentSecurity PostureMaturity ModelProgram Evaluation
Question #793Information Security Program Development and Management
For an e-business that requires high availability, which of the following design principles is BEST?
High AvailabilityBusiness ContinuitySystem ResilienceFailover
Question #794Information Security Incident Management
Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?
Incident ResponseContainment PhaseCyber Incident ManagementIncident Lifecycle
Question #795Information Security Risk Management
An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknes...
Penetration TestingVulnerability ManagementControl ValidationSecurity Testing
Question #796Information Security Risk Management
An information security team has started work to mitigate findings from a recent penetration test. Which of the following presents the GREATEST risk to the organization?
Risk ManagementPenetration Testing RemediationVulnerability ManagementRisk Classification
Question #797Information Security Risk Management
Which of the following is the MOST important consideration when defining control objectives?
Control ObjectivesRisk AppetiteInformation Security ControlsRisk Management Strategy
Question #798Information Security Risk Management
An information security manager learns that an existing supplier plans to begin using its recently developed generative AI technology for the same scope of service. A risk assessme...
Third-Party Risk ManagementGenerative AI RiskRisk AssessmentSecurity Due Diligence
Question #799Information Security Incident Management
Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?
SIEMIncident ManagementSecurity MonitoringSecurity Systems
Question #800Information Security Incident Management
Which of the following is MOST likely to reduce the effectiveness of a SIEM system?
SIEMAlert ManagementSecurity OperationsIncident Detection

PreviousPage 16 of 20Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.