Browse Exams Pricing

ExamsCISMQuestions

CISM Exam Questions

989 real CISM exam questions with expert-verified answers and explanations. Page 17 of 20.

Question #801Information Security Governance
The BEST way to integrate information security governance with corporate governance is to ensure:
Information Security GovernanceCorporate GovernanceStrategic AlignmentBusiness Process Integration
Question #802Information Security Risk Management
Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?
Change ManagementRisk MitigationEmergency ChangesRollback Plans
Question #803Information Security Risk Management
An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknes...
Vulnerability AssessmentRisk RemediationSecurity ControlsApplication Security
Question #804Information Security Program Development and Management
Which of the following should be an information security manager's MAIN concern if the same digital signing certificate is able to be used by two or more users?
Digital CertificatesDigital SignaturesNon-repudiationIdentity Validation
Question #805Information Security Governance
An organization has been adhering to the requirements of stringent cybersecurity legislation in one of its local markets and a change to the legislation has recently occurred. Whic...
Compliance ManagementRegulatory ChangesImpact AssessmentLegal Requirements
Question #806Information Security Program Development and Management
Which of the following is the MOST effective way to verify the proper installation of a firewall policy that restricts a small group of internal IP addresses from accessing the int...
Firewall policy verificationSecurity control testingNetwork access controlEffectiveness measurement
Question #807Information Security Program Development and Management
Which of the following should be the PRIMARY objective when establishing a new information security program?
Information security program objectivesRisk managementProgram establishmentSecurity strategy
Question #808Information Security Governance
Which of the following is MOST helpful to ensure alignment of an organization's information security resources to the organization's goals and strategic direction?
Enterprise Security ArchitectureStrategic AlignmentInformation Security GovernanceBusiness Objectives
Question #809Information Security Risk Management
An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?
Third-party risk managementVendor assessmentDue diligenceSecurity controls alignment
Question #810Information Security Governance
Which of the following would be the GREATEST concern if an information security manager defines a security approach according to industry best practices?
Security governanceBusiness alignmentOrganizational objectivesStrategic security
Question #811Information Security Incident Management
Which of the following is the PRIMARY benefit of using a centralized incident management system rather than a distributed incident management system?
Incident Management SystemsCentralized ArchitectureData CorrelationSecurity Operations
Question #812Information Security Incident Management
During which of the following incident management phases would an information security manager MOST likely seek to evaluate the sequence of events leading to a breach and the incid...
Incident Management PhasesPost-Incident ReviewLessons LearnedIncident Evaluation
Question #813Information Security Program Development and Management
Which of the following would MOST effectively communicate the maturity of an information security program to executive management?
Information Security ProgramProgram MaturityExecutive ReportingIndustry Benchmarks
Question #814Information Security Program Development and Management
In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?
Acceptable Use PolicyAdministrative ControlsSecurity AwarenessMobile Device Security
Question #815Information Security Governance
The manager of a key project has bypassed the standard contractor onboarding process to acquire additional resources for delivering the project on time. Contracts were executed off...
Third-party risk managementContractual securityDue diligenceGovernance oversight
Question #816Information Security Risk Management
An outsourced vendor handles an organization's business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendo...
Vendor managementSecurity assuranceThird-party riskIndependent audit
Question #817Information Security Risk Management
An organization is in the process of acquiring a competitor. The information security manager has been asked to report on the security posture of the target acquisition. Which of t...
Security AssessmentMergers and AcquisitionsDue DiligenceRisk Identification
Question #818Information Security Program Development and Management
Which of the following is MOST effective for improving an organization's security culture?
Security awarenessSecurity cultureHuman factorsTraining & education
Question #819Information Security Governance
Which of the following is the BEST approach for reporting information security noncompliance to senior management?
Reporting to managementNoncompliance reportingRisk impactInformation security governance
Question #820Information Security Risk Management
Which of the following is an input used to calculate system-level risk?
Risk calculationSystem riskVulnerabilitiesRisk inputs
Question #821Information Security Program Development and Management
Which of the following is the BEST indicator of a successful organizational information security culture?
Information Security CultureEmployee ResponsibilityIncident ReportingSecurity Awareness
Question #822Information Security Program Development and Management
Which of the following is the BEST source of data for measuring the effectiveness of an organization's information security program?
Information Security Program EffectivenessKPIsSecurity MetricsProgram Measurement
Question #823Information Security Risk Management
Defining risk appetite PRIMARILY helps an organization to:
Risk AppetiteRisk TreatmentRisk Management Process
Question #824Information Security Risk Management
Which of the following is the MOST important consideration when defining security configuration baselines?
Security baselinesRisk managementSecurity configurationsControl implementation
Question #825Information Security Program Development and Management
Which of the following is the MOST important reason to have documented security procedures?
Security proceduresPolicy implementationInformation security documentationSecurity program management
Question #826Information Risk Management
Which of the following is the BEST method to determine the effectiveness of an information risk management program?
Key Risk Indicators (KRIs)Program EffectivenessRisk MonitoringInformation Risk Management
Question #827Information Security Program Development and Management
Which of the following is the BEST way for an organization to compensate for slowdowns in production network performance due to vulnerability scanning?
Vulnerability ManagementSecurity OperationsOperational ImpactScan Scheduling
Question #828Information Security Risk Management
To align with the principles of Zero Trust, which of the following is the MOST important course of action when engaging with external parties?
Zero TrustThird-Party Risk ManagementContractual SecurityContinuous Verification
Question #829Information Security Risk Management
Behavioral analytics tools are used PRIMARILY to manage risks within an organization by:
Behavioral AnalyticsUEBAThreat DetectionAnomalous Activity
Question #830Information Security Program Development and Management
Which of the following MOST effectively allows for disaster recovery testing without interrupting business operations?
Disaster Recovery TestingBusiness ContinuityParallel TestingNon-disruptive Testing
Question #831Information Security Program Development and Management
Which of the following BEST prepares an organization for disaster recovery?
Business ContinuityDisaster RecoveryBusiness Continuity Plan (BCP)Organizational Resilience
Question #832Information Security Incident Management
An information security manager is handling a breach. For containment purposes, the incident responders must take a critical business system offline. Which of the following is the...
Incident ResponseContainmentRecovery Time Objective (RTO)Business Impact
Question #833Information Security Risk Management
An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to very all weaknesse...
Vulnerability AssessmentSecurity TestingControl ValidationRisk Mitigation
Question #834Information Security Program Development and Management
Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?
Business Impact Analysis (BIA)Business Continuity Planning (BCP)Recovery Objectives
Question #835Information Security Governance
Which of the following should have the MOST influence on developing an organization's information security program?
Information security governanceBusiness alignmentOrganizational strategySecurity program development
Question #836Information Security Program Development and Management
What should be the information security manager's FIRST step when updating an information security program?
Information Security Program ManagementBusiness AlignmentStrategic PlanningProgram Lifecycle
Question #837Information Security Risk Management
Which risk is introduced when using only sanitized data for the testing of applications?
Risk ManagementTest Data ManagementSanitized DataProduction Readiness
Question #838Information Security Governance
Which of the following BEST indicates effective information security governance?
Information Security GovernanceGovernance MechanismsSteering CommitteeStrategic Oversight
Question #839Information Security Incident Management
Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?
Cyber Incident ResponseIncident Management PhasesContainment PhaseSystem Isolation
Question #840Information Security Incident Management
An information security manager has identified the loss of confidentiality of personal information. Which of the following should be done NEXT?
Incident ResponseIncident IdentificationData BreachConfidentiality
Question #841Information Security Risk Management
The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization. Which of the following should be done FI...
vulnerability managementrisk assessmentrisk evaluationinitial response
Question #842Information Security Governance
Which of the following is the MOST important course of action when developing an implementation approach for an organization-wide cybersecurity strategy?
Cybersecurity StrategySenior Leadership EngagementInformation Security GovernanceStrategic Implementation
Question #843Information Security Program Development and Management
The BEST way to achieve a strong information security culture is by:
Information Security CultureSecurity Awareness TrainingEmployee EducationHuman Factor Security
Question #844Information Security Incident Management
Which of the following would be MOST helpful if more detail is needed on network activity during a suspected incident?
Packet SniffingNetwork MonitoringIncident Response ToolsNetwork Forensics
Question #845Information Security Risk Management
Which of the following is MOST effective for communicating forward-looking trends to senior management?
Key Risk Indicators (KRIs)Risk ReportingForward-looking AnalysisRisk Communication
Question #846Information Security Risk Management
Which of the following is best practice for the implementation of cloud database encryption?
Cloud SecurityEncryptionKey ManagementData Protection
Question #847Information Security Risk Management
When assigning a risk owner, the MOST important consideration is to ensure the owner has:
Risk ownerRisk management rolesDecision-making authorityResource allocation
Question #848Information Security Risk Management
Which of the following is an example of a deterrent control?
Security ControlsDeterrent ControlsControl TypesRisk Mitigation
Question #849Information Security Risk Management
Which of the following is MOST important to consider when deciding whether to accept residual risk?
Residual RiskRisk AcceptanceCost-Benefit AnalysisRisk Management Decision
Question #850Information Security Program Development and Management
Which of the following is the BEST way to monitor the effectiveness of security controls?
Security metricsControl effectivenessPerformance monitoringInformation security program management

PreviousPage 17 of 20Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.