Browse Exams Pricing

ExamsCISMQuestions

CISM Exam Questions

989 real CISM exam questions with expert-verified answers and explanations. Page 18 of 20.

Question #851Information Security Governance
Which of the following should be the PRIMARY basis for determining information security objectives?
Information Security ObjectivesBusiness AlignmentStrategic PlanningGovernance
Question #852Information Security Governance
Due to specific application requirements, a project team has been granted administrative privileges. What is the PRIMARY reason for communicating clearly defined roles and responsi...
Roles and ResponsibilitiesAccountabilityPrivilege ManagementInformation Security Governance
Question #853Information Security Risk Management
Which of the following BEST illustrates residual risk within an organization?
Residual RiskRisk VisualizationRisk ReportingRisk Heat Map
Question #854Information Security Incident Management
Which of the following is the MOST important objective of a disaster recovery test?
Disaster Recovery TestingBusiness ContinuityOrganizational ResilienceAssurance
Question #855Information Security Risk Management
Which of the following is the GREATEST concern when an organization migrates sensitive systems to a public cloud service?
Cloud SecurityData SeparationMulti-tenancyRisk Identification
Question #856Information Security Program Development and Management
Which of the following is an information security manager's MOST important course of action to ensure emerging technologies are deployed in alignment with the organization's inform...
Emerging Technologies SecuritySecurity by DesignSecure Development LifecycleInformation Security Framework Alignment
Question #857Information Security Program Development and Management
Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?
Information security governanceComplianceProcess integrationSecurity program management
Question #858Information Security Governance
What is the MOST important information to provide to senior management for continued support of an incident management program?
KPIsSenior Management ReportingIncident Management ProgramProgram Performance
Question #859Information Security Program Development and Management
Which of the following MOST effectively identifies the organization's ability to comply with legal, regulatory, and contractual requirements?
Compliance AssessmentGap AnalysisRegulatory RequirementsProgram Management
Question #860Information Security Program Development and Management
An information security program is BEST positioned for success when is closely aligned with:
Information Security ProgramStrategic AlignmentProgram SuccessGovernance Principles
Question #861Information Security Risk Management
Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRU)?
Key Risk Indicators (KRIs)Risk MonitoringRisk CommunicationStakeholder Engagement
Question #862Information Security Program Development and Management
Which of the following is the MOST important benefit of conducting a business impact analysis (BIA)?
Business Impact AnalysisBusiness ContinuityDisaster RecoveryRecovery Objectives
Question #863Information Security Incident Management
An organization shut down its system during a cyberattack. When the system was brought back online, the organization's data was then encrypted by ransomware. Which of the following...
RansomwareIncident responseContainment failureSystem remediation
Question #864Information Security Risk Management
An information security manager has identified that a third-party Software as a Service (SaaS) provider is not compliant with privacy regulations. Which of the following is the BES...
Risk assessmentCompliance managementThird-party riskPrivacy regulations
Question #865Information Security Governance
An organization's information security manager should PRIMARILY leverage its internal audit function to:
Internal AuditControl GapsSecurity AssuranceGovernance Oversight
Question #866Information Security Incident Management
Which of the following is the MOST critical requirement to be included in a contract with a third party that provides security incident management?
Incident ReportingThird-Party ManagementContractual RequirementsService Level Agreements
Question #867Information Security Program Development and Management
For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices...
BYOD SecurityMobile Device SecurityData ProtectionContainerization
Question #868Information Security Governance
Which of the following has the GREATEST influence on the successful integration of information security within the business?
Business alignmentInformation security integrationRisk toleranceOrganizational objectives
Question #869Information Security Risk Management
Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
Risk Management ProcessAsset IdentificationData SecurityLegacy Systems
Question #870Information Security Program Development and Management
When an information security manager presents an information security program status report to senior management, the MAIN focus should be:
Program ReportingKPIsSenior Management CommunicationPerformance Measurement
Question #871Information Security Governance
Who should give final approval for granting access rights to third parties?
Data ownershipRoles and responsibilitiesThird-party accessInformation governance
Question #872Information Security Incident Management
Which of the following BEST facilitates the effectiveness of cybersecurity incident response?
Incident ResponseSIEMDetection & AnalysisSecurity Tools
Question #873Information Security Governance
Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?
Regulatory ComplianceGap AnalysisInformation Security GovernanceCompliance Management
Question #874Information Security Governance
A KEY benefit of effective information security governance is:
Information Security GovernanceBenefitsDecision MakingStrategic Alignment
Question #875Information Security Incident Management
Which of the following presents the GREATEST challenge to a security operations center's (SOCs) timely identification of potential security breaches?
SOC operationsLog managementEvent correlationTime synchronization
Question #876Information Security Risk Management
Which of the following is the BEST reason for delaying the application of a critical security patch?
Patch ManagementSystem InterdependenciesRisk MitigationVulnerability Management
Question #877Information Security Risk Management
To support effective risk decision making, which of the following is MOST important to have in place?
Risk reportingDecision makingRisk communicationRisk management process
Question #878Information Security Risk Management
Which of the following is the GREATEST concern with implementing all controls recommended by a security framework?
Security ControlsCost-Benefit AnalysisReturn on Investment (ROI)Security Frameworks
Question #879Information Security Governance
Which of the following is the information security steering committee's role with regard to the organization's information security strategy?
Information Security GovernanceSteering Committee RolesSecurity StrategyStrategic Approval
Question #880Information Security Incident Management
Which of the following is MOST important to include in an incident response policy?
Incident Response PolicyIncident ManagementPolicy ComponentsEscalation
Question #881Information Security Risk Management
Which of the following is the BEST control to mitigate the threat posed by quantum computing to cryptographic systems?
Quantum ComputingCryptographyPost-Quantum CryptographyRisk Mitigation
Question #882Information Security Governance
Which of the following BEST indicates senior management support for an information security program?
Senior Management SupportInformation Security GovernanceKPIsProgram Effectiveness
Question #883Information Security Incident Management
Which of the following BEST supports effective and timely incident response?
Incident Response PlanIncident ManagementSecurity PreparednessSecurity Planning
Question #884Information Security Risk Management
Which of the following would be an information security manager's BEST course of action when a new cybersecurity regulation is published?
Cybersecurity RegulationRisk AssessmentComplianceSecurity Management
Question #885Information Security Program Development and Management
A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be do...
Policy ManagementSecurity PoliciesPolicy LifecycleInformation Security Program
Question #886Information Security Governance
An information security manager is planning to introduce generative AI tools to the organization's developer community. Which of the following is MOST important before rolling out...
Generative AI Security PolicyInformation Security GovernanceTechnology AdoptionPolicy Development
Question #887Information Security Incident Management
Which of the following is the BEST way to determine the readiness of an incident management team?
Incident ManagementTeam ReadinessSimulation TestingIncident Response
Question #888Information Security Incident Management
An organization has identified an active cyberattack of its internal network. Which of the following considerations is MOST important to the success of the incident response?
Incident ResponseSecure CommunicationCyberattackCommunication Strategy
Question #889Information Security Governance
Which of the following presents the GREATEST challenge to integrating information security governance into corporate governance?
Information Security GovernanceCorporate Governance IntegrationStakeholder EngagementStrategic Alignment
Question #890Information Security Program Development and Management
The MOST important attribute to be considered in designing defense-in-depth controls is that:
Defense-in-depthLayered securitySecurity control designSecurity architecture
Question #891Information Security Governance
Which of the following is the GREATEST privacy concern when personal data is collected and processed?
Privacy LawConsent ManagementData ProtectionPersonal Data
Question #892Information Security Governance
Which of the following should review and approve the objectives within an organization's information security framework?
Information Security GovernanceRoles and ResponsibilitiesSteering CommitteeStrategic Planning
Question #893Information Security Incident Management
What is the PRIMARY purpose of an unannounced disaster recovery exercise?
Disaster Recovery ExerciseUnannounced DrillsPersonnel ReadinessBusiness Continuity Testing
Question #894Information Security Risk Management
Which of the following BEST prepares an organization for severe disruptive events?
Business Continuity PlanningDisaster Recovery PlanningOrganizational ResilienceSupply Chain Risk
Question #895Information Security Governance
Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?
Regulatory compliancePolicy conflictLegal guidanceInformation security governance
Question #896Information Security Governance
Which of the following would be the BEST way to maintain organization-wide support for an information security strategy?
Information Security StrategyStakeholder EngagementOrganizational Buy-inStrategic Alignment
Question #897Information Security Governance
Who is accountable for approving an information security governance framework?
Information security governanceAccountabilitySenior management responsibilityFramework approval
Question #898Information Security Incident Management
Which of the following should an information security manager do FIRST when an employee reports having clicked on a potentially suspicious link sent via email?
Incident ResponsePhishingInitial ResponseIncident Investigation
Question #899Information Security Governance
Which of the following is MOST important to ensure ongoing senior management commitment to an organization's information security strategy?
Senior management commitmentSecurity reportingInformation security governanceStrategy sustainment
Question #900Information Security Program Development and Management
Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?
Security AwarenessTrainingWeb Application SecuritySoftware Development Security

PreviousPage 18 of 20Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.