Browse Exams Pricing

ExamsCISMQuestions

CISM Exam Questions

989 real CISM exam questions with expert-verified answers and explanations. Page 19 of 20.

Question #901Information Security Governance
Which of the following is MOST important to creating meaningful information security metrics?
Information Security MetricsBusiness AlignmentSecurity GovernancePerformance Measurement
Question #902Information Security Incident Management
Of the following, who is accountable for ensuring the incident response plan is tested?
Incident Response Plan TestingAccountabilityInformation Security ManagerRoles and Responsibilities
Question #903Information Security Program Development and Management
Which of the following is the BEST method to protect the confidentiality of data transmitted over the internet?
Data ConfidentialityData in Transit SecurityTLSEncryption
Question #904Information Security Program Development and Management
Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
Disaster Recovery Plan (DRP)DRP TestingBusiness ContinuityInformation Security Program Management
Question #905Information Security Program Development and Management
Which of the following is the MOST effective way to mitigate against credential stuffing attacks within organizations utilizing cloud-based applications?
Multi-Factor Authentication (MFA)Credential Stuffing MitigationCloud SecurityAccess Control
Question #906Information Security Risk Management
Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?
Change ManagementRisk MitigationIncident ResponseRollback Planning
Question #907Information Risk Management
Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?
Key Risk Indicators (KRIs)Risk MonitoringRisk MeasurementRisk Management Challenges
Question #908Information Security Program Development and Management
Which of the following would BEST enhance employee compliance with security policies?
Security awarenessEmployee complianceSecurity policiesTraining
Question #909Information Security Incident Management
Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?
Incident ClassificationIncident ResponseResource AllocationIncident Management
Question #910Information Security Risk Management
Which of the following is the MOST critical component for justifying increases in security funding?
Security Funding JustificationRisk ManagementResidual RiskBusiness Case
Question #911Information Risk Management
Which of the following would BEST enable an organization to monitor changes in its risk profile?
Risk monitoringSIEMContinuous monitoringRisk management
Question #912Information Security Incident Management
Which of the following is the MOST important consideration for an incident response team seeking to limit the impact of incidents?
Incident ResponseImpact LimitationBusiness CriticalityOperational Requirements
Question #913Information Security Risk Management
After performing a risk assessment, an information security manager identified IT issues with a third-party vendor used by the finance department. Of the following, who is BEST pos...
Risk OwnershipRisk TreatmentThird-Party RiskRoles and Responsibilities
Question #914Information Security Risk Management
Which of the following BEST enables an information security manager to identify changes in the threat landscape due to emerging technologies?
Threat intelligenceThreat landscapeRisk identificationEmerging technologies
Question #915Information Security Risk Management
A business impact analysis (BIA) should be periodically executed PRIMARILY to:
Business Impact AnalysisAsset CriticalityBusiness Continuity Planning
Question #916Information Security Program Development and Management
Which of the following is MOST crucial to the success of an information security program?
Information security program successBusiness process integrationProgram effectivenessSecurity culture
Question #917Information Security Governance
Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?
Information Security StrategyBusiness AlignmentStrategic PlanningGovernance
Question #918Information Security Governance
Which of the following is MOST helpful for fostering an effective information security culture?
Information Security CultureStakeholder ManagementLeadership Buy-inSecurity Governance
Question #919Information Security Governance
Which of the following BEST indicates senior management support for an information security program?
Senior Management SupportInformation Security GovernanceSteering CommitteeProgram Oversight
Question #920Information Security Risk Management
Which of the following would BEST fulfill a board of directors' request for a concise overview of information security risk facing the business?
Risk reportingBoard communicationRisk visualizationInformation security risk
Question #921Information Security Governance
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Third-party risk managementVendor oversightRight-to-audit clauseForensic provider selection
Question #922Information Security Governance
Which of the following is MOST helpful for an information security manager to consider when setting the information security baseline?
Risk appetiteSecurity baselineInformation Security GovernanceStrategic planning
Question #923Information Security Incident Management
Which of the following should have the GREATEST influence on incident categorization?
Incident categorizationIncident severityInformation asset valueIncident response planning
Question #924Information Security Governance
Which of the following is the BEST way for an information security manager to provide evidence that data has been retained for the appropriate period in accordance with applicable...
Data RetentionRegulatory ComplianceAudit EvidenceInformation Governance
Question #925Information Security Governance
Which of the following should be of GREATEST concern to an information security manager when establishing a set of key risk indicators (KRIs)?
Key Risk Indicators (KRIs)Risk Management AlignmentOrganizational ObjectivesInformation Security Governance
Question #926Information Security Incident Management
Which phase of the incident management process includes removing the threat and restoring affected systems to their previous state?
Incident Management ProcessEradication PhaseThreat RemovalSystem Restoration
Question #927Information Security Risk Management
Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations. Which of the following BEST indicates...
Intrusion Prevention System (IPS)False PositivesSystem TuningOperational Impact
Question #928Information Security Governance
Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?
Information Security GovernanceSecurity PoliciesSecurity StandardsSecurity Requirements
Question #929Information Security Incident Management
Which of the following MOST directly influences the efficiency of incident response immediately after an incident has been detected?
Incident ResponseIncident CategorizationIncident TriageIncident Lifecycle
Question #930Information Security Risk Management
A third-party vendor is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security manager?
Third-party risk managementContractual securityVendor securityData security requirements
Question #931Information Security Risk Management
Which of the following should be considered FIRST when updating an organization's business continuity plan (BCP) after the acquisition of a new business?
Business Continuity PlanningRisk ManagementMergers & AcquisitionsOrganizational Change
Question #932Information Security Program Development and Management
Who are the first line of defense against information security breaches?
End user securitySecurity awarenessFirst line of defense
Question #933Information Security Program Development and Management
Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured corre...
Vulnerability ManagementSecurity RemediationPenetration Testing Follow-upSecurity Program Management
Question #934Information Security Program Development and Management
Which of the following is the BEST resource for determining the priority of applications to recover?
Business Impact Analysis (BIA)Disaster Recovery PlanningBusiness Continuity PlanningRecovery Prioritization
Question #935Information Security Incident Management
At which stage of the incident management and response plan life cycle would the cost of an incident be calculated?
Incident Management Life CyclePost-Incident ReviewIncident Cost Calculation
Question #936Information Security Risk Management
Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?
Information Security PoliciesRisk AssessmentPolicy DevelopmentRisk Management
Question #937Information Security Risk Management
Which of the following is an information security manager's BEST course of action when monitoring emerging privacy laws for a global organization?
Risk ManagementRegulatory CompliancePrivacy LawsRisk Assessment
Question #938Information Security Risk Management
Which of the following is the MOST important characteristic to consider when prioritizing vulnerability remediation?
Vulnerability prioritizationRisk assessmentImpact analysisRemediation
Question #939Information Security Incident Management
Which of the following is MOST important for responding effectively to security breaches?
Incident ResponseIncident ClassificationSecurity BreachesEffective Response
Question #940Information Security Governance
Which of the following BEST facilitates accountability and ownership of risk in an organization?
Risk accountabilityRisk ownershipRisk frameworksInformation security governance
Question #941Information Security Incident Management
Which of the following is an information security manager's BEST course of action when a breach has been confirmed at the organization's third-party provider?
Incident responseThird-party breachSecurity incident managementManagerial action
Question #942Information Security Governance
The security baselines of an organization should be based on:
Security baselinesInformation security standardsInformation security policiesInformation security governance framework
Question #943Information Security Governance
Which of the following is the MOST important reason for an organization's information security manager to actively engage with the compliance department?
Compliance managementRegulatory requirementsSecurity governanceLegal obligations
Question #944Information Security Program Development and Management
Which of the following is the MAIN feature of a web application firewall (WAF)?
Web Application Firewall (WAF)Application SecurityNetwork SecurityHTTP Security
Question #945Information Security Risk Management
Which of the following is MOST important to consider when determining thresholds for key risk indicators (KRIs)?
Key Risk Indicators (KRIs)Risk AppetiteRisk ThresholdsRisk Monitoring
Question #946Information Security Risk Management
An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage ser...
BYOD securityCloud securityRisk mitigationSecurity solutions
Question #947Information Security Program Development and Management
When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?
Information security strategyGap analysisStrategic planningSecurity program development
Question #948Information Security Incident Management
Which of the following is the MOST beneficial outcome of testing an incident response plan?
Incident Response Plan TestingPlan EnhancementContinuous ImprovementIncident Management Process
Question #949Information Security Risk Management
The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:
Mobile SecurityThreat ExposureRisk IdentificationAttack Surface
Question #950Information Security Program Development and Management
Which of the following provides the GREATEST assurance that Zero Trust has been successfully implemented?
Zero TrustAssuranceSecurity AssessmentIndependent Audit

PreviousPage 19 of 20Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.