CISM Exam Questions
989 real CISM exam questions with expert-verified answers and explanations. Page 20 of 20.
- Question #951Information Security Program Development and Management
Which of the following principles BEST addresses the protection of data from unauthorized modification?
Information Security PrinciplesData IntegrityCIA Triad - Question #952Information Security Program Development and Management
Which of the following is the BEST way for the organization to ensure server backups at a warm site are properly maintained and usable during a disaster?
Backup TestingDisaster RecoveryWarm SiteBusiness Continuity - Question #953Information Security Program Development and Management
Which of the following is the BEST way to present the status of an information security program to senior management?
Security program reportingSenior management communicationPerformance dashboards - Question #954Information Security Program Development and Management
Which of the following should be of MOST concern to an information security manager when evaluating the effectiveness of the organization's phishing simulation program?
Phishing SimulationSecurity Awareness TrainingProgram EffectivenessSecurity Metrics - Question #955Information Security Incident Management
Which of the following is the PRIMARY reason to document a security incident?
Incident DocumentationIncident AnalysisIncident InvestigationIncident Response - Question #956Information Security Incident Management
Which of the following BEST enables the design of an effective incident escalation process?
Incident EscalationOrganizational HierarchyRoles and ResponsibilitiesIncident Management Process - Question #957Information Security Governance
Of the following, who is responsible for ensuring security controls are aligned with business objectives and regulatory requirements?
Control ownershipSecurity roles and responsibilitiesBusiness alignmentRegulatory compliance - Question #958Information Security Program Development and Management
An organization wants to test its disaster recovery plan (DRP) for a mission-critical system while minimizing production downtime. Which of the following will provide the MOST accu...
DRP TestingDisaster Recovery PlanBusiness ContinuityMission-Critical Systems - Question #959Information Security Program Development and Management
Which of the following would provide the BEST reference for the initial development of an information security program?
Information security program developmentSecurity frameworksProgram establishmentBest practices - Question #960Information Security Program Development and Management
When promoting a new risk management policy, which of the following is the BEST way for an information security manager to change the existing information security culture?
Security Culture ChangeSecurity AwarenessPolicy ImplementationRisk Management Policy - Question #961Information Security Program Development and Management
In the context of DevSecOps, which of the following BEST enables the identification of vulnerabilities before software is released?
DevSecOpsStatic Application Security Testing (SAST)Vulnerability identificationSecure SDLC - Question #962Information Security Incident Management
Which of the following is the MOST important consideration during the recovery phase of a data breach?
Incident ResponseRecovery PhaseBusiness ContinuityOperational Restoration - Question #963Information Security Program Development and Management
Which of the following should be done FIRST to ensure information security is integrated in system development projects?
SDLC SecuritySecurity Requirements DefinitionSecure DevelopmentInformation Security Integration - Question #964Information Security Program Development and Management
Which of the following is MOST useful to an information security manager when reporting the performance of the information security program to senior management?
Security program performanceReporting to senior managementInformation security metricsIncident management metrics - Question #965Information Security Risk Management
Which of the following is the PRIMARY reason to perform a business impact analysis (BIA)?
Business Impact Analysis (BIA)Critical Process PrioritizationBusiness Continuity PlanningRisk Assessment - Question #966Information Security Governance
Which of the following BEST demonstrates senior management support for the information security program?
Senior management supportSecurity program resourcesFundingInformation Security Governance - Question #967Information Security Incident Management
Which of the following is the MOST important security feature for securing sensitive data with a mobile device management (MDM) program?
Mobile Device ManagementData ProtectionRemote WipeIncident Response - Question #968Information Security Governance
Which of the following should be an information security manager's FIRST step when assessing the security posture of a newly acquired company?
Mergers & Acquisitions SecuritySecurity Posture AssessmentSecurity StrategyDue Diligence - Question #969Information Security Governance
To optimize the implementation of information security governance in an organization, an information security manager should:
Information Security GovernanceGovernance ImplementationOrganizational IntegrationOptimization - Question #970Information Security Risk Management
The PRIMARY reason to create a business continuity plan (BCP) is for incident:
Business Continuity PlanningRisk MitigationOrganizational ResilienceIncident Prevention - Question #971Information Security Governance
Which of the following establishes the minimum technical baseline for security controls?
Security standardsTechnical baselineSecurity documentationInformation security governance - Question #972Information Security Program
Which of the following processes should be done NEXT after completing a business impact analysis (BIA)?
Business Impact Analysis (BIA)Business Continuity Plan (BCP)BCM LifecycleContinuity Planning - Question #973Information Security Governance
A senior executive asks the information security manager to bypass the organization's internet traffic filters due to a business need. Which of the following should be the informat...
Controls exception processSecurity governancePolicy complianceRisk management - Question #974Information Security Risk Management
Risk management is MOST effective when there is risk and control:
Risk OwnershipControl OwnershipRisk Management EffectivenessAccountability - Question #975Information Security Risk Management
From a security perspective, what is the MOST important consideration when planning to leverage a Software as a Service (SaaS) provider?
SaaS securityThird-party risk managementVendor assessmentDue diligence - Question #976Information Security Incident Management
Which of the following should be an information security manager's NEXT step following the detection of a suspected incident?
Incident ResponseIncident TriageIncident Management Process - Question #977Information Security Governance
Which of the following BEST supports the implementation of an information security governance framework to guide organizational activities?
Information Security GovernanceBusiness AlignmentExecutive Buy-inStrategic Direction - Question #978Information Security Program Development and Management
What should an information security manager verify FIRST when reviewing an information asset management program?
Asset management programInformation asset inventoryProgram review - Question #979Information Security Risk Management
Which of the following BEST indicates the organizational benefit of an information security solution?
Organizational benefitsInformation security valueRisk reductionCost reduction - Question #980Information Security Program Development and Management
An organization has recently acquired a new entity. Which of the following issues is MOST likely to arise when the organization integrates its security strategy without considering...
Mergers & AcquisitionsSecurity Strategy IntegrationOrganizational CultureChange Management - Question #981Information Security Governance
Which of the following is the MOST important consideration when reporting on the status of information security activities?
ReportingStakeholder CommunicationInformation Security GovernanceCommunication Effectiveness - Question #982Information Security Risk Management
As part of a risk assessment, a security control was discovered to be inadequate. When assigning a risk owner, which of the following attributes is MOST important to consider?
Risk ManagementRisk OwnershipAccountabilityRisk Response - Question #983Information Security Incident Management
A security review of an HR application reveals a file server containing confidential HR data is accessible to external user IDs. Which of the following should the information secur...
Access ControlIncident ResponseRisk MitigationData Protection - Question #984Information Security Incident Management
Which of the following would be MOST important to include in communications to customers impacted by an information security incident?
Incident CommunicationCustomer NotificationData BreachIncident Response - Question #985Information Security Incident Management
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST ti...
Incident Response PlanPost-incident ReviewLessons LearnedIncident Management Lifecycle - Question #986Information Security Risk Management
Which of the following should be the PRIMARY consideration for an information security manager when designing security controls for a newly acquired business application?
Security controls designBusiness requirementsApplication securityRisk context - Question #987Information Security Risk Management
Which of the following would cause the GREATEST concern to a newly hired information security manager reviewing an organization's risk management program?
Risk Management ProgramSecurity ProceduresSecurity ControlsRisk Mitigation Effectiveness - Question #988Information Security Incident Management
Which of the following will have the MOST negative impact to the effectiveness of incident response processes?
Incident ResponseIncident PrioritizationSeverity CriteriaIncident Management Effectiveness - Question #989Information Security Risk Management
Which of the following is the GREATEST risk associated with the use of single sign-on (SSO)?
Single Sign-On (SSO)Identity and Access Management (IAM)Credential CompromiseRisk Identification