Actual CISM Dumps PDF - Exam4Lead.com
                      
 
Isaca
 
CISM
Certified Information S ecurity Manager
 
 
https://www.exam4lead.com/isaca/cism-dumps.html
 
Question: 1 
   
Which of the following is MOST important to consider when determining asset valuation? 
 
A. Cost of insurance premiums 
B. Potential business loss 
C. Asset classification level 
D. Asset recovery cost 
 
Answer: B     
 
Question: 2 
   
Within a security governance framework, which of the following is the MOST important characteristic of 
the information security committee? The committee: 
 
A. has a clearly defined charier and meeting protocols. 
B. includes a mix of members from all levels of management. 
C. conducts frequent reviews of the security policy. 
D. has established relationships with external professionals. 
 
Answer: B     
 
Question: 3 
   
An organization has an approved bring your own device (BYOD) program. Which of the following is the 
MOST effective method to enforce application control on personal devices? 
 
A. Implement a mobile device management solution. 
B. Implement a web application firewall. 
C. Educate users regarding the use of approved applications. 
D. Establish a mobile device acceptable use policy 
 
Answer: A     
 
Question: 4 
   
A new program has been implemented to standardize security configurations across a multinational 
organization Following implementation, the configuration standards should: 
 
 
A. remain unchanged to avoid variations across the organization 
B. be updated to address emerging threats and vulnerabilities. 
C. be changed for different subsets of the systems to minimize impact, 
D. not deviate from industry best practice baselines. 
 
Answer: B     
 
Question: 5 
   
The PRIMARY purpose of aligning information security with corporate governance objectives is to: 
 
A. identity an organization s tolerance for risk 
B. re-align roles and responsibilities. 
C. build capabilities to improve security processes 
D. consistently manage significant areas of risk. 
 
Answer: D     
 
Question: 6 
   
An organization has detected sensitive data leakage caused by an employee of a third-party contractor. 
What is the BEST course of action to address this issue? 
 
A. Activate the organization's incident response plan. 
B. Limit access to the third-party contractor 
C. Include security requirements in outsourcing contracts 
D. Terminate the agreement with the third-party contractor 
 
Answer: A     
 
Question: 7 
   
Which of the following MOST effectively prevents internal users from modifying sensitive data? 
 
A. Network segmentation 
B. Role-based access controls 
C. Multi-factor authentication - 
D. Acceptable use policies 
 
Answer: B     
 
 
Question: 8 
   
Which of the following should be PRIMARILY included in a security training program for business process 
owners? 
 
A. Application recovery time 
B. Impact of security risks 
C. Application vulnerabilities 
D. List of security incidents reported 
 
Answer: B     
 
Question: 9 
   
Which of the following is a PRIMARY responsibility of an information security governance committee? 
 
A. Approving the purchase of information security technologies 
B. Approving the information security awareness training strategy 
C. Reviewing the information security strategy 
D. Analyzing information security policy compliance reviews 
 
Answer: C     
 
Question: 10 
   
Which of the following is the MOST important reason to document information security incidents that 
are reported across the organization? 
 
A. Prevent incident recurrence. 
B. Identify unmitigated risk. 
C. Support business investments in security 
D. Evaluate the security posture of the organization. 
 
Answer: A     
 
https://www.exam4lead.com/isaca/cism-dumps.html