When do you intend to take the CISM exam? We’ve updated our CISM mock tests to include 11 new practice exam questions and answers to help you prepare for the CISM exam and obtain the certification you want.

This free practice test checks your knowledge of the CISM Core Concepts. Pass the CISM Exam with SPOTO CISM Dumps


Which of the following is the MOST important consideration when presenting objectives and benefits of an information security program to on technical stakeholders?

A. Using business terms

B. Using measurable terms

C. Using technical terms

D. Using financial metrics


Correct Answer: B



The MAIN purpose of incorporating socia medial monitoring into the information security program is to:

A. assess employee adherence to policy

B. identify disgruntled employees

C. detect potential information disclosure

D. gauge public opinion of the company


Correct Answer: C



An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:

A. the business strategy includes exceptions to the encryption standard

B. the implementation supports the business strategy

C. a classification pol cy has been developed to incorporate the need for encryption

D. data can be recovered if the encryption keys are misplaced


Correct Answer: D



Which of the following provides the BEST evidence that a control is being applied effectively?

A. Business impact analysis (BIA)

B. Key risk indicators (KRIs)

C. Number of incidents reported

D. Key performance indicators (KPIs)


Correct Answer: D



An email digital signature will:

A. verify to recipients the integrity an email message

B. automatically correct unauthorized modification of an email message

C. protect the confidentiality of an emai message

D. prevent un author zed modification of an em all message


Correct Answer: A



Over the last year.an information security manager has performed risk assessments on multiple third-party vendors Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

A. Compliance requirements associated with the regulation

B. Compensating controls in place to protect information security

C. Corresponding breaches associated with each vendor

D. Criticality of the service to the organization


Correct Answer: D



Which of the following is the MAIN reason for integrating an organization’s incident response pian with its business continuity process?

A. Recovery time objectives (RTOs) need to be determined

B. Incidents can escalate into disasters needing proper response

C. Incidents will be reported more timely when categorized as a disaster

D. Integration of the plan will reduce resource costs to the organization


Correct Answer: B



Which of the following should be the PRIMARY goal of an information se cunty manager when designing information security policies?

A. Minimizing the cost of security controls

B. Improving the protection of information

C. Reducing organizational security risk

D. Achieving organizational objectives


Correct Answer: C



Which of the following is the MOST important reason to involve externa forensics experts in evidence collection when responding to a major security or each?

A. To validate the incident response process

B. To ensure evidence is handled by qualified resources

C. To or event evidence from being disclosed to any interna staff members

D. To provide the response team with expert training on evidence handling


Correct Answer: C



When determining an acceptable risk level which of the following is the MOST important consideration?

A. Risk matrices

B. Threat profiles

C. System criticalities

D. Vulnerability scores


Correct Answer: B



In a multinational organization, local security regulations should be implemented over global security policy because:

A. business objectives are defined by local business unit managers.

B. deploying awareness of local regulations is more practical than of global policy.

C. requirements of local regulations take precedence.

D. global security policies include unnecessary controls for local businesses.


Correct Answer: C



The CISM practice exams will be updated on a regular basis. To obtain all of the most recent free CISM sample exams, subscribe to our blog or the SPOTO Channel on Telegram.

Get a Love to Learn Sale Offer if you wish to acquire entire CISM dumps at a lesser price than normal.

Latest SPOTO Candidates Pass Feedback

Last modified: 2021-08-25



Write a Reply or Comment

Your email address will not be published.