A CISM certification is highly sought after and provides you with international recognition. However, passing the exam is no easy task. With only a 50-60% first-time pass rate, it’s clear that this is a difficult exam. The exam questions are challenging and will put your technical expertise to the test. However, passing the exam is not impossible. Always keep in mind that wonderful things take time. As a result, preparing for a certification is difficult. It’s also not quick. But the effort and perseverance are well worth it.
Learning how to study smarter, not harder, is the key to effectively preparing for your exam. To pass the exam, you must create a study plan. Moving forward, you’ll need access to the materials that are appropriate for your level of knowledge. You must also devote the necessary time and effort, as this is the only way to achieve.
If you’re going to take the CISM exam, practice with these genuine exam questions to see if you’re ready.
Question 1
An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
A. corporate data privacy policy.
B. data privacy policy where data are collected.
C. data privacy policy of the headquarters’ country.
D. data privacy directive applicable globally.
Answer : B
Question 2
A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
A. meet with stakeholders to decide how to comply.
B. analyze key risks in the compliance process.
C. assess whether existing controls meet the regulation.
D. update the existing security/privacy policy.
Answer : C
Question 3
The PRIMARY objective of a security steering group is to:
A. ensure information security covers all business functions.
B. ensure information security aligns with business goals.
C. raise information security awareness across the organization.
D. implement all decisions on security management across the organization.
Answer : B
Question 4
Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
A. baseline.
B. strategy.
C. procedure.
D. policy.
Answer : D
Question 5
At what stage of the applications development process should the security department initially become involved?
A. When requested
B. At testing
C. At programming
D. At detail requirements
Answer : D
Question 6
A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of
MOST value?
A. Examples of genuine incidents at similar organizations
B. Statement of generally accepted best practices
C. Associating realistic threats to corporate objectives
D. Analysis of current technological exposures
Answer : C
Question 7
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A. generally accepted industry best practices.
B. business requirements.
C. legislative and regulatory requirements.
D. storage availability.
Answer : B
Question 8
When personal information is transmitted across networks, there MUST be adequate controls over:
A. change management.
B. privacy protection.
C. consent to data transfer.
D. encryption devices.
Answer : B
Question 9
An organization’s information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
A. ensure that security processes are consistent across the organization.
B. enforce baseline security levels across the organization.
C. ensure that security processes are fully documented.
D. implement monitoring of key performance indicators for security processes.
Answer : A
Question 10
Who in an organization has the responsibility for classifying information?
A. Data custodian
B. Database administrator
C. Information security officer
D. Data owner
Answer : D
Question 11
What is the PRIMARY role of the information security manager in the process of information classification within an organization?
A. Defining and ratifying the classification structure of information assets
B. Deciding the classification levels applied to the organization’s information assets
C. Securing information assets in accordance with their classification
D. Checking if information assets have been classified properly
Answer : A
Question 12
Logging is an example of which type of defense against systems compromise?
A. Containment
B. Detection
C. Reaction
D. Recovery
Answer : B
Question 13
Which of the following is MOST important in developing a security strategy?
A. Creating a positive business security environment
B. Understanding key business objectives
C. Having a reporting line to senior management
D. Allocating sufficient resources to information security
Answer : B
Question 14
Who is ultimately responsible for the organization’s information?
A. Data custodian
B. Chief information security officer (CISO)
C. Board of directors
D. Chief information officer (CIO)
Answer : C
Question 15
Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?
A. Alignment with industry best practices
B. Business continuity investment
C. Business benefits
D. Regulatory compliance
Answer : D
More Exam Dumps that Guarantees 100% Pass Your Real Exam Questions!
Comments