Skip to main content

ISACA Certified Information Security Manager (CISM)

The ISACA Certified Information Security Manager (CISM) focuses on the management and governance of information security programs. It validates a professional's ability to align security strategy with business objectives and manage security risks effectively. Professionals with the symbol ISACA_CISM are recognized for their leadership in incident management and the development of resilient security frameworks.



---------- Question 1
A company relies heavily on a cloud service provider for critical business operations. When integrating security requirements into the contract with this external party, what is the CISM most important consideration regarding the ongoing monitoring of adherence?
  1. Ensuring the contract specifies the exact hardware models used by the cloud provider.
  2. Defining clear audit rights, reporting requirements, and performance metrics related to security.
  3. Requiring the cloud provider to solely use security tools approved by the company.
  4. Mandating that the cloud provider hire only staff with specific security certifications.

---------- Question 2
An information security incident has escalated to the point where external stakeholders, including regulators and affected customers, need to be informed. What is the CISM is primary responsibility regarding incident communication at this stage?
  1. To provide a highly technical deep-dive into the attack vectors used.
  2. To manage internal communications, ensuring employees are not disclosing information externally.
  3. To establish and maintain incident communication plans and processes, ensuring timely and accurate notifications to appropriate internal and external parties.
  4. To draft legal disclaimers to minimize the organization is liability.

---------- Question 3
After a major information security incident, the CISM leads a post-incident review. What is the most crucial outcome expected from this review to foster continuous improvement in the incident management program?
  1. Assigning blame to individuals or teams responsible for the incident.
  2. A detailed list of all system logs and network traffic captured during the incident.
  3. Identification of root causes, lessons learned, and actionable corrective actions to prevent recurrence or improve future responses.
  4. A comprehensive report justifying the original incident response budget.

---------- Question 4
A company is developing a new cloud-based application that will handle sensitive customer data. Before deployment, what is the MOST important activity the CISM should oversee to identify potential information security risks associated with this new service?
  1. Perform a penetration test on the deployed application.
  2. Conduct a comprehensive threat modeling and risk assessment tailored to the cloud environment.
  3. Implement a robust incident response plan for the application.
  4. Purchase cyber insurance to cover potential data breaches.

---------- Question 5
An organization is expanding into new international markets, introducing complex legal and regulatory requirements. What is the CISM's MOST crucial initial action to ensure the information security strategy adequately addresses these external influences?
  1. Update technical security controls to meet the highest global standard.
  2. Conduct a comprehensive review of applicable legal, regulatory, and contractual requirements in the new markets.
  3. Increase the budget for security personnel and training.
  4. Implement a new security awareness campaign targeting international employees.

---------- Question 6
During a risk assessment, a CISM identifies a critical vulnerability that, if exploited, could lead to a significant data breach. The cost of fully remediating this vulnerability is prohibitively high. What is the most appropriate next step for the CISM to recommend, adhering to sound risk management principles?
  1. Accept the risk, as remediation is too costly.
  2. Transfer the risk through a cybersecurity insurance policy.
  3. Implement compensating controls and monitor the vulnerability closely.
  4. Eliminate the system containing the vulnerability immediately.

---------- Question 7
An organization uses a cloud service provider (third party), which in turn relies on another subcontractor (fourth party) for data processing. The CISM must ensure security requirements extend to this fourth party. What is the BEST approach?
  1. Assume the third party is solely responsible for its subcontractors security.
  2. Mandate security audits only for the primary cloud service provider.
  3. Include provisions in the third-party contract requiring them to enforce security for their subcontractors and grant audit rights.
  4. Rely on the fourth partys public security certifications without further verification.

---------- Question 8
A CISM is reviewing the organizations incident management readiness. A key business application has a high business impact rating in the Business Impact Analysis BIA but its recovery point objective RPO is inconsistently applied across various recovery plans. What is the CISM primary concern and immediate action?
  1. Focusing on updating the Disaster Recovery Plan DRP for the application immediately
  2. Ensuring the Incident Response Plan IRP includes specific steps for ransomware recovery
  3. Aligning the RPO across BIA BCP and DRP to ensure consistent recovery expectations
  4. Conducting an emergency table-top exercise for the application

---------- Question 9
A CISM needs to present the overall effectiveness of the information security program to diverse stakeholders, including technical managers, business unit heads, and the audit committee. What is the MOST effective approach for communication?
  1. Presenting raw technical data, such as vulnerability scan results and firewall logs, to demonstrate security activities.
  2. Providing a single, highly detailed report containing all security metrics and operational details.
  3. Tailoring reports with relevant metrics and language that resonate with each stakeholder group business concerns.
  4. Focusing exclusively on compliance achievements to satisfy legal and regulatory requirements.

---------- Question 10
Following a successful phishing attack that led to unauthorized access to several employee accounts, the CISO initiates a post-incident review. What is the PRIMARY objective of conducting this review to facilitate continuous improvement?
  1. Assign blame to individual employees who clicked the malicious link.
  2. Focus solely on documenting the steps taken during the incident.
  3. Identify root causes, document lessons learned, define corrective actions, and reassess associated risks to prevent recurrence and enhance future response capabilities.
  4. Use the review as a basis for immediate widespread employee disciplinary actions.

Are they useful?
Click here to get 900 more questions to pass this certification at the first try! Explanation for each answer is included!

Follow the below LINKEDIN channel to stay updated about 89+ exams!

Comments

Post a Comment

Popular posts from this blog

Microsoft Certified: Azure Fundamentals (AZ-900)

The Microsoft Certified: Azure Fundamentals (AZ-900) is the essential starting point for anyone looking to validate their foundational knowledge of cloud services and how those services are provided with Microsoft Azure. It is designed for both technical and non-technical professionals ---------- Question 1 A new junior administrator has joined your IT team and needs to manage virtual machines for a specific development project within your Azure subscription. This project has its own dedicated resource group called dev-project-rg. The administrator should be able to start, stop, and reboot virtual machines, but should not be able to delete them or modify network configurations, and crucially, should not have access to virtual machines or resources in other projects or subscription-level settings. Which Azure identity and access management concept, along with its appropriate scope, should be used to grant these specific permissions? Microsoft Entra ID Conditional Access, applied at...
Post a Comment
Read more

Google Associate Cloud Engineer

The Google Associate Cloud Engineer (ACE) certification validates the fundamental skills needed to deploy applications, monitor operations, and manage enterprise solutions on the Google Cloud Platform (GCP). It is considered the "gatekeeper" certification, proving a candidate's ability to perform practical cloud engineering tasks rather than just understanding theoretical architecture.  ---------- Question 1 Your team is developing a serverless application using Cloud Functions that needs to process data from Cloud Storage. When a new object is uploaded to a specific Cloud Storage bucket, the Cloud Function should automatically trigger and process the data. How can you achieve this? Use Cloud Pub/Sub as a message broker between Cloud Storage and Cloud Functions. Directly access Cloud Storage from the Cloud Function using the Cloud Storage Client Library. Use Cloud Scheduler to periodically check for new objects in the bucket. Configure Cloud Storage to directly ca...
Post a Comment
Read more

CompTIA Cybersecurity Analyst (CySA+)

CompTIA Cybersecurity Analyst (CySA+) focuses on incident detection, prevention, and response through continuous security monitoring. It validates a professional's expertise in vulnerability management and the use of threat intelligence to strengthen organizational security. Achieving the symbol COMP_CYSA marks an individual as a proficient security analyst capable of mitigating modern cyber threats. ---------- Question 1 A security analyst is reviewing logs in the SIEM and identifies a series of unusual PowerShell executions on a critical application server. The logs show the use of the -EncodedCommand flag followed by a long Base64 string. Upon decoding, the script appears to be performing memory injection into a legitimate system process. Which of the following is the most likely indicator of malicious activity being observed, and what should be the analysts immediate technical response using scripting or tools? The activity indicates a fileless malware attack attempting to ...
Post a Comment
Read more