"Passed on the first try! I loved that the questions are updated as new exams are released, in order to keep up the most recent content being covered in the test. The date at the top of each page shows how current the material was, which was nice to see. "
"At first glance I thought this site is just like the other 99% websites in this industry, but boy I was wrong...its funny that two weeks before the exam I knew nothing about CISM, but with this amazing site I managed to study very quickly and pass the exam easily without spending tons of money and time on preparing for the exam."
"As a professional in my field for over 8 years I could tell that not only were these questions real, but that an expert had been involved in designing and reviewing the questions for the Certified Information Security Manager CISM exam. "
Are you looking for real exams dumps for the CISM Certified Information Security Manager exam? ITExamLabs.com is dedicated to provide real and updated exam questions and answers, FREE of cost.
The best way to prepare for CISM exam is not reading a text book, but taking CISM vce exam and understanding the correct answers. Practice questions help prepare students for not only the concepts, but also the manner in which questions and answer options are presented during the real exam.
ITExamLabs.com provides not only actual Isaca CISM practice test, but also detailed answers, explanations and diagrams. Having authentic and current exam questions, will you pass your test on the first try!
Q1. After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to: A. increase its customer awareness efforts in those regions. B. implement monitoring techniques to detect and react to potential fraud. C. outsource credit card processing to a…
Q1. Information security managers should use risk assessment techniques to: A. justify selection of risk mitigation strategies. B. maximize the return on investment (ROD. C. provide documentation for auditors and regulators. D. quantify risks that would otherwise be subjective. View AnswerAnswer: A Explanation: Information security managers should use risk assessment techniques to justify and implement a risk mitigation strategy as efficiently as possible. None of the other…
Q1. The criticality and sensitivity of information assets is determined on the basis of: A. threat assessment. B. vulnerability assessment. C. resource dependency assessment. D. impact assessment. View AnswerAnswer: D Explanation: The criticality and sensitivity of information assets depends on the impact of the probability of the threats exploiting vulnerabilities in the asset, and takes into consideration the value of the assets and the impairment of the…
Q1. A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program? A. Representation by regional business leaders B. Composition of the board C. Cultures of the different countries D. IT security skills View AnswerAnswer: C Explanation: Culture has a significant impact on how information security will be implemented. Representation by regional business…
Q1. A risk management program should reduce risk to: A. zero. B. an acceptable level. C. an acceptable percent of revenue. D. an acceptable probability of occurrence. View AnswerAnswer: B Explanation: Risk should be reduced to an acceptable level based on the risk preference of the organization. Reducing risk to zero is impractical and could be cost-prohibitive. Tying risk to a percentage of revenue is inadvisable since…
Q1. The MOST important function of a risk management program is to: A. quantify overall risk. B. minimize residual risk. C. eliminate inherent risk. D. maximize the sum of all annualized loss expectancies (ALEs). View AnswerAnswer: B Explanation: A risk management program should minimize the amount of risk that cannot be otherwise eliminated or transferred; this is the residual risk to the organization. Quantifying overall risk is…
Q1. An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of: A. eliminating the risk. B. transferring the risk. C. mitigating the risk. D. accepting the risk. View AnswerAnswer: C Explanation: Risk can never be eliminated entirely. Transferring the risk gives it away such as buying insurance so the insurance company can take the risk.…
Q1. Who should drive the risk analysis for an organization? A. Senior management B. Security manager C. Quality manager D. Legal department View AnswerAnswer: B Explanation: Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department. Quality management and the legal department will contribute to the project. Q2. For virtual private network (VPN) access…
Q1. There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period? A. Identify the vulnerable systems and apply compensating controls B. Minimize the use of vulnerable systems C. Communicate the vulnerability to system…
Q1. Logging is an example of which type of defense against systems compromise? A. Containment B. Detection C. Reaction D. Recovery View AnswerAnswer: B Explanation: Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery…
Q1. Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system? A. Annual loss expectancy (ALE) of incidents B. Frequency of incidents C. Total cost of ownership (TCO) D. Approved budget for the project View AnswerAnswer: C Explanation: The total cost of ownership (TCO) would be the most relevant piece of information in that it would establish a…
Q1. Which of the following is characteristic of decentralized information security management across a geographically dispersed organization? A. More uniformity in quality of service B. Better adherence to policies C. Better alignment to business unit needs D. More savings in total operating costs View AnswerAnswer: C Explanation: Decentralization of information security management generally results in better alignment to business unit needs. It is generally more expensive to…