Most Recent Isaca CISM Exam Questions & Answers

Prepare for the Isaca Certified Information Security Manager exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Isaca CISM exam and achieve success.

The questions for CISM were last updated on Jan 9, 2025.

Viewing page 1 out of 160 pages.
Viewing questions 1-5 out of 801 questions

Get All 801 Questions & Answers

Question No. 1

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Aadherence to international standards

Bavailability of financial resources

Cthe organization s risk tolerance

Dalignment with business needs
Verified Answer: According to the CISM Review Manual, 15th Edition, Chapter 3, Section
Explanation:3.2.1.1, 'Recommendations for enterprise investment in security technology should be primarily based on the organization's risk tolerance.'
CISM Review Manual, 15th Edition, Chapter 3, Section
Explanation:3.2.1.1, 'Recommendations for enterprise investment in security technology should be primarily based on the organization's risk tolerance.'1
Comprehensive and Detailed Explanation: The organization's risk tolerance is the degree of uncertainty that the organization is willing to accept in order to pursue its objectives. It reflects the organization's appetite for risk and its ability to cope with potential losses or disruptions. The higher the risk tolerance, the more aggressive and innovative the security investments can be, as they can help achieve faster growth or competitive advantage. The lower the risk tolerance, the more conservative and defensive the security investments should be, as they can help protect the organization's assets and reputation from potential threats.

Show Answer

Correct Answer: C

Question No. 2

Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

AThe organization's risk tolerance

BResource availability

CThe organization's mission

DIncident response team training

Show Answer

Correct Answer: A

The organization's risk tolerance is the most important factor to consider when choosing a shared alternate location for computing facilities, because it determines the acceptable level of risk exposure and the required recovery time objectives (RTOs) and recovery point objectives (RPOs) for the organization's critical business processes and information assets. Resource availability, the organization's mission, and incident response team training are also important considerations, but they are secondary to the risk tolerance.

Reference= CISM Review Manual, 16th Edition, page 290

Question No. 3

Which of the following is the BEST source of information to support an organization's information security vision and strategy?

AMetrics dashboard

BGovernance policies

CCapability maturity model

DEnterprise information security architecture

Show Answer

Correct Answer: D

Question No. 4

Which of the following is the MOST effective way to identify changes in an information security environment?

ABusiness impact analysis (BIA)

BAnnual risk assessments

CRegular penetration testing

DContinuous monitoring

Show Answer

Correct Answer: D

Continuous monitoring is the most effective way to identify changes in an information security environment, as it provides ongoing awareness of the security status, vulnerabilities, and threats that may affect the organization's information assets and risk posture. Continuous monitoring also helps to evaluate the performance and effectiveness of the security controls and processes, and to detect and respond to any deviations or incidents in a timely manner.(From CISM Review Manual 15th Edition and NIST Special Publication 800-1371)

Question No. 5

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

ADemonstrated return on security investment

BReduction in inherent risk

CResults of an emerging threat analysis

DReview of security metrics trends

Show Answer

Correct Answer: D

Review of security metrics trends is the best evidence to senior management that security control performance has improved because it helps to measure and demonstrate the effectiveness and efficiency of the security controls over time. Security metrics are quantitative or qualitative indicators that provide information about the security status or performance of an organization, system, process, or activity. Security metrics can be used to evaluate the implementation, operation, and outcome of security controls, such as the number of vulnerabilities detected and remediated, the time to respond and recover from incidents, the compliance level with security policies and standards, or the return on security investment. Review of security metrics trends helps to identify and communicate the progress, achievements, and challenges of the security program, as well as to support decision making and continuous improvement. Therefore, review of security metrics trends is the correct answer.

https://www.bitsight.com/blog/importance-continuous-improvement-security-performance-management

https://www.isaca.org/resources/isaca-journal/issues/2020/volume-6/key-performance-indicators-for-security-governance-part-2

https://www.nist.gov/news-events/news/2021/09/dhs-nist-coordinate-releasing-preliminary-cybersecurity-performance-goals.

Unlock All Questions for Isaca CISM Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 801 Questions & Answers