Weekend Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 57

Which of the following is the BEST course of action when an online company discovers a network attack in progress?

A.

Dump all event logs to removable media

B.

Isolate the affected network segment

C.

Enable trace logging on ail events

D.

Shut off all network access points

Full Access
Question # 58

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

A.

Data masking

B.

Data retention strategy

C.

Data encryption standards

D.

Data loss prevention (DLP)

Full Access
Question # 59

Which of the following is the MOST important detail to capture in an organization ' s risk register?

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Full Access
Question # 60

An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Full Access
Question # 61

Which of the following is the MOST important consideration when defining control objectives?

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Full Access
Question # 62

Which of the following will BEST facilitate timely and effective incident response?

A.

Including penetration test results in incident response planning

B.

Assessing the risk of compromised assets

C.

Classifying the severity of an incident

D.

Notifying stakeholders when invoking the incident response plan

Full Access
Question # 63

What is the information security steering committee’s PRIMARY role in the development of security policies?

A.

Commissioning an organization-wide security audit

B.

Drafting language related to policy noncompliance

C.

Ensuring policies facilitate business practices

D.

Overseeing a gap analysis against industry best practice

Full Access
Question # 64

An enterprise has decided to procure security services from a third-party vendor to support its information security program. Which of the following is MOST important to include in the vendor selection criteria?

A.

Feedback from the vendor ' s previous clients

B.

Alignment of the vendor ' s business objectives with enterprise security goals

C.

The maturity of the vendor ' s internal control environment

D.

Penetration testing against the vendor ' s network

Full Access
Go to page: