Isaca CISM - Certified Information Security Manager Exam
Page: 1 / 250
Total 1250 questions
Question #1 (Topic: Single Topic)
An information security risk analysis BEST assists an organization in ensuring that:
A. the infrastructure has the appropriate level of access control.
B. cost-effective decisions are made with regard to which assets need protection
C. an appropriate level of funding is applied to security processes.
D. the organization implements appropriate security technologies
Answer: B
Question #2 (Topic: Single Topic)
In a multinational organization, local security regulations should be implemented over global security policy because:
A. business objectives are defined by local business unit managers.
B. deploying awareness of local regulations is more practical than of global policy.
C. global security policies include unnecessary controls for local businesses.
D. requirements of local regulations take precedence.
Answer: D
Question #3 (Topic: Single Topic)
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security
manager should FIRST:
manager should FIRST:
A. conduct a cost-benefit analysis.
B. conduct a risk assessment.
C. interview senior management.
D. perform a gap analysis.
Answer: B
Question #4 (Topic: Single Topic)
When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security
controls as well as to select new information security controls?
controls as well as to select new information security controls?
A. Access control management
B. Change management
C. Configuration management
D. Risk management
Answer: D
Question #5 (Topic: Single Topic)
Which of the following is the BEST way to build a risk-aware culture?
A. Periodically change risk awareness messages.
B. Ensure that threats are communicated organization-wide in a timely manner.
C. Periodically test compliance with security controls and post results.
D. Establish incentives and a channel for staff to report risks.
Answer: D
