ISACA CISM Certification Sample Questions and Answers Updated (2024) (Verified Answers)
01. IT-related risk management activities are MOST effective when they are:
a) treated as a distinct process
b) conducted by the IT department
c) communicated to all employees
d) integrated within busines...
isaca cism certification sample questions and answ
Written for
ISACA Cybersecurity
All documents for this subject (11)
Seller
Follow
LectDan
Reviews received
Content preview
ISACA CISM Certification Sample Questions
and Answers Updated (2024) (Verified
Answers)
01. IT-related risk management activities are MOST effective when they are:
a) treated as a distinct process
b) conducted by the IT department
c) communicated to all employees
d) integrated within business processes
Answer:
d) integrated within business processes
02. A risk assessment and business impact analysis (BIA) have been completed for a major proposed
purchase and new process for an organization.
There is disagreement between the information security manager and the business department
manager who will be responsible for evaluating the results and identified risk.
Which of the following would be the BEST approach of the information security manager?
a) Acceptance of the business manager's decision on the risk to the corporation
b) Acceptance of the information security manager's decision on the risk to the corporation
c) Review of the risk assessment with executive management for final input
d) Create a new risk assessment and BIA to resolve the disagreement
Answer:
c) Review of the risk assessment with executive management for final input
03. Who is accountable for ensuring that information is categorized and that specific protective
measures are taken?
a) The security officer
b) Senior management
c) The end user
d) The custodian
Answer:
b) Senior management
04. Abnormal server communication from inside the organization to external parties may be
monitored to:
a) record the trace of advanced persistent threats
b) evaluate the process resiliency of server operations
c) verify the effectiveness of an intrusion detection system
d) support a nonrepudiation framework in e-commerce
Answer:
a) record the trace of advanced persistent threats
05. Which of the following is the BEST way to detect an intruder who successfully penetrates a
network before significant damage is inflicted?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.39. You're not tied to anything after your purchase.