Certified Information Security Manager

Here you have the best Isaca CISM practice exam questions

  • You have 1117 total questions to study from
  • Each page has 5 questions, making a total of 224 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 12, 2024
Question 1 of 1117

An information security risk analysis BEST assists an organization in ensuring that:

    Correct Answer: B

    An information security risk analysis helps an organization make cost-effective decisions regarding which assets need protection by identifying and prioritizing potential risks. This process involves assessing the likelihood and impact of various threats and determining which assets are most critical and require appropriate security measures based on the level of risk they pose. Hence, it ensures that resources are allocated efficiently to safeguard the most important assets.

Question 2 of 1117

In a multinational organization, local security regulations should be implemented over global security policy because:

    Correct Answer: D

    In a multinational organization, local security regulations should take precedence over global security policy because the requirements of local regulations are mandatory and enforceable by law. Adhering to local regulations is essential to ensure legal compliance within each region the organization operates in. Failure to comply with local regulations could result in legal penalties, financial loss, and reputational damage. Therefore, local regulations must be given priority to meet the legal requirements specific to each locality.

Question 3 of 1117

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

    Correct Answer: D

    To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should first perform a gap analysis. A gap analysis will identify the difference between the current state of the organization's security controls and the requirements of the new regulation. This analysis will highlight any deficiencies or areas where the organization is not yet compliant, providing a clear understanding of the changes needed.

Question 4 of 1117

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

    Correct Answer: D

    When management changes the enterprise business strategy, the process to be used for evaluating the existing information security controls and selecting new ones is risk management. Risk management involves identifying, assessing, and prioritizing risks to an organization and updating controls to mitigate those risks according to the new business strategy. This process ensures that the information security controls are aligned with the organization's current risk landscape and strategic objectives. Other processes like access control management, change management, and configuration management are important but do not encompass the comprehensive evaluation and selection of controls in the context of changing business strategies.

Question 5 of 1117

Which of the following is the BEST way to build a risk-aware culture?

    Correct Answer: D

    Establishing incentives and a channel for staff to report risks is the best approach to building a risk-aware culture. This method encourages employees to be vigilant and proactive in identifying potential threats, as they feel valued and recognized for their contributions. Empowering staff to report risks fosters a sense of ownership and accountability, which are crucial elements in cultivating an environment where risk awareness becomes an integral part of organizational behavior.