Free Isaca CISM Exam Dumps and CISM Exam Questions

Question No: 1

MultipleChoice

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation. However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges. Which of the following would BEST enable regulatory compliance?

Options

AGovernance, risk, and compliance (GRC) system

BPrivileged access management (PAM) system

CMulti-factor authentication (MFA) system

DIdentity and access management (1AM) system

Question No: 2

MultipleChoice

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?

Options

AEstablish a capability maturity model.

BPerform a skills gap analysis.

CDevelop a training plan.

DConduct a risk assessment.

Question No: 3

MultipleChoice

Which of the following is the MOST important output from a post-incident review?

Options

ARevised business impact analysis (BIA)

BCompilation of incident-related costs

CRepository of digital forensic artifacts

DDocumentation of lessons learned

Question No: 4

MultipleChoice

Mitigating technology risks to acceptable levels should be based PRIMARILY upon

Options

Alegal and regulatory requirements.

Bbusiness process requirements.

Cbusiness process reengineenng.

Dinformation security budget.

Question No: 5

MultipleChoice

Which of the following metrics BEST measures the effectiveness of an organization's information security program?

Options

AIncrease in risk assessments completed

BReduction in information security incidents

CReturn on information security investment

DNumber of information security business cases developed

Question No: 6

MultipleChoice

In a call center, the BEST reason to conduct a social engineering exercise is to:

Options

Again funding (or information security initiatives.

Bminimize the likelihood of successful attacks.

Cimprove password policy.

Didentify candidates for additional security training.

Question No: 7

MultipleChoice

An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRS'F?ter defense? the security policy framework encompasses the new business model is to:

Options

Aperform a gap analysis.

Bmerge both companies' policies.

Cperform a vulnerability assessment.

Dimplement both companies' policies separately.

Question No: 8

MultipleChoice

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

Options

AA simulated denial of service (DoS) attack against the firewall

BA validation of the current firewall rule set

CA port scan of the firewall from an internal source

DA ping test from an external source

Question No: 9

MultipleChoice

Which of the following is the MOST Important outcome of a post-Incident review?

Options

AThe person responsible for the incident Is identified.

BThe root cause of the Incident Is determined.

CThe system affected by the Incident is restored to its prior state.

DThe impact of the incident is reported to senior management.

Question No: 10

MultipleChoice

The PRIMARY goal of information security governance is to:

Options

Areduce risk to an acceptable level.

Bestablish a security strategy.

Calign with business objectives.

Dalign with business processes.