Download Certified Information Security Manager.CISM.ExamTopics.2026-07-06.904q.vcex

Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Jul 06, 2026
File Size: 5 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Who is BEST suited to determine how the information in a database should be classified?
  1. Information security analyst
  2. Database analyst
  3. Database administrator (DBA)
  4. Data owner
Correct answer: D
Question 2
Which of the following is the BEST way to demonstrate the alignment of the information security strategy with the business strategy?
  1. Show the relationship between information security goals and corporate goals.
  2. Compare the allocated budget for business with the information security budget.
  3. Present senior management's approval of information security policies.
  4. Provide evidence that information security is included in the change management process.
Correct answer: A
Question 3
An employee of an organization has reported losing a smartphone that contains sensitive information. The BEST step to address this situation is to:
  1. remotely wipe the device.
  2. terminate the device connectivity.
  3. disable the user's access to corporate resources.
  4. escalate to the user's management.
Correct answer: A
Question 4
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
  1. Balanced scorecard
  2. Benchmarking
  3. Heat map
  4. Risk matrix
Correct answer: A
Question 5
Which of the following is the MOST important consideration when reporting on the status of information security activities?
  1. The report is comprehensive
  2. The report is updated on a regular basis
  3. The report is tailored to stakeholder needs
  4. The report structure is consistent with industry standards
Correct answer: C
Question 6
What is the PRIMARY benefit of using key performance indicators (KPIs) for information security risk management?
  1. Set targets against which the organization's information security function can be evaluated.
  2. Prevent potential undesirable events from affecting information security.
  3. Identify risk events that have already occurred from affecting information security.
  4. Establish the process for setting organizational objectives in light of information security risk.
Correct answer: A
Question 7
Which of the following factors would have the MOST significant impact on an organization's information security governance model?
  1. Corporate culture
  2. Outsourced processes
  3. Number of employees
  4. Security budget
Correct answer: A
Question 8
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
  1. normal network behavior and using it as a baseline for measuring abnormal activity.
  2. abnormal network behavior and using it as 4 baseline for measuring normal activity.
  3. abnormal network behavior and issuing instructions to the firewall to drop rogue connections.
  4. attack pattern signatures from historical data.
Correct answer: A
Question 9
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
  1. developing a security program that meets global and regional requirements.
  2. ensuring effective communication with local regulatory bodies.
  3. monitoring compliance with defined security policies and standards.
  4. using industry best practice to meet local legal regulatory requirements.
Correct answer: A
Question 10
Which of the following is the FIRST step in developing a business continuity plan (BCP)?
  1. Identify critical business processes.
  2. Determine the business recovery strategy
  3. Determine available resources
  4. Identify the applications with the shortest recovery time objectives (RTOs)
Correct answer: A
Question 11
Which of the following MUST be performed once risk has been accepted?
  1. Reassess the risk on a regular basis.
  2. Calculate the business impact of acceptance.
  3. Flag the risk to avoid future reassessment.
  4. Remove the risk from the risk register.
Correct answer: A
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!