The ISACA Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CISM certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the ISACA Information Security Manager will help guide you through the study process for your certification.
ISACA Information Security Manager Exam Summary
● Exam Name: ISACA Certified Information Security Manager (CISM)
● Exam Code: CISM
● Exam Price: $760 (USD)
● Duration: 240 mins
● Number of Questions: 150
● Passing Score: 450/800
● Reference Books: CISM requirements, CISM Review Manual
● Schedule Exam: Exam Registration
● Sample Questions: ISACA CISM Sample Questions
Exam Syllabus: ISACA Certified Information Security Manager (CISM)
1. Domain 1
Information Security Governance
2. Domain 2
Information Risk Management
3. Domain 3
Information Security Program Development and Management
4. Domain 4
Information Security Incident Management
ISACA CISMCertification Sample Questions and Answers
To make you familiar with ISACA Information Security Manager (CISM) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for CISM Certification to test your understanding of ISACA CISMprocess with real ISACA certification exam environment.
CISM ISACA Information Security Manager Sample Questions:-
01. Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
a) Conduct awareness sessions on intellectual property policy
b) Require all employees to sign a nondisclosure agreement
c) Promptly remove all access when an employee leaves the organization
d) Restrict access to a need-to-know basis
02. Reviewing which of the following would BEST ensure that security controls are effective?
a) Risk assessment policies
b) Return on security investment
c) Security metrics
d) User access rights
03. An organization's information security strategy should be based on:
a) managing risk relative to business objectives.
b) managing risk to a zero level and minimizing insurance premiums.
c) avoiding occurrence of risks so that insurance is not required.
d) transferring most risks to insurers and saving on control costs.
04. When an emergency security patch is received via electronic mail, the patch should FIRST be:
a) loaded onto an isolated test machine.
b) decompiled to check for malicious code.
c) validated to ensure its authenticity.
d) copied onto write-once media to prevent tampering.
05. The criticality and sensitivity of information assets is determined on the basis of:
a) threat assessment.
b) vulnerability assessment.
c) resource dependency assessment.
d) impact assessment.
06. Which one of the following does NOT describe the terms under which a contractual agreement must be made?
a) Mutual
b) Free
c) Communicated to each other
d) Unilateral
07. In a business impact analysis, the value of an information system should be based on the overall cost:
a) of recovery.
b) to recreate.
c) if unavailable.
d) of emergency operations.
08. Who can BEST advocate the development of and ensure the success of an information security program?
a) Internal auditor
b) Chief operating officer (COO)
c) Steering committee
d) IT management
09. Data owners will determine what access and authorizations users will have by:
a) delegating authority to data custodian.
b) cloning existing user accounts.
c) determining hierarchical preferences.
d) mapping to business needs.
10. Reviewing which of the following would BEST ensure that security controls are effective?
a) Risk assessment policies
b) Return on security investment
c) Security metrics
d) User access rights
Answers:-
Answer 1 :- D
Answer 2 :- C
Answer 3 :- A
Answer 4 :- C
Answer 5 :- D
Answer 6 :- D
Answer 7 :- C
Answer 8 :- C
Answer 9 :- D
Answer 10:- C