Isaca CISM Exam Practice Test Instant Access

Question 1

Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?

ALack of knowledgeable personnel

BLack of communication processes

CLack of process documentation

DLack of alignment with organizational goals

Answer : A

Question 2

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

AReview current recovery policies.

BDefine the organizational strategy.

CPrioritize the critical processes.

DReview existing cyber insurance coverage.

Answer : B

Question 3

The PRIMARY reason to properly classify information assets is to determine:

Aappropriate encryption strength using a risk-based approach.

Bthe business impact if assets are compromised.

Cthe appropriate protection based on sensitivity.

Duser access levels based on the need to know.

Answer : C

Question 4

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Aquickly resolved and eliminated regardless of cost.

Btracked and reported on until their final resolution.

Cdocumented in security awareness programs.

Dnoted and re-examined later if similar weaknesses are found.

Answer : D

Question 5

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

AIndustry benchmarks

BSecurity training test results

CPerformance measures for existing controls

DNumber of false positives

Answer : C

Question 6

Once a suite of security controls has been successfully implemented for an organization's business units, it is MOST important for the information security manager to:

Ahand over the controls to the relevant business owners.

Bensure the controls are regularly tested for ongoing effectiveness.

Cperform testing to compare control performance against industry levels.

Dprepare to adapt the controls for future system upgrades.

Answer : B

Question 7

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

ABusiness impact analysis (BIA) results

BVulnerability assessment results

CThe business continuity plan (BCP)

DRecommendations from senior management

Answer : A

Isaca Certified Information Security Manager Exam Practice Test