Isaca CISM Exam Practice Test Instant Access

Question 1

Identifying which of the following BEST enables a cyberattack to be contained?

AThe vulnerability exploited by the attack

BThe segment targeted by the attack

CThe IP address of the computer that launched the attack

DThe threat actor that initiated the attack

Answer : B

Question 2

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

AVulnerability assessment

BAsset classification

CThreat analysis

DInternal audit findings

Answer : B

Question 3

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

ACentralized logging

BTime clock synchronization

CAvailable forensic tools

DAdministrator log access

Answer : B

Question 4

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

ATo ensure separation of duties is maintained

BTo ensure system audit trails are not bypassed

CTo prevent accountability issues

DTo prevent unauthorized user access

Answer : C

Question 5

Which of the following metrics would provide an accurate measure of an information security program's performance?

AA collection of qualitative indicators that accurately measure security exceptions

BA combination of qualitative and quantitative trends that enable decision making

CA collection of quantitative indicators that are compared against industry benchmarks

DA single numeric score derived from various measures assigned to the security program

Answer : A

Question 6

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

AEnforcing data retention

BDeveloping policy standards

CBenchmarking against industry peers

DCategorizing information assets

Answer : C

Question 7

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

AControl matrix

BBusiness impact analysis (BIA)

CRisk register

DInformation security policy

Answer : D

Isaca CISM Certified Information Security Manager Exam Practice Test