Isaca CISM Exam Practice Test Instant Access

Question 1

Labeling information according to its security classification:

Aaffects the consequences if information is handled insecurely,

Binduces the number and type of counter measures required

Cenhances the likelihood of people handling information securely,

Dreduces the need to identify baseline controls for each classification.

Answer : B

Question 2

Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?

AThe framework includes industry-recognized information security best practices.

BThe number of security incidents has significantly declined

CThe business has obtained framework certification.

DObjectives in the framework correlate directly to business practices

Answer : D

Question 3

Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?

AThe framework includes industry-recognized information security best practices.

BThe number of security incidents has significantly declined

CThe business has obtained framework certification.

DObjectives in the framework correlate directly to business practices

Answer : D

Question 4

Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

ARedundant

BShared

CWarm

DMobile

Answer : A

Question 5

A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:

Agenerating hash output that is the same size as the original message,

Brequiring the recipient to use a different hash algorithm,

Cusing the senders public key to encrypt the message.

Dusing a secret key m conjunction with the hash algorithm.

Answer : D

Question 6

Which of the following BEST enables senior management to monitor the organization's risk exposure?

AMonthly reporting on changes to the risk profile .

BMonthly reporting on information security incidents.

CMonthly reporting on new threats and vulnerabilities

DMonthly reporting on the IT risk register

Answer : A

Question 7

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

AUpdate disciplinary processes to address privacy violations

BCreate an inventory of systems where personal C stored

CEvaluate privacy technologies required for data protection

DEncrypt all personal data stored on systems and networks

Answer : B

Isaca Certified Information Security Manager Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7