Isaca CISM Exam Practice Test Instant Access

Question 1

Which of the following would be MOST important to include in a proposal justifying investments for an organization's information security program?

AVulnerability scan results

BCompetitor benchmark analysis

CPrevious security budget

DBusiness requirements

Answer : D

Comprehensive and Detailed Step-by-Step Explanation:

Justifying investments in information security requires aligning proposals with business objectives to gain management approval.

A . Vulnerability scan results: These provide technical insights but are insufficient for high-level justification.

B . Competitor benchmark analysis: While useful, this is less relevant than demonstrating direct alignment with organizational needs.

C . Previous security budget: Historical data may provide context but does not justify future needs.

D . Business requirements: This is the BEST answer because aligning security investments with business objectives demonstrates the value and necessity of the program to stakeholders.

Question 2

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

AVulnerability assessment

BAsset classification

CThreat analysis

DInternal audit findings

Answer : B

Question 3

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

ACentralized logging

BTime clock synchronization

CAvailable forensic tools

DAdministrator log access

Answer : B

Question 4

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

ATo ensure separation of duties is maintained

BTo ensure system audit trails are not bypassed

CTo prevent accountability issues

DTo prevent unauthorized user access

Answer : C

Question 5

Which of the following metrics would provide an accurate measure of an information security program's performance?

AA collection of qualitative indicators that accurately measure security exceptions

BA combination of qualitative and quantitative trends that enable decision making

CA collection of quantitative indicators that are compared against industry benchmarks

DA single numeric score derived from various measures assigned to the security program

Answer : A

Question 6

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

AIT strategy

BSecurity architecture

CBusiness case

DRisk assessment

Answer : C

Question 7

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

AEnforcing data retention

BDeveloping policy standards

CBenchmarking against industry peers

DCategorizing information assets

Answer : C

Isaca CISM Certified Information Security Manager Exam Practice Test