Download Certified Information Security Manager.CISM.ExamTopics.2026-05-07.500q.tqb

Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: May 07, 2026
File Size: 2 MB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
Who is BEST suited to determine how the information in a database should be classified?
  1. Information security analyst
  2. Database analyst
  3. Database administrator (DBA)
  4. Data owner
Correct answer: D
Question 2
Which of the following is the BEST way to demonstrate the alignment of the information security strategy with the business strategy?
  1. Show the relationship between information security goals and corporate goals.
  2. Compare the allocated budget for business with the information security budget.
  3. Present senior management's approval of information security policies.
  4. Provide evidence that information security is included in the change management process.
Correct answer: A
Question 3
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
  1. Balanced scorecard
  2. Benchmarking
  3. Heat map
  4. Risk matrix
Correct answer: A
Question 4
What is the PRIMARY benefit of using key performance indicators (KPIs) for information security risk management?
  1. Set targets against which the organization's information security function can be evaluated.
  2. Prevent potential undesirable events from affecting information security.
  3. Identify risk events that have already occurred from affecting information security.
  4. Establish the process for setting organizational objectives in light of information security risk.
Correct answer: A
Question 5
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
  1. normal network behavior and using it as a baseline for measuring abnormal activity.
  2. abnormal network behavior and using it as 4 baseline for measuring normal activity.
  3. abnormal network behavior and issuing instructions to the firewall to drop rogue connections.
  4. attack pattern signatures from historical data.
Correct answer: A
Question 6
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
  1. developing a security program that meets global and regional requirements.
  2. ensuring effective communication with local regulatory bodies.
  3. monitoring compliance with defined security policies and standards.
  4. using industry best practice to meet local legal regulatory requirements.
Correct answer: A
Question 7
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
  1. Create a security exception
  2. Assess the risk to business operations
  3. Perform a vulnerability assessment
  4. Perform a gap analysis to determine needed resources
Correct answer: B
Question 8
An information security manager has received confirmation that the organization's e-commerce website was breached, exposing customer information. What should be done FIRST?
  1. Inform affected customers
  2. Perform a vulnerability assessment
  3. Execute the incident response plan
  4. Take the affected systems offline
Correct answer: C
Question 9
When implementing a security policy for an organization handling personally identifiable information (PII), the MOST important objective should be:
  1. strong encryption
  2. regulatory compliance
  3. security awareness training
  4. data availability
Correct answer: B
Question 10
Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?
  1. Identify and assess the risk in the context of business objectives
  2. Consult with IT staff and assess the risk based on their recommendations
  3. Update the security policy based on the regulatory requirements
  4. Propose relevant controls to ensure the business complies with the regulation
Correct answer: A
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!