Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. ISACA
  5. CISM

Certified Information Security Manager
CISM Exam

Which of the following would be the MOST important goal of an information security governance program?

  1. Review of internal control mechanisms
  2. Effective involvement in business decision making
  3. Total elimination of risk factors
  4. Ensuring trust in data

Answer(s): D

Explanation:

The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance. Review of internal control mechanisms relates more to auditing, while the total elimination of risk factors is not practical or possible. Proactive involvement in business decision making implies that security needs dictate business needs when, in fact, just the opposite is true. Involvement in decision making is important only to ensure business data integrity so that data can be trusted.



Relationships among security technologies are BEST defined through which of the following?

  1. Security metrics
  2. Network topology
  3. Security architecture
  4. Process improvement models

Answer(s): C

Explanation:

Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain the use and relationships of security technologies.

Process improvement models and network topology diagrams also do not describe the use and relationships of these technologies.



A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?

  1. Enforce the existing security standard
  2. Change the standard to permit the deployment
  3. Perform a risk analysis to quantify the risk
  4. Perform research to propose use of a better technology

Answer(s): C

Explanation:

Resolving conflicts of this type should be based on a sound risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. A blanket decision should never be given without conducting such an analysis. Enforcing existing standards is a good practice; however, standards need to be continuously examined in light of new technologies and the risks they present. Standards should not be changed without an appropriate risk assessment.



Acceptable levels of information security risk should be determined by:

  1. legal counsel.
  2. security management.
  3. external auditors.
  4. die steering committee.

Answer(s): D

Explanation:

Senior management, represented in the steering committee, has ultimate responsibility for determining what levels of risk the organization is willing to assume. Legal counsel, the external auditors and security management are not in a position to make such a decision.




Lee W.
Just thought I would let you know I took the CCDA test on Tuesday, like I planned and scored a 902!"
- China
Upvote


Micheal C.
I have used your Exams for preparation for 70-290, 70-291, 70-292, 70-296, 70-298, 70- 299, 70-300, 70-305, 70-310, 70-315, 70-316,70-320. I also passed all those on the first round. I'm currently preparing for the CCNA.
- ON
Upvote


kris J.
Now my dream has come true. I thank you a million times for the best study guides that you provided to a poor kid like me....I got it. Finally MCSE. Best regards,
- GERMANY
Upvote


Jason
I passed my CCNA exam yesterday. I would like to make some comments. "Excellent Study Guide, Excellent Support Service, Excellent Examination Web Site" Best Regards
- UNITED STATES
Upvote


Micheal
Thanks for your study guides, i have passed it. All questions in your material, we study this only 2 days. Thanks very very much!!!!!
- UNITED STATES
Upvote


L. Woo
Thanks very much for your study guides, with your help i only use 3 weeks to take the MCSE. Your study guides are very very good.
- China
Upvote


Mick H.
I passed the CCIE Written exam 350-001 last Friday, Thanks very much for your study guide and your help.
- UNITED STATES
Upvote


Hagit
i ust wanted to thank you folks at braindumgalaxy.com for your assistance. I used your CCNP exams for practice and to identify my weak areas. Passed the CCNP recert on Tuesday without any big problems.
- Israel
Upvote


Cisco Engineer
I have found that your resources are probably the best on the market...and I work at Cisco.
- UNITED STATES
Upvote


Koshani
A well Good morning Dear braindumpgalaxy.com Team I wanna say that I passed the 000-888 yesterday and i am happy
- UNITED STATES
Upvote

Read more ...