ISACA CISM 2-15 Exam Questions &
Answers (Grade A+)
Decisions regarding information security are best supported by -
correct answer ✅effective metrics
effective metrics are essential to provide information needed to
make decisions. Metrics are quantifiable entity that allows the
measurement of the achievement of a process goal.
A project manager is developing a developer portal and request
that the security manager assign a public IP address so that it can
be accessed by in house staff and by external consultants outside
the organization's local area network (LAN). What should the
security manager do first? -
correct answer ✅understand the business requirements of the
portal
you cannot make an uninformed decision. Learn and understand
the business requirement first! Vulernability accessment and
Intrustion detection systems (IDS) are subsequent tasks
Which of the following should be understood before defining risk
management strategies? -
correct answer ✅organizational objectives and risk appetite
Analyze the org's objectives and risk appetite, then define a risk
mgt framework based on the analysis; Some org's may accept
known risks;
, ISACA CISM 2-15 Exam Questions &
Answers (Grade A+)
Primary concern of an info security manager documenting a formal
data retention policy is -
correct answer ✅Business Requirements!
Best practices are useful, but not primary; Legislative or regulatory
are only primary if they are part of the business requirments
the maturity of an info security program is primarily the result of -
correct answer ✅An effective info security strategy;
Strategy provides clear direction on how the organization will attain
security outcomes and directed by senior mgt;
Other note:
Assess and analyzing risk is required to develop a strategy; provide
info needed to develop it, but will not define the scope and charter
of the security program;
Security architecture is a part of a larger security plan
Applicability statement is part of strategy implementation using ISO
27001 or 27002 after determining the scope & responsibilities of
the program
Answers (Grade A+)
Decisions regarding information security are best supported by -
correct answer ✅effective metrics
effective metrics are essential to provide information needed to
make decisions. Metrics are quantifiable entity that allows the
measurement of the achievement of a process goal.
A project manager is developing a developer portal and request
that the security manager assign a public IP address so that it can
be accessed by in house staff and by external consultants outside
the organization's local area network (LAN). What should the
security manager do first? -
correct answer ✅understand the business requirements of the
portal
you cannot make an uninformed decision. Learn and understand
the business requirement first! Vulernability accessment and
Intrustion detection systems (IDS) are subsequent tasks
Which of the following should be understood before defining risk
management strategies? -
correct answer ✅organizational objectives and risk appetite
Analyze the org's objectives and risk appetite, then define a risk
mgt framework based on the analysis; Some org's may accept
known risks;
, ISACA CISM 2-15 Exam Questions &
Answers (Grade A+)
Primary concern of an info security manager documenting a formal
data retention policy is -
correct answer ✅Business Requirements!
Best practices are useful, but not primary; Legislative or regulatory
are only primary if they are part of the business requirments
the maturity of an info security program is primarily the result of -
correct answer ✅An effective info security strategy;
Strategy provides clear direction on how the organization will attain
security outcomes and directed by senior mgt;
Other note:
Assess and analyzing risk is required to develop a strategy; provide
info needed to develop it, but will not define the scope and charter
of the security program;
Security architecture is a part of a larger security plan
Applicability statement is part of strategy implementation using ISO
27001 or 27002 after determining the scope & responsibilities of
the program
