CISM 1 of 4 Exam Questions &
Answers (Grade A+)
Which of the following should be the FIRST step in developing an
information security plan?
A.
Perform a technical vulnerabilities assessment
B.
Analyze the current business strategy
C.
Perform a business impact analysis
D.
Assess the current levels of security awareness -
correct answer ✅B.
Analyze the current business strategy
The MOST appropriate role for senior management in supporting
information security is the:
A.
evaluation of vendors offering security products.
B.
assessment of risks to the organization.
C.
,CISM 1 of 4 Exam Questions &
Answers (Grade A+)
approval of policy statements and funding.
D.
monitoring adherence to regulatory requirements. -
correct answer ✅C.
approval of policy statements and funding.
Senior management commitment and support for information
security can BEST be obtained
through presentations that:
A.
use illustrative examples of successful attacks.
B.
explain the technical risks to the organization.
C.
evaluate the organization against best security practices.
D.
tie security risks to key business objectives. -
correct answer ✅D.
tie security risks to key business objectives.
,CISM 1 of 4 Exam Questions &
Answers (Grade A+)
Which of the following would BEST ensure the success of
information security governance within
an organization?
A.
Steering committees approve security projects
B.
Security policy training provided to all managers
C.
Security training available to all employees on the intranet
D.
Steering committees enforce compliance with laws and regulations
-
correct answer ✅A.
Steering committees approve security projects
Information security governance is PRIMARILY driven by:
A.
technology constraints.
B.
regulatory requirements.
, CISM 1 of 4 Exam Questions &
Answers (Grade A+)
C.
litigation potential.
D.
business strategy. -
correct answer ✅D.
business strategy.
Which of the following represents the MAJOR focus of privacy
regulations?
A.
Unrestricted data mining
B.
Identity theft
C.
Human rights protection D.
D.
Identifiable personal data -
correct answer ✅D.
Identifiable personal data
Answers (Grade A+)
Which of the following should be the FIRST step in developing an
information security plan?
A.
Perform a technical vulnerabilities assessment
B.
Analyze the current business strategy
C.
Perform a business impact analysis
D.
Assess the current levels of security awareness -
correct answer ✅B.
Analyze the current business strategy
The MOST appropriate role for senior management in supporting
information security is the:
A.
evaluation of vendors offering security products.
B.
assessment of risks to the organization.
C.
,CISM 1 of 4 Exam Questions &
Answers (Grade A+)
approval of policy statements and funding.
D.
monitoring adherence to regulatory requirements. -
correct answer ✅C.
approval of policy statements and funding.
Senior management commitment and support for information
security can BEST be obtained
through presentations that:
A.
use illustrative examples of successful attacks.
B.
explain the technical risks to the organization.
C.
evaluate the organization against best security practices.
D.
tie security risks to key business objectives. -
correct answer ✅D.
tie security risks to key business objectives.
,CISM 1 of 4 Exam Questions &
Answers (Grade A+)
Which of the following would BEST ensure the success of
information security governance within
an organization?
A.
Steering committees approve security projects
B.
Security policy training provided to all managers
C.
Security training available to all employees on the intranet
D.
Steering committees enforce compliance with laws and regulations
-
correct answer ✅A.
Steering committees approve security projects
Information security governance is PRIMARILY driven by:
A.
technology constraints.
B.
regulatory requirements.
, CISM 1 of 4 Exam Questions &
Answers (Grade A+)
C.
litigation potential.
D.
business strategy. -
correct answer ✅D.
business strategy.
Which of the following represents the MAJOR focus of privacy
regulations?
A.
Unrestricted data mining
B.
Identity theft
C.
Human rights protection D.
D.
Identifiable personal data -
correct answer ✅D.
Identifiable personal data
