ISACA Certified Information Security
Manager (CISM) Prep Exam Questions
& Answers (Grade A+)
Which of the following is the primary step in control
implementation for a new business application? -
correct answer ✅D. Risk assessment
When implementing an information security program, in which
phase of the implementation should metrics be established to
assess the effectiveness of the program over time?" -
correct answer ✅Either
B. Initiation
C. Design
Data owners are concerned and responsible for who has access to
their resources and therefore need to be concerned with the
strategy of how to mitigate risk of data resource usage. Which of
the following actions facilitates that responsibility? -
correct answer ✅B. Entitlement changes
Which of the following is the best method to determine the
effectiveness of the incident response process? -
correct answer ✅C. Post-incident review
, ISACA Certified Information Security
Manager (CISM) Prep Exam Questions
& Answers (Grade A+)
When properly implemented, a risk management program should
be designed to reduce an organization's risk to: -
correct answer ✅C. A level at which the organization is willing to
accept
What controls the process of introducing changes to systems to
ensure that unintended changes are not introduced? -
correct answer ✅C. Change management
All actions dealing with incidents must be worked with cyclical
consideration. What is the primary post-incident review takeaway?
-
correct answer ✅Either
A. Pursuit of legal action
B. Identify personnel failures
D. Derive ways to improve the response process
If a forensics copy of a hard drive is required for legal matters,
which of the following options provide the best solid defense for
Manager (CISM) Prep Exam Questions
& Answers (Grade A+)
Which of the following is the primary step in control
implementation for a new business application? -
correct answer ✅D. Risk assessment
When implementing an information security program, in which
phase of the implementation should metrics be established to
assess the effectiveness of the program over time?" -
correct answer ✅Either
B. Initiation
C. Design
Data owners are concerned and responsible for who has access to
their resources and therefore need to be concerned with the
strategy of how to mitigate risk of data resource usage. Which of
the following actions facilitates that responsibility? -
correct answer ✅B. Entitlement changes
Which of the following is the best method to determine the
effectiveness of the incident response process? -
correct answer ✅C. Post-incident review
, ISACA Certified Information Security
Manager (CISM) Prep Exam Questions
& Answers (Grade A+)
When properly implemented, a risk management program should
be designed to reduce an organization's risk to: -
correct answer ✅C. A level at which the organization is willing to
accept
What controls the process of introducing changes to systems to
ensure that unintended changes are not introduced? -
correct answer ✅C. Change management
All actions dealing with incidents must be worked with cyclical
consideration. What is the primary post-incident review takeaway?
-
correct answer ✅Either
A. Pursuit of legal action
B. Identify personnel failures
D. Derive ways to improve the response process
If a forensics copy of a hard drive is required for legal matters,
which of the following options provide the best solid defense for
