CISM 3 (3.7) Exam Questions &
Answers (Grade A+)
Which of the following ensures that newly identified security
weaknesses in an operating system are mitigated in a timely
fashion? -
correct answer ✅patch management
Which of the following is MOST effective in preventing the
introduction of a code modification that may reduce the security of
a critical business application? -
correct answer ✅change management
Which of the following is the MOST important management signoff
for migrating an order processing system from a test environment
to a production environment? -
correct answer ✅user
When a departmental system continues to be out of compliance
with an information security policy's password strength
requirements, the BEST action to undertake is to: -
correct answer ✅conduct a risk assessment to quantify the risk
Which of the following presents the GREATEST threat to the
security of an enterprise resource planning (ERP) system? -
, CISM 3 (3.7) Exam Questions &
Answers (Grade A+)
correct answer ✅operating system (OS) security patches have not
been applied
What is the BEST method to verify that all security patches applied
to servers were properly documented? -
correct answer ✅trace OS patch logs to change control requests
To help ensure that contract personnel do not obtain unauthorized
access to sensitive information, an information security manager
should PRIMARILY: -
correct answer ✅avoid granting system administration roles
Which of the following is the MOST appropriate method to protect
a password that opens a confidential file? -
correct answer ✅out-of-band channels
What is the MOST effective access control method to prevent users
from sharing files with unauthorized users? -
correct answer ✅mandatory
Which of the following is the MOST appropriate individual to
ensure that new exposures have not been introduced into an
Answers (Grade A+)
Which of the following ensures that newly identified security
weaknesses in an operating system are mitigated in a timely
fashion? -
correct answer ✅patch management
Which of the following is MOST effective in preventing the
introduction of a code modification that may reduce the security of
a critical business application? -
correct answer ✅change management
Which of the following is the MOST important management signoff
for migrating an order processing system from a test environment
to a production environment? -
correct answer ✅user
When a departmental system continues to be out of compliance
with an information security policy's password strength
requirements, the BEST action to undertake is to: -
correct answer ✅conduct a risk assessment to quantify the risk
Which of the following presents the GREATEST threat to the
security of an enterprise resource planning (ERP) system? -
, CISM 3 (3.7) Exam Questions &
Answers (Grade A+)
correct answer ✅operating system (OS) security patches have not
been applied
What is the BEST method to verify that all security patches applied
to servers were properly documented? -
correct answer ✅trace OS patch logs to change control requests
To help ensure that contract personnel do not obtain unauthorized
access to sensitive information, an information security manager
should PRIMARILY: -
correct answer ✅avoid granting system administration roles
Which of the following is the MOST appropriate method to protect
a password that opens a confidential file? -
correct answer ✅out-of-band channels
What is the MOST effective access control method to prevent users
from sharing files with unauthorized users? -
correct answer ✅mandatory
Which of the following is the MOST appropriate individual to
ensure that new exposures have not been introduced into an
