CISM Certified Information Security
Manager Exam Questions & Answers
(Grade A+)
The foundation of an information security program is: -
correct answer ✅Alignment with the goals and objectives of the
organization
The key factor in a successful information security program is -
correct answer ✅Senior Management Support
The core principles of an information security program are -
correct answer ✅Confidentiality, Integrity, and Availability
What is a threat? -
correct answer ✅Any event or action that could cause harm to the
organization
Threats can be either intentional or accidental? True or False -
correct answer ✅Tru
Personnel security requires trained personnel to manage systems
and networks. At what stage does personnel security begin? -
correct answer ✅Pre-employment checks
,CISM Certified Information Security
Manager Exam Questions & Answers
(Grade A+)
Who plays the most important role in information security? -
correct answer ✅Upper management
What is the advantage of an IPS intrusion prevention system over
an IDS intrusion detection system? -
correct answer ✅IPS can block suspicious activity in real time
Physical security is an important part of an information security
program. True or False? -
correct answer ✅True
The Sherwood Applied Business Security Architecture SABSA is
primarily concerned with -
correct answer ✅an enterprise = wide approach to security
architecture
A centralized approach to security has the primary advantage of -
correct answer ✅Uniform enforcement of security policies
The greatest advantage to a decentralized approach to security is: -
correct answer ✅More adjustable to local laws and requirements
, CISM Certified Information Security
Manager Exam Questions & Answers
(Grade A+)
A primary objective of an information security strategy is to: -
correct answer ✅Identify and protect information assets
The first step in an information security strategy is to: -
correct answer ✅Determine the desired state of security
Effective information security governance is based on: -
correct answer ✅implementing security policies and procedures
The use of a standard such as ISO27001 is useful to: -
correct answer ✅Ensure that all relevant security needs have been
addressed
Three main factors in a business case are resource usage, regulatory
compliance and: -
correct answer ✅Return on investment
What is a primary method for justifying investments in information
security? -
correct answer ✅development of a business case
Manager Exam Questions & Answers
(Grade A+)
The foundation of an information security program is: -
correct answer ✅Alignment with the goals and objectives of the
organization
The key factor in a successful information security program is -
correct answer ✅Senior Management Support
The core principles of an information security program are -
correct answer ✅Confidentiality, Integrity, and Availability
What is a threat? -
correct answer ✅Any event or action that could cause harm to the
organization
Threats can be either intentional or accidental? True or False -
correct answer ✅Tru
Personnel security requires trained personnel to manage systems
and networks. At what stage does personnel security begin? -
correct answer ✅Pre-employment checks
,CISM Certified Information Security
Manager Exam Questions & Answers
(Grade A+)
Who plays the most important role in information security? -
correct answer ✅Upper management
What is the advantage of an IPS intrusion prevention system over
an IDS intrusion detection system? -
correct answer ✅IPS can block suspicious activity in real time
Physical security is an important part of an information security
program. True or False? -
correct answer ✅True
The Sherwood Applied Business Security Architecture SABSA is
primarily concerned with -
correct answer ✅an enterprise = wide approach to security
architecture
A centralized approach to security has the primary advantage of -
correct answer ✅Uniform enforcement of security policies
The greatest advantage to a decentralized approach to security is: -
correct answer ✅More adjustable to local laws and requirements
, CISM Certified Information Security
Manager Exam Questions & Answers
(Grade A+)
A primary objective of an information security strategy is to: -
correct answer ✅Identify and protect information assets
The first step in an information security strategy is to: -
correct answer ✅Determine the desired state of security
Effective information security governance is based on: -
correct answer ✅implementing security policies and procedures
The use of a standard such as ISO27001 is useful to: -
correct answer ✅Ensure that all relevant security needs have been
addressed
Three main factors in a business case are resource usage, regulatory
compliance and: -
correct answer ✅Return on investment
What is a primary method for justifying investments in information
security? -
correct answer ✅development of a business case
