CISM Domain 1- Information Security
Governance 4 | 6 Exam Questions &
Answers (Grade A+)
An enterprise has to comply with recently published industry
regulatory requirements that potentially have high implementation
costs. What should the information security manager do FIRST?
A.Consult the security committee.
B.Perform a gap analysis.
C.Implement compensating controls.
D.Demand immediate compliance. -
correct answer ✅B.Perform a gap analysis.
Which of the following choices is the MOST important
consideration when developing the security strategy of a company
operating in different countries?
A.Diverse attitudes toward security by employees and management
B.Time differences and the ability to reach security officers
C.A coherent implementation of security policies and procedures in
all countries
D.Compliance with diverse laws and governmental regulations -
correct answer ✅D.Compliance with diverse laws and
governmental regulations
, CISM Domain 1- Information Security
Governance 4 | 6 Exam Questions &
Answers (Grade A+)
What activity should the information security manager perform
FIRST after finding that compliance with a set of standards is weak?
A.Initiate the exception process.
B.Modify policy to address the risk.
C.Increase compliance enforcement.
D.Perform a risk assessment. -
correct answer ✅D.Perform a risk assessment.
Compliance with legal and regulatory requirements is:
A.a security decision.
B.a business decision.
C.an absolute requirement.
D.conditional and based on cost. -
correct answer ✅B.a business decision.
Which of the following would BEST prepare an information security
manager for regulatory reviews?
A.Assign an information security administrator as regulatory liaison.
B.Perform self-assessments using regulatory guidelines and reports.
Governance 4 | 6 Exam Questions &
Answers (Grade A+)
An enterprise has to comply with recently published industry
regulatory requirements that potentially have high implementation
costs. What should the information security manager do FIRST?
A.Consult the security committee.
B.Perform a gap analysis.
C.Implement compensating controls.
D.Demand immediate compliance. -
correct answer ✅B.Perform a gap analysis.
Which of the following choices is the MOST important
consideration when developing the security strategy of a company
operating in different countries?
A.Diverse attitudes toward security by employees and management
B.Time differences and the ability to reach security officers
C.A coherent implementation of security policies and procedures in
all countries
D.Compliance with diverse laws and governmental regulations -
correct answer ✅D.Compliance with diverse laws and
governmental regulations
, CISM Domain 1- Information Security
Governance 4 | 6 Exam Questions &
Answers (Grade A+)
What activity should the information security manager perform
FIRST after finding that compliance with a set of standards is weak?
A.Initiate the exception process.
B.Modify policy to address the risk.
C.Increase compliance enforcement.
D.Perform a risk assessment. -
correct answer ✅D.Perform a risk assessment.
Compliance with legal and regulatory requirements is:
A.a security decision.
B.a business decision.
C.an absolute requirement.
D.conditional and based on cost. -
correct answer ✅B.a business decision.
Which of the following would BEST prepare an information security
manager for regulatory reviews?
A.Assign an information security administrator as regulatory liaison.
B.Perform self-assessments using regulatory guidelines and reports.
