CISM - Information Security Program
Development and Management Exam
Questions & Answers (Grade A+)
Who can best advocate the development of and ensure the success
of an information security program? -
correct answer ✅Steering committee
Which of the following BEST ensures that information transmitted
over the internet will remain confidential? -
correct answer ✅A virtual private network
What does the effectiveness of virus detection software MOST
depend on? -
correct answer ✅Definition files
Which of the following is the MOST cost-effective type of access
control? -
correct answer ✅Role-based
Who should be responsible for enforcing access rights to
application data? -
correct answer ✅Security administrators
, CISM - Information Security Program
Development and Management Exam
Questions & Answers (Grade A+)
When designing an intrusion detection system, the information
security manager should recommend that it be placed: -
correct answer ✅on a screened subnet
The BEST reason for an organization to implement two discrete
firewalls connected directly to the internet and the same
demilitarized zone would be to: -
correct answer ✅permit traffic load balancing
When designing information security standards for an enterprise,
the information security manager should require that an external
server should be placed: -
correct answer ✅on a screened subnet
Which of the following is the BEST metric for evaluating the
effectiveness security awareness training? -
correct answer ✅The number of reported incidents
What is the MOST important contractual element when contracting
with an outsourcer to provide security administration? -
correct answer ✅The service level agreement
Development and Management Exam
Questions & Answers (Grade A+)
Who can best advocate the development of and ensure the success
of an information security program? -
correct answer ✅Steering committee
Which of the following BEST ensures that information transmitted
over the internet will remain confidential? -
correct answer ✅A virtual private network
What does the effectiveness of virus detection software MOST
depend on? -
correct answer ✅Definition files
Which of the following is the MOST cost-effective type of access
control? -
correct answer ✅Role-based
Who should be responsible for enforcing access rights to
application data? -
correct answer ✅Security administrators
, CISM - Information Security Program
Development and Management Exam
Questions & Answers (Grade A+)
When designing an intrusion detection system, the information
security manager should recommend that it be placed: -
correct answer ✅on a screened subnet
The BEST reason for an organization to implement two discrete
firewalls connected directly to the internet and the same
demilitarized zone would be to: -
correct answer ✅permit traffic load balancing
When designing information security standards for an enterprise,
the information security manager should require that an external
server should be placed: -
correct answer ✅on a screened subnet
Which of the following is the BEST metric for evaluating the
effectiveness security awareness training? -
correct answer ✅The number of reported incidents
What is the MOST important contractual element when contracting
with an outsourcer to provide security administration? -
correct answer ✅The service level agreement
