CISM 7 Exam Questions & Answers
(Grade A+)
Several months after the installation of a new firewall with intrusion
prevention features to block malicious activity, a breach was
discovered that came in through the firewall shortly after
installation. This breach could have been detected earlier by
implementing firewall:
A. web surfing controls
B. packet filtering
C. application awareness
D. log monitoring -
correct answer ✅D. log monitoring
Which of the following BEST enables successful identification of a
potential IT security incident?
A. Configuration management standards
B. Event correlation
C. Network intrusion detection systems (NIDS)
D. File integrity monitoring -
correct answer ✅B. Event correlation
Which of the following is MOST important when providing updates
during a security incident?
,CISM 7 Exam Questions & Answers
(Grade A+)
A. Responding immediately to questions from the public
B. Validating the reliability of information prior to dissemination
C. Designating a communications representative
D. Ensuring timely incident information to internal stakeholders -
correct answer ✅B. Validating the reliability of information prior to
dissemination
Which of the following BEST demonstrates the added value of an
information security program?
A. Security baselines
B. A gap analysis
C. A SWOT analysis
D. A balanced scorecard -
correct answer ✅D. A balanced scorecard
To overcome the perception that security is a hindrance to business
activities, it is important for an information security manager to:
A. focus on compliance
B. reiterate the necessity of security
C. promote the relevance and contribution of security
,CISM 7 Exam Questions & Answers
(Grade A+)
D. rely on senior management to enforce security -
correct answer ✅C. promote the relevance and contribution of
security
Which of the following is the BEST indication of a mature
information security program?
A. Security spending is below budget.
B. Security incidents are managed properly.
C. Security resources are optimized.
D. Security audit findings are reduced. -
correct answer ✅C. Security resources are optimized.
An organization recently updated and published its information
security policy and standards. What should the information security
manager do NEXT?
A. Update the organization's risk register.
B. Develop a policy exception process.
C. Communicate the changes to stakeholders.
D. Conduct a risk assessment. -
correct answer ✅C. Communicate the changes to stakeholders.
, CISM 7 Exam Questions & Answers
(Grade A+)
Which type of recovery site is MOST reliable and can support
stringent recovery requirements?
A. Cold site
B. Warm site
C. Mobile site
D. Hot site
Reveal Solution -
correct answer ✅D. Hot site
Which of the following has the MOST influence on the information
security investment process?
A. Security key performance indicators (KPIs)
B. Organizational risk appetite
C. IT governance framework
D. Information security policy -
correct answer ✅B. Organizational risk appetite
After three (3) hours, the bad actor deleted the FTP directory,
causing incoming FTP attempts by legitimate customers to
failWhich of the following could have been prevented by
conducting regular incident response testing?
(Grade A+)
Several months after the installation of a new firewall with intrusion
prevention features to block malicious activity, a breach was
discovered that came in through the firewall shortly after
installation. This breach could have been detected earlier by
implementing firewall:
A. web surfing controls
B. packet filtering
C. application awareness
D. log monitoring -
correct answer ✅D. log monitoring
Which of the following BEST enables successful identification of a
potential IT security incident?
A. Configuration management standards
B. Event correlation
C. Network intrusion detection systems (NIDS)
D. File integrity monitoring -
correct answer ✅B. Event correlation
Which of the following is MOST important when providing updates
during a security incident?
,CISM 7 Exam Questions & Answers
(Grade A+)
A. Responding immediately to questions from the public
B. Validating the reliability of information prior to dissemination
C. Designating a communications representative
D. Ensuring timely incident information to internal stakeholders -
correct answer ✅B. Validating the reliability of information prior to
dissemination
Which of the following BEST demonstrates the added value of an
information security program?
A. Security baselines
B. A gap analysis
C. A SWOT analysis
D. A balanced scorecard -
correct answer ✅D. A balanced scorecard
To overcome the perception that security is a hindrance to business
activities, it is important for an information security manager to:
A. focus on compliance
B. reiterate the necessity of security
C. promote the relevance and contribution of security
,CISM 7 Exam Questions & Answers
(Grade A+)
D. rely on senior management to enforce security -
correct answer ✅C. promote the relevance and contribution of
security
Which of the following is the BEST indication of a mature
information security program?
A. Security spending is below budget.
B. Security incidents are managed properly.
C. Security resources are optimized.
D. Security audit findings are reduced. -
correct answer ✅C. Security resources are optimized.
An organization recently updated and published its information
security policy and standards. What should the information security
manager do NEXT?
A. Update the organization's risk register.
B. Develop a policy exception process.
C. Communicate the changes to stakeholders.
D. Conduct a risk assessment. -
correct answer ✅C. Communicate the changes to stakeholders.
, CISM 7 Exam Questions & Answers
(Grade A+)
Which type of recovery site is MOST reliable and can support
stringent recovery requirements?
A. Cold site
B. Warm site
C. Mobile site
D. Hot site
Reveal Solution -
correct answer ✅D. Hot site
Which of the following has the MOST influence on the information
security investment process?
A. Security key performance indicators (KPIs)
B. Organizational risk appetite
C. IT governance framework
D. Information security policy -
correct answer ✅B. Organizational risk appetite
After three (3) hours, the bad actor deleted the FTP directory,
causing incoming FTP attempts by legitimate customers to
failWhich of the following could have been prevented by
conducting regular incident response testing?
