CISM - Domain 1-4 Tests Exam
Questions & Answers (Grade A+)
An information security strategy document that includes specific
links to an organization's business activities is PRIMARILY an
indicator of -
correct answer ✅alignment
The PRIMARY focus on information security governance is to: -
correct answer ✅optimize the information security strategy to
achieve business objectives
Senior management commitment and support for information
security can BEST be enhanced through: -
correct answer ✅periodic review of alignment with business
management goals.
Which of the following is the MOST important element to consider
when initiating asset classification? -
correct answer ✅the consequences of losing system functionality
The information classification scheme should: -
correct answer ✅consider possible impact of a security breach
,CISM - Domain 1-4 Tests Exam
Questions & Answers (Grade A+)
After a risk assessment study, a bank with global operations
decided to continue doing business in certain regions of the world
where identity theft is rampant. The information security manager
should encourage the business to: -
correct answer ✅implement monitoring techniques to detect and
react to potential fraud
A security awareness program should: -
correct answer ✅address specific groups and roles
PRIMARY objective of conducting information security awareness
training for all users is to: -
correct answer ✅build a common understanding of information
security
Which of the following areas is MOST susceptible to the
introduction of security weaknesses? -
correct answer ✅configuration management
Which of the following is the MOST appropriate individual to
ensure that new exposures have not been introduced into an
existing application during the change management process? -
correct answer ✅system user
, CISM - Domain 1-4 Tests Exam
Questions & Answers (Grade A+)
When selecting a public cloud vendor to provide outsourced
infrastructure and software, an organization's information security
manager should: -
correct answer ✅verify that the vendor's security architecture
meets the organization's requirements
The FIRST priority when responding to a major security incident is: -
correct answer ✅containment
When designing the technical solution for a disaster recovery site,
the PRIMARY factor that should be taken into consideration is the: -
correct answer ✅recovery window
Alignment of a security program to business objectives is BEST
achieved through: -
correct answer ✅a security steering committee with
representatives from all business functions.
The MOST effective way to limit actual and potential impacts of e-
discovery in the event of litigation is to: -
correct answer ✅develop and enforce comprehensive retention
policies
Questions & Answers (Grade A+)
An information security strategy document that includes specific
links to an organization's business activities is PRIMARILY an
indicator of -
correct answer ✅alignment
The PRIMARY focus on information security governance is to: -
correct answer ✅optimize the information security strategy to
achieve business objectives
Senior management commitment and support for information
security can BEST be enhanced through: -
correct answer ✅periodic review of alignment with business
management goals.
Which of the following is the MOST important element to consider
when initiating asset classification? -
correct answer ✅the consequences of losing system functionality
The information classification scheme should: -
correct answer ✅consider possible impact of a security breach
,CISM - Domain 1-4 Tests Exam
Questions & Answers (Grade A+)
After a risk assessment study, a bank with global operations
decided to continue doing business in certain regions of the world
where identity theft is rampant. The information security manager
should encourage the business to: -
correct answer ✅implement monitoring techniques to detect and
react to potential fraud
A security awareness program should: -
correct answer ✅address specific groups and roles
PRIMARY objective of conducting information security awareness
training for all users is to: -
correct answer ✅build a common understanding of information
security
Which of the following areas is MOST susceptible to the
introduction of security weaknesses? -
correct answer ✅configuration management
Which of the following is the MOST appropriate individual to
ensure that new exposures have not been introduced into an
existing application during the change management process? -
correct answer ✅system user
, CISM - Domain 1-4 Tests Exam
Questions & Answers (Grade A+)
When selecting a public cloud vendor to provide outsourced
infrastructure and software, an organization's information security
manager should: -
correct answer ✅verify that the vendor's security architecture
meets the organization's requirements
The FIRST priority when responding to a major security incident is: -
correct answer ✅containment
When designing the technical solution for a disaster recovery site,
the PRIMARY factor that should be taken into consideration is the: -
correct answer ✅recovery window
Alignment of a security program to business objectives is BEST
achieved through: -
correct answer ✅a security steering committee with
representatives from all business functions.
The MOST effective way to limit actual and potential impacts of e-
discovery in the event of litigation is to: -
correct answer ✅develop and enforce comprehensive retention
policies
