CISM - 6 Exam Questions & Answers
(Grade A+)
ID.Which of the following vulnerabilities allowing attackers access
to the application database is the MOST serious?
A. Validation checks are missing in data input pages.
B. Password rules do not allow sufficient complexity.
C. Application transaction log management is weak.
D. Application and database share a single access -
correct answer ✅A. Validation checks are missing in data input
pages.
Which of the following is the MOST effective security measure to
protect data held on mobile computing devices?
A.Biometric access control
B. Encryption of stored data
,CISM - 6 Exam Questions & Answers
(Grade A+)
C.Power-on passwords
D. Protection of data being transmitted -
correct answer ✅B. Encryption of stored data
With regard to the implementation of security awareness programs
in an organization, it is MOST relevant to understand that one of
the following aspects can change?
A. The security culture
B. The information technology
C. The compliance requirements
D. the threats and vulnerabilities -
correct answer ✅D. the threats and vulnerabilities
Who is in the BEST position to determine the level of information
security needed for a specific business application?
,CISM - 6 Exam Questions & Answers
(Grade A+)
A.The system developer
B. The information security manager
C. The system custodian
D. the data owner -
correct answer ✅D. the data owner
What is the BEST method for mitigating against network denial-of-
service (DoS) attacks?
A.Ensure all servers are up-to-date on OS patches.
B.Employ packet filtering to drop suspect packets.
C. Implement network address translation to make internal
addresses nonroutable.
, CISM - 6 Exam Questions & Answers
(Grade A+)
D. Implement load balancing for Internet facing devices. -
correct answer ✅B.Employ packet filtering to drop suspect
packets.
Outsourcing combined with indemnification:
A.reduces legal responsibility but leaves financial risk relatively
unchanged.
B.Is more cost-effective as a means of risk transfer than purchasing
insurance.
C.Eliminates the reputational risk present when operations remain
in-house.
D. Reduces financial risk but leaves legal responsibility generally
unchanged. -
correct answer ✅D. Reduces financial risk but leaves legal
responsibility generally unchanged.
What is the PRIMARY focus if an organization considers taking legal
action on a security incident?
(Grade A+)
ID.Which of the following vulnerabilities allowing attackers access
to the application database is the MOST serious?
A. Validation checks are missing in data input pages.
B. Password rules do not allow sufficient complexity.
C. Application transaction log management is weak.
D. Application and database share a single access -
correct answer ✅A. Validation checks are missing in data input
pages.
Which of the following is the MOST effective security measure to
protect data held on mobile computing devices?
A.Biometric access control
B. Encryption of stored data
,CISM - 6 Exam Questions & Answers
(Grade A+)
C.Power-on passwords
D. Protection of data being transmitted -
correct answer ✅B. Encryption of stored data
With regard to the implementation of security awareness programs
in an organization, it is MOST relevant to understand that one of
the following aspects can change?
A. The security culture
B. The information technology
C. The compliance requirements
D. the threats and vulnerabilities -
correct answer ✅D. the threats and vulnerabilities
Who is in the BEST position to determine the level of information
security needed for a specific business application?
,CISM - 6 Exam Questions & Answers
(Grade A+)
A.The system developer
B. The information security manager
C. The system custodian
D. the data owner -
correct answer ✅D. the data owner
What is the BEST method for mitigating against network denial-of-
service (DoS) attacks?
A.Ensure all servers are up-to-date on OS patches.
B.Employ packet filtering to drop suspect packets.
C. Implement network address translation to make internal
addresses nonroutable.
, CISM - 6 Exam Questions & Answers
(Grade A+)
D. Implement load balancing for Internet facing devices. -
correct answer ✅B.Employ packet filtering to drop suspect
packets.
Outsourcing combined with indemnification:
A.reduces legal responsibility but leaves financial risk relatively
unchanged.
B.Is more cost-effective as a means of risk transfer than purchasing
insurance.
C.Eliminates the reputational risk present when operations remain
in-house.
D. Reduces financial risk but leaves legal responsibility generally
unchanged. -
correct answer ✅D. Reduces financial risk but leaves legal
responsibility generally unchanged.
What is the PRIMARY focus if an organization considers taking legal
action on a security incident?
