ISACA Certified Information Security
Manager (CISM) Prep
Which of the following is the primary step in control
implementation for a new business application? - Correct
Answer ✅ D. Risk assessment
When implementing an information security program, in
which phase of the implementation should metrics be
established to assess the effectiveness of the program over
time?" - Correct Answer ✅ Either
B. Initiation
C. Design
Data owners are concerned and responsible for who has
access to their resources and therefore need to be concerned
with the strategy of how to mitigate risk of data resource
usage. Which of the following actions facilitates that
responsibility? - Correct Answer ✅ B. Entitlement changes
Which of the following is the best method to determine the
effectiveness of the incident response process? - Correct
Answer ✅ C. Post-incident review
, ISACA Certified Information Security
Manager (CISM) Prep
When properly implemented, a risk management program
should be designed to reduce an organization's risk to: -
Correct Answer ✅ C. A level at which the organization is
willing to accept
What controls the process of introducing changes to systems
to ensure that unintended changes are not introduced? -
Correct Answer ✅ C. Change management
All actions dealing with incidents must be worked with
cyclical consideration. What is the primary post-incident
review takeaway? - Correct Answer ✅ Either
A. Pursuit of legal action
B. Identify personnel failures
D. Derive ways to improve the response process
If a forensics copy of a hard drive is required for legal
matters, which of the following options provide the best solid
Manager (CISM) Prep
Which of the following is the primary step in control
implementation for a new business application? - Correct
Answer ✅ D. Risk assessment
When implementing an information security program, in
which phase of the implementation should metrics be
established to assess the effectiveness of the program over
time?" - Correct Answer ✅ Either
B. Initiation
C. Design
Data owners are concerned and responsible for who has
access to their resources and therefore need to be concerned
with the strategy of how to mitigate risk of data resource
usage. Which of the following actions facilitates that
responsibility? - Correct Answer ✅ B. Entitlement changes
Which of the following is the best method to determine the
effectiveness of the incident response process? - Correct
Answer ✅ C. Post-incident review
, ISACA Certified Information Security
Manager (CISM) Prep
When properly implemented, a risk management program
should be designed to reduce an organization's risk to: -
Correct Answer ✅ C. A level at which the organization is
willing to accept
What controls the process of introducing changes to systems
to ensure that unintended changes are not introduced? -
Correct Answer ✅ C. Change management
All actions dealing with incidents must be worked with
cyclical consideration. What is the primary post-incident
review takeaway? - Correct Answer ✅ Either
A. Pursuit of legal action
B. Identify personnel failures
D. Derive ways to improve the response process
If a forensics copy of a hard drive is required for legal
matters, which of the following options provide the best solid
