CISM SET 6 Exam Questions &
Answers (Grade A+)
501. An organization is conducting a post-incident review to
determine the root cause of an information security incident.
Which of the following situations would be
MOST harmful to this investigation?
A. Unencrypted logs of the affected systems were saved on
magnetic tapes.
B. Antivirus signature update processes failed on the affected
systems.
C. Systems logs were cleared by the administrator to free up space
on the affected systems.
D. The incident response plan has not been updated during the past
year. - correct answer ✅C. Systems logs were cleared by the
administrator to free up space on the affected systems
502. When building support for an information security program,
which of the following elements is MOST important?
A. Business impact analysis (BIA)
B. Identification of existing vulnerabilities
C. Threat analysis
D. Information risk assessment - correct answer ✅D. Information
risk assessment
,CISM SET 6 Exam Questions &
Answers (Grade A+)
503. Capacity planning would prevent:
A. system downtime for scheduled security maintenance.
B. file system overload arising from distributed denial of service
(DDoS) attacks.
C. application failures arising from insufficient hardware resources.
D. software failures arising from exploitation of buffer capacity
vulnerabilities. - correct answer ✅C. application failures arising
from insufficient hardware resources
504. Which of the following is the MOST effective way to ensure
information security policies are understood?
A. Implement a whistle-blower program.
B. Document security procedures.
C. Include security responsibilities in job descriptions.
D. Provide regular security awareness training. - correct answer
✅D. Provide regular security awareness training
505. Which of the following is the MOST effective method for
testing an incident response plan?
A. Disaster recovery testing
B. Risk assessment
,CISM SET 6 Exam Questions &
Answers (Grade A+)
C. Tabletop exercises
D. Industry benchmarking - correct answer ✅C. Tabletop exercises
506. A penetration test was conducted by an accredited third party.
Which of the following should be the information security
manager's FIRST course of action?
A. Request funding needed to resolve the top vulnerabilities.
B. Ensure a risk assessment is performed to evaluate the findings.
C. Report findings to senior management.
D. Ensure vulnerabilities found are resolved within acceptable
timeframes. - correct answer ✅B. Ensure a risk assessment is
performed to evaluate the findings
507. An information security team must obtain approval from the
information security steering committee to implement a key
control. Which of the following is the
MOST important input to assist the committee in making this
decision?
A. IT strategy
B. Security architecture
C. Risk assessment
, CISM SET 6 Exam Questions &
Answers (Grade A+)
D. Business case - correct answer ✅D. Business case
508. What should a global information security manager do FIRST
when informed that a new regulation with significant impact will go
into effect soon?
A. Perform a vulnerability assessment.
B. Perform a business impact analysis (BIA).
C. Perform a privacy impact assessment.
D. Perform a gap analysis. - correct answer ✅D. Perform a gap
analysis
509. Which of the following will have the MOST negative impact to
the effectiveness of incident response processes?
A. High organizational risk tolerance
B. Decentralized incident monitoring
C. Ambiguous severity criteria
D. Manual incident reporting processes - correct answer ✅C.
Ambiguous severity criteria
Answers (Grade A+)
501. An organization is conducting a post-incident review to
determine the root cause of an information security incident.
Which of the following situations would be
MOST harmful to this investigation?
A. Unencrypted logs of the affected systems were saved on
magnetic tapes.
B. Antivirus signature update processes failed on the affected
systems.
C. Systems logs were cleared by the administrator to free up space
on the affected systems.
D. The incident response plan has not been updated during the past
year. - correct answer ✅C. Systems logs were cleared by the
administrator to free up space on the affected systems
502. When building support for an information security program,
which of the following elements is MOST important?
A. Business impact analysis (BIA)
B. Identification of existing vulnerabilities
C. Threat analysis
D. Information risk assessment - correct answer ✅D. Information
risk assessment
,CISM SET 6 Exam Questions &
Answers (Grade A+)
503. Capacity planning would prevent:
A. system downtime for scheduled security maintenance.
B. file system overload arising from distributed denial of service
(DDoS) attacks.
C. application failures arising from insufficient hardware resources.
D. software failures arising from exploitation of buffer capacity
vulnerabilities. - correct answer ✅C. application failures arising
from insufficient hardware resources
504. Which of the following is the MOST effective way to ensure
information security policies are understood?
A. Implement a whistle-blower program.
B. Document security procedures.
C. Include security responsibilities in job descriptions.
D. Provide regular security awareness training. - correct answer
✅D. Provide regular security awareness training
505. Which of the following is the MOST effective method for
testing an incident response plan?
A. Disaster recovery testing
B. Risk assessment
,CISM SET 6 Exam Questions &
Answers (Grade A+)
C. Tabletop exercises
D. Industry benchmarking - correct answer ✅C. Tabletop exercises
506. A penetration test was conducted by an accredited third party.
Which of the following should be the information security
manager's FIRST course of action?
A. Request funding needed to resolve the top vulnerabilities.
B. Ensure a risk assessment is performed to evaluate the findings.
C. Report findings to senior management.
D. Ensure vulnerabilities found are resolved within acceptable
timeframes. - correct answer ✅B. Ensure a risk assessment is
performed to evaluate the findings
507. An information security team must obtain approval from the
information security steering committee to implement a key
control. Which of the following is the
MOST important input to assist the committee in making this
decision?
A. IT strategy
B. Security architecture
C. Risk assessment
, CISM SET 6 Exam Questions &
Answers (Grade A+)
D. Business case - correct answer ✅D. Business case
508. What should a global information security manager do FIRST
when informed that a new regulation with significant impact will go
into effect soon?
A. Perform a vulnerability assessment.
B. Perform a business impact analysis (BIA).
C. Perform a privacy impact assessment.
D. Perform a gap analysis. - correct answer ✅D. Perform a gap
analysis
509. Which of the following will have the MOST negative impact to
the effectiveness of incident response processes?
A. High organizational risk tolerance
B. Decentralized incident monitoring
C. Ambiguous severity criteria
D. Manual incident reporting processes - correct answer ✅C.
Ambiguous severity criteria
