01. IT-related risk management activities are MOST effective when they are:
a) treated as a distinct process
b) conducted by the IT department
c) communicated to all employees
d) integrated within business processes
02. In the Bell-LaPadula model, if a person has a clearance for one level, what level or levels can they access, and what additional requirements do they face?
a) They can access only the specified level and must have a background check.
b) They can access the specified level and above and face no further requirements.
c) They can access the specified level and below and must have a need to know.
d) They can access every level, and they face no other requirements.
03. Who is accountable for ensuring that information is categorized and that specific protective measures are taken?
a) The security officer
b) Senior management
c) The end user
d) The custodian
04. Abnormal server communication from inside the organization to external parties may be monitored to:
a) record the trace of advanced persistent threats
b) evaluate the process resiliency of server operations
c) verify the effectiveness of an intrusion detection system
d) support a nonrepudiation framework in e-commerce
05. Which of the following is the BEST way to detect an intruder who successfully penetrates a network before significant damage is inflicted?
a) Perform periodic penetration testing
b) Establish minimum security baselines
c) Implement vendor default settings
d) Install a honeypot on the network
06. To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices.
Which of the following BEST facilitates the correlation and review of these logs?
a) Database server
b) Domain name server
c) Time server
d) Proxy server
07. When collecting admissible evidence, which of the following is the MOST important requirement?
a) Need to know
b) Due diligence
c) Preserving audit logs
d) Chain of custody
08. Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services. Which of the following should be the PRIMARY focus of Company A's information security manager?
a) The cost to align to Company A's security policies
b) The organizational structure of Company B
c) Company B's security policies
d) Company A's security architecture
09. Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
a) A virtual private network (VPN) with multi-factor authentication
b) A security information and event management (SIEM) system
c) An identity and access management (IAM) system
d) An intrusion prevention system (IPS)
10. The postincident review of a security incident revealed that there was a process that was not monitored. As a result monitoring functionality has been implemented.
Which of the following may BEST be expected from this remediation?
a) Reduction in total incident duration
b) Increase in risk tolerance
c) Facilitation of escalation
d) Improvement in identification
The purpose of this Sample Question Set is to provide you with information about the ISACA Information Security Manager (CISM) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISM certification test. To get familiar with real exam environment, we suggest you try our Sample ISACA Information Security Manager Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISACA Certified Information Security Manager (CISM) certification exam.