April 12, 2024 Unknown author

CISM: Certified Information Security

Manager → CISM Topic 1
Question #: 1
Topic #: 1
An information security risk analysis BEST assists an organization in
ensuring that:

A. the infrastructure has the appropriate level of access control.

B. cost-effective decisions are made with regard to which assets need
protection
C. an appropriate level of funding is applied to security processes.
D. the organization implements appropriate security technologies

Selected Answer: B

Question #: 1099
Topic #: 1
Which of the following is MOST important for effective cybersecurity
incident management?

A. Early detection and response

B. Regular tabletop exercises
C. Root cause analysis
D. Investigation and forensics

Selected Answer: B

Question #: 420
Topic #: 1
Which of the following roles is accountable for ensuring the impact of a
new regulatory framework on a business system is assessed?

A. Senior management
B. Application owner

https://awslagi.com/course/cism/lessons/cism-topic-1/ 1/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. Legal representative
D. Information security manager

Selected Answer: A

Question #: 676
Topic #: 1
An organization is going through a digital transformation process,
which places the IT organization in an unfamiliar risk landscape. The
information security manager has been tasked with leading the IT risk
management process. Which of the following should be given the
HIGHEST priority?

A. Identification of risk
B. Selection of risk treatment options
C. Analysis of control gaps
D. Design of key risk indicators (KRIs)

Selected Answer: A

Question #: 674
Topic #: 1
Which of the following is the BEST tool to monitor the effectiveness of
information security governance?

A. Balanced scorecard
B. Risk profile
C. Business impact analysis (BIA)
D. Key performance indicators (KPIs)

Selected Answer: A

Question #: 2
Topic #: 1
In a multinational organization, local security regulations should be
implemented over global security policy because:

A. business objectives are defined by local business unit managers.

B. deploying awareness of local regulations is more practical than of
global policy.
C. global security policies include unnecessary controls for local

https://awslagi.com/course/cism/lessons/cism-topic-1/ 2/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

businesses.
D. requirements of local regulations take precedence.

Selected Answer: D

Question #: 667
Topic #: 1
Of the following, who is in the BEST position to evaluate business
impacts?

A. Senior management
B. Information security manager
C. Process manager
D. IT manager

Selected Answer: C

Question #: 655
Topic #: 1
Which of the following should an information security manager do
FIRST when a mandatory security standard hinders the achievement of
an identified business objective?

A. Recommend risk acceptance.

B. Perform a cost-benefit analysis.
C. Escalate to senior management.
D. Revisit the business objective.

Selected Answer: B

Question #: 653
Topic #: 1
A recovery point objective (RPO) is required in which of the following?

A. Business continuity plan (BCP)

B. Information security plan
C. Incident response plan
D. Disaster recovery plan (DRP)

Selected Answer: A

https://awslagi.com/course/cism/lessons/cism-topic-1/ 3/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 1
Topic #: 1
An information security risk analysis BEST assists an organization in
ensuring that:

A. the infrastructure has the appropriate level of access control.

B. cost-effective decisions are made with regard to which assets need
protection
C. an appropriate level of funding is applied to security processes.
D. the organization implements appropriate security technologies

Selected Answer: B

Question #: 1099
Topic #: 1
Which of the following is MOST important for effective cybersecurity
incident management?

A. Early detection and response

B. Regular tabletop exercises
C. Root cause analysis
D. Investigation and forensics

Selected Answer: B

Question #: 420
Topic #: 1
Which of the following roles is accountable for ensuring the impact of a
new regulatory framework on a business system is assessed?

A. Senior management
B. Application owner
C. Legal representative
D. Information security manager

Selected Answer: A

Question #: 1113
Topic #: 1
Which of the following should have the MOST influence on an
organization’s response to a new industry regulation?

https://awslagi.com/course/cism/lessons/cism-topic-1/ 4/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. The organization’s risk control baselines

B. The organization’s control objectives
C. The organization’s risk management framework
D. The organization’s risk appetite

Selected Answer: D

Question #: 171
Topic #: 1
An organization performed a risk analysis and found a large number of
assets with low-impact vulnerabilities. The NEXT action of the
information security manager should be to:

A. transfer the risk to a third party.

B. determine appropriate countermeasures.
C. report to management.
D. quantify the aggregated risk.

Selected Answer: D

Question #: 631
Topic #: 1
Which of the following is the MOST important reason to document
information security incidents that are reported across the
organization?

A. Support business investments in security.

B. Evaluate the security posture of the organization.
C. Identify unmitigated risk.
D. Prevent incident recurrence.

Selected Answer: D

Question #: 988
Topic #: 1
Which of the following MUST be established to maintain an effective
information security governance framework?

A. Security controls automation

B. Change management processes

https://awslagi.com/course/cism/lessons/cism-topic-1/ 5/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. Security policy provisions

D. Defined security metrics

Selected Answer: D

Question #: 908
Topic #: 1
Which of the following is the MOST important consideration when
defining an information security framework?

A. Information security budget

B. Industry standards
C. Business strategy
D. Organizational culture

Selected Answer: C

Question #: 654
Topic #: 1
Which of the following provides the BEST assurance that security
policies are applied across business operations?

A. Organizational standards are enforced by technical controls.

B. Organizational standards are included in awareness training.
C. Organizational standards are required to be formally accepted.
D. Organizational standards are documented in operational procedures.

Selected Answer: A

Question #: 610
Topic #: 1
An organization involved in e-commerce activities operating from its
home country opened a new office in another country with stringent
security laws. In this scenario, the overall security strategy should be
based on:

A. risk assessment results.

B. international security standards.
C. the most stringent requirements.
D. the security organization structure.

Selected Answer: C
https://awslagi.com/course/cism/lessons/cism-topic-1/ 6/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 609
Topic #: 1
Information security controls should be designed PRIMARILY based on:

A. regulatory requirements.
B. a vulnerability assessment.
C. business risk scenarios.
D. a business impact analysis (BIA).

Selected Answer: C

Question #: 639
Topic #: 1
An information security team has discovered that users are sharing a
login account to an application with sensitive information, in violation
of the access policy. Business management indicates that the practice
creates operational efficiencies. What is the information security
manager’s BEST course of action?

A. Present the risk to senior management.

B. Modify the policy.
C. Create an exception for the deviation.
D. Enforce the policy.

Selected Answer: A

Question #: 614
Topic #: 1
An organization has identified a risk scenario that has low impact to
the organization but is very costly to mitigate. Which risk treatment
option is MOST appropriate in this situation?

A. Transfer
B. Acceptance
C. Mitigation
D. Avoidance

Selected Answer: B

Question #: 527
Topic #: 1

https://awslagi.com/course/cism/lessons/cism-topic-1/ 7/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

The MOST effective tools for responding to new and advanced attacks
are those that detect attacks based on:

A. behavior analysis.
B. penetration testing.
C. signature analysis.
D. data packet analysis.

Selected Answer: A

Question #: 30
Topic #: 1
What should be an information security manager’s FIRST step when
developing a business case for a new intrusion detection system (IDS)
solution?

A. Calculate the total cost of ownership (TCO).

B. Define the issues to be addressed.
C. Perform a cost-benefit analysis.
D. Conduct a feasibility study.

Selected Answer: B

Question #: 588
Topic #: 1
An organization that conducts business globally is planning to utilize a
third-party service provider to process payroll information. Which of
the following issues poses the GREATEST risk to the organization?

A. The third party has not provided evidence of compliance with local
regulations where data is generated.
B. The third party does not have an independent assessment of controls
available for review.
C. The third party’s service level agreement (SLA) does not include
guarantees of uptime.
D. The third-party contract does not include an indemnity clause for
compensation in the event of a breach.

Selected Answer: D

https://awslagi.com/course/cism/lessons/cism-topic-1/ 8/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 580
Topic #: 1
Which of the following would BEST provide stakeholders with
information to determine the appropriate response to a disaster?

A. Vulnerability assessment
B. SWOT analysis
C. Business impact analysis (BIA)
D. Risk assessment

Selected Answer: D

Question #: 587
Topic #: 1
Which of the following is the MOST appropriate resource to determine
whether or not a particular solution should utilize encryption based on
its location and data classification?

A. Guidelines
B. Procedures
C. Standards
D. Policies

Selected Answer: D

Question #: 586
Topic #: 1
Which of the following is the MOST important control to implement
when senior managers use smartphones to access sensitive company
information?

A. Centralized device administration

B. Remote wipe capability
C. Anti-malware on the devices
D. Strong passwords

Selected Answer: A

Question #: 551
Topic #: 1

https://awslagi.com/course/cism/lessons/cism-topic-1/ 9/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Which of the following has the GREATEST impact on the viability of an

information security roadmap?

A. Regulatory requirements
B. Management support
C. Threat landscape
D. Resource availability

Selected Answer: C

Question #: 507
Topic #: 1
Which of the following is the MOST effective way to ensure information
security policies are understood?

A. Implement a whistle-blower program.

B. Document security procedures.
C. Include security responsibilities in job descriptions.
D. Provide regular security awareness training.

Selected Answer: D

Question #: 574
Topic #: 1
Which of the following is MOST important to ensure when an
organization is moving portions of its sensitive database to the cloud?

A. The conversion has been approved by the information security team.

B. A right to audit clause is included in the contract.
C. Input from data owners is included in the requirements definition.
D. Data encryption is used in the cloud hosting solution.

Selected Answer: C

Question #: 571
Topic #: 1
A new law requires an organization to implement specific security
controls. Which of the following should the information security
manager do FIRST?

A. Integrate the new requirements into the security policy.

B. Perform a gap analysis on the new requirements.
https://awslagi.com/course/cism/lessons/cism-topic-1/ 10/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. Develop a control implementation plan.

D. Assess the risk of noncompliance with the new requirements.

Selected Answer: B

Question #: 548
Topic #: 1
An event occurred that resulted in the activation of the business
continuity plan (BCP). All employees were notified during the event,
and they followed the plan.
However, two major suppliers missed deadlines because they were not
aware of the disruption. What is the BEST way to prevent a similar
situation in the future?

A. Ensure service level agreements (SLAs) with suppliers are enforced.

B. Conduct a vulnerability assessment.
C. Perform testing of the BCP communication plan.
D. Provide suppliers with access to the BCP document.

Selected Answer: C

Question #: 547
Topic #: 1
Which of the following should an information security manager do
FIRST to address the risk associated with a new third-party cloud
application that will not meet organizational security requirements?

A. Restrict application network access temporarily.

B. Update the risk register.
C. Consult with the business owner.
D. Include security requirements in the contract.

Selected Answer: C

Question #: 529
Topic #: 1
What is the PRIMARY objective of information security involvement in
the change management process?

A. To narrow the threat landscape

B. To ensure changes are not applied without prior authorization

https://awslagi.com/course/cism/lessons/cism-topic-1/ 11/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. To reduce the likelihood of control failure

D. To meet obligations for regulatory and legal compliance

Selected Answer: C

Question #: 502
Topic #: 1
Which of the following is the BEST way to prevent insider threats?

A. Implement strict security policies and password controls.

B. Conduct organization-wide security awareness training.
C. Enforce segregation of duties and least privilege access.
D. Implement logging for all access activities.

Selected Answer: C

Question #: 563
Topic #: 1
Which of the following BEST conveys minimum information security
requirements to an organization in alignment with policies?

A. Procedures
B. Regulations
C. Baselines
D. Standards

Selected Answer: D

Question #: 404
Topic #: 1
A newly appointed information security manager has been asked to
update all security-related policies and procedures that have been
static for five years or more. What is the BEST next step?

A. To gain an understanding of the current business direction

B. To update in accordance with the best business practices
C. To perform a risk assessment of the current IT environment
D. To assess corporate culture

Selected Answer: D

https://awslagi.com/course/cism/lessons/cism-topic-1/ 12/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 374
Topic #: 1
Which of the following would BEST support an information security
manager’s efforts to obtain management approval for an identity and
access management
(IAM) system implementation?

A. A recent security incident involving access authorization

B. An established security policy with access management
requirements
C. A third-party audit finding based on regulatory requirements
D. A business case proposal for the solution

Selected Answer: D

Question #: 373
Topic #: 1
An organization that has outsourced its incident management
capabilities just discovered a significant privacy breach by an unknown
attacker. Which of the following is the MOST important action of the
information security manager?

A. Follow the outsourcer’s response plan

B. Refer to the organization’s response plan
C. Notify the outsourcer of the privacy breach
D. Alert the appropriate law enforcement authorities

Selected Answer: B

Question #: 549
Topic #: 1
When performing a data classification project, an information security
manager should:

A. assign information criticality and sensitivity.

B. identify information custodians.
C. identify information owners.
D. assign information access privileges.

Selected Answer: A

https://awslagi.com/course/cism/lessons/cism-topic-1/ 13/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 414
Topic #: 1
The department head of application development has decided to accept
the risks identified in a recent assessment. No recommendations will be
implemented, even though the recommendations are required by
regulatory oversight. What should the information security manager do
NEXT?

A. Formally document the decision.

B. Review the regulations.
C. Review the risk monitoring plan.
D. Perform a risk reassessment.

Selected Answer: A

Question #: 538
Topic #: 1
Which of the following should an information security manager do
NEXT after creating a roadmap to execute the strategy for an
information security program?

A. Develop a project plan to implement the strategy

B. Obtain consensus on the strategy from the executive board
C. Define organizational risk tolerance
D. Review alignment with business goals

Selected Answer: A

Question #: 92
Topic #: 1
What is the PRIMARY benefit of effective configuration management?

A. Standardization of system support

B. Reduced frequency of incidents
C. Decreased risk to the organization’s systems
D. Improved vulnerability management

Selected Answer: C

Question #: 86
Topic #: 1

https://awslagi.com/course/cism/lessons/cism-topic-1/ 14/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Senior management has just accepted the risk of noncompliance with a

new regulation. What should the information security manager do
NEXT?

A. Report the decision to the compliance officer.

B. Reassess the organization’s risk tolerance.
C. Update details within the risk register.
D. Assess the impact of the regulation.

Selected Answer: C

Question #: 61
Topic #: 1
An information security manager wants to improve the ability to
identify changes in risk levels affecting the organization’s systems.
Which of the following is the
BEST method to achieve this objective?

A. Performing business impact analyses (BIA)

B. Monitoring key goal indicators (KGIs)
C. Monitoring key risk indicators (KRIs)
D. Updating the risk register

Selected Answer: C

Question #: 29
Topic #: 1
Deciding the level of protection a particular asset should be given is
BEST determined by:

A. the corporate risk appetite.

B. a risk analysis.
C. a threat assessment.
D. a vulnerability assessment.

Selected Answer: A

Question #: 18
Topic #: 1
Which of the following should be an information security managers

https://awslagi.com/course/cism/lessons/cism-topic-1/ 15/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

PRIMARY focus during the development of a critical system storing

highly confidential data?

A. Ensuring the amount of residual risk is acceptable

B. Reducing the number of vulnerabilities detected
C. Avoiding identified system threats
D. Complying with regulatory requirements

Selected Answer: A

Question #: 16
Topic #: 1
The PRIMARY reason for defining the information security roles and
responsibilities of staff throughout an organization is to:

A. comply with security policy.

B. increase corporate accountability.
C. enforce individual accountability.
D. reinforce the need for training.

Selected Answer: C

Question #: 15
Topic #: 1
Which of the following is the BEST way to ensure that organizational
security policies comply with data security regulatory requirements?

A. Obtain annual sign-off from executive management.

B. Align the policies to the most stringent global regulations.
C. Send the policies to stakeholders for review.
D. Outsource compliance activities.

Selected Answer: C

Question #: 14
Topic #: 1
An organization that uses external cloud services extensively is
concerned with risk monitoring and timely response. The BEST way to
address this concern is to ensure:

A. the availability of continuous technical support.

B. appropriate service level agreements (SLAs) are in place.
https://awslagi.com/course/cism/lessons/cism-topic-1/ 16/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. a right-to-audit clause is included in contracts.

D. internal security standards are in place.

Selected Answer: B

Question #: 387
Topic #: 1
Reverse lookups can be used to prevent successful:

A. denial of service (DoS) attacks.

B. phishing attacks.
C. session hacking.
D. Internet protocol (IP) spoofing.

Selected Answer: D

Question #: 70
Topic #: 1
An information security manager is implementing a bring your own
device (BYOD) program. Which of the following would BEST ensure that
users adhere to the security standards?

A. Publish the standards on the intranet landing page.

B. Deploy a device management solution.
C. Establish an acceptable use policy.
D. Monitor user activities on the network.

Selected Answer: C

Question #: 361
Topic #: 1
During the eradication phase of an incident response, it is MOST
important to:

A. identify the root cause

B. restore from the most recent backup
C. notify affected users
D. wipe the affected system

Selected Answer: D

https://awslagi.com/course/cism/lessons/cism-topic-1/ 17/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 353
Topic #: 1
The PRIMARY advantage of performing black-box control tests as
opposed to white-box control tests is that they:

A. require less IT staff preparation

B. identify more threats
C. simulate real-world attacks
D. cause fewer potential production issues

Selected Answer: A

Question #: 87
Topic #: 1
Which of the following BEST provides an information security manager
with sufficient assurance that a service provider complies with the
organization’s information security requirements?

A. A live demonstration of the third-party supplier’s security

capabilities
B. The ability to audit the third-party supplier’s IT systems and
processes
C. Third-party security control self-assessment results
D. An independent review report indicating compliance with industry
standards

Selected Answer: D

Question #: 84
Topic #: 1
An information security manager has been informed of a new
vulnerability in an online banking application, and a patch to resolve
this issue is expected to be released in the next 72 hours. Which of the
following should the information security manager do FIRST?

A. Implement mitigating controls.

B. Perform a business impact analysis (BIA).
C. Perform a risk assessment.
D. Notify senior management.

Selected Answer: C

https://awslagi.com/course/cism/lessons/cism-topic-1/ 18/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 496
Topic #: 1
An intrusion has been detected and contained. Which of the following
steps represents the BEST practice for ensuring the integrity of the
recovered system?

A. Restore the application and data from a forensic copy.

B. Install the OS, patches, and application from the original source.
C. Restore the OS, patches, and application from a backup.
D. Remove all signs of the intrusion from the OS and application.

Selected Answer: B

Question #: 465
Topic #: 1
Using which of the following metrics will BEST help to determine the
resiliency of IT infrastructure security controls?

A. Percentage of outstanding high-risk audit issues

B. Number of incidents resulting in disruptions
C. Number of successful disaster recovery tests
D. Frequency of updates to system software

Selected Answer: B

Question #: 981
Topic #: 1
When an organization lacks internal expertise to conduct highly
technical forensics investigations, what is the BEST way to ensure
effective and timely investigations following an information security
incident?

A. Purchase forensic standard operating procedures.

B. Retain a forensics firm prior to experiencing an incident.
C. Ensure the incident response policy allows hiring a forensics firm.
D. Provide forensics training to the information security team.

Selected Answer: B

Question #: 542
Topic #: 1

https://awslagi.com/course/cism/lessons/cism-topic-1/ 19/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Which of the following is the MOST effective approach to ensure

seamless integration between the business continuity plan (BCP) and
the incident response plan?

A. The BCP manager is included in the core incident response team.

B. Criteria for escalating to the BCP manager are in the incident
response plan.
C. Both response teams contain the same members.
D. Consistent event classifications are used in both plans.

Selected Answer: D

Question #: 458
Topic #: 1
An organization permits the storage and use of its critical and sensitive
information on employee-owned smartphones. Which of the following
is the BEST security control?

A. Monitoring now often the smartphone is used

B. Developing security awareness training
C. Requiring the backup of the organization s data by the user
D. Establishing the authority to remote wipe

Selected Answer: B

Question #: 1166
Topic #: 1
When engaging an external party to perform a penetration test, it is
MOST important to:

A. provide an updated asset inventory.

B. notify employees of the testing.
C. define the project scope.
D. provide network documentation.

Selected Answer: C

Question #: 9
Topic #: 1
Which of the following should an information security manager do
FIRST when a legacy application is not compliant with a regulatory

https://awslagi.com/course/cism/lessons/cism-topic-1/ 20/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

requirement, but the business unit does not have the budget for
remediation?

A. Develop a business case for funding remediation efforts.

B. Advise senior management to accept the risk of noncompliance.
C. Notify legal and internal audit of the noncompliant legacy
application.
D. Assess the consequences of noncompliance against the cost of
remediation.

Selected Answer: D

Question #: 213
Topic #: 1
An information security manager is asked to provide a short
presentation on the organization’s current IT risk posture to the board
of directors. Which of the following would be MOST effective to include
in this presentation?

A. Gap analysis results

B. Risk register
C. Threat assessment results
D. Risk heat map

Selected Answer: D

Question #: 190
Topic #: 1
The MOST effective way to continuously monitor an organization’s
cybersecurity posture is to evaluate its:

A. compliance with industry regulations.

B. key performance indicators (KPIs).
C. level of support from senior management.
D. timeliness in responding to attacks.

Selected Answer: B

Question #: 181
Topic #: 1

https://awslagi.com/course/cism/lessons/cism-topic-1/ 21/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Which of the following is MOST important to include when reporting

information security risk to executive leadership?

A. Key performance objectives and budget trends

B. Security awareness training participation and residual risk exposures
C. Risk analysis results and key risk indicators (KRIs)
D. Information security risk management plans and control compliance

Selected Answer: C

Question #: 79
Topic #: 1
Which of the following is the MOST important consideration when
selecting members for an information security steering committee?

A. Information security expertise

B. Tenure in the organization
C. Business expertise
D. Cross-functional composition

Selected Answer: D

Question #: 75
Topic #: 1
When developing a tabletop test plan for incident response testing, the
PRIMARY purpose of the scenario should be to:

A. measure management engagement as part of an incident response

team.
B. provide participants with situations to ensure understanding of their
roles.
C. give the business a measure of the organization’s overall readiness.
D. challenge the incident response team to solve the problem under
pressure.

Selected Answer: B

Question #: 1090
Topic #: 1
When an organization experiences a disruptive event, the business
continuity plan (BCP) should be triggered PRIMARILY based on:

https://awslagi.com/course/cism/lessons/cism-topic-1/ 22/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. expected duration of outage.

B. the root cause of the event.
C. type of security incident.
D. management direction.

Selected Answer: D

Question #: 1068
Topic #: 1
Which of the following is the BEST indication that an information
security control is no longer relevant?

A. The control is not cost efficient.

B. The control does not support a specific business function.
C. IT management does not support the control.
D. The technology related to the control is obsolete.

Selected Answer: B

Question #: 1027
Topic #: 1
Which of the following defines the MOST comprehensive set of security
requirements for a newly developed information system?

A. Baseline controls
B. Audit findings
C. Risk assessment results
D. Key risk indicators (KRIs)

Selected Answer: A

Question #: 994
Topic #: 1
Which of the following BEST indicates senior management support for
an information security program?

A. Top-down communication
B. Regular security awareness training
C. Participation in a certification program
D. Steering committee involvement

Selected Answer: D
https://awslagi.com/course/cism/lessons/cism-topic-1/ 23/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 966
Topic #: 1
Which of the following is the MOST important consideration when
briefing executives about the current state of the information security
program?

A. Including a situational forecast.

B. Using appropriate language for the target audience.
C. Including trend charts for metrics.
D. Using a rating system to demonstrate program effectiveness.

Selected Answer: C

Question #: 952
Topic #: 1
Which of the following is the BEST way to contain an SQL injection
attack that has been detected by a web application firewall?

A. Force password changes on the SQL database.

B. Reconfigure the web application firewall to block the attack.
C. Update the detection patterns on the web application firewall.
D. Block the IPs from where the attack originates.

Selected Answer: B

Question #: 945
Topic #: 1
Which of the following would MOST effectively ensure that a new
server is appropriately secured?

A. Enforcing technical security standards

B. Performing secure code reviews
C. Initiating security scanning
D. Conducting penetration testing

Selected Answer: D

Question #: 910
Topic #: 1
Which of the following is the BEST way to determine the effectiveness
of an incident response plan?

https://awslagi.com/course/cism/lessons/cism-topic-1/ 24/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. Reviewing previous audit reports

B. Benchmarking the plan against best practices
C. Performing a penetration test
D. Conducting a tabletop exercise

Selected Answer: D

Question #: 894
Topic #: 1
Which of the following BEST mitigates the risk or information loss
caused by a cloud service provider becoming insolvent?

A. Contractual provisions for the right to audit

B. Effective data loss prevention (DLP) controls
C. Contractual provisions for data repatriation
D. The purchasing of cybersecurity insurance

Selected Answer: C

Question #: 852
Topic #: 1
Which of the following is an information security manager’s MOST
important action to mitigate the risk associated with malicious
software?

A. Disabling end-user computer peripheral access ports

B. Implementing a multi-layered security program
C. Ensuring antivirus has the latest definition files
D. Strengthening security patch implementation processes

Selected Answer: B

Question #: 777
Topic #: 1
When performing a business impact analysis (BIA), who should
calculate the recovery time and cost estimates?

A. Business process owner

B. Business continuity coordinator
C. Information security manager
D. Senior management

https://awslagi.com/course/cism/lessons/cism-topic-1/ 25/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Selected Answer: A

Question #: 769
Topic #: 1
Which of the following BEST enables an organization to provide
ongoing assurance that legal and regulatory compliance requirements
can be met?

A. Engaging external experts to provide guidance on changes in

compliance requirements
B. Assigning the operations manager accountability for meeting
compliance requirements
C. Embedding compliance requirements within operational processes
D. Performing periodic audits for compliance with legal and regulatory
requirements

Selected Answer: D

Question #: 147
Topic #: 1
Which of the following is MOST important to include in a contract with
a critical service provider to help ensure alignment with the
organization’s information security program?

A. Escalation paths
B. Termination language
C. Key performance indicators (KPIs)
D. Right-to-audit clause

Selected Answer: D

Question #: 763
Topic #: 1
Which of the following is the MOST important criterion when deciding
whether to accept residual risk?

A. Cost of replacing the asset

B. Annual loss expectancy (ALE)
C. Cost of additional mitigation
D. Annual rate of occurrence

https://awslagi.com/course/cism/lessons/cism-topic-1/ 26/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Selected Answer: C

Question #: 334
Topic #: 1
An organization recently activated its business continuity plan (BCP).
All employees were notified during the event, but some did not fully
follow the communications plan. What is the BEST way to prevent a
recurrence?

A. Perform tabletop testing with appropriate employees

B. Reprimand employees for not following the plan
C. Enhance external communication instructions in the BCP
D. Incorporate BCP communication expectations in job descriptions

Selected Answer: A

Question #: 559
Topic #: 1
A common drawback of email software packages that provide native
encryption of messages is that the encryption:

A. has an insufficient key length.

B. cannot interoperate across product domains.
C. cannot encrypt attachments.
D. has no key-recovery mechanism.

Selected Answer: B

Question #: 536
Topic #: 1
Which of the following is the MOST important consideration for a
global organization that is designing an information security
awareness program?

A. National regulations
B. Program costs
C. Cultural backgrounds
D. Local languages

Selected Answer: C

https://awslagi.com/course/cism/lessons/cism-topic-1/ 27/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 517
Topic #: 1
How does an organization’s information security steering committee
facilitate the achievement of information security program objectives?

A. Monitoring information security resources

B. Making decisions on security priorities
C. Enforcing regulatory and policy compliance
D. Evaluating information security metrics

Selected Answer: B

Question #: 1155
Topic #: 1
An information security team has confirmed that threat actors are
taking advantage of a newly announced critical vulnerability within an
application. Which of the following should be done FIRST?

A. Notify senior management.

B. Prevent access to the application.
C. Invoke the incident response plan.
D. Install additional application controls.

Selected Answer: A

Question #: 1152
Topic #: 1
The resilience requirements of an application are BEST determined by:

A. a cost-benefit analysis.
B. a threat assessment.
C. a business impact analysis (BIA).
D. a risk assessment.

Selected Answer: B

Question #: 682
Topic #: 1
In an organization with a rapidly changing environment, business
management has accepted an information security risk. It is MOST
important for the information security manager to ensure:

https://awslagi.com/course/cism/lessons/cism-topic-1/ 28/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. change activities are documented.

B. compliance with the risk acceptance framework.
C. the rationale for acceptance is periodically reviewed.
D. the acceptance is aligned with business strategy.

Selected Answer: C

Question #: 306
Topic #: 1
Senior management has launched an enterprise-wide initiative to
streamline internal processes to reduce costs, including security
processes. What should the information security manager rely on
MOST to allocate resources efficiently?

A. Capability maturity assessment

B. Risk classification
C. Return on investment (ROI)
D. Internal audit reports

Selected Answer: B

Question #: 138
Topic #: 1
The PRIMARY advantage of single sign-on (SSO) is that it will:

A. support multiple authentication mechanisms.

B. strengthen user passwords.
C. increase efficiency of access management.
D. increase the security of related applications.

Selected Answer: C

Question #: 135
Topic #: 1
In an organization that has several independent security tools
including intrusion detection systems (IDSs) and firewalls, which of
the following is the BEST way to ensure timely detection of incidents?

A. Implement a log aggregation and correlation solution.

B. Ensure that the incident response plan is endorsed by senior
management.

https://awslagi.com/course/cism/lessons/cism-topic-1/ 29/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. Ensure staff are cross trained to manage all security tools.

D. Outsource the management of security tools to a service provider.

Selected Answer: A

Question #: 128
Topic #: 1
Which of the following is the MOST important reason for performing a
cost-benefit analysis when implementing a security control?

A. To ensure that the mitigation effort does not exceed the asset value
B. To ensure that benefits are aligned with business strategies
C. To present a realistic information security budget
D. To justify information security program activities

Selected Answer: B

Question #: 114
Topic #: 1
Which of the following functions is MOST critical when initiating the
removal of system access for terminated employees?

A. Help desk
B. Legal
C. Information security
D. Human resources (HR)

Selected Answer: D

Question #: 96
Topic #: 1
An information security manager has identified a major security event
with potential noncompliance implications. Who should be notified
FIRST?

A. Internal audit
B. Public relations team
C. Senior management
D. Regulatory authorities

Selected Answer: C

https://awslagi.com/course/cism/lessons/cism-topic-1/ 30/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 300
Topic #: 1
An organization wants to ensure its confidential data is isolated in a
multi-tenanted environment at a well-known cloud service provider.
Which of the following is the BEST way to ensure the data is adequately
protected?

A. Verify the provider follows a cloud service framework standard.

B. Review the provider’s information security policies and procedures.
C. Obtain documentation of the encryption management practices.
D. Ensure an audit of the provider is conducted to identify control gaps.

Selected Answer: D

Question #: 299
Topic #: 1
A new regulatory requirement affecting an organization’s information
security program is released. Which of the following should be the
information security manager’s FIRST course of action?

A. Conduct benchmarking
B. Perform a gap analysis
C. Notify the legal department
D. Determine the disruption to the business

Selected Answer: C

Question #: 71
Topic #: 1
When monitoring the security of a web-based application, which of the
following is MOST frequently reviewed?

A. Audit reports
B. Access logs
C. Access lists
D. Threat metrics

Selected Answer: B

Question #: 1167
Topic #: 1

https://awslagi.com/course/cism/lessons/cism-topic-1/ 31/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Which of the following is the MOST effective way to convey

information security responsibilities across an organization?

A. Implementing security awareness programs

B. Defining information security responsibilities in the security policy
C. Developing a skills matrix
D. Documenting information security responsibilities within job
descriptions

Selected Answer: A

Question #: 1162
Topic #: 1
Which of the following presents the GREATEST challenge when
assessing the impact of emerging risk?

A. Outdated risk management strategy

B. Insufficient data related to the emerging risk
C. Complexity of the emerging risk
D. Lack of resources to perform risk assessments

Selected Answer: B

Question #: 1161
Topic #: 1
What is the MOST important consideration when establishing metrics
for reporting to the information security strategy committee?

A. Benchmarking the expected value of the metrics against industry

standards
B. Aligning the metrics with the organizational culture
C. Agreeing on baseline values for the metrics
D. Developing a dashboard for communicating the metrics

Selected Answer: B

Question #: 1159
Topic #: 1
When determining key risk indicators (KRIs) for use in an information
security program it is MOST important to select:

https://awslagi.com/course/cism/lessons/cism-topic-1/ 32/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. KRIs that track both short-term and long-term performance.

B. KRIs that align with business processes.
C. KRIs that are quantifiable.
D. as many KRIs as possible to catch risk events from the broadest
areas.

Selected Answer: B

Question #: 45
Topic #: 1
Which of the following BEST protects against phishing attacks?

A. Security strategy training

B. Email filtering
C. Network encryption
D. Application whitelisting

Selected Answer: B

Question #: 1055
Topic #: 1
Which of the following is MOST important to consider when choosing a
shared alternate location for computing facilities?

A. Incident response team training

B. The organization’s risk tolerance
C. The organization’s mission
D. Resource availability

Selected Answer: D

Question #: 263
Topic #: 1
Who should an information security manager contact FIRST upon
discovering that a cloud-based payment system used by the
organization may be infected with malware?

A. Senior management
B. Affected customers
C. Cloud service provider
D. The incident response team

https://awslagi.com/course/cism/lessons/cism-topic-1/ 33/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Selected Answer: D

Question #: 1160
Topic #: 1
Senior management has requested a budget cut for the information
security program in the coming fiscal year. Which of the following
should be the information security manager’s FIRST course of action?

A. Analyze the impact to the information security program.

B. Advise business unit heads of potential changes to the information
security program.
C. Evaluate cost savings within existing implementations.
D. Re-prioritize information security implementation and operations.

Selected Answer: A

Question #: 1132
Topic #: 1
An organization experienced a loss of revenue during a recent disaster.
Which of the following would BEST prepare the organization to
recover?

A. Business impact analysis (BIA)

B. Incident response plan
C. Disaster recovery plan (DRP)
D. Business continuity plan (BCP)

Selected Answer: D

Question #: 1098
Topic #: 1
Following a breach where the risk has been isolated and forensic
processes have been performed, which of the following should be done
NEXT?

A. Place the web server in quarantine.

B. Rebuild the server from the last verified backup.
C. Shut down the server in an organized manner.
D. Rebuild the server with relevant patches from the original media.

Selected Answer: D

https://awslagi.com/course/cism/lessons/cism-topic-1/ 34/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 1119
Topic #: 1
Management would like to understand the risk associated with
engaging an Infrastructure-as-a-Service (IaaS) provider compared to
hosting internally. Which of the following would provide the BEST
method of comparing risk scenarios?

A. Reviewing mitigating and compensating controls for each risk

scenario
B. Mapping the risk scenarios by likelihood and impact on a chart
C. Performing a risk assessment on the IaaS provider
D. Mapping risk scenarios according to sensitivity of data

Selected Answer: B

Question #: 914
Topic #: 1
Of the following, who is MOST appropriate to own the risk associated
with the failure of a privileged access control?

A. Data owner
B. Information security manager
C. Business owner
D. Compliance manager

Selected Answer: C

Question #: 1107
Topic #: 1
Which of the following is the MOST effective way to ensure the security
of services and solutions delivered by third-party vendors?

A. Review third-party contracts as part of the vendor management

process.
B. Perform an audit on vendors’ security controls and practices.
C. Integrate risk management into the vendor management process.
D. Conduct security reviews on the services and solutions delivered.

Selected Answer: D

https://awslagi.com/course/cism/lessons/cism-topic-1/ 35/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 343
Topic #: 1
Which of the following is the MOST effective way to detect information
security incidents?

A. Establishing proper policies for response to threats and

vulnerabilities
B. Performing regular testing of the incident response program
C. Providing regular and up-to-date training for the incident response
team
D. Educating end users on threat awareness and timely reporting

Selected Answer: D

Question #: 900
Topic #: 1
Which of the following should be done FIRST when developing an
information security strategy?

A. Establish information security steering committee.

B. Determine the desired state of information security.
C. Develop security policies and standards.
D. Identity owners of information assets.

Selected Answer: A

Question #: 1041
Topic #: 1
Which of the following approaches to communication with senior
management BEST enables an information security manager to
maximize the effectiveness of the information security program?

A. Reporting on industry security threats with potential impact to

business objectives
B. Conducting periodic one-on-one meetings to align security with
business objectives
C. Participating in operational review meetings to discuss daily
operations and dependencies
D. Providing regular status of updates to security policies and standards

Selected Answer: A

https://awslagi.com/course/cism/lessons/cism-topic-1/ 36/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 1039
Topic #: 1
Which of the following is MOST important to include in an information
security framework?

A. Guidance for designing information security controls

B. Information security organizational structure
C. Industry benchmarks of information security metrics
D. Information security risk assessment

Selected Answer: D

Question #: 1004
Topic #: 1
Which of the following parameters is MOST helpful when designing a
disaster recovery strategy?

A. Maximum tolerable downtime (MTD)

B. Mean time between failures (MTBF)
C. Allowable interruption window (AIW)
D. Recovery point objective (RPO)

Selected Answer: A

Question #: 956
Topic #: 1
Which of the following is the FIRST step when conducting a post-
incident review?

A. Identify mitigating controls.

B. Assess the costs of the incident.
C. Perform root cause analysis.
D. Assign responsibility for corrective actions.

Selected Answer: C

Question #: 1009
Topic #: 1
Which of the following processes should be done NEXT after
completing a business impact analysis (BIA)?

https://awslagi.com/course/cism/lessons/cism-topic-1/ 37/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. Evaluate the disaster recovery plan (DRP).

B. Develop the requirements for the incident response plan.
C. Develop a business continuity plan (BCP).
D. Identify resources for business recovery.

Selected Answer: C

Question #: 984
Topic #: 1
Which of the following would BEST support a business case to
implement an anti-ransomware solution?

A. Industry benchmark of anti-ransomware investments

B. A threat and vulnerability assessment
C. Trend analysis of ransomware attacks
D. A reduction in required backups and associated costs

Selected Answer: C

Question #: 963
Topic #: 1
Which of the following is MOST important to maintain integration
among the incident response plan, business continuity plan (BCP), and
disaster recovery plan (DRP)?

A. Asset classification
B. Recovery time objectives (RTOs)
C. Chain of custody
D. Escalation procedures

Selected Answer: D

Question #: 940
Topic #: 1
Management of a financial institution accepted an operational risk that
consequently led to the temporary deactivation of a critical monitoring
process. Which of the following should be the information security
manager’s GREATEST concern with this situation?

A. Deviation from risk management best practices

B. Impact on the risk culture

https://awslagi.com/course/cism/lessons/cism-topic-1/ 38/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

C. Inability to determine short-term impact

D. Impact on compliance risk

Selected Answer: D

Question #: 933
Topic #: 1
Which of the following metrics would BEST monitor how well
information security requirements are incorporated into the change
management process?

A. Information security incidents caused due to unauthorized changes

B. Unauthorized changes in the environment
C. Denied changes due to insufficient security details
D. Information security-related changes

Selected Answer: C

Question #: 917
Topic #: 1
Which of the following BEST enables an organization to maintain an
appropriate security control environment?

A. Periodic employee security training

B. Budgetary support for security
C. Alignment to an industry security framework
D. Monitoring of the threat landscape

Selected Answer: D

Question #: 303
Topic #: 1
To prevent ransomware attacks, it is MOST important to ensure:

A. adequate backup and restoration processes are in place.

B. regular security awareness training is conducted.
C. the latest security appliances are installed.
D. updated firewall software is installed.

Selected Answer: B

https://awslagi.com/course/cism/lessons/cism-topic-1/ 39/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 792
Topic #: 1
An organization recently purchased data loss prevention (DLP)
software but soon discovered the software fails to detect or prevent
data loss.

Which of the following should the information security manager do

FIRST?

A. Revise the data classification policy.

B. Review the contract.
C. Review the configuration
D. Implement stricter data loss controls.

Selected Answer: C

Question #: 899
Topic #: 1
Which of the following roles is PRIMARILY responsible for developing
an information classification framework based on business needs?

A. Information owner
B. Information security steering committee
C. Senior management
D. Information security manager

Selected Answer: C

Question #: 879
Topic #: 1
Which of the following would BEST guide the development and
maintenance of an information security program?

A. A business impact assessment

B. The organization’s risk appetite
C. A comprehensive risk register
D. An established risk assessment process

Selected Answer: D

Question #: 855
Topic #: 1
https://awslagi.com/course/cism/lessons/cism-topic-1/ 40/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

An organization is planning to outsource the execution of its disaster

recovery activities. Which of the following would be MOST important to
include in the outsourcing agreement?

A. Requirements for regularly testing backups

B. The disaster recovery communication plan
C. Recovery time objectives (RTOs)
D. Definition of when a disaster should be declared

Selected Answer: D

Question #: 198
Topic #: 1
Which of the following is MOST likely to affect an organization’s ability
to respond to security incidents in a timely manner?

A. Lack of senior management buy-in

B. Inadequate detective control performance
C. Misconfiguration of security information and event management
(SIEM) tool
D. Complexity of network segmentation

Selected Answer: A

Question #: 643
Topic #: 1
An organization is creating a risk mitigation plan that considers
redundant power supplies to reduce the business risk associated with
critical system outages. Which type of control is being considered?

A. Deterrent
B. Detective
C. Preventive
D. Corrective

Selected Answer: D

Question #: 446
Topic #: 1
Which of the following is MOST important to the effectiveness of an
information security program?

https://awslagi.com/course/cism/lessons/cism-topic-1/ 41/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. The program is aligned to legal and regulatory requirements

B. The program is aligned to a security control framework
C. Annual audits of the program are conducted
D. Users are trained on security policies and procedures

Selected Answer: B

Question #: 839
Topic #: 1
Which of the following parties should be responsible for determining
access levels to an application that processes client information?

A. The identity and access management team

B. The business client
C. The information security team
D. Business unit management

Selected Answer: A

Question #: 127
Topic #: 1
Which of the following is the MOST important objective of testing a
security incident response plan?

A. Ensure the thoroughness of the response plan.

B. Verify the response assumptions are valid.
C. Confirm that systems are recovered in the proper order.
D. Validate the business impact analysis (BIA).

Selected Answer: A

Question #: 422
Topic #: 1
Which of the following is the BEST way to reduce the risk associated
with a successful social engineering attack targeting help desk staff?

A. Conduct security awareness training

B. Implement two-factor authentication
C. Block access to social media sites
D. Enforce role based access to help desk systems

Selected Answer: B
https://awslagi.com/course/cism/lessons/cism-topic-1/ 42/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

Question #: 247
Topic #: 1
Which of the following is an information security manager’s FIRST
priority after a high-profile system has been compromised?

A. Implement improvements to prevent recurrence.

B. Identify the malware that compromised the system.
C. Restore the compromised system.
D. Preserve incident-related data.

Selected Answer: D

Question #: 242
Topic #: 1
An organization has decided to outsource its disaster recovery function.
Which of the following is the MOST important consideration when
drafting the service level agreement (SLA)?

A. Testing requirements
B. Authorization chain
C. Recovery time objectives (RTOs)
D. Recovery point objectives (RPOs)

Selected Answer: A

Question #: 237
Topic #: 1
Which type of control is an incident response team?

A. Detective
B. Directive
C. Corrective
D. Preventive

Selected Answer: A

Question #: 106
Topic #: 1
Which of the following is the BEST way for an information security
manager to justify ongoing annual maintenance fees associated with an
intrusion prevention system (IPS)?

https://awslagi.com/course/cism/lessons/cism-topic-1/ 43/44
11/27/24, 5:42 PM CISM: Certified Information Security Manager → CISM Topic 1 - awslagi.com

A. Establish and present appropriate metrics that track performance.

B. Perform industry research annually and document the overall
ranking of the IPS.
C. Perform a penetration test to demonstrate the ability to protect.
D. Provide yearly competitive pricing to illustrate the value of the IPS.

Selected Answer: C

Question #: 105
Topic #: 1
Which of the following is MOST important when selecting an
information security metric?

A. Ensuring the metric is repeatable

B. Aligning the metric to the IT strategy
C. Defining the metric in qualitative terms
D. Defining the metric in quantitative terms

Selected Answer: B

Next

Viewed using Just Read

https://awslagi.com/course/cism/lessons/cism-topic-1/ 44/44