CISM Test Bank Quiz With Complete Solution Latest Updates 2025

CISM Test Bank Quiz With Complete Solution Latest
Updates 2025
The MOST appropriate role for senior management in supporting information
security is the: - ANSWER -approval of policy statements and funding

Which of the following would BEST ensure the success of information security
governance within an organization? - ANSWER -Steering committees approve
security projects

Information security governance is PRIMARILY driven by: - ANSWER -
business strategy

Which of the following represents the MAJOR focus of privacy regulations? -
ANSWER -Identifiable personal data

Investments in information security technologies should be based on: - ANSWER
-value analysis

Retention of business records should PRIMARILY be based on - ANSWER -
regulatory and legal requirements

Which of the following is characteristic of centralized information security
management? - ANSWER -Better adherence to policies

Successful implementation of information security governance will FIRST
require: - ANSWER -updated security policies

Which of the following individuals would be in the BEST position to sponsor the
creation of an information security steering group? - ANSWER -Chief operating
officer (COO)

The MOST important component of a privacy policy is: - ANSWER -
notifications

, The cost of implementing a security control should not exceed the: - ANSWER -
asset value

When a security standard conflicts with a business objective, the situation should
be resolved by: - ANSWER -performing a risk analysis

Minimum standards for securing the technical infrastructure should be defined in a
security: - ANSWER -architecture

Which of the following is MOST appropriate for inclusion in an information
security strategy? - ANSWER -Security processes, methods, tools and techniques

Senior management commitment and support for information security will BEST
be attained by an information security manager by emphasizing: - ANSWER -
organizational risk

Which of the following roles would represent a conflict of interest for an
information security manager? - ANSWER -Final approval of information security
policies

Which of the following situations must be corrected FIRST to ensure successful
information security governance within an organization? - ANSWER -The data
center manager has final signoff on all security projects

Which of the following requirements would have the lowest level of priority in
information security? - ANSWER -Technical

When an organization hires a new information security manager, which of the
following goals should this individual pursue FIRST? - ANSWER -Establish good
communication with steering committee members

It is MOST important that information security architecture be aligned with which
of the following? - ANSWER -Business goals and objectives

,Which of the following is MOST likely to be discretionary? - ANSWER -
Guidelines

Security technologies should be selected PRIMARILY on the basis of their: -
ANSWER -ability to mitigate business risks

Which of the following are seldom changed in response to technological changes?
- ANSWER -Policies

The MOST important factor in planning for the long-term retention of
electronically stored business records is to take into account potential changes in: -
ANSWER -application systems and media

Which of the following is characteristic of decentralized information security
management across a geographically dispersed organization? - ANSWER -Better
alignment to business unit needs

Which of the following is the MOST appropriate position to sponsor the design
and implementation of a new security infrastructure in a large global enterprise? -
ANSWER -Chief operating officer (COO)

Which of the following would be the MOST important goal of an information
security governance program? - ANSWER -Ensuring trust in data

Relationships among security technologies are BEST defined through which of the
following? - ANSWER -Security architecture

A business unit intends to deploy a new technology in a manner that places it in
violation of existing information security standards. What immediate action should
an information security manager take? - ANSWER -Perform a risk analysis to
quantify the risk

Acceptable levels of information security risk should be determined by: -
ANSWER -die steering committee

, The PRIMARY goal in developing an information security strategy is to: -
ANSWER -support the business objectives of the organization

Senior management commitment and support for information security can BEST
be enhanced through: - ANSWER -periodic review of alignment with business
management goals

When identifying legal and regulatory issues affecting information security, which
of the following would represent the BEST approach to developing information
security policies? - ANSWER -Develop policies that meet all mandated
requirements

Which of the following MOST commonly falls within the scope of an information
security governance steering committee? - ANSWER -Prioritizing information
security initiatives

Which of the following is the MOST important factor when designing information
security architecture? - ANSWER -Stakeholder requirements

Which of the following characteristics is MOST important when looking at
prospective candidates for the role of chief information security officer (CISO)? -
ANSWER -Ability to understand and map organizational needs to security
technologies

Which of the following are likely to be updated MOST frequently? - ANSWER -
Procedures for hardening database servers

Who should be responsible for enforcing access rights to application data? -
ANSWER -Security administrators

The chief information security officer (CISO) should ideally have a direct
reporting relationship to the: - ANSWER -chief operations officer (COO)