CISM TEST EXAM QUESTIONS AND ANSWERS (VERIFIED ANSWERS
CISM practice test
GRADED A+) LATEST UPDATE 2025/2026
Study online at https://quizlet.com/_c3o1nx
1. An information security manager wants to improve C
the ability to identify changes in risk levels affecting
the organization's systems. Which of the following is
the BEST method to achieve this objective?
A. Performing business impact analysis (BIA)
B. Monitoring key goal indicators (KGIs)
C. Monitoring key risk indicators (KRIs)
D. Updating the risk register
2. When developing an escalation process for an inci- A
dent response plan, the information security manager
should PRIMARILY consider the:
A. Affected stakeholders
B. Incident response team
C. Availability of technical resources
D. Media coverage
3. Which of the following should be an information se- A
curity managers MOST important consideration when
determining if an information asset has been classi-
fied appropriately?
A. Value to the business
B. Security policy requirements
C. Ownership of information
D. Level of protection
4. The effectiveness of an incident response team will be A
GREATEST when:
A. The incident response process is updated based on
lessons learned
B. The incident response team members are trained
security personnel
, CISM practice test
Study online at https://quizlet.com/_c3o1nx
C. The incident response team meets on a regular
basis to review log files
D. Incidents are identified using a security information
and event monitoring (SIEM) system
5. An information security manager MUST have an un- D
derstanding of the organizational business goals to:
A. Relate information security to change manage-
ment
B. Develop an information security strategy
C. Develop operational procedures
D. Define key performance indicators (KPIs)
6. An information security manager MUST have an un- D
derstanding of an information security program?
A. Understanding current and emerging technologies
B. Establishing key performance indicators (KPIs)
C. Conducting periodic risk assessments
D. Obtaining stakeholder input
7. An attacker was able to gain access to an organiza- C
tional perimeter firewall and made changes to allow
wider external access and to steal data. Which of the
following would have BEST provided timely identifica-
tion of this incident?
A. Implementing a data loss prevention (DLP) suite
B. Deploying an intrusion prevention system (IPS)
C. Deploying a security information and event manag-
ing system (SIEM)
D. Conducting regular system administrator aware-
ness training
8. D
, CISM practice test
Study online at https://quizlet.com/_c3o1nx
When establishing metrics for an information security
program, the BEST approach is to identify indicators
that:
A. Support major information security initiatives
B. Reflect the corporate risk culture
C. Reduce information security spending
D. Demonstrate the effectiveness of the security pro-
gram
9. For an organization that provides web-based services, A
which of the following security events would MOST
likely initiate an incident response plan and be esca-
lated to management?
A. Anti-malware alerts on several employees worksta-
tions
B. Several port scans of web server
C. Multiple failed login attempts on an employee's
workstation
D. Suspicious network traffic originating from the de-
militarized zone (DMZ)
10. An information security manager is implementing a C
bring your own device (BYOD) program. Which of the
following would BEST ensure that users adhere to the
security standards?
A. Publish the standards on the internet page
B. Deploy a device management solution
C. Establish an acceptable use poly
D. Monitor user activities on the network
11. When monitoring the security of a web-based appli- B
cation, which of the following is MOST frequently re-
, CISM practice test
Study online at https://quizlet.com/_c3o1nx
viewed.
A. Audit reports
B. Access logs
C. Access lists
D. Threat metrics
12. Which of the following is the MOST effective way for an D
information security manager to ensure that security
is incorporated into an organization's project develop-
ment processes
A. Develop good communications with the project
management office (PMO)
B. Participate in project initiation, and funding
C. Conduct security reviews during design, testing,
and implementation
D. Integrate organizational security requirements into
project management
13. Which of the following provides the MOST relevant D
information to determine the overall effectiveness of
en information security program and underlying busi-
ness processes?
A. SWOT analysis
B. Industry benchmarks
C. Cost-benefit analysis
D. Balanced scorecard
14. An organization finds unauthorized software has D
been installed on a number of workstations. The soft-
ware was found to contain a Trojan, which had been
uploading data to an unknown external party. Which
of the following would have BEST prevented the instal-
CISM practice test
GRADED A+) LATEST UPDATE 2025/2026
Study online at https://quizlet.com/_c3o1nx
1. An information security manager wants to improve C
the ability to identify changes in risk levels affecting
the organization's systems. Which of the following is
the BEST method to achieve this objective?
A. Performing business impact analysis (BIA)
B. Monitoring key goal indicators (KGIs)
C. Monitoring key risk indicators (KRIs)
D. Updating the risk register
2. When developing an escalation process for an inci- A
dent response plan, the information security manager
should PRIMARILY consider the:
A. Affected stakeholders
B. Incident response team
C. Availability of technical resources
D. Media coverage
3. Which of the following should be an information se- A
curity managers MOST important consideration when
determining if an information asset has been classi-
fied appropriately?
A. Value to the business
B. Security policy requirements
C. Ownership of information
D. Level of protection
4. The effectiveness of an incident response team will be A
GREATEST when:
A. The incident response process is updated based on
lessons learned
B. The incident response team members are trained
security personnel
, CISM practice test
Study online at https://quizlet.com/_c3o1nx
C. The incident response team meets on a regular
basis to review log files
D. Incidents are identified using a security information
and event monitoring (SIEM) system
5. An information security manager MUST have an un- D
derstanding of the organizational business goals to:
A. Relate information security to change manage-
ment
B. Develop an information security strategy
C. Develop operational procedures
D. Define key performance indicators (KPIs)
6. An information security manager MUST have an un- D
derstanding of an information security program?
A. Understanding current and emerging technologies
B. Establishing key performance indicators (KPIs)
C. Conducting periodic risk assessments
D. Obtaining stakeholder input
7. An attacker was able to gain access to an organiza- C
tional perimeter firewall and made changes to allow
wider external access and to steal data. Which of the
following would have BEST provided timely identifica-
tion of this incident?
A. Implementing a data loss prevention (DLP) suite
B. Deploying an intrusion prevention system (IPS)
C. Deploying a security information and event manag-
ing system (SIEM)
D. Conducting regular system administrator aware-
ness training
8. D
, CISM practice test
Study online at https://quizlet.com/_c3o1nx
When establishing metrics for an information security
program, the BEST approach is to identify indicators
that:
A. Support major information security initiatives
B. Reflect the corporate risk culture
C. Reduce information security spending
D. Demonstrate the effectiveness of the security pro-
gram
9. For an organization that provides web-based services, A
which of the following security events would MOST
likely initiate an incident response plan and be esca-
lated to management?
A. Anti-malware alerts on several employees worksta-
tions
B. Several port scans of web server
C. Multiple failed login attempts on an employee's
workstation
D. Suspicious network traffic originating from the de-
militarized zone (DMZ)
10. An information security manager is implementing a C
bring your own device (BYOD) program. Which of the
following would BEST ensure that users adhere to the
security standards?
A. Publish the standards on the internet page
B. Deploy a device management solution
C. Establish an acceptable use poly
D. Monitor user activities on the network
11. When monitoring the security of a web-based appli- B
cation, which of the following is MOST frequently re-
, CISM practice test
Study online at https://quizlet.com/_c3o1nx
viewed.
A. Audit reports
B. Access logs
C. Access lists
D. Threat metrics
12. Which of the following is the MOST effective way for an D
information security manager to ensure that security
is incorporated into an organization's project develop-
ment processes
A. Develop good communications with the project
management office (PMO)
B. Participate in project initiation, and funding
C. Conduct security reviews during design, testing,
and implementation
D. Integrate organizational security requirements into
project management
13. Which of the following provides the MOST relevant D
information to determine the overall effectiveness of
en information security program and underlying busi-
ness processes?
A. SWOT analysis
B. Industry benchmarks
C. Cost-benefit analysis
D. Balanced scorecard
14. An organization finds unauthorized software has D
been installed on a number of workstations. The soft-
ware was found to contain a Trojan, which had been
uploading data to an unknown external party. Which
of the following would have BEST prevented the instal-
