©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
CISM Missed Questions with 100% Correct Answers
"Which of the following would BEST ensure the success of information security
governance within an
organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations
Correct Answer: A
Explanation" - Answer✔️✔️-"Explanation/Reference:
The existence of a steering committee that approves all security projects would be
an indication of the
existence of a good governance program. Compliance with laws and regulations is
part of the responsibility of
the steering committee but it is not a full answer. Awareness training is important at
all levels in any medium,
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
and also an indicator of good governance. However, it must be guided and
approved as a security project by
the steering committee.
"
"Retention of business records should PRIMARILY be based on:
A. business strategy and direction.
B. regulatory and legal requirements.
C. storage capacity and longevity.
D. business ease and value analysis.
Correct Answer: B" - Answer✔️✔️-"Retention of business records is generally
driven by legal and regulatory requirements. Business strategy and
direction would not normally apply nor would they override legal and regulatory
requirements. Storage capacity
and longevity are important but secondary issues. Business case and value analysis
would be secondary to
complying with legal and regulatory requirements.
"
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
"Successful implementation of information security governance will FIRST
require:
A. security awareness training.
B. updated security policies.
C. a computer incident management team.
D. a security architecture.
Correct Answer: B" - Answer✔️✔️-"Updated security policies are required to align
management objectives with security procedures management
objectives translate into policy, policy translates into procedures. Security
procedures will necessitate
specialized teams such as the computer incident response and management group
as well as specialized tools
such as the security mechanisms that comprise the security architecture. Security
awareness will promote the
policies, procedures and appropriate use of the security mechanisms.
"
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
"Minimum standards for securing the technical infrastructure should be defined in
a security:
A. strategy.
B. guidelines.
C. model.
D. architecture.
Correct Answer: D" - Answer✔️✔️-"Minimum standards for securing the technical
infrastructure should be defined in a security architecture
document. This document defines how components are secured and the security
services that should be in
place. A strategy is a broad, high-level document. A guideline is advisory in nature,
while a security model
shows the relationships between components.
"
"When an organization hires a new information security manager, which of the
following goals should this
individual pursue FIRST?
4
CISM Missed Questions with 100% Correct Answers
"Which of the following would BEST ensure the success of information security
governance within an
organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations
Correct Answer: A
Explanation" - Answer✔️✔️-"Explanation/Reference:
The existence of a steering committee that approves all security projects would be
an indication of the
existence of a good governance program. Compliance with laws and regulations is
part of the responsibility of
the steering committee but it is not a full answer. Awareness training is important at
all levels in any medium,
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
and also an indicator of good governance. However, it must be guided and
approved as a security project by
the steering committee.
"
"Retention of business records should PRIMARILY be based on:
A. business strategy and direction.
B. regulatory and legal requirements.
C. storage capacity and longevity.
D. business ease and value analysis.
Correct Answer: B" - Answer✔️✔️-"Retention of business records is generally
driven by legal and regulatory requirements. Business strategy and
direction would not normally apply nor would they override legal and regulatory
requirements. Storage capacity
and longevity are important but secondary issues. Business case and value analysis
would be secondary to
complying with legal and regulatory requirements.
"
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
"Successful implementation of information security governance will FIRST
require:
A. security awareness training.
B. updated security policies.
C. a computer incident management team.
D. a security architecture.
Correct Answer: B" - Answer✔️✔️-"Updated security policies are required to align
management objectives with security procedures management
objectives translate into policy, policy translates into procedures. Security
procedures will necessitate
specialized teams such as the computer incident response and management group
as well as specialized tools
such as the security mechanisms that comprise the security architecture. Security
awareness will promote the
policies, procedures and appropriate use of the security mechanisms.
"
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
"Minimum standards for securing the technical infrastructure should be defined in
a security:
A. strategy.
B. guidelines.
C. model.
D. architecture.
Correct Answer: D" - Answer✔️✔️-"Minimum standards for securing the technical
infrastructure should be defined in a security architecture
document. This document defines how components are secured and the security
services that should be in
place. A strategy is a broad, high-level document. A guideline is advisory in nature,
while a security model
shows the relationships between components.
"
"When an organization hires a new information security manager, which of the
following goals should this
individual pursue FIRST?
4
