Isaca CISM
g
Certified Information Security Manager
g g g
Version:g4.0
, IsacagCISMgExam
Topicg1,gINFORMATIONgSECURITYgGOVERNANCEgQUESTI
ONgNO:g1
WhichgofgthegfollowinggshouldgbegthegFIRSTgstepgingdevelopingganginformationgsecuritygplan?
A. Performgagtechnicalgvulnerabilitiesgassessment
B. Analyzegthegcurrentgbusinessgstrategy
C. Performgagbusinessgimpactganalysis
D. Assessgthegcurrentglevelsgofgsecuritygawareness
Answer:gBgExplanatio
n:
Priorgtogassessinggtechnicalgvulnerabilitiesgorglevelsgofgsecuritygawareness,ganginformationgsecurit
ygmanagergneedsgtoggaingangunderstandinggofgthegcurrentgbusinessgstrategygandgdirection.gAgbusi
nessgimpactganalysisgshouldgbegperformedgpriorgtogdevelopinggagbusinessgcontinuitygplan,gbutgthis
gwouldgnotgbegangappropriategfirstgstepgingdevelopingganginformationgsecuritygstrategygbecausegitgf
ocusesgongavailability.
QUESTIONgNO:g2
SeniorgmanagementgcommitmentgandgsupportgforginformationgsecuritygcangBESTgbegobtainedgthro
ughgpresentationsgthat:
A. usegillustrativegexamplesgofgsuccessfulgattacks.
B. explaingthegtechnicalgrisksgtogthegorganization.
C. evaluategthegorganizationgagainstgbestgsecuritygpractices.
D. tiegsecuritygrisksgtogkeygbusinessgobjectives.
Answer:gDgExplanatio
n:
Seniorgmanagementgseeksgtogunderstandgthegbusinessgjustificationgforginvestinggingsecurity.gThisg
cangbestgbegaccomplishedgbygtyinggsecuritygtogkeygbusinessgobjectives.gSeniorgmanagementgwillg
notgbegasginterestedgingtechnicalgrisksgorgexamplesgofgsuccessfulgattacksgifgtheygaregnotgtiedgtogthe
gimpactgongbusinessgenvironmentgandgobjectives.gIndustrygbestgpracticesgaregimportantgtogseniorg
managementgbut,gagain,gseniorgmanagementgwillggivegthemgthegrightglevelgofgimportancegwhengthe
ygaregpresentedgingtermsgofgkeygbusinessgobjectives.
"PassgAnygExam.gAnygTime."g- 2
gwww.actualtests.com
, IsacagCISMgExam
QUESTIONgNO:g3
ThegMOSTgappropriategrolegforgseniorgmanagementgingsupportingginformationgsecuritygisgthe:
A. evaluationgofgvendorsgofferinggsecuritygproducts.
B. assessmentgofgrisksgtogthegorganization.
C. approvalgofgpolicygstatementsgandgfunding.
D. monitoringgadherencegtogregulatorygrequirements.
Answer:gCgExplanatio
n:
Sincegthegmembersgofgseniorgmanagementgaregultimatelygresponsiblegforginformationgsecurity,gthe
ygaregthegultimategdecisiongmakersgingtermsgofggovernancegandgdirection.gTheygaregresponsiblegfo
rgapprovalgofgmajorgpolicygstatementsgandgrequestsgtogfundgtheginformationgsecuritygpractice.
Evaluationgofgvendors,gassessmentgofgrisksgandgmonitoringgcompliancegwithgregulatorygrequireme
ntsgaregday-to-
daygresponsibilitiesgofgtheginformationgsecuritygmanager;gingsomegorganizations,gbusinessgmanage
mentgisginvolvedgingthesegothergactivities,gthoughgtheirgprimarygrolegisgdirectiongandggovernance.
QUESTIONgNO:g4
WhichgofgthegfollowinggwouldgBESTgensuregthegsuccessgofginformationgsecurityggovernancegwithing
angorganization?
A. Steeringgcommitteesgapprovegsecuritygprojects
B. Securitygpolicygtraininggprovidedgtogallgmanagers
C. Securitygtraininggavailablegtogallgemployeesgongthegintranet
D. Steeringgcommitteesgenforcegcompliancegwithglawsgandgregulations
Answer:gAgExplanatio
n:
Thegexistencegofgagsteeringgcommitteegthatgapprovesgallgsecuritygprojectsgwouldgbegangindicationg
ofgthegexistencegofgaggoodggovernancegprogram.gCompliancegwithglawsgandgregulationsgisgpartgofg
thegresponsibilitygofgthegsteeringgcommitteegbutgitgisgnotgagfullganswer.gAwarenessgtraininggisgimpo
rtantgatgallglevelsginganygmedium,gandgalsogangindicatorgofggoodggovernance.gHowever,gitgmustgbeg
guidedgandgapprovedgasgagsecuritygprojectgbygthegsteeringgcommittee.
"PassgAnygExam.gAnygTime."g- 3
gwww.actualtests.com
, IsacagCISMgExam
QUESTIONgNO:g5
InformationgsecurityggovernancegisgPRIMARILYgdrivengby:
A. technologygconstraints.
B. regulatorygrequirements.
C. litigationgpotential.
D. businessgstrategy.
Answer:gDgExplanatio
n:
Governancegisgdirectlygtiedgtogthegstrategygandgdirectiongofgthegbusiness.gTechnologygconstraints,g
regulatorygrequirementsgandglitigationgpotentialgaregallgimportantgfactors,gbutgtheygaregnecessarilygi
nglinegwithgthegbusinessgstrategy.
QUESTIONgNO:g6
WhichgofgthegfollowinggrepresentsgthegMAJORgfocusgofgprivacygregulations?
A. Unrestrictedgdatagmining
B. Identitygtheft
C. HumangrightsgprotectiongD.
D. Identifiablegpersonalgdata
Answer:gDgExplanatio
n:
Protectiongofgidentifiablegpersonalgdatagisgthegmajorgfocusgofgrecentgprivacygregulationsgsuchgasgth
egHealthgInsurancegPortabilitygandgAccountabilitygActg(HIPAA).gDatagmininggisgangacceptedgtoolgf
orgadghocgreporting;gitgcouldgposegagthreatgtogprivacygonlygifgitgviolatesgregulator)'gprovisions.gIdent
itygtheftgisgagpotentialgconsequencegofgprivacygviolationsgbutgnotgthegmaingfocusgofgmanygregulatio
ns.gHumangrightsgaddressesgprivacygissuesgbutgisgnotgthegmaingfocusgofgregulations.
QUESTIONgNO:g7
Investmentsginginformationgsecuritygtechnologiesgshouldgbegbasedgon:
A. vulnerabilitygassessments.
"PassgAnygExam.gAnygTime."g- 4
gwww.actualtests.com
g
Certified Information Security Manager
g g g
Version:g4.0
, IsacagCISMgExam
Topicg1,gINFORMATIONgSECURITYgGOVERNANCEgQUESTI
ONgNO:g1
WhichgofgthegfollowinggshouldgbegthegFIRSTgstepgingdevelopingganginformationgsecuritygplan?
A. Performgagtechnicalgvulnerabilitiesgassessment
B. Analyzegthegcurrentgbusinessgstrategy
C. Performgagbusinessgimpactganalysis
D. Assessgthegcurrentglevelsgofgsecuritygawareness
Answer:gBgExplanatio
n:
Priorgtogassessinggtechnicalgvulnerabilitiesgorglevelsgofgsecuritygawareness,ganginformationgsecurit
ygmanagergneedsgtoggaingangunderstandinggofgthegcurrentgbusinessgstrategygandgdirection.gAgbusi
nessgimpactganalysisgshouldgbegperformedgpriorgtogdevelopinggagbusinessgcontinuitygplan,gbutgthis
gwouldgnotgbegangappropriategfirstgstepgingdevelopingganginformationgsecuritygstrategygbecausegitgf
ocusesgongavailability.
QUESTIONgNO:g2
SeniorgmanagementgcommitmentgandgsupportgforginformationgsecuritygcangBESTgbegobtainedgthro
ughgpresentationsgthat:
A. usegillustrativegexamplesgofgsuccessfulgattacks.
B. explaingthegtechnicalgrisksgtogthegorganization.
C. evaluategthegorganizationgagainstgbestgsecuritygpractices.
D. tiegsecuritygrisksgtogkeygbusinessgobjectives.
Answer:gDgExplanatio
n:
Seniorgmanagementgseeksgtogunderstandgthegbusinessgjustificationgforginvestinggingsecurity.gThisg
cangbestgbegaccomplishedgbygtyinggsecuritygtogkeygbusinessgobjectives.gSeniorgmanagementgwillg
notgbegasginterestedgingtechnicalgrisksgorgexamplesgofgsuccessfulgattacksgifgtheygaregnotgtiedgtogthe
gimpactgongbusinessgenvironmentgandgobjectives.gIndustrygbestgpracticesgaregimportantgtogseniorg
managementgbut,gagain,gseniorgmanagementgwillggivegthemgthegrightglevelgofgimportancegwhengthe
ygaregpresentedgingtermsgofgkeygbusinessgobjectives.
"PassgAnygExam.gAnygTime."g- 2
gwww.actualtests.com
, IsacagCISMgExam
QUESTIONgNO:g3
ThegMOSTgappropriategrolegforgseniorgmanagementgingsupportingginformationgsecuritygisgthe:
A. evaluationgofgvendorsgofferinggsecuritygproducts.
B. assessmentgofgrisksgtogthegorganization.
C. approvalgofgpolicygstatementsgandgfunding.
D. monitoringgadherencegtogregulatorygrequirements.
Answer:gCgExplanatio
n:
Sincegthegmembersgofgseniorgmanagementgaregultimatelygresponsiblegforginformationgsecurity,gthe
ygaregthegultimategdecisiongmakersgingtermsgofggovernancegandgdirection.gTheygaregresponsiblegfo
rgapprovalgofgmajorgpolicygstatementsgandgrequestsgtogfundgtheginformationgsecuritygpractice.
Evaluationgofgvendors,gassessmentgofgrisksgandgmonitoringgcompliancegwithgregulatorygrequireme
ntsgaregday-to-
daygresponsibilitiesgofgtheginformationgsecuritygmanager;gingsomegorganizations,gbusinessgmanage
mentgisginvolvedgingthesegothergactivities,gthoughgtheirgprimarygrolegisgdirectiongandggovernance.
QUESTIONgNO:g4
WhichgofgthegfollowinggwouldgBESTgensuregthegsuccessgofginformationgsecurityggovernancegwithing
angorganization?
A. Steeringgcommitteesgapprovegsecuritygprojects
B. Securitygpolicygtraininggprovidedgtogallgmanagers
C. Securitygtraininggavailablegtogallgemployeesgongthegintranet
D. Steeringgcommitteesgenforcegcompliancegwithglawsgandgregulations
Answer:gAgExplanatio
n:
Thegexistencegofgagsteeringgcommitteegthatgapprovesgallgsecuritygprojectsgwouldgbegangindicationg
ofgthegexistencegofgaggoodggovernancegprogram.gCompliancegwithglawsgandgregulationsgisgpartgofg
thegresponsibilitygofgthegsteeringgcommitteegbutgitgisgnotgagfullganswer.gAwarenessgtraininggisgimpo
rtantgatgallglevelsginganygmedium,gandgalsogangindicatorgofggoodggovernance.gHowever,gitgmustgbeg
guidedgandgapprovedgasgagsecuritygprojectgbygthegsteeringgcommittee.
"PassgAnygExam.gAnygTime."g- 3
gwww.actualtests.com
, IsacagCISMgExam
QUESTIONgNO:g5
InformationgsecurityggovernancegisgPRIMARILYgdrivengby:
A. technologygconstraints.
B. regulatorygrequirements.
C. litigationgpotential.
D. businessgstrategy.
Answer:gDgExplanatio
n:
Governancegisgdirectlygtiedgtogthegstrategygandgdirectiongofgthegbusiness.gTechnologygconstraints,g
regulatorygrequirementsgandglitigationgpotentialgaregallgimportantgfactors,gbutgtheygaregnecessarilygi
nglinegwithgthegbusinessgstrategy.
QUESTIONgNO:g6
WhichgofgthegfollowinggrepresentsgthegMAJORgfocusgofgprivacygregulations?
A. Unrestrictedgdatagmining
B. Identitygtheft
C. HumangrightsgprotectiongD.
D. Identifiablegpersonalgdata
Answer:gDgExplanatio
n:
Protectiongofgidentifiablegpersonalgdatagisgthegmajorgfocusgofgrecentgprivacygregulationsgsuchgasgth
egHealthgInsurancegPortabilitygandgAccountabilitygActg(HIPAA).gDatagmininggisgangacceptedgtoolgf
orgadghocgreporting;gitgcouldgposegagthreatgtogprivacygonlygifgitgviolatesgregulator)'gprovisions.gIdent
itygtheftgisgagpotentialgconsequencegofgprivacygviolationsgbutgnotgthegmaingfocusgofgmanygregulatio
ns.gHumangrightsgaddressesgprivacygissuesgbutgisgnotgthegmaingfocusgofgregulations.
QUESTIONgNO:g7
Investmentsginginformationgsecuritygtechnologiesgshouldgbegbasedgon:
A. vulnerabilitygassessments.
"PassgAnygExam.gAnygTime."g- 4
gwww.actualtests.com
