ISACA CISM Certification Sample Questions and Answers Verified 100%

01. IT-related risk management activities are MOST effective when they are: a) treated as a distinct process b) conducted by the IT department c) communicated to all employees d) integrated within business processes - Answer: d) integrated within business processes 02. A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk. Which of the following would be the BEST approach of the information security manager? a) Acceptance of the business manager's decision on the risk to the corporation b) Acceptance of the information security manager's decision on the risk to the corporation c) Review of the risk assessment with executive management for final input d) Create a new risk assessment and BIA to resolve the disagreement - Answer: c) Review of the risk assessment with executive management for final input 03. Who is accountable for ensuring that information is categorized and that specific protective measures are taken? a) The security officerb) Senior management c) The end user d) The custodian - Answer: