CISM Test Questions WITH 100%
CORRECT ANSWERS RATED A+
Which of the following tools is MOST appropriate for determining how long a security project
will take to implement? - ANS ✔✔Critical path
When speaking to an organization's human resources department about information security,
an information security manager should focus on the need for: - ANS ✔✔security awareness
training for employees.
Good information security standards should: - ANS ✔✔define precise and unambiguous
allowable limits.
Which of the following should be the FIRST step in developing an information security plan? -
ANS ✔✔Analyze the current business strategy
Senior management commitment and support for information security can BEST be obtained
through presentations that: - ANS ✔✔tie security risks to key business objectives
The MOST appropriate role for senior management in supporting information security is the: -
ANS ✔✔approval of policy statements and funding
Which of the following would BEST ensure the success of information security governance
within an organization? - ANS ✔✔Steering committees approve security projects
Information security governance is PRIMARILY driven by: - ANS ✔✔business strategy
,Which of the following represents the MAJOR focus of privacy regulations? - ANS
✔✔Identifiable personal data
Investments in information security technologies should be based on: - ANS ✔✔value analysis
Retention of business records should PRIMARILY be based on - ANS ✔✔regulatory and legal
requirements
Which of the following is characteristic of centralized information security management? - ANS
✔✔Better adherence to policies
Successful implementation of information security governance will FIRST require: - ANS
✔✔updated security policies
Which of the following individuals would be in the BEST position to sponsor the creation of an
information security steering group? - ANS ✔✔Chief operating officer (COO)
The MOST important component of a privacy policy is: - ANS ✔✔notifications
The cost of implementing a security control should not exceed the: - ANS ✔✔asset value
When a security standard conflicts with a business objective, the situation should be resolved
by: - ANS ✔✔performing a risk analysis
Minimum standards for securing the technical infrastructure should be defined in a security: -
ANS ✔✔architecture
Which of the following is MOST appropriate for inclusion in an information security strategy? -
ANS ✔✔Security processes, methods, tools and techniques
,Senior management commitment and support for information security will BEST be attained by
an information security manager by emphasizing: - ANS ✔✔organizational risk
Which of the following roles would represent a conflict of interest for an information security
manager? - ANS ✔✔Final approval of information security policies
Which of the following situations must be corrected FIRST to ensure successful information
security governance within an organization? - ANS ✔✔The data center manager has final signoff
on all security projects
Which of the following requirements would have the lowest level of priority in information
security? - ANS ✔✔Technical
When an organization hires a new information security manager, which of the following goals
should this individual pursue FIRST? - ANS ✔✔Establish good communication with steering
committee members
It is MOST important that information security architecture be aligned with which of the
following? - ANS ✔✔Business goals and objectives
Which of the following is MOST likely to be discretionary? - ANS ✔✔Guidelines
Security technologies should be selected PRIMARILY on the basis of their: - ANS ✔✔ability to
mitigate business risks
Which of the following are seldom changed in response to technological changes? - ANS
✔✔Policies
, The MOST important factor in planning for the long-term retention of electronically stored
business records is to take into account potential changes in: - ANS ✔✔application systems and
media
Which of the following is characteristic of decentralized information security management
across a geographically dispersed organization? - ANS ✔✔Better alignment to business unit
needs
Which of the following is the MOST appropriate position to sponsor the design and
implementation of a new security infrastructure in a large global enterprise? - ANS ✔✔Chief
operating officer (COO)
Which of the following would be the MOST important goal of an information security
governance program? - ANS ✔✔Ensuring trust in data
Relationships among security technologies are BEST defined through which of the following? -
ANS ✔✔Security architecture
A business unit intends to deploy a new technology in a manner that places it in violation of
existing information security standards. What immediate action should an information security
manager take? - ANS ✔✔Perform a risk analysis to quantify the risk
Acceptable levels of information security risk should be determined by: - ANS ✔✔die steering
committee
The PRIMARY goal in developing an information security strategy is to: - ANS ✔✔support the
business objectives of the organization
Senior management commitment and support for information security can BEST be enhanced
through: - ANS ✔✔periodic review of alignment with business management goals
CORRECT ANSWERS RATED A+
Which of the following tools is MOST appropriate for determining how long a security project
will take to implement? - ANS ✔✔Critical path
When speaking to an organization's human resources department about information security,
an information security manager should focus on the need for: - ANS ✔✔security awareness
training for employees.
Good information security standards should: - ANS ✔✔define precise and unambiguous
allowable limits.
Which of the following should be the FIRST step in developing an information security plan? -
ANS ✔✔Analyze the current business strategy
Senior management commitment and support for information security can BEST be obtained
through presentations that: - ANS ✔✔tie security risks to key business objectives
The MOST appropriate role for senior management in supporting information security is the: -
ANS ✔✔approval of policy statements and funding
Which of the following would BEST ensure the success of information security governance
within an organization? - ANS ✔✔Steering committees approve security projects
Information security governance is PRIMARILY driven by: - ANS ✔✔business strategy
,Which of the following represents the MAJOR focus of privacy regulations? - ANS
✔✔Identifiable personal data
Investments in information security technologies should be based on: - ANS ✔✔value analysis
Retention of business records should PRIMARILY be based on - ANS ✔✔regulatory and legal
requirements
Which of the following is characteristic of centralized information security management? - ANS
✔✔Better adherence to policies
Successful implementation of information security governance will FIRST require: - ANS
✔✔updated security policies
Which of the following individuals would be in the BEST position to sponsor the creation of an
information security steering group? - ANS ✔✔Chief operating officer (COO)
The MOST important component of a privacy policy is: - ANS ✔✔notifications
The cost of implementing a security control should not exceed the: - ANS ✔✔asset value
When a security standard conflicts with a business objective, the situation should be resolved
by: - ANS ✔✔performing a risk analysis
Minimum standards for securing the technical infrastructure should be defined in a security: -
ANS ✔✔architecture
Which of the following is MOST appropriate for inclusion in an information security strategy? -
ANS ✔✔Security processes, methods, tools and techniques
,Senior management commitment and support for information security will BEST be attained by
an information security manager by emphasizing: - ANS ✔✔organizational risk
Which of the following roles would represent a conflict of interest for an information security
manager? - ANS ✔✔Final approval of information security policies
Which of the following situations must be corrected FIRST to ensure successful information
security governance within an organization? - ANS ✔✔The data center manager has final signoff
on all security projects
Which of the following requirements would have the lowest level of priority in information
security? - ANS ✔✔Technical
When an organization hires a new information security manager, which of the following goals
should this individual pursue FIRST? - ANS ✔✔Establish good communication with steering
committee members
It is MOST important that information security architecture be aligned with which of the
following? - ANS ✔✔Business goals and objectives
Which of the following is MOST likely to be discretionary? - ANS ✔✔Guidelines
Security technologies should be selected PRIMARILY on the basis of their: - ANS ✔✔ability to
mitigate business risks
Which of the following are seldom changed in response to technological changes? - ANS
✔✔Policies
, The MOST important factor in planning for the long-term retention of electronically stored
business records is to take into account potential changes in: - ANS ✔✔application systems and
media
Which of the following is characteristic of decentralized information security management
across a geographically dispersed organization? - ANS ✔✔Better alignment to business unit
needs
Which of the following is the MOST appropriate position to sponsor the design and
implementation of a new security infrastructure in a large global enterprise? - ANS ✔✔Chief
operating officer (COO)
Which of the following would be the MOST important goal of an information security
governance program? - ANS ✔✔Ensuring trust in data
Relationships among security technologies are BEST defined through which of the following? -
ANS ✔✔Security architecture
A business unit intends to deploy a new technology in a manner that places it in violation of
existing information security standards. What immediate action should an information security
manager take? - ANS ✔✔Perform a risk analysis to quantify the risk
Acceptable levels of information security risk should be determined by: - ANS ✔✔die steering
committee
The PRIMARY goal in developing an information security strategy is to: - ANS ✔✔support the
business objectives of the organization
Senior management commitment and support for information security can BEST be enhanced
through: - ANS ✔✔periodic review of alignment with business management goals
