2025 CISM ACTUAL EXAM TEST
QUESTIONS & ANSWERS GRADED
A+
Which of the following would provide the BEST evidence to senior management
that security control performance has improved? - Correct answer-Review of
security metrics trends
While responding to a high-profile security incident, an information security
manager observed several deficiencies in the current incident response plan. When
would be the BEST time to update the plan? - Correct answer-During post-incident
review
Which of the following is MOST important to include in an information security
strategy? - Correct answer-Stakeholder requirements
To help users apply appropriate controls related to data privacy regulation, what is
MOST important to communicate to the users? - Correct answer-Data
classification policy
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,A recent audit found that an organization's new user accounts are not set up
uniformly. Which of the following is MOST important for the information security
manager to review? - Correct answer-Standards
Which of the following would be MOST effective in reducing the impact of a
distributed denial of service (DDoS) attack? - Correct answer-Spread a site across
multiple ISPs.
Which of the following should be done FIRST when implementing a security
program? - Correct answer-Perform a risk analysis
Which of the following should be the PRIMARY outcome of an information
security program? - Correct answer-Strategic alignment
Which of the following events is MOST likely to require an organization to revisit
its information security framework? - Correct answer-Changes to the risk
landscape
Which of the following is the MOST important consideration when updating
procedures for managing security devices? - Correct answer-Updates based on
changes in risk, technology, and process
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, Which of the following is MOST important to maintain integration among the
incident response plan, business continuity plan (BCP), and disaster recovery plan
(DRP)? - Correct answer-Recovery time objectives (RTOs)
When assigning a risk owner, the MOST important consideration is to ensure the
owner has: - Correct answer-decision-making authority and the ability to allocate
resources for risk.
Which of the following is the BEST way to contain an SQL injection attack that
has been detected by a web application firewall? - Correct answer-Reconfigure the
web application firewall to block the attack.
The PRIMARY consideration when responding to a ransomware attack should be
to ensure: - Correct answer-the business can operate
Which of the following should have the MOST influence on an organization's
response to a new industry regulation? - Correct answer-The organization's risk
appetite
A financial institution is planning to develop a new mobile application. Which of
the following is the BEST time to begin assessments of the application's security
compliance? - Correct answer-During the design phase
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
QUESTIONS & ANSWERS GRADED
A+
Which of the following would provide the BEST evidence to senior management
that security control performance has improved? - Correct answer-Review of
security metrics trends
While responding to a high-profile security incident, an information security
manager observed several deficiencies in the current incident response plan. When
would be the BEST time to update the plan? - Correct answer-During post-incident
review
Which of the following is MOST important to include in an information security
strategy? - Correct answer-Stakeholder requirements
To help users apply appropriate controls related to data privacy regulation, what is
MOST important to communicate to the users? - Correct answer-Data
classification policy
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,A recent audit found that an organization's new user accounts are not set up
uniformly. Which of the following is MOST important for the information security
manager to review? - Correct answer-Standards
Which of the following would be MOST effective in reducing the impact of a
distributed denial of service (DDoS) attack? - Correct answer-Spread a site across
multiple ISPs.
Which of the following should be done FIRST when implementing a security
program? - Correct answer-Perform a risk analysis
Which of the following should be the PRIMARY outcome of an information
security program? - Correct answer-Strategic alignment
Which of the following events is MOST likely to require an organization to revisit
its information security framework? - Correct answer-Changes to the risk
landscape
Which of the following is the MOST important consideration when updating
procedures for managing security devices? - Correct answer-Updates based on
changes in risk, technology, and process
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, Which of the following is MOST important to maintain integration among the
incident response plan, business continuity plan (BCP), and disaster recovery plan
(DRP)? - Correct answer-Recovery time objectives (RTOs)
When assigning a risk owner, the MOST important consideration is to ensure the
owner has: - Correct answer-decision-making authority and the ability to allocate
resources for risk.
Which of the following is the BEST way to contain an SQL injection attack that
has been detected by a web application firewall? - Correct answer-Reconfigure the
web application firewall to block the attack.
The PRIMARY consideration when responding to a ransomware attack should be
to ensure: - Correct answer-the business can operate
Which of the following should have the MOST influence on an organization's
response to a new industry regulation? - Correct answer-The organization's risk
appetite
A financial institution is planning to develop a new mobile application. Which of
the following is the BEST time to begin assessments of the application's security
compliance? - Correct answer-During the design phase
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
