ISACA Certified Information Security Manager (CISM) Prep
Questions Wit All Correct Answers {2025-2026} Latest Update
1. Which of the following is the primary D. Risk assessment
step in control implementation for a
new business application?
2. When implementing an information security Either
program, in which phase of the implementa- B. Initiation
tion should metrics be established to C. Design
assess the effectiveness of the
program over time?"
B. Entitlement changes
3. Data owners are concerned and
responsi- ble for who has access to
their resources and therefore need to
be concerned with the strategy of how
to mitigate risk of data re- source
usage. Which of the following actions
C. Post-incident review
facilitates that responsibility?
4. Which of the following is the best
method to determine the effectiveness
of the incident response process?
5. When properly implemented, a risk manage- C. A level at which the
organization is will-
ment program should be designed to reduce ing to accept
an organization's risk to:
6. What controls the process of be worked with
introducing changes to systems to cyclical
ensure that unintend- ed changes are consideration. What
not introduced? is the primary post-
incident review
7. All actions dealing with incidents must takeaway?
1/
13
, ISACA Certified Information Security Manager (CISM) Prep
Questions Wit All Correct Answers {2025-2026} Latest Update
C. Change management
Either
A. Pursuit of legal action
B. Identify personnel failures
2/
13
Questions Wit All Correct Answers {2025-2026} Latest Update
1. Which of the following is the primary D. Risk assessment
step in control implementation for a
new business application?
2. When implementing an information security Either
program, in which phase of the implementa- B. Initiation
tion should metrics be established to C. Design
assess the effectiveness of the
program over time?"
B. Entitlement changes
3. Data owners are concerned and
responsi- ble for who has access to
their resources and therefore need to
be concerned with the strategy of how
to mitigate risk of data re- source
usage. Which of the following actions
C. Post-incident review
facilitates that responsibility?
4. Which of the following is the best
method to determine the effectiveness
of the incident response process?
5. When properly implemented, a risk manage- C. A level at which the
organization is will-
ment program should be designed to reduce ing to accept
an organization's risk to:
6. What controls the process of be worked with
introducing changes to systems to cyclical
ensure that unintend- ed changes are consideration. What
not introduced? is the primary post-
incident review
7. All actions dealing with incidents must takeaway?
1/
13
, ISACA Certified Information Security Manager (CISM) Prep
Questions Wit All Correct Answers {2025-2026} Latest Update
C. Change management
Either
A. Pursuit of legal action
B. Identify personnel failures
2/
13
