ISACA CISM Certification Sample
Questions with Correct Verified
Answers 2025-2026. Graded A
01. IT-related risk management activities are MOST effective when they
are:
a) treated as a distinct process
b) conducted by the IT department
c) communicated to all employees
d) integrated within business processes - ANS Answer:
d) integrated within business processes
02. A risk assessment and business impact analysis (BIA) have been
completed for a major proposed purchase and new process for an
organization.
There is disagreement between the information security manager and the
business department manager who will be responsible for evaluating the
results and identified risk.
Which of the following would be the BEST approach of the information
security manager?
a) Acceptance of the business manager's decision on the risk to the
corporation
1
Questions with Correct Verified
Answers 2025-2026. Graded A
01. IT-related risk management activities are MOST effective when they
are:
a) treated as a distinct process
b) conducted by the IT department
c) communicated to all employees
d) integrated within business processes - ANS Answer:
d) integrated within business processes
02. A risk assessment and business impact analysis (BIA) have been
completed for a major proposed purchase and new process for an
organization.
There is disagreement between the information security manager and the
business department manager who will be responsible for evaluating the
results and identified risk.
Which of the following would be the BEST approach of the information
security manager?
a) Acceptance of the business manager's decision on the risk to the
corporation
1
