Certified Information Security Manager (CISM) Free Practice Test

Question 1

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

A. Assess whether the vulnerability is within the organization's risk tolerance levels.

B. Implement the application and request the cloud service provider to fix the vulnerability.

C. Postpone the implementation until the vulnerability has been fixed.

D. Commission further penetration tests to validate initial test results,

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

A. Review the provider's information security policies.

B. Include high penalties for security breaches in the contract.

C. Obtain an independent audit report.

D. Require the provider to follow stringent data classification procedures.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

A. High number of false negatives

B. Low number of false negatives

C. Low number of false positives

D. High number of false positives

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which of the following is a PRIMARY benefit of managed security solutions?

A. Easier implementation across an organization

B. Wider range of capabilities

C. Greater ability to focus on core business operations

D. Lower cost of operations

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which of the following will BEST facilitate timely and effective incident response?

A. Classifying the severity of an incident

B. Assessing the risk of compromised assets

C. Including penetration test results in incident response planning

D. Notifying stakeholders when invoking the incident response plan

Correct Answer: A

Question 6

The PRIMARY objective of timely declaration of a disaster is to:

A. protect critical physical assets from further loss.

B. ensure engagement of business management in the recovery process.

C. assess and correct disaster recovery process deficiencies.

D. ensure the continuity of the organization's essential services.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Which of the following roles has the PRIMARY responsibility to ensure the operating effectiveness of IT controls?

A. Risk owner

B. Control tester

C. Information security manager

D. IT compliance leader

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?

A. Conduct a risk assessment to determine security risks and mitigating controls.

B. Review customers' security policies.

C. Design single sign-on (SSO) or federated access.

D. Develop access control requirements for each system and application.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

A. Requiring an external security audit of the IT service provider

B. Defining the business recovery plan with the IT service provider

C. Requiring regular reporting from the IT service provider

D. Defining information security requirements with internal IT

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Which of the following is MOST important for a healthcare organization to address during the requirements gathering phase of AI development?

A. Inadequate computational resources

B. Algorithm selection challenges

C. Data privacy concerns

D. Data labeling inefficiencies

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

Which of the following is a PRIMARY function of an incident response team?

A. To provide effective incident mitigation

B. To provide a risk assessment for zero-day vulnerabilities

C. To provide a business impact analysis (BIA)

D. To provide a single point of contact for critical incidents

Correct Answer: A

Question 12

An organization's automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

A. Report only critical alerts.

B. Change reporting thresholds.

C. Monitor incidents in a specific time frame.

D. Reconfigure log recording.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

A. Require employees to install an effective anti-malware app.

B. Implement a mobile device management (MDM) solution.

C. Provide employee training on secure mobile device practices.

D. Implement a mobile device policy and standard.

Correct Answer: C

Question 14

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

A. Communicating the plan to all stakeholders

B. Updating the plan periodically

C. Conducting a walk-through of the plan

D. Storing the plan at an offsite location

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 15

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

A. Backup and restoration of data

B. Local laws and regulations

C. Independent review of the vendor

D. Vendor service level agreements (SLAs)

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

ISACA Certified Information Security Manager (CISM) Free Practice Test