Download Certified Information Security Manager.CISM.ExamTopics.2026-04-10.392q.tqb
| Vendor: | ISACA |
| Exam Code: | CISM |
| Exam Name: | Certified Information Security Manager |
| Date: | Apr 10, 2026 |
| File Size: | 1 MB |
How to open TQB files?
Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.
Purchase
Coupon: TAURUSSIM_20OFF
Discount: 20%
Demo Questions
Question 1
Who is BEST suited to determine how the information in a database should be classified?
- Information security analyst
- Database analyst
- Database administrator (DBA)
- Data owner
Correct answer: D
Question 2
Which of the following is the BEST way to demonstrate the alignment of the information security strategy with the business strategy?
- Show the relationship between information security goals and corporate goals.
- Compare the allocated budget for business with the information security budget.
- Present senior management's approval of information security policies.
- Provide evidence that information security is included in the change management process.
Correct answer: A
Question 3
An information security manager has received confirmation that the organization's e-commerce website was breached, exposing customer information. What should be done FIRST?
- Inform affected customers
- Perform a vulnerability assessment
- Execute the incident response plan
- Take the affected systems offline
Correct answer: C
Question 4
Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?
- Identify and assess the risk in the context of business objectives
- Consult with IT staff and assess the risk based on their recommendations
- Update the security policy based on the regulatory requirements
- Propose relevant controls to ensure the business complies with the regulation
Correct answer: A
Question 5
What is the PRIMARY goal of an incident management program?
- Contain the incident
- Communicate to external entities
- Minimize impact to the organization
- Identify root cause
Correct answer: C
Question 6
Which of the following parties should be responsible for determining access levels to an application that processes client information?
- The identity and access management team
- The business client
- The information security team
- Business unit management
Correct answer: D
Question 7
To support effective risk decision making, which of the following is MOST important to have in place?
- An audit committee consisting of mid-level management
- Risk reporting procedures
- Well-defined and approved controls
- Established risk domains
Correct answer: B
Question 8
When deciding to move to a cloud-based model, the FIRST consideration should be:
- data classification
- physical location of the data
- storage in a shared environment
- availability of the data
Correct answer: A
Question 9
An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
- Document risk acceptances.
- Conduct an information security audit.
- Assess the consequences of noncompliance.
- Revise the organization's security policy.
Correct answer: C
Question 10
An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
- a control self-assessment (CSA) process.
- metrics for each milestone.
- automated reporting to stakeholders.
- a monitoring process for the security policy.
Correct answer: B
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX FILES
Use ProfExam Simulator to open VCEX files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!