CISM Practice Test

It is MOST important for an information security manager to ensure that security risk
assessments are performed:

A.

during a root cause analysis

B.

consistently throughout the enterprise.

C.

as part of the security business case.

D.

in response to the threat landscape.

Which of the following is the BEST way for an organization to determine the maturity level
of its information security program?

A.

Validate the effectiveness of implemented security controls

B.

Track the trending of information security incidents

C.

Review the results of information security awareness testing.

D.

Benchmark the information security policy against industry standards

Which of the following is MOST likely to affect an organization's ability to respond to
security incidents in a timely manner?

A.

Inadequate detective control performance

B.

Lack of senior management buy-in

C.

Complexity of network segmentation

D.

Misconfiguration of security information and event management (SIEM) tool

Which of the following BEST enables the deployment of consistent security throughout
international branches within a multinational organization?

A.

Establishment of security governance

B.

Remediation of audit findings

C.

Maturity of security processes

D.

Decentralization of security governance

The BEST indication of a change in risk that may negatively impact an organization is an
increase

A.

security incidents reported by staff to the information security team.

B.

alerts triggered by the security information and event management (SIEM) solution

C.

events logged by the intrusion detection system (IDS).

D.

malware infections detected by the organization's anti-virus software.