ISACA CISM Actual Free Exam Questions & Community Discussion

Exam Code/Number: CISM
Exam Name/Title: Certified Information Security Manager
Certification Provider: ISACA
Corresponding Certification: Isaca Certification

Exam Questions: 1041
Updated On: Jun 01, 2026

Question #1

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

A. Ownership of security

B. Compliance with policies

C. Allocation of training resources

D. Auditability of systems

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #2

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

A. Installing new firewalls

B. Improving user awareness

C. Updating security policies

D. Performing penetration testing

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #3

Which of the following is MOST effective in gaining support for the information security strategy from senior management?

A. Third-party security audit results

B. A major breach at a competitor

C. Cost-benefit analysis results

D. Business impact analysis (BIA) results

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #4

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

A. Assigning a risk owner

B. Establishing risk metrics

C. Training on risk management procedures

D. Reporting on documented deficiencies

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #5

Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?

A. Enforce the local regulation.

B. Obtain an independent assessment of the regulation.

C. Enforce the organization's information security policy.

D. Obtain legal guidance.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #6

The fundamental purpose of establishing security metrics is to:

A. establish security benchmarks

B. provide feedback on control effectiveness

C. increase return on investment (ROI)

D. adopt security best practices

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #7

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

A. A validation of the current firewall rule set

B. A ping test from an external source

C. A simulated denial of service (DoS) attack against the firewall

D. A port scan of the firewall from an internal source

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #8

A balanced scorecard MOST effectively enables information security:

A. performance

B. governance

C. project management

D. risk management

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #9

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

A. Perform a risk analysis for critical applications.

B. Review and update current operational procedures.

C. Determine whether critical success factors (CSFs) have been defined.

D. Conduct a capability maturity model evaluation.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #10

Which of the following BEST enables an organization to evaluate the security posture of a cloud service?

A. Industry peer reviews

B. Third-party audit reports

C. Service provider attestations

D. Penetration testing reports

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Download Free ISACA CISM Demo

Simply submit your e-mail address below to get started with our free demo of your ISACA CISM exam.