Free Isaca CISM Exam Questions

Become Isaca Certified with updated CISM exam questions and correct answers

Page: 1 / 195

Total 975 Questions | Updated On: Apr 01, 2026

Add To Cart

Question 1

A PRIMARY purpose of creating security policies is to:

A : define allowable security boundaries

B : communicate management's security expectations.

C : establish the way security tasks should be executed.

D : implement management's security governance strategy.

Answer: D

Question 2

The MOST useful technique for maintaining management support for the information security program is:

A : informing management about the security of business operations.

B : implementing a comprehensive security awareness and training program.

C : identifying the risks and consequences of failure to comply with standards.

D : benchmarking the security programs of comparable organizations.

Answer: C

Question 3

The PRIMARY purpose for deploying information security metrics is to:

A : compare program effectiveness to benchmarks.

B : support ongoing security budget requirements.

C : ensure that technical operations meet specifications.

D : provide information needed to make decisions.

Answer: D

Question 4

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

A : Members have knowledge of information security controls.

B : Members are business risk owners.

C : Members are rotated periodically.

D : Members represent functions across the organization.

Answer: D

Question 5

To support effective risk decision making, which of the following is MOST important to have in place?

A : Established risk domains

B : Risk reporting procedures

C : An audit committee consisting of mid-level management

D : Well-defined and approved controls

Answer: B

Page: 1 / 195

Total 975 Questions | Updated On: Apr 01, 2026

Add To Cart