Free Isaca CISM Exam Questions

Become Isaca Certified with updated CISM exam questions and correct answers

Page: 1 / 195

Total 975 Questions | Updated On: May 12, 2026

Add To Cart

Question 1

When investigating an information security incident details of the incident should be shared:

A : dely to demonstrate positive intent

B : ly as needed

C : ly with management

D : ly with internal audit

Answer: B

Question 2

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

A : Data owner

B : Business owner

C : Information security manager

D : Compliance manager

Answer: B

Question 3

Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?

A : Senior management supports funding for ongoing awareness training.

B : Employees from each department have completed the required training.

C : There has been an increase in the number of phishing attempts reported.

D : There have been no reported successful phishing attempts since the training started.

Answer: D

Question 4

Which of the following is the BEST approach for data owners to use when defining access privileges for users?

A : Define access privileges based on user roles.

B : Adopt user account settings recommended by the vendor.

C : Perform a risk assessment of the users' access privileges.

D : Implement an identity and access management (IDM) tool.

Answer: A

Question 5

When mitigation is the chosen risk treatment, which of the following roles is responsible for effective implementation of the chosen treatment?

A : Risk owner

B : Control owner

C : Business system owner

D : Application owner

Answer: B

Page: 1 / 195

Total 975 Questions | Updated On: May 12, 2026

Add To Cart