ISACA CISM CERTIFICATION EXAM SYLLABUS AND EXAM QUESTIONS PDF ISACA CISM Exam
EDUSUM.COM Get complete detail on CISM exam guide to crack ISACA Information Security Manager. You can collect all information on CISM tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on ISACA Information Security Manager and get ready to crack CISM certification. Explore all information on CISM exam with number of questions, passing percentage and time duration to complete test.
WWW.EDUSUM.COM
Introduction to ISACA Certified Information Security Manager (CISM) Exam The ISACA CISM Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CISM certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. This study guide for the ISACA Information Security Manager will help guide you through the study process for your certification.
CISM ISACA Information Security Manager Exam Summary ● ● ● ●
Exam Name: ISACA Information Security Manager Exam Code: CISM Exam Price ISACA Member: $575 (USD) Exam Price ISACA Nonmember: $760 (USD)
CISM: ISACA Certified Information Security Manager
1
WWW.EDUSUM.COM
● ● ● ●
Duration: 240 mins Number of Questions: 150 Passing Score: 450/800 Books / Training: ○ Virtual Instructor-Led Training ○ In-Person Training & Conferences ○ Customized, On-Site Corporate Training ○ CISM Planning Guide ● Schedule Exam: Exam Registration ● Sample Questions: ISACA CISM Sample Questions ● Recommended Practice: ISACA CISM Certification Practice Exam
Exam Syllabus: CISM ISACA Certified Information Security Manager (CISM) Topic
Details A. Enterprise Governance
Information Security Governance
Organizational Culture Legal, Regulatory, and Contractual Requirements Organizational Structures, Roles, and Responsibilities
B. Information Security Strategy
Weights
17%
Information Security Strategy Development Information Governance Frameworks and Standards Strategic Planning (e.g., budgets, resources, business case).
A. Information Security Risk Assessment
Information Security Risk Management
Emerging Risk and Threat Landscape Vulnerability and Control Deficiency Analysis Risk Assessment and Analysis
20%
B. Information Security Risk Response
CISM: ISACA Certified Information Security Manager
2
WWW.EDUSUM.COM
Topic
Details Risk Treatment / Risk Response Options Risk and Control Ownership Risk Monitoring and Reporting
Weights
A. Information Security Program Development
Information Security Program
Information Security Program Resources (e.g., people, tools, technologies) Information Asset Identification and Classification Industry Standards and Frameworks for Information Security Information Security Policies, Procedures, and Guidelines Information Security Program Metrics
B. Information Security Program Management 33%
Information Security Control Design and Selection Information Security Control Implementation and Integrations Information Security Control Testing and Evaluation Information Security Awareness and Training/td> Management of External Services (e.g., providers, suppliers, third parties, fourth parties) Information Security Program Communications and Reporting
A. Incident Management Readiness
Incident Management
Incident Response Plan Business Impact Analysis (BIA) Business Continuity Plan (BCP) Disaster Recovery Plan (DRP) Incident Classification/Categorization
CISM: ISACA Certified Information Security Manager
30%
3
WWW.EDUSUM.COM
Topic
Details Weights Incident Management Training, Testing, and Evaluation B. Incident Management Operations
Incident Management Tools and Techniques Incident Investigation and Evaluation Incident Containment Methods Incident Response Communications (e.g., reporting, notification, escalation) Incident Eradication and Recovery Post-incident Review Practices
ISACA CISM Certification Sample Questions and Answers To make you familiar with ISACA Information Security Manager (CISM) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for Information Security Manager CISM Certification to test your understanding of the ISACA CISMprocess with real ISACA certification exam environment.
CISM ISACA Information Security Manager Sample Questions:01. The postincident review of a security incident revealed that there was a process that was not monitored. As a result monitoring functionality has been implemented. Which of the following may BEST be expected from this remediation? a) Reduction in total incident duration b) Increase in risk tolerance c) Facilitation of escalation d) Improvement in identification 02. IT-related risk management activities are MOST effective when they are: a) treated as a distinct process b) conducted by the IT department
CISM: ISACA Certified Information Security Manager
4
WWW.EDUSUM.COM
c) communicated to all employees d) integrated within business processes 03. Which of the following BEST illustrates residual risk within an organization? a) Risk management framework b) Risk register c) Business impact analysis d) Heat map 04. A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk. Which of the following would be the BEST approach of the information security manager? a) Acceptance of the business manager’s decision on the risk to the corporation b) Acceptance of the information security manager’s decision on the risk to the corporation c) Review of the risk assessment with executive management for final input d) Create a new risk assessment and BIA to resolve the disagreement 05. In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement: a) a strong authentication. b) IP antispoofing filtering. c) network encryption protocol. d) access lists of trusted devices. 06. Who is accountable for ensuring that information is categorized and that specific protective measures are taken? a) The security officer b) Senior management c) The end user d) The custodian 07. Which of the following authentication methods prevents authentication replay? a) Password hash implementation b) Challenge/response mechanism
CISM: ISACA Certified Information Security Manager
5
WWW.EDUSUM.COM
c) Wired equivalent privacy encryption usage d) Hypertext Transfer Protocol basic authentication 08. Abnormal server communication from inside the organization to external parties may be monitored to: a) record the trace of advanced persistent threats b) evaluate the process resiliency of server operations c) verify the effectiveness of an intrusion detection system d) support a nonrepudiation framework in e-commerce 09. To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs? a) Database server b) Domain name server c) Time server d) Proxy server 10. Which of the following is the BEST way to detect an intruder who successfully penetrates a network before significant damage is inflicted? a) Perform periodic penetration testing b) Establish minimum security baselines c) Implement vendor default settings d) Install a honeypot on the network
Answers:Answer 01:- d Answer 02:- d Answer 03:- a Answer 04:- c Answer 05:- a Answer 06:- b Answer 07:- b Answer 08:- a Answer 09:- c Answer 10:- d
CISM: ISACA Certified Information Security Manager
6