CISM Certification MCQ Multiple Choice Questions Answers | Quiz for Practice

Q: 1. What does CISM stand for?

Correct Answer is: Certified Information Security Manager

Q: 3. What is the primary focus of CISM?

Correct Answer is: Information Security Management

Q: 4. Which CISM domain focuses on aligning security with business goals?

Correct Answer is: Information Security Governance

Q: 5. What is the main objective of information security governance?

Correct Answer is: Align security strategy with business objectives

Q: 6. Which principle ensures information is accessible when needed?

Correct Answer is: Availability

Q: 7. What does the CIA Triad stand for?

Correct Answer is: Confidentiality, Integrity, Availability

Q: 8. Which principle protects information from unauthorized disclosure?

Correct Answer is: Confidentiality

Q: 10. What is the primary purpose of risk management?

Correct Answer is: Identify and manage risks within acceptable levels

Q: 11. What is risk appetite?

Correct Answer is: Amount of risk an organization is willing to accept

Q: 12. What is residual risk?

Correct Answer is: Risk remaining after controls are applied

CISM Certification MCQs with Answers

CISM Certification MCQ Questions for Practice

1. What does CISM stand for?

Certified Information Systems Manager
Certified IT Security Manager
Certified Infrastructure Security Manager
Certified Information Security Manager

2. Which organization administers the CISM certification?

CompTIA
ISACA
EC-Council
ISC2

3. What is the primary focus of CISM?

Information Security Management
Network Administration
Software Development
Ethical Hacking

4. Which CISM domain focuses on aligning security with business goals?

Incident Management
Risk Management
Security Architecture
Information Security Governance

5. What is the main objective of information security governance?

Align security strategy with business objectives
Manage databases
Develop software
Increase profits

6. Which principle ensures information is accessible when needed?

Confidentiality
Availability
Authentication
Integrity

7. What does the CIA Triad stand for?

Confidentiality, Integrity, Availability
Compliance, Information, Access
Confidentiality, Identification, Availability
Control, Integrity, Access

8. Which principle protects information from unauthorized disclosure?

Confidentiality
Availability
Accountability
Integrity

9. Which principle ensures information is accurate and complete?

Confidentiality
Availability
Authorization
Integrity

10. What is the primary purpose of risk management?

Identify and manage risks within acceptable levels
Increase IT spending
Improve coding standards
Eliminate all risks

11. What is risk appetite?

Amount of risk an organization is willing to accept
Risk mitigation plan
Risk assessment report
Total risk exposure

12. What is residual risk?

Risk remaining after controls are applied
Vendor risk
Audit risk
Risk before controls

13. Which risk response strategy involves avoiding the activity causing risk?

Accept
Transfer
Avoid
Mitigate

14. Which risk response transfers risk to another party?

Transfer
Mitigate
Avoid
Accept

15. What is the purpose of a security policy?

Configure firewalls
Monitor users
Install software
Define organizational security requirements

16. Who is ultimately responsible for information security governance?

IT Manager
Senior Management
System Administrator
Security Analyst

17. What is a control designed to stop an incident before it occurs?

Corrective
Preventive
Recovery
Detective

18. Which control identifies incidents after they occur?

Detective
Directive
Compensating
Preventive

19. What is the purpose of a Business Impact Analysis (BIA)?

Audit financial statements
Monitor networks
Manage vendors
Assess business consequences of disruptions

20. Which metric defines maximum acceptable downtime?

21. What does RTO stand for?

Response Time Objective
Risk Tolerance Objective
Recovery Transfer Objective
Recovery Time Objective

22. What does RPO stand for?

Recovery Point Objective
Risk Point Objective
Resource Planning Objective
Recovery Process Objective

23. Which plan focuses on restoring IT systems after a disruption?

Disaster Recovery Plan
Security Policy
Incident Response Plan
Business Continuity Plan

24. What is the primary objective of Business Continuity Management?

Ensure critical business operations continue
Increase sales
Reduce staffing
Prevent all incidents

25. What is an information asset owner responsible for?

Asset classification and protection
Hardware repair
Network design
System coding

26. Which security concept grants users only necessary permissions?

Least Privilege
Job Rotation
Due Care
Segregation of Duties

27. What is segregation of duties intended to prevent?

Fraud and errors
Data backups
Encryption failures
Network failures

28. What is due diligence?

Encrypting data
Monitoring traffic
Auditing vendors
Taking reasonable steps to identify risks

29. What is due care?

Writing policies
Monitoring users
Hiring staff
Implementing controls to address identified risks

30. What is a key characteristic of an effective security program?

Maximum Spending
No Documentation
No Risk Acceptance
Business Alignment