50 cism test Practice Questions: Question Bank 2025

An organization is establishing its information security governance framework. What should be the PRIMARY driver for defining the security strategy?

During a risk assessment, an information security manager identifies that a critical business application lacks adequate backup controls. Management accepts the risk without implementing controls. What should the information security manager do FIRST?

An organization is developing metrics to measure the effectiveness of its information security program. Which metric would be MOST useful for demonstrating program value to senior management?

A security incident has been detected involving potential data exfiltration. The incident response team is assembled. What should be the FIRST priority?

An organization operates in multiple countries with different data protection regulations. What should be the information security manager's PRIMARY consideration when developing a global data protection strategy?

A third-party vendor has experienced a security breach that may have compromised customer data shared by your organization. What should the information security manager do FIRST?

Senior management wants to implement a new cloud-based business application quickly to gain competitive advantage, but the security review is incomplete. What is the BEST approach for the information security manager?

An information security program has multiple initiatives underway with limited resources. What should be the PRIMARY basis for prioritizing security projects?

An organization's incident response capability is being tested through tabletop exercises. During the exercise, significant gaps in the response procedures are identified, including unclear escalation paths and missing contact information. What should be done NEXT?

An information security manager discovers that the organization's risk register has not been updated in over a year, and several business changes have occurred during this period, including new product launches and market expansions. What should be the GREATEST concern?

An information security manager discovers that a critical business application stores customer data in an unencrypted database. What should be the FIRST course of action?

During an incident response, the security team has contained a ransomware attack affecting 50 workstations. What should be the NEXT priority?

A security manager is developing metrics for the information security program. Which metric would be MOST effective in demonstrating the program's value to executive management?

An organization is implementing a new cloud-based HR system that will process employee personal information. What should the information security manager do FIRST?

During a post-incident review of a data breach, the team identifies that the incident could have been prevented if a security patch had been applied on time. What is the BEST way to prevent similar incidents?

An information security manager learns that a third-party vendor experienced a data breach that may have exposed the organization's confidential data. What should be done FIRST?

Which of the following BEST indicates that an information security program is mature and effective?

An organization's risk assessment has identified that a legacy system cannot be patched for a critical vulnerability due to application compatibility issues. What is the MOST appropriate action?

A security manager is establishing an incident classification scheme. Which factor should be the PRIMARY basis for classifying incident severity?

Senior management has requested a dashboard showing the current state of information security. Which approach would BEST support strategic decision-making?

An information security manager is developing metrics to present to the board of directors. Which type of metric would be MOST valuable for demonstrating the effectiveness of the security program?

During an incident response, the security team discovers that an attacker has maintained persistence in the network for several months. What should be the FIRST priority?

An organization is implementing a new cloud-based CRM system that will store customer personal data. What should the information security manager do FIRST to ensure appropriate security controls are in place?

Which of the following is the PRIMARY benefit of establishing a security incident classification scheme?

A security manager discovers that the organization's disaster recovery plan has not been tested in three years and no longer reflects the current IT infrastructure. What is the BEST course of action?

An information security manager learns that a business unit has implemented a third-party SaaS application without IT or security review. What should be the FIRST action?

Which of the following BEST indicates that an organization's information security governance framework is mature?

During incident response, what is the PRIMARY purpose of maintaining a detailed chain of custody for digital evidence?

An organization's security operations center receives over 10,000 alerts daily, resulting in alert fatigue and missed critical incidents. What should the information security manager prioritize to address this issue?

A multinational organization operates in regions with conflicting data protection regulations. How should the information security manager BEST address this challenge?

An information security manager is developing key performance indicators (KPIs) for the security program. Which metric would be MOST effective in measuring the effectiveness of security awareness training?

During an incident response, the security team discovers that an attacker has maintained persistence in the network for several months. What should be the information security manager's FIRST priority?

An organization is implementing a third-party cloud service that will process sensitive customer data. What should the information security manager do FIRST to ensure appropriate security governance?

A security incident has been contained, and the information security manager is leading the post-incident review. Which activity would provide the GREATEST value in improving future incident response capabilities?

Senior management has asked the information security manager to justify the budget for the security program. Which approach would be MOST effective in demonstrating the value of security investments?

An organization has experienced a ransomware attack that encrypted critical business systems. The incident response team has isolated affected systems. What should be the information security manager's NEXT step?

The information security manager discovers that a critical security control has been bypassed by a business unit to meet a tight project deadline. What should be the FIRST course of action?

An organization is establishing a security governance framework. Which element is MOST important to ensure long-term sustainability and effectiveness of the security program?

During a merger and acquisition, the information security manager identifies significant security gaps in the target company's infrastructure. The acquisition is scheduled to close in two weeks. What is the BEST approach to manage this situation?

An information security manager is developing metrics to report to the board of directors. Which characteristic is MOST important for these metrics to be effective?

An organization is establishing a security governance framework. Which of the following should be the FIRST step in this process?

During an incident response, the security team discovers that an attacker has been exfiltrating customer data for the past three months. What should be the information security manager's IMMEDIATE priority?

A healthcare organization is implementing a third-party cloud service to store electronic health records. What should be the information security manager's PRIMARY concern when reviewing the service provider agreement?

An organization has identified a critical vulnerability in a production system that cannot be immediately patched due to compatibility issues with legacy applications. What is the BEST approach for the information security manager?

During a security program review, the information security manager discovers that business units are implementing their own security solutions without IT oversight. What should be the FIRST action?

An organization experiences a ransomware incident that encrypts critical business systems. The attackers demand payment within 48 hours. Which factor should have the GREATEST influence on the decision whether to pay the ransom?

A global organization is establishing an information security governance structure across multiple geographic regions with different regulatory requirements. What is the MOST effective approach?

An information security manager is developing key risk indicators (KRIs) for the organization. What characteristic is MOST important for an effective KRI?

Following a major security incident, the information security manager is tasked with improving the organization's incident response capabilities. Which improvement should be prioritized to have the GREATEST impact on future incident response effectiveness?

An organization is conducting a risk assessment and identifies multiple risks that exceed the established risk appetite. Senior management is reluctant to invest in additional controls due to budget constraints. What should the information security manager do FIRST?