Back to Certified Information Security Manager CISM

ISACA exam questions

Certified Information Security Manager CISM practice test

Practise RAM questions covering identification, installation, speeds, dual-channel, and troubleshooting for the CISM exam.

500
practice questions
4
topics covered
CISM
exam code
ISACA
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 500 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 500 CISM questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

7 pages · 75 questions per page · 500 total

Domain practice

Study CISM by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study CISM by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Certified Information Security Manager CISM practice questions

Start practice test

A financial institution is implementing a new online banking platform. The risk assessment identified that the authentication module has a high likelihood of exploitation due to weak password policies. The risk owner has decided to implement multi-factor authentication (MFA) to reduce the risk. This is an example of which risk response strategy?

Which of the following are key components of an information security program? (Select TWO)

Question 3mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is implementing an information security governance framework. The board has requested a mechanism to ensure that security investments align with business objectives. Which of the following is the BEST approach to achieve this alignment?

Question 4hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare organization is developing an information security strategy. The board has mandated that the strategy must support innovation while protecting patient data. Which governance approach BEST balances these priorities?

A newly appointed CISO wants to establish an information security governance committee. What is the PRIMARY purpose of this committee?

Which TWO of the following are primary objectives of information security governance? (Choose two.)

A financial services firm has a mature information security program but is struggling to demonstrate the value of security investments to the board. Which metric would BEST communicate the effectiveness of the security program in business terms?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

You are the CISO of a mid-sized e-commerce company with 500 employees. The company recently suffered a data breach where an attacker exfiltrated customer credit card data from the production database. The investigation revealed that the breach originated from a compromised developer workstation. The developer had been granted direct access to the production database for troubleshooting purposes, a practice that had been in place for years. The security governance framework currently lacks a formal process for managing privileged access. The board has asked for immediate improvements to prevent recurrence. Which course of action BEST addresses the governance gap?

A company is considering outsourcing its security operations center (SOC). Which governance consideration is MOST critical before finalizing the decision?

A security analyst detects unusual outbound network traffic from a database server to an unknown IP address. The traffic uses encrypted connections on port 443. Which type of attack is MOST likely occurring?

Question 11mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is assessing the risk of data breaches from third-party vendors. The CISM is tasked with selecting a risk treatment strategy. The organization has a low risk appetite for data breaches. Which strategy should be prioritized?

During a simulated phishing exercise, several employees clicked a link and entered their credentials on a fake login page. The security team needs to determine the impact. Which of the following should be the NEXT step?

Which TWO of the following are best practices for preserving digital evidence during an incident? (Select exactly 2)

Based on the SIEM alert exhibit, which immediate action should the incident responder take?

Exhibit

Refer to the exhibit.

```
[Alert] Correlation Rule: Multiple Failed Logins
Source IP: 10.0.0.55
Destination IP: 192.168.1.10
Event Count: 150 failed logins to admin account 'jsmith' within 5 minutes
Action: Triggered
```
Question 15hardmultiple choice
Read the full DNS explanation →

During an incident investigation, the security team discovers that an attacker exfiltrated sensitive customer data via encrypted DNS tunneling over a period of three months. The data loss was only noticed after a routine audit. Which of the following weaknesses MOST likely allowed the attacker to remain undetected for so long?

During an incident, the response team collects volatile data from a compromised server. Which of the following should be collected FIRST to minimize loss of evidence?

Which TWO of the following are key indicators of a potential insider threat incident? (Select exactly 2)

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation has just detected a ransomware attack that encrypted critical files on a file server. The incident response team has been activated. Which of the following should be the FIRST action taken by the team?

After a security incident, the incident response team prepares a report detailing the root cause, impact, and lessons learned. Who is the PRIMARY audience for this report?

Which TWO actions are appropriate during the containment phase of an incident involving a malware outbreak on multiple workstations?

An organization uses a SIEM to correlate security events. The SIEM generates an alert for a possible brute-force attack against an admin account. The incident response team reviews the alert and finds that the account is a service account with a known password. What should the team do NEXT?

After a security incident, the incident response team identifies that the root cause was a phishing email that bypassed the email filter. The email contained a malicious macro that executed PowerShell commands. Which control would be MOST effective in preventing similar incidents in the future?

A financial institution is designing an incident response plan. They want to ensure that during a ransomware incident, critical transaction systems can be restored within 4 hours. Which metric should be used to measure this requirement?

An information security manager is developing a program metric to measure the effectiveness of the security awareness training. Which metric is most appropriate?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these CISM questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.

Identifying DDR3 vs DDR4 vs DDR5 physical and electrical differences

Matching RAM speed (MHz) to motherboard and CPU support

Calculating total memory capacity from module size and slots

Troubleshooting common RAM errors like beep codes and blue screens

These CISM practice questions are part of Courseiva's free ISACA certification practice question bank. Courseiva provides original exam-style CISM questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.