Back to Certified Information Security Manager CISM questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Certified Information Security Manager CISM practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CISM
exam code
ISACA
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CISM topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymulti select
Full question →

Which of the following are key components of an information security program? (Select TWO)

Question 2easymulti select
Full question →

Which TWO of the following are primary objectives of information security governance? (Choose two.)

Question 3easymulti select
Full question →

Which TWO of the following are best practices for preserving digital evidence during an incident? (Select exactly 2)

Question 4mediummulti select
Full question →

Which TWO of the following are key indicators of a potential insider threat incident? (Select exactly 2)

Question 5mediummulti select
Full question →

Which TWO actions are appropriate during the containment phase of an incident involving a malware outbreak on multiple workstations?

Question 6hardmulti select
Full question →

An organization is designing its information security program and needs to ensure it supports business continuity. Which TWO of the following should be integrated into the program?

Question 7hardmulti select
Full question →

A security manager is evaluating the effectiveness of the security program. Which of the following would be valid indicators of a mature program? (Select two.)

Question 8mediummulti select
Full question →

Which TWO of the following are key components of an information security program governance structure? (Select TWO.)

Question 9mediummulti select
Read the full NAT/PAT explanation →

An information security manager is designing a security program for a multinational organization. Which factors should be considered when developing the program governance structure? (Select 3)

Question 10hardmulti select
Full question →

Which TWO of the following are key responsibilities of an information security governance committee?

Question 11mediummulti select
Full question →

Which TWO of the following are key components of an effective incident response plan?

Question 12easymulti select
Full question →

Which TWO of the following are indicators of a potential security incident?

Question 13mediummulti select
Full question →

Which of the following are key components of an Information Security Risk Management program? (Select TWO.)

Question 14mediummulti select
Full question →

Which of the following are key components of an information security risk management program? (Select TWO)

Question 15hardmulti select
Full question →

A security manager is presenting risk analysis results to the board. Which of the following should the manager include to effectively communicate risk? (Select THREE)

Question 16mediummulti select
Full question →

Which of the following are key components of an effective information security program? (Select TWO.)

Question 17hardmulti select
Full question →

An information security manager is evaluating the maturity of the organization's security program. Which of the following indicators suggest a high level of maturity? (Select TWO.)

Question 18hardmulti select
Full question →

Which THREE of the following are essential roles in an effective information security governance structure? (Choose three.)

Question 19mediummulti select
Full question →

Which TWO of the following are key components of an information security governance framework? (Choose two.)

Question 20mediummulti select
Full question →

Which THREE of the following are common challenges in incident response? (Select exactly 3)

These CISM practice questions are part of Courseiva's free ISACA certification practice question bank. Courseiva provides original exam-style CISM questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.