CISM · topic practice

Information Security Program practice questions

Practise RAM questions covering identification, installation, speeds, dual-channel, and troubleshooting for the CISM exam.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Information Security Program

What the exam tests

What to know about Information Security Program

RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.

Identifying DDR3 vs DDR4 vs DDR5 physical and electrical differences

Matching RAM speed (MHz) to motherboard and CPU support

Calculating total memory capacity from module size and slots

Troubleshooting common RAM errors like beep codes and blue screens

Why learners struggle

Why Information Security Program questions are commonly missed

RAM questions are commonly missed because learners confuse physical form factors (DIMM vs SO-DIMM) and fail to distinguish between memory speed (MHz) and latency (CL).

  • ·DIMM vs SO-DIMM — desktop vs laptop form factor confusion
  • ·DDR3 vs DDR4 vs DDR5 — notch position and voltage differences
  • ·MHz vs CL — speed vs latency trade-offs in performance
  • ·Single-channel vs dual-channel — bandwidth impact misconception
  • ·ECC vs non-ECC — error correction support in servers vs desktops
  • ·32-bit vs 64-bit — maximum addressable RAM limit

Watch out for

Common Information Security Program exam traps

  • Confusing DDR3 and DDR4 notch positions and voltage requirements
  • Assuming dual-channel requires identical size modules only
  • Mixing ECC and non-ECC RAM in a single system
  • Forgetting that 32-bit OS limits usable RAM to 4 GB

Practice set

Information Security Program questions

20 questions · select your answer, then reveal the explanation

An organization's information security program has been in place for two years. During a recent audit, several findings indicated that security controls are not consistently applied across business units. The CISO has been asked to improve the program. Which of the following should the CISO do FIRST?

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is designing its information security program and must decide how to balance security with business agility. The company operates in highly regulated industries with varying legal requirements. Which of the following approaches BEST aligns with industry best practices for such an environment?

An organization is developing a new information security program and wants to ensure it aligns with business objectives. Which of the following is the MOST critical first step?

During a merger, two companies with different information security programs are being integrated. The combined entity must maintain compliance with PCI DSS and GDPR. The CISO is concerned about gaps in coverage due to differing maturity levels. Which of the following is the BEST approach to harmonize the programs?

Which TWO of the following are key components of an information security program governance structure? (Select TWO.)

Refer to the exhibit. An analyst observes the network traffic between three internal hosts and a web server. Which of the following is the MOST likely interpretation of this traffic?

Exhibit

Refer to the exhibit.

```
[SYN] 12:01:00.001 192.168.1.10:12345 -> 10.0.0.1:80
[SYN-ACK] 12:01:00.002 10.0.0.1:80 -> 192.168.1.10:12345
[ACK] 12:01:00.003 192.168.1.10:12345 -> 10.0.0.1:80
[GET /index.html] 12:01:00.004 192.168.1.10:12345 -> 10.0.0.1:80
[SYN] 12:01:00.005 192.168.1.11:23456 -> 10.0.0.1:80
[SYN-ACK] 12:01:00.006 10.0.0.1:80 -> 192.168.1.11:23456
[ACK] 12:01:00.007 192.168.1.11:23456 -> 10.0.0.1:80
[GET /login.php] 12:01:00.008 192.168.1.11:23456 -> 10.0.0.1:80
[SYN] 12:01:00.009 192.168.1.12:34567 -> 10.0.0.1:80
[SYN-ACK] 12:01:00.010 10.0.0.1:80 -> 192.168.1.12:34567
[ACK] 12:01:00.011 192.168.1.12:34567 -> 10.0.0.1:80
[GET /admin.php] 12:01:00.012 192.168.1.12:34567 -> 10.0.0.1:80
```

You are the CISO of a mid-sized financial services firm that processes credit card transactions. The company has recently expanded its operations to include a mobile payment application that stores payment credentials in the cloud. The current information security program was designed primarily for the on-premises environment and has not been updated to address cloud-specific risks. The internal audit team has identified that the cloud service provider (CSP) does not have an independent third-party audit report (e.g., SOC 2) available for review. Additionally, the mobile app development team has been deploying code without formal security review, citing the need for rapid releases to compete in the market. The CEO has expressed concern about the potential for a data breach and has asked you to recommend immediate actions to strengthen the security program while minimizing business disruption. Which of the following should you recommend as the FIRST course of action?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

An information security program is being developed for a multinational organization. Which of the following is the PRIMARY driver for aligning the security program with business objectives?

After a major security incident, the board of directors requests a review of the information security program. Which of the following metrics would be MOST useful to demonstrate the effectiveness of the program over the past year?

An information security manager is designing a program for a healthcare organization. Which of the following should be the FIRST step in establishing the program?

An organization's information security program includes a formal exception process. When reviewing an exception request to bypass a critical control, what is the MOST important factor for the information security manager to consider?

Which of the following are key components of an effective information security program? (Select TWO.)

An information security manager is evaluating the maturity of the organization's security program. Which of the following indicators suggest a high level of maturity? (Select TWO.)

Match the following security program components with their primary purpose by dragging each component to the correct description.

Which of the following is the PRIMARY responsibility of a steering committee in an information security program?

An organization's information security program is based on a risk management framework. Which of the following BEST describes the role of the information security manager in this context?

An organization has implemented a balanced scorecard to measure the effectiveness of its information security program. Which of the following metrics would be MOST appropriate for the 'internal processes' perspective?

Which of the following are key components of an information security program? (Select TWO)

Question 19mediummulti select
Read the full NAT/PAT explanation →

An information security manager is developing a security program for a multinational organization. Which of the following should be considered when defining the program scope? (Select THREE)

Match each information security program component with its correct description.

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Information Security Program sessions

Start a Information Security Program only practice session

Every question in these sessions is drawn from the Information Security Program domain — nothing else.

Related practice questions

Related CISM topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISM exam test about Information Security Program?
RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Information Security Program questions in a focused session?
Yes — the session launcher on this page draws every question from the Information Security Program domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISM topics?
Use the topic links above to move to related areas, or go back to the CISM question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISM exam covers. They are not copied from any real exam or dump site.