CISM · topic practice

Information Security Programme practice questions

Practise RAM questions covering identification, installation, speeds, dual-channel, and troubleshooting for the CISM exam.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Information Security Programme

What the exam tests

What to know about Information Security Programme

RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.

Identifying DDR3 vs DDR4 vs DDR5 physical and electrical differences

Matching RAM speed (MHz) to motherboard and CPU support

Calculating total memory capacity from module size and slots

Troubleshooting common RAM errors like beep codes and blue screens

Why learners struggle

Why Information Security Programme questions are commonly missed

RAM questions are commonly missed because learners confuse physical form factors (DIMM vs SO-DIMM) and fail to distinguish between memory speed (MHz) and latency (CL).

  • ·DIMM vs SO-DIMM — desktop vs laptop form factor confusion
  • ·DDR3 vs DDR4 vs DDR5 — notch position and voltage differences
  • ·MHz vs CL — speed vs latency trade-offs in performance
  • ·Single-channel vs dual-channel — bandwidth impact misconception
  • ·ECC vs non-ECC — error correction support in servers vs desktops
  • ·32-bit vs 64-bit — maximum addressable RAM limit

Watch out for

Common Information Security Programme exam traps

  • Confusing DDR3 and DDR4 notch positions and voltage requirements
  • Assuming dual-channel requires identical size modules only
  • Mixing ECC and non-ECC RAM in a single system
  • Forgetting that 32-bit OS limits usable RAM to 4 GB

Practice set

Information Security Programme questions

20 questions · select your answer, then reveal the explanation

A CISO is evaluating the reporting structure for the information security team. Which reporting line is generally considered MOST effective for ensuring independence and organizational influence?

An organization is implementing a security controls framework and needs to prioritize which controls to implement first. According to CIS Controls v8, which approach aligns with the principle of 'implementation groups'?

During a third-party risk assessment, the security team discovers that a critical vendor's sub-supplier (nth party) has access to sensitive data. The vendor contract does not address nth-party risk. What is the BEST course of action?

Which of the following is a LEADING indicator of security performance?

An information security manager is designing a security awareness program. Which approach BEST addresses the different learning needs of various employee groups?

A security manager needs to justify an increase in the security budget. Which metric is MOST compelling to demonstrate the value of security investments to the board?

Which control family from NIST SP 800-53 is MOST directly associated with ensuring that users have appropriate access rights?

An organization is designing a security operations center (SOC). Which of the following functions is PRIMARILY responsible for analyzing alerts and determining if they represent genuine threats?

What is the PRIMARY purpose of a security champions program?

A security manager is selecting a controls framework for a new organization. Which framework provides the most granular control families and is widely used for US federal agencies?

A company maintains a security scorecard for the executive team. Which metric is MOST appropriate to include as a leading indicator on a one-page dashboard?

In the context of defense-in-depth, which control provides protection at the network layer to prevent unauthorized access?

An organization is designing a vendor tiering process for its third-party risk management program. Which TWO factors are MOST appropriate for determining a vendor's risk tier?

A security manager is developing a set of objectives and key results (OKRs) for the security program. Which THREE would be considered effective security OKRs?

Which TWO budget components are considered 'services' in a typical security budget?

A CISO is designing the security organization for a financial services firm. Which reporting structure is most likely to ensure the independence and authority of the information security function?

Which of the following security team roles is primarily responsible for designing and implementing security solutions to protect an organization's systems and data?

An organization is implementing a security controls framework and must decide on prioritization. According to defense-in-depth principles, which approach should be taken first?

Which of the following is a leading indicator for security performance?

A security awareness program includes phishing simulations. Which metric best measures the long-term effectiveness of the program?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Information Security Programme sessions

Start a Information Security Programme only practice session

Every question in these sessions is drawn from the Information Security Programme domain — nothing else.

Related practice questions

Related CISM topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISM exam test about Information Security Programme?
RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Information Security Programme questions in a focused session?
Yes — the session launcher on this page draws every question from the Information Security Programme domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISM topics?
Use the topic links above to move to related areas, or go back to the CISM question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISM exam covers. They are not copied from any real exam or dump site.