CISM · topic practice

Scenario practice questions

Practise Certified Information Security Manager CISM Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
8 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

8 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Scenario explanation →

A security analyst detects unusual outbound network traffic from a database server to an unknown IP address. The traffic uses encrypted connections on port 443. Which type of attack is MOST likely occurring?

Question 2mediummultiple choice
Read the full Scenario explanation →

An organization has implemented a new web application that processes sensitive customer data. The risk assessment identified a high likelihood of SQL injection attacks due to insufficient input validation. Which of the following is the BEST risk treatment strategy?

Question 3mediummultiple choice
Read the full Scenario explanation →

Based on the exhibit, what is the MOST likely scenario?

Exhibit

Refer to the exhibit.

Exhibit:

Event Log Entry:
Time: 2023-10-05 14:23:17
Event ID: 4625
Source: Security
User: SYSTEM
Logon Type: 3
Account Name: jdoe
Account Domain: CORP
Failure Reason: Unknown user name or bad password.
Workstation Name: WS-001
IP Address: 192.168.1.50

Event Log Entry:
Time: 2023-10-05 14:24:05
Event ID: 4624
Source: Security
User: SYSTEM
Logon Type: 3
Account Name: jdoe
Account Domain: CORP
Workstation Name: WS-001
IP Address: 192.168.1.50

Event Log Entry:
Time: 2023-10-05 14:25:10
Event ID: 4648
Source: Security
User: jdoe
Logon Type: 2
Account Name: jdoe
Account Domain: CORP
Target Server: FILE-SRV-01
Additional Info: A logon was attempted using explicit credentials.
Workstation Name: WS-001
IP Address: 192.168.1.50
Question 4mediummulti select
Read the full Scenario explanation →

Which TWO of the following are key components of a risk assessment report according to best practices? (Choose two.)

Question 5hardmultiple choice
Read the full Scenario explanation →

During a merger, the acquiring company's board insists on integrating the target company's information security governance into its own within 90 days. However, the target has a significantly different risk culture and lacks documented policies. What is the most critical governance risk in this scenario?

Question 6hardmultiple choice
Read the full Scenario explanation →

During an internal audit, it is discovered that business units frequently purchase cloud services without involving the IT security department. Which governance deficiency does this scenario most clearly demonstrate?

Question 7hardmultiple choice
Read the full Scenario explanation →

You are the CISM for a mid-sized e-commerce company that processes credit card transactions. The company recently experienced a security incident where an attacker exploited a vulnerability in the web application to gain access to the customer database containing payment card information. The incident response team contained the breach, but the root cause analysis revealed that the vulnerability had been identified in a penetration test six months ago but was not remediated due to competing priorities. The company's risk management framework defines risk appetite as 'moderate' for information security risks. The board is concerned and has asked you to recommend improvements to prevent recurrence. The company has a limited budget and cannot implement all possible controls. Current environment: web application developed in-house, hosted on-premises, with a mix of virtual and physical servers. The security team consists of three people responsible for monitoring, incident response, and vulnerability management. The development team follows an agile methodology with bi-weekly sprints. The company has cyber liability insurance that covers breach response costs up to $2 million. Based on this scenario, what is the most effective course of action?

Question 8hardmultiple choice
Read the full Scenario explanation →

Based on the log entries, what is the most likely scenario?

Exhibit

Refer to the exhibit.
Exhibit:
```
2024-11-20T15:23:45Z [SRV-DB01] [sshd] Failed password for root from 192.168.1.105 port 22 ssh2
2024-11-20T15:23:47Z [SRV-DB01] [sshd] Failed password for root from 192.168.1.105 port 22 ssh2
2024-11-20T15:23:49Z [SRV-DB01] [sshd] Failed password for root from 192.168.1.105 port 22 ssh2
2024-11-20T15:23:51Z [SRV-DB01] [sshd] Failed password for root from 192.168.1.105 port 22 ssh2
2024-11-20T15:23:53Z [SRV-DB01] [sshd] Failed password for root from 192.168.1.105 port 22 ssh2
```

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related CISM topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISM exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISM topics?
Use the topic links above to move to related areas, or go back to the CISM question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISM exam covers. They are not copied from any real exam or dump site.