Skip to main content
ISACA ⭐ Premium ⭐ Featured

ISACA CISM (Certified Information Security Manager)

By Webmaster Certland English 📝 340 questions ❤️ 0 likes

Practice exam for the ISACA Certified Information Security Manager (CISM) certification. Covers information security governance, risk management, information security program, and incident management.

⭐ Premium Updated Mar 2026

Unlock all 340 ISACA CISM (Certified Information Security Manager) questions

Full simulation · Detailed explanations · Unlimited attempts

  • 340 questions — ~5 full-length simulations
  • Detailed explanations — why each answer is right or wrong
  • Unlimited attempts — retake as many times as needed
  • Smart Practice + Focus Mode + no ads
340
Questions
All certifications
from $4.90/mo
⭐ Get Premium — $4.90/mo ▶ Try 5 questions free

Sample Questions — ISACA CISM (Certified Information Security Manager)

5 free sample questions from this practice exam. Correct answers are highlighted.

1. A newly appointed CISO is tasked with developing an information security strategy for a large financial institution. Which of the following should be the FIRST step in this process?

A Understand the organization's business objectives and strategic goals ✓ Correct
B Review the existing information security controls currently in place
C Conduct a comprehensive risk assessment across all IT systems
D Define information security policies and standards for the organization

2. An information security manager is presenting the value of the information security program to the board of directors. Which metric would BEST demonstrate the program's alignment with business objectives?

A Total number of security incidents detected and responded to during the year
B Reduction in business risk exposure expressed in financial terms ✓ Correct
C Percentage of systems that have been patched within the defined SLA
D Security budget utilization rate compared to approved budget

3. A company's information security governance framework needs to be aligned with corporate governance. Which of the following BEST describes this relationship?

A Information security governance operates independently from corporate governance
B Information security governance is a subset of IT governance only
C Information security governance is a subset of and must support corporate governance ✓ Correct
D Information security governance supersedes corporate governance in security matters

4. An organization is establishing an information security steering committee. Who should serve as the committee CHAIR to ensure proper governance?

A A senior business executive such as the Chief Operating Officer ✓ Correct
B The Chief Information Security Officer (CISO)
C The Chief Information Officer (CIO)
D The IT security manager responsible for daily operations

5. When developing an information security strategy, which framework BEST helps align information security governance with enterprise governance and business goals?

A ISO/IEC 27001 Information Security Management System standard
B COBIT (Control Objectives for Information and Related Technologies) ✓ Correct
C NIST Cybersecurity Framework (CSF)
D ITIL (Information Technology Infrastructure Library)

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 340
Time 4h
Difficulty Hard
Minimum Score 75.00%
▶ Try 5 questions — no account needed ⭐ Unlock all questions — Premium 🤍 Like

💰 ROI

Official exam $760.00
CertLand $4.90/mo
Prepare for $760 for less than a coffee/mo

Study Guides & Articles

Free

How to Pass ISACA CISM (Certified Information Security Manager) in 2026: Study Guide

Complete CISM study guide for 2026. Covers all 4 domains, exam format ($760, 150 questions, 4 hours), who should take it, and a structured study plan for security managers.
⭐ Premium

CISM Deep Dive: Security Governance, Risk Management & Incident Response

Master the hardest CISM domains: information security governance frameworks, risk treatment options, security program metrics, and incident management lifecycle.
⭐ Premium

CISM Exam Traps: Governance, Risk & Incident Management Gotchas

Avoid common CISM exam mistakes. Learn why risk acceptance requires senior management approval, how governance differs from management, and when containment precedes eradication.

Related Exams

⭐ Premium

ISACA CISA — Certified Information Systems Auditor

340 questions · English

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.