CISM Certification Practice Test

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Thames
T
Thames
Community Contributor
Quizzes Created: 7097 | Total Attempts: 80,150
| Questions: 15 | Updated: Jul 15, 2026
Please wait...
Question 1 / 16
🏆 Rank #--
0 %
0/100
Score 0/100

1. What is the primary focus of the CISM certification?

Submit
Please wait...
About This Quiz
Cism Certification Practice Test - Quiz

This quiz evaluates your knowledge of CISM (Certified Information Security Manager) domains and competencies. It covers information security governance, risk management, incident management, and security program oversight. Designed for college-level learners preparing for CISM certification, this assessment tests your understanding of enterprise security frameworks and management principles essential for information... see moresecurity leaders. see less

2.

What first name or nickname would you like us to use?

You may optionally provide this to label your report, leaderboard, or certificate.

2. Which framework is most commonly referenced for information security governance?

Submit

3. An information security manager must align security objectives with ____.

Submit

4. Risk appetite refers to the amount of risk an organization is willing to ____.

Submit

5. Which of the following is a key component of an effective security program?

Submit

6. True or False: Information security governance requires involvement from executive leadership.

Submit

7. The process of identifying, analyzing, and prioritizing risks is called risk ____.

Submit

8. Which phase of incident management involves stopping an ongoing attack?

Submit

9. True or False: A security incident response plan should be updated only after a major breach.

Submit

10. Information security metrics should be aligned with ____.

Submit

11. Which of the following best describes defense-in-depth?

Submit

12. The confidentiality, integrity, and availability triad is known as the CIA ____.

Submit

13. True or False: Security awareness training should be mandatory for all employees.

Submit

14. Which control type is designed to prevent a security incident from occurring?

Submit

15. Business continuity planning ensures an organization can maintain ____ operations during disruptions.

Submit
×
Saved
Thank you for your feedback!
View My Results
Cancel
  • All
    All (15)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
What is the primary focus of the CISM certification?
Which framework is most commonly referenced for information security...
An information security manager must align security objectives with...
Risk appetite refers to the amount of risk an organization is willing...
Which of the following is a key component of an effective security...
True or False: Information security governance requires involvement...
The process of identifying, analyzing, and prioritizing risks is...
Which phase of incident management involves stopping an ongoing...
True or False: A security incident response plan should be updated...
Information security metrics should be aligned with ____.
Which of the following best describes defense-in-depth?
The confidentiality, integrity, and availability triad is known as the...
True or False: Security awareness training should be mandatory for all...
Which control type is designed to prevent a security incident from...
Business continuity planning ensures an organization can maintain ____...
play-Mute sad happy unanswered_answer up-hover down-hover success oval cancel Check box square blue
Alert!