Exin CDFOM Exam - Topic 1 Question 1 Discussion

Actual exam question for Exin's CDFOM exam

Question #: 1
Topic #: 1

[All CDFOM Questions]

The organization plans for implementing an information security management system (ISMS).

By doing so, what is the main objective?

APreservation of an organizations' financial and organizational records

BPreservation of confidentiality and format of organizational assets

CPreservation of confidentiality, integrity and availability of organizational assets

DPreservation of customer agreements and records

Show Suggested Answer

Suggested Answer: C

An Information Security Management System (ISMS) is designed to protect information assets through structured controls, policies, and risk management practices.

EPI aligns with globally accepted security frameworks (e.g., ISO/IEC 27001), where the foundation of an ISMS is the CIA triad:

C --- Confidentiality

Ensures information is accessible only to authorized persons.

I --- Integrity

Ensures information is accurate, complete, protected from unauthorized modification.

A --- Availability

Ensures information and systems are accessible when required.

Implementing an ISMS aims to safeguard these three fundamental information security objectives.

Why the other options are incorrect:

A --- This focuses only on records retention, not information security as a whole.

B --- Omits integrity and availability, which are essential ISMS elements.

D --- Too narrow; ISMS covers all information assets, not just customer records.

Thus, the correct answer is C, which fully represents the CIA triad.

EPI DCFOM-Aligned Reference Concepts (Paraphrased)

ISMS is responsible for protecting confidentiality, integrity, and availability of all information assets.

The CIA triad forms the basis of information security objectives.

by Coletta at Dec 21, 2025, 05:38 AM

Limited Time Offer

25%

Off

Get Premium CDFOM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tamesha

3 days ago

I think the main goal is about protecting data.

upvoted 0 times

...

Malika

8 days ago

Agreed, C covers all the bases!

upvoted 0 times

...

Marva

13 days ago

Wait, are we really prioritizing C over A and D? Seems off.

upvoted 0 times

...

Lavonne

18 days ago

C is the gold standard for ISMS objectives.

upvoted 0 times

...

Dulce

24 days ago

I think B is more accurate, focusing on confidentiality and format.

upvoted 0 times

...

Desmond

29 days ago

Definitely C, it's all about confidentiality, integrity, and availability!

upvoted 0 times

...

Annamae

1 month ago

C is the clear winner here. Gotta keep those organizational assets safe and sound.

upvoted 0 times

...

Annice

2 months ago

Haha, D) Preservation of customer agreements and records? What is this, a customer service exam?

upvoted 0 times

...

Lorrine

2 months ago

I'm going with C. Confidentiality, integrity, and availability - the holy trinity of information security.

upvoted 0 times

...

Martina

2 months ago

C is the way to go. Gotta protect those assets, yo!

upvoted 0 times

...

Francis

2 months ago

I’m torn between B and C. I know confidentiality is key, but I feel like integrity and availability are also crucial in an ISMS.

upvoted 0 times

...

Marya

3 months ago

This question feels familiar; I think we had a practice question that emphasized the importance of all three aspects of security.

upvoted 0 times

...

Jackie

3 months ago

I remember studying that the ISMS focuses on confidentiality, integrity, and availability, so I think C might be the right choice.

upvoted 0 times

...

Carylon

3 months ago

I think the main objective is about protecting the assets, but I'm not sure if it's just confidentiality or something broader.

upvoted 0 times

...

Kirk

3 months ago

I feel pretty confident about this. The main purpose of an ISMS is to preserve the CIA triad - confidentiality, integrity, and availability. So the answer has to be C.

upvoted 0 times

...

Elizabeth

3 months ago

Ah, this is a tricky one. I was thinking B at first, but C seems to capture the full scope of what an ISMS is meant to achieve. I'll mark C and hope for the best.

upvoted 0 times

...

Leanna

3 months ago

Okay, I know ISMS is about managing information security, so the main objective has to be related to protecting organizational assets. I'll go with C to be safe.

upvoted 0 times

...

Emerson

4 months ago

Hmm, I'm a bit unsure about this one. The options seem similar, but I'm leaning towards C since that covers the key principles of information security.

upvoted 0 times

...

Jeniffer

4 months ago

Definitely C. That's the whole point of an ISMS, isn't it?

upvoted 0 times

...

Chanel

4 months ago

C) Preservation of confidentiality, integrity and availability of organizational assets

upvoted 0 times

...

Annamae

4 months ago

This seems like a straightforward question about the main objective of an ISMS. I think the answer is C - preserving the confidentiality, integrity, and availability of organizational assets.

upvoted 0 times

...