Certified Information Security Manager Questions and Answers
Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Which of the following BEST enables the integration of information security governance into corporate governance?
Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?
Which of the following processes BEST supports the evaluation of incident response effectiveness?
An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?
Which of the following BEST ensures timely and reliable access to services?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
Reevaluation of risk is MOST critical when there is:
Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:
The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:
Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
Which of the following is a PRIMARY benefit of managed security solutions?
The PRIMARY advantage of single sign-on (SSO) is that it will:
While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?
Which of the following sources is MOST useful when planning a business-aligned information security program?
An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
When developing an asset classification program, which of the following steps should be completed FIRST?
Which of the following parties should be responsible for determining access levels to an application that processes client information?
Of the following, whose input is of GREATEST importance in the development of an information security strategy?
An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:
Which of the following has the GREATEST influence on an organization's information security strategy?
Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?
Which of the following is the MOST important requirement for a successful security program?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
Which of the following events would MOST likely require a revision to the information security program?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Which of the following is the MOST important consideration when establishing an organization's information security governance committee?
How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
Penetration testing is MOST appropriate when a:
The MOST appropriate time to conduct a disaster recovery test would be after:
The PRIMARY objective of a post-incident review of an information security incident is to:
Which of the following is the BEST indication that an organization has a mature information security culture?
Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
Which of the following analyses will BEST identify the external influences to an organization's information security?
Which of the following should be the PRIMARY objective of the information security incident response process?
A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?
Which of the following is the MOST critical factor for information security program success?
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
Which of the following backup methods requires the MOST time to restore data for an application?
Which of the following BEST indicates that information security governance and corporate governance are integrated?
Which of the following should be the PRIMARY basis for an information security strategy?
Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?