Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Isaca CISM Dumps

Page: 1 / 114
Total 1135 questions

Certified Information Security Manager Questions and Answers

Question 1

An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Which of the following controls would MOST effectively manage risk to the organization?

Options:

A.

Implementing separation of duties between systems and data

B.

Including penalty clauses for noncompliance in the vendor contract

C.

Disabling vendor access and only re-enabling when access is needed

D.

Monitoring key risk indicators (KRIs)

Question 2

When determining an acceptable risk level which of the following is the MOST important consideration?

Options:

A.

Threat profiles

B.

System criticalities

C.

Vulnerability scores

D.

Risk matrices

Question 3

Which of the following is MOST important to include in an information security policy?

Options:

A.

Best practices

B.

Management objectives

C.

Baselines

D.

Maturity levels

Question 4

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Options:

A.

Skills required for the incident response team

B.

A list of external resources to assist with incidents

C.

Service level agreements (SLAs)

D.

A detailed incident notification process

Question 5

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Question 6

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.

Downtime due to malware infections

B.

Number of security vulnerabilities uncovered with network scans

C.

Percentage of servers patched

D.

Annualized loss resulting from security incidents

Question 7

What should be an information security manager ' s MOST important consideration when developing a multi-year plan?

Options:

A.

Ensuring contingency plans are in place for potential information security risks

B.

Ensuring alignment with the plans of other business units

C.

Allowing the information security program to expand its capabilities

D.

Demonstrating projected budget increases year after year

Question 8

An organization has determined that fixing a security vulnerability in a critical application is too costly to be feasible, but the impact is material to the business. Which of the following is the MOST appropriate risk treatment?

Options:

A.

Purchase cybersecurity insurance.

B.

Accept the risk associated with continued use of the application.

C.

Implement compensating controls for the application.

D.

Discontinue using the application.

Question 9

Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?

Options:

A.

Endpoint detection and response (EDR)

B.

Network intrusion detection system (NIDS)

C.

Extended detection and response (XDR)

D.

Security information and event management (SIEM)

Question 10

As part of incident response activities, the BEST time to begin the recovery process is after:

Options:

A.

The eradication phase has been completed

B.

The incident response team has been established

C.

The root cause has been determined

D.

The incident manager has declared the incident

Question 11

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Options:

A.

Perform a full data backup.

B.

Conduct ransomware awareness training for all staff.

C.

Update indicators of compromise in the security systems.

D.

Review the current risk assessment.

Question 12

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Question 13

Which of the following is MOST important in increasing the effectiveness of incident responders?

Options:

A.

Communicating with the management team

B.

Integrating staff with the IT department

C.

Testing response scenarios

D.

Reviewing the incident response plan annually

Question 14

Which of the following is MOST important for building 4 robust information security culture within an organization?

Options:

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Question 15

Which of the following is MOST important for the successful implementation of an incident response plan?

Options:

A.

Ensuring response staff are appropriately trained

B.

Developing metrics for incident response reporting

C.

Establishing an escalation process for the help desk

D.

Developing a RACI chart of response staff functions

Question 16

An organization plans to implement a new e-commerce operation in a highly regulated market. Which of the following is MOST important to consider when updating the risk management strategy?

Options:

A.

Strategy of industry peers

B.

Outsourcing needs

C.

Business culture

D.

Compliance requirements

Question 17

Which of the following is MOST helpful in determining an organization ' s current capacity to mitigate risks?

Options:

A.

Capability maturity model

B.

Vulnerability assessment

C.

IT security risk and exposure

D.

Business impact analysis (BIA)

Question 18

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?

Options:

A.

Information security manager

B.

Information security steering committee

C.

Information owner

D.

Senior management

Question 19

Which of the following is the PRIMARY objective of information asset classification?

Options:

A.

Vulnerability reduction

B.

Compliance management

C.

Risk management

D.

Threat minimization

Question 20

Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?

Options:

A.

Perform security testing on legacy systems

B.

Identify all information assets in the legacy environment

C.

Assign owners to be responsible for the transfer of each asset

D.

Conduct a business impact analysis (BIA)

Question 21

Which of the following should be of GREATEST concern regarding an organization ' s security controls?

Options:

A.

Some controls are performing outside of an acceptable range.

B.

No key control indicators (KCIs) have been implemented.

C.

Control ownership has not been updated.

D.

Control gap analysis is outdated.

Question 22

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Question 23

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Question 24

The PRIMARY advantage of involving end users in continuity planning is that they:

Options:

A.

have a better understanding of specific business needs.

B.

are more objective than information security management.

C.

can see the overall impact to the business.

D.

can balance the technical and business risks.

Question 25

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Question 26

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Question 27

Which of the following is the MOST effective way to demonstrate improvement in security performance?

Options:

A.

Report the results of a security control self-assessment (CSA).

B.

Provide a summary of security project return on investments (ROIs).

C.

Present vulnerability testing results.

D.

Present trends in a validated metrics dashboard.

Question 28

Which of the following would BEST enable the help desk to recognize an information security incident?

Options:

A.

Train the help desk to review the call logs.

B.

Require the help desk to participate in post-incident reviews.

C.

Provide the help desk with criteria for security incidents.

D.

Include members of the help desk on the security incident response team.

Question 29

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Options:

A.

Block IP addresses used by the attacker

B.

Redirect the attacker ' s traffic

C.

Disable firewall ports exploited by the attacker.

D.

Power off affected servers

Question 30

When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?

Options:

A.

The information available about the vulnerability

B.

The sensitivity of the asset and the data it contains

C.

IT resource availability and constraints

D.

Whether patches have been developed and tested

Question 31

Which of the following is the MOST important objective of post-incident review activities?

Options:

A.

Evidence collection

B.

Continuous improvement

C.

Incident triage

D.

Incident documentation

Question 32

An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?

Options:

A.

Perform a manual verification of file counts.

B.

Encrypt and back up the hard drive before copying.

C.

Use the same hardware for the image as the original.

D.

Perform digital hashing of the original and the image.

Question 33

The effectiveness of an information security governance framework will BEST be enhanced if:

Options:

A.

consultants review the information security governance framework.

B.

a culture of legal and regulatory compliance is promoted by management.

C.

risk management is built into operational and strategic activities.

D.

IS auditors are empowered to evaluate governance activities

Question 34

Data classification is PRIMARILY the responsibility of:

Options:

A.

senior management.

B.

the data custodian.

C.

the data owner.

D.

the security manager.

Question 35

The resilience requirements of an application are BEST determined by:

Options:

A.

A risk assessment

B.

A business impact analysis (BIA)

C.

A cost-benefit analysis

D.

A threat assessment

Question 36

In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or

Options:

A.

Security budget

B.

Risk register

C.

Risk score

D.

Laws and regulations

Question 37

The GREATEST benefit of an effective information security awareness program is the organization’s ability to:

Options:

A.

Meet compliance requirements

B.

Reduce security incidents

C.

Establish accountability

D.

Develop meaningful metrics

Question 38

An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?

Options:

A.

Tabletop testing

B.

Black box testing

C.

Parallel testing

D.

Simulation testing

Question 39

For which of the following is it MOST important that system administrators be restricted to read-only access?

Options:

A.

User access log files

B.

Administrator user profiles

C.

Administrator log files

D.

System logging options

Question 40

Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?

Options:

A.

Security information and event management (SIEM)

B.

Extended detection and response (XDR)

C.

Endpoint detection and response (EDR)

D.

Network intrusion detection system (NIDS)

Question 41

When choosing the best controls to mitigate risk to acceptable levels, the information security manager ' s decision should be MAINLY driven by:

Options:

A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Question 42

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Options:

A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Question 43

Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident notification plan

C.

Risk response scenarios

D.

Security procedures

Question 44

A new information security reporting requirement will soon become effective. Which of the following should be the information security manager ' s FIRST action?

Options:

A.

Conduct a cost-benefit analysis related to noncompliance with the new requirement.

B.

Perform a gap assessment against the new requirement.

C.

Investigate to determine whether the new requirement applies to the business.

D.

Inform senior management of the new requirement.

Question 45

Which of the following is MOST important when conducting a forensic investigation?

Options:

A.

Analyzing system memory

B.

Documenting analysis steps

C.

Capturing full system images

D.

Maintaining a chain of custody

Question 46

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Options:

A.

Projected Increase in maturity level

B.

Estimated reduction in risk

C.

Projected costs over time

D.

Estimated increase in efficiency

Question 47

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

conduct an incident forensic analysis.

B.

fallow the incident response plan

C.

notify the business process owner.

D.

fallow the business continuity plan (BCP).

Question 48

An information security manager has confirmed the organization ' s cloud provider has unintentionally published some of the organization ' s business data. Which of the following should be done NEXT?

Options:

A.

Identify users associated with the exposed data.

B.

Initiate the organization ' s data loss prevention (DLP) processes.

C.

Review the cloud provider ' s service level agreement (SLA).

D.

Invoke the incident response plan.

Question 49

An organization has identified a large volume of old data that appears to be unused. Which of the following should the information

security manager do NEXT?

Options:

A.

Consult the record retention policy.

B.

Update the awareness and training program.

C.

Implement media sanitization procedures.

D.

Consult the backup and recovery policy.

Question 50

An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Question 51

Which of the following is a PRIMARY function of an incident response team?

Options:

A.

To provide effective incident mitigation

B.

To provide a risk assessment for zero-day vulnerabilities

C.

To provide a single point of contact for critical incidents

D.

To provide a business impact analysis (BIA)

Question 52

Behavioral analytics tools are used PRIMARILY to manage risks within an organization by:

Options:

A.

Preventing the exfiltration of sensitive data

B.

Analyzing communications from external users for malware

C.

Establishing security baselines on endpoints

D.

Detecting anomalous user activities

Question 53

When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:

Options:

A.

Meets internal requirements

B.

Complies with industry standards

C.

Achieves projected financial benefits

D.

Delivers anticipated risk reduction

Question 54

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Options:

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Question 55

Which of the following is the MOST important factor of a successful information security program?

Options:

A.

The program follows industry best practices.

B.

The program is based on a well-developed strategy.

C.

The program is cost-efficient and within budget,

D.

The program is focused on risk management.

Question 56

Which of the following is the BEST indicator of the maturity level of a vendor risk management process?

Options:

A.

Average time required to complete the vendor risk management process

B.

Percentage of vendors that have gone through the vendor onboarding process

C.

Percentage of vendors that are regularly reviewed against defined criteria

D.

Number of vendors rejected because of security review results

Question 57

The MOST important reason for an organization to establish a social media policy is to:

Options:

A.

Protect the company brand

B.

Increase employee productivity

C.

Monitor employee activity on the internet

D.

Prevent the spread of malware

Question 58

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

Options:

A.

Data masking

B.

Data retention strategy

C.

Data encryption standards

D.

Data loss prevention (DLP)

Question 59

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

Options:

A.

Vendor service level agreements (SLAs)

B.

Independent review of the vendor

C.

Local laws and regulations

D.

Backup and restoration of data

Question 60

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Question 61

A global organization is planning to expand its operations into a new country with stricter data protection regulations than those in the headquarters ' home country. Which of the following is the BEST approach for adopting these new requirements?

Options:

A.

Adjust organization-wide security polices to align with regulations of the new country.

B.

Ensure local operations comply with geographical data protection laws of the headquarters.

C.

Work with legal to interpret the local regulatory requirements and implement applicable controls.

D.

Procure cybersecurity insurance that covers potential breaches and incidents in the new country.

Question 62

What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?

Options:

A.

Perform a vulnerability assessment on the systems within the department.

B.

Introduce additional controls to force compliance with policy.

C.

Require department users to repeat security awareness training.

D.

Report the policy violation to senior management.

Question 63

Which of the following is the BEST indication of effective information security governance?

Options:

A.

Information security is considered the responsibility of the entire information security team.

B.

Information security controls are assigned to risk owners.

C.

Information security is integrated into corporate governance.

D.

Information security governance is based on an external security framework.

Question 64

An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:

Options:

A.

determine the security exposures.

B.

assess the ability to integrate the security department operations.

C.

ensure compliance with international standards.

D.

evaluate the security policy and standards.

Question 65

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.

Include security requirements in the contract.

B.

Update the risk register.

C.

Consult with the business owner.

D.

Restrict application network access temporarily.

Question 66

Which of the following is the MOST important consideration when defining control objectives?

Options:

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Question 67

Which of the following is the MOST important outcome of effective risk treatment?

Options:

A.

Elimination of risk

B.

Timely reporting of incidents

C.

Reduced cost of acquiring controls

D.

Implementation of corrective actions

Question 68

Of the following, who should be assigned as the owner of a newly identified risk related to an organization ' s new payroll system?

Options:

A.

Data privacy officer

B.

Information security manager

C.

Head of IT department

D.

Head of human resources (HR)

Question 69

Regular vulnerability scanning on an organization ' s internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Question 70

Results from which of the following would BEST provide an understanding of the effectiveness of an organization’s information security program?

Options:

A.

Security spot checks

B.

Internal audits

C.

Enterprise risk assessments

D.

Control self-assessments (CSAs)

Question 71

Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?

Options:

A.

Determine the extent of shadow IT usage

B.

Update the security policy to address shadow IT

C.

Block the end user’s ability to use shadow IT

D.

Determine the value of shadow IT projects

Question 72

Which of the following is MOST important to the effectiveness of an information security program?

Options:

A.

Security metrics

B.

Organizational culture

C.

IT governance

D.

Risk management

Question 73

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Question 74

What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?

Options:

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Question 75

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Options:

A.

Perform a privacy impact assessment (PIA).

B.

Perform a vulnerability assessment.

C.

Perform a gap analysis.

D.

Perform a business impact analysis (BIA).

Question 76

Which of the following is the MOST effective way to convey information security responsibilities across an organization?

Options:

A.

Implementing security awareness programs

B.

Documenting information security responsibilities within job descriptions

C.

Developing a skills matrix

D.

Defining information security responsibilities in the security policy

Question 77

When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:

Options:

A.

expected duration of outage.

B.

management direction.

C.

type of security incident.

D.

the root cause of the event.

Question 78

Which of the following should be the PRIMARY objective for creating a culture of security within an organization?

Options:

A.

To obtain resources for information security initiatives

B.

To prioritize security within the organization

C.

To reduce risk to acceptable levels

D.

To demonstrate control effectiveness to senior management

Question 79

What is the PRIMARY role of the information security program?

Options:

A.

To perform periodic risk assessments and business impact analyses (BIAs)

B.

To provide guidance in managing organizational security risk

C.

To approve information security requirements related to the business

D.

To educate stakeholders regarding information security requirements

Question 80

When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:

Options:

A.

Review key risk indicators (KRIs)

B.

Perform a gap analysis

C.

Consult process owners

D.

Update key performance indicators (KPIs)

Question 81

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization ' s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Options:

A.

Temporarily suspend wire transfers for the organization.

B.

Provide awareness training to the CEO for this type of phishing attack.

C.

Provide awareness training to staff responsible for wire transfers.

D.

Disable emails for staff responsible for wire transfers.

Question 82

A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

Options:

A.

Perform a backup of the hard drive using backup utilities.

B.

Perform a bit-by-bit backup of the hard disk using a write-blocking device

C.

Perform a backup of the computer using the network

D.

Reboot the system using third-party forensic software in the CD-ROM drive

Question 83

Which of the following events is MOST likely to require an organization to revisit its information security framework?

Options:

A.

New services offered by IT

B.

Changes to the risk landscape

C.

A recent cybersecurity attack

D.

A new technology implemented

Question 84

Which of the following BEST helps to ensure the effective execution of an organization ' s disaster recovery plan (DRP)?

Options:

A.

The plan is reviewed by senior and IT operational management.

B.

The plan is based on industry best practices.

C.

Process steps are documented by the disaster recovery team.

D.

Procedures are available at the primary and failover location.

Question 85

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Question 86

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Options:

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Question 87

Which of the following BEST enables an organization to transform its culture to support information security?

Options:

A.

Periodic compliance audits

B.

Strong management support

C.

Robust technical security controls

D.

Incentives for security incident reporting

Question 88

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Options:

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Question 89

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Question 90

From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often

Options:

A.

website transactions and taxation.

B.

software patches and corporate date.

C.

encryption tools and personal data.

D.

lack of competition and free trade.

Question 91

What type of control is being implemented when a security information and event management (SIEM) system is installed?

Options:

A.

Preventive

B.

Deterrent

C.

Detective

D.

Corrective

Question 92

Which of the following would be MOST important to include in a proposal justifying investments for an organization ' s information security program?

Options:

A.

Vulnerability scan results

B.

Competitor benchmark analysis

C.

Previous security budget

D.

Business requirements

Question 93

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Options:

A.

Request the service provider comply with information security policy.

B.

Review a recent independent audit report of the service provider.

C.

Assess the level of security awareness of the service provider.

D.

Review samples of service level reports from the service provider.

Question 94

Of the following, who is BEST positioned to approve specific information security risk treatment options?

Options:

A.

Risk owner

B.

Information security manager

C.

Head of risk management

D.

Senior management

Question 95

Which of the following should be done FIRST to prioritize response to incidents?

Options:

A.

Containment

B.

Escalation

C.

Analysis

D.

Triage

Question 96

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization ' s IT asset inventory?

Options:

A.

Isolate the PC from the network

B.

Perform a vulnerability scan

C.

Determine why the PC is not included in the inventory

D.

Reinforce information security training

Question 97

An email digital signature will:

Options:

A.

protect the confidentiality of an email message.

B.

verify to recipient the integrity of an email message.

C.

automatically correct unauthorized modification of an email message.

D.

prevent unauthorized modification of an email message.

Question 98

Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?

Options:

A.

The risks are reported to the business unit’s senior management

B.

The risks are escalated to the IT department for remediation

C.

The risks are communicated to the central risk function

D.

The risks are entered in the organization ' s risk register

Question 99

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Question 100

Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?

Options:

A.

Stakeholder plan

B.

Escalation plan

C.

Up-to-date risk register

D.

Asset classification

Question 101

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

Options:

A.

Escalate to the chief risk officer (CRO).

B.

Conduct a vulnerability analysis.

C.

Conduct a risk analysis.

D.

Determine compensating controls.

Question 102

Which of the following BEST enables an organization to effectively manage emerging cyber risk?

Options:

A.

Periodic internal and external audits

B.

Clear lines of responsibility

C.

Sufficient cyber budget allocation

D.

Cybersecurity policies

Question 103

From a business perspective, the GREATEST benefit of an incident response plan is that it:

Options:

A.

Promotes efficiency by providing predefined response procedures

B.

Improves security responsiveness to disruptive events

C.

Limits the negative impact of disruptive events

D.

Ensures compliance with regulatory requirements

Question 104

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Options:

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Question 105

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

Options:

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Question 106

The PRIMARY advantage of single sign-on (SSO) is that it will:

Options:

A.

increase efficiency of access management

B.

increase the security of related applications.

C.

strengthen user passwords.

D.

support multiple authentication mechanisms.

Question 107

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

Options:

A.

Available annual budget

B.

Cost-benefit analysis of mitigating controls

C.

Recovery time objective (RTO)

D.

Maximum tolerable outage (MTO)

Question 108

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Options:

A.

Maturity of the security policy

B.

Clarity of security roles and responsibilities

C.

Corporate culture

D.

Corporate risk framework

Question 109

Which of the following presents the GREATEST challenge when assessing the impact of emerging risk?

Options:

A.

Complexity of the emerging risk

B.

Insufficient data related to the emerging risk

C.

Outdated risk management strategy

D.

Lack of resources to perform risk assessments

Question 110

Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?

Options:

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Question 111

Which of the following is the BEST option to lower the cost to implement application security controls?

Options:

A.

Perform security tests in the development environment.

B.

Integrate security activities within the development process

C.

Perform a risk analysis after project completion.

D.

Include standard application security requirements

Question 112

An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?

Options:

A.

Perform a vulnerability assessment

B.

Conduct an internal audit

C.

Conduct penetration testing

D.

Prepare compensating controls

Question 113

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

Options:

A.

Impact of service interruption

B.

Results of recovery testing

C.

Determination of recovery point objective (RPO)

D.

Direction from senior management

Question 114

When building support for an information security program, which of the following elements is MOST important?

Options:

A.

Identification of existing vulnerabilities

B.

Information risk assessment

C.

Business impact analysis (BIA)

D.

Threat analysis

Question 115

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The total cost of the investment

B.

The cost and associated risk reduction

C.

The number and severity of ransomware incidents

D.

Benchmarks of industry peers impacted by ransomware

Question 116

Which of the following is the BEST indicator of an organization ' s information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Question 117

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Question 118

Which of the following security initiatives should be the FIRST step in helping an organization maintain compliance with privacy regulations?

Options:

A.

Developing security awareness training

B.

Implementing security information and event management (SIEM)

C.

Implementing a data classification framework

D.

Installing a data loss prevention (DLP) solution

Question 119

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Question 120

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Options:

A.

Implement a mobile device policy and standard.

B.

Provide employee training on secure mobile device practices.

C.

Implement a mobile device management (MDM) solution.

D.

Require employees to install an effective anti-malware app.

Question 121

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Options:

A.

Performing penetration tests against the network to demonstrate business vulnerability

B.

Highlighting competitor performance regarding network best security practices

C.

Demonstrating that targeted security controls tie to business objectives

D.

Presenting comparable security implementation estimates from several vendors

Question 122

Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?

Options:

A.

Reliable image backups

B.

Impact assessment

C.

Documented eradication procedures

D.

Root cause analysis

Question 123

An organization would like to invest in a new emerging technology. Which of the following is MOST important for the information security manager to consider when evaluating its impact?

Options:

A.

Secure configuration

B.

Vulnerabilities in the technology

C.

Systems compatibility

D.

Industry peer reviews of the technology

Question 124

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Options:

A.

Average total cost of downtime per reported incident

B.

Elapsed time between response and resolution

C.

Average number of incidents per reporting period

D.

Elapsed time between detection, reporting, and response

Question 125

During which of the following development phases is it MOST challenging to implement security controls?

Options:

A.

Post-implementation phase

B.

Implementation phase

C.

Development phase

D.

Design phase

Question 126

Which of the following is an information security manager ' s MOST important course of action after receiving information about a new cybersecurity threat?

Options:

A.

Assess the impact of the new threat on the organization in the event of materialization.

B.

Update correlation rules for log monitoring to detect the possible emerging threat.

C.

Report the threat to senior management immediately to enable an informed decision.

D.

Review the enterprise architecture (EA) for vulnerabilities exploited by the threat.

Question 127

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Options:

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Question 128

To effectively manage an organization ' s information security risk, it is MOST important to:

Options:

A.

assign risk management responsibility to an experienced consultant.

B.

periodically identify and correct new systems vulnerabilities.

C.

establish and communicate risk tolerance.

D.

benchmark risk scenarios against peer organizations.

Question 129

Which of the following is the MOST important constraint to be considered when developing an information security strategy?

Options:

A.

Legal and regulatory requirements

B.

Established security policies and standards

C.

Compliance with an international security standard

D.

Information security architecture

Question 130

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

Options:

A.

the integrity of evidence is preserved.

B.

forensic investigation software is loaded on the server.

C.

the incident is reported to senior management.

D.

the server is unplugged from power.

Question 131

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Options:

A.

Compartmentalization

B.

Overlapping redundancy

C.

Continuous monitoring

D.

Multi-factor authentication

Question 132

An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?

Options:

A.

Include the requirement in information security awareness materials

B.

Perform a policy compliance assessment

C.

Ensure the policy has been communicated to the system administrators

Question 133

Which of the following is the GREATEST benefit of using AI tools in security operations?

Options:

A.

Rapid detection and response to threats

B.

Prioritized vulnerabilities

C.

Reduced time and effort required to patch systems

D.

Defined risk tolerance

Question 134

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Options:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Question 135

For an enterprise implementing a bring your own device program, which of the following would provide the BEST security for corporate data residing on unsecured mobile devices?

Options:

A.

Acceptable use policy

B.

Containerization solution

C.

Data loss prevention

D.

Device certification process

Question 136

Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?

Options:

A.

Information security manager

B.

IT risk manager

C.

Internal auditor

D.

Risk owner

Question 137

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.

enhance the organization ' s antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization ' s detective controls.

D.

reduce the need for a security awareness program.

Question 138

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

Options:

A.

Enforcing data retention

B.

Developing policy standards

C.

Benchmarking against industry peers

D.

Categorizing information assets

Question 139

The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:

Options:

A.

the partition table on the disk has been deleted.

B.

the tile has been overwritten.

C.

all files in the directory have been deleted.

D.

high-level disk formatting has been performed.

Question 140

Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?

Options:

A.

Demonstrate the effectiveness of business continuity plans (BCPs).

B.

Report key performance indicator (KPI) trends.

C.

Demonstrate that the program enables business activities.

D.

Provide evidence of increased security events at peer organizations.

Question 141

Which of the following is an example of a deterrent control?

Options:

A.

Separation of responsibilities

B.

Periodic data restoration

C.

An intrusion detection system

D.

A warning banner

Question 142

Of the following, who is BEST suited to own the risk discovered in an application?

Options:

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Question 143

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Question 144

The MOST important information for influencing management’s support of information security is:

Options:

A.

an demonstration of alignment with the business strategy.

B.

An identification of the overall threat landscape.

C.

A report of a successful attack on a competitor.

D.

An identification of organizational risks.

Question 145

An online bank identifies a successful network attack in progress. The bank should FIRST:

Options:

A.

isolate the affected network segment.

B.

report the root cause to the board of directors.

C.

assess whether personally identifiable information (Pll) is compromised.

D.

shut down the entire network.

Question 146

Which of the following is an information security manager ' s MOST important course of action when responding to a major security incident that could disrupt the business?

Options:

A.

Follow the escalation process.

B.

Identify the indicators of compromise.

C.

Notify law enforcement.

D.

Contact forensic investigators.

Question 147

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

Options:

A.

Perform a patch update.

B.

Conduct a risk assessment.

C.

Perform a penetration test.

D.

Conduct an impact assessment.

Question 148

Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

Options:

A.

select mobile device management (MDM) software.

B.

survey employees for requested applications.

C.

develop an acceptable use policy.

D.

review currently utilized applications.

Question 149

Which risk is introduced when using only sanitized data for the testing of applications?

Options:

A.

Data loss may occur during the testing phase.

B.

Data disclosure may occur during the migration event

C.

Unexpected outcomes may arise in production

D.

Breaches of compliance obligations will occur.

Question 150

A new risk has been identified in a high availability system. The BEST course of action is to:

Options:

A.

Perform a cost-benefit analysis for mitigating controls

B.

Recommend risk acceptance to the business owner

C.

Develop and implement a plan to mitigate the identified risk

D.

Evaluate and prioritize the identified risk

Question 151

The BEST way to identify the risk associated with a social engineering attack is to:

Options:

A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Question 152

Which of the following BEST enables an organization to increase information security control effectiveness?

Options:

A.

Reviewing control implementation progress

B.

Establishing risk metrics

C.

Performing criticality analysis of controls on a quarterly basis

D.

Reassigning control ownership for failing areas

Question 153

A multinational organization is introducing a security governance framework. The information security manager ' s concern is that regional security practices differ. Which of the following should be evaluated FIRST?

Options:

A.

Local regulatory requirements

B.

Global framework standards

C.

Cross-border data mobility

D.

Training requirements of the framework

Question 154

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Options:

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Question 155

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Question 156

Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?

Options:

A.

Implement a data loss prevention (DLP) system

B.

Disable all incoming cloud mail services

C.

Conduct awareness training across the organization

D.

Require acknowledgment of the acceptable use policy

Question 157

Which of the following BEST facilitates the effective execution of an incident response plan?

Options:

A.

The plan is based on risk assessment results.

B.

The response team is trained on the plan

C.

The plan is based on industry best practice.

D.

The incident response plan aligns with the IT disaster recovery plan (DRP).

Question 158

What is the BEST way to inform senior management of the value of information security?

Options:

A.

Present the benefits of security awareness training

B.

Describe how security enables business objectives

C.

Describe potential impact of compromises

D.

Present anticipated return on security investment

Question 159

While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Options:

A.

Assign responsibility to the database administrator (DBA).

B.

Review the databases for sensitive content.

C.

Prepare a report of the databases for senior management.

D.

Assign the highest classification level to those databases.

Question 160

During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?

Options:

A.

Configuration management

B.

Password management

C.

Change management

D.

Version management

Question 161

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager ' s MOST important course of action?

Options:

A.

Engage an independent audit of the third party ' s external provider.

B.

Recommend canceling the contract with the third party.

C.

Evaluate the third party ' s agreements with its external provider.

D.

Conduct an external audit of the contracted third party.

Question 162

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:

A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Question 163

Which of the following BEST facilitates recovery of data lost as a result of a cybersecurity incident?

Options:

A.

Removable storage media

B.

Disaster recovery plan (DRP)

C.

Offsite data backups

D.

Encrypted data drives

Question 164

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Question 165

Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization ' s business continuity plan (BCP) has not been reviewed or updated in more than a year?

Options:

A.

An outdated BCP may result in less efficient recovery if an actual incident occurs.

B.

The organization may suffer reputational damage for not following industry best practices.

C.

The audit finding may impact the overall risk rating of the organization.

D.

The lack of updates to the BCP may result in noncompliance with internal policies.

Question 166

Which of the following is ESSENTIAL to ensuring effective incident response?

Options:

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Question 167

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Question 168

When designing security controls, it is MOST important to:

Options:

A.

Apply a risk-based approach

B.

Apply technical controls for sensitive data

C.

Consider business impact analysis (BIA) results

D.

Focus on preventive controls

Question 169

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Question 170

The effectiveness of an incident response team will be GREATEST when:

Options:

A.

the incident response team meets on a regular basis to review log files.

B.

the incident response team members are trained security personnel.

C.

the incident response process is updated based on lessons learned.

D.

incidents are identified using a security information and event monitoring {SIEM) system.

Question 171

Which of the following would MOST effectively ensure that a new server is appropriately secured?

Options:

A.

Performing secure code reviews

B.

Enforcing technical security standards

C.

Conducting penetration testing

D.

Initiating security scanning

Question 172

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Question 173

Which of the following BEST enables the integration of information security governance into corporate governance?

Options:

A.

Well-decumented information security policies and standards

B.

An information security steering committee with business representation

C.

Clear lines of authority across the organization

D.

Senior management approval of the information security strategy

Question 174

Which of the following will BEST enable an effective information asset classification process?

Options:

A.

Including security requirements in the classification process

B.

Analyzing audit findings

C.

Reviewing the recovery time objective (RTO) requirements of the asset

D.

Assigning ownership

Question 175

Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?

Options:

A.

Heightened awareness of information security strategies

B.

Improved process resiliency in the event of attacks

C.

Promotion of security-by-design principles to the business

D.

Management accountability for information security

Question 176

A PRIMARY benefit of adopting an information security framework is that it provides:

Options:

A.

credible emerging threat intelligence.

B.

security and vulnerability reporting guidelines.

C.

common exploitability indices.

D.

standardized security controls.

Question 177

When establishing an information security governance framework, it is MOST important for an information security manager to understand:

Options:

A.

information security best practices.

B.

risk management techniques.

C.

the threat environment.

D.

the corporate culture.

Question 178

An organization ' s HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

Options:

A.

Multi-factor authentication (MFA) system

B.

Identity and access management (IAM) system

C.

Privileged access management (PAM) system

D.

Governance, risk, and compliance (GRC) system

Question 179

An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

Options:

A.

a directory of approved local media contacts

B.

pre-prepared media statements

C.

procedures to contact law enforcement

D.

a single point of contact within the organization

Question 180

To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?

Options:

A.

Data storage procedures

B.

Data classification policy

C.

Results of penetration testing

D.

Features of data protection products

Question 181

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.

Wider range of capabilities

B.

Easier implementation across an organization

C.

Greater ability to focus on core business operations

D.

Lower cost of operations

Question 182

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Question 183

Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?

Options:

A.

Data protection regulations

B.

Data storage limitations

C.

Business requirements

D.

Type and nature of data

Question 184

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

Options:

A.

Updated risk assessments

B.

Counts of information security incidents

C.

Audit reports

D.

Monthly metrics

Question 185

Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?

Options:

A.

Vulnerability scan

B.

Control self-assessment (CSA)

C.

Gap analysis

D.

Risk assessment

Question 186

Which of the following should be done FIRST once a cybersecurity attack has been confirmed?

Options:

A.

Isolate the affected system.

B.

Notify senior management.

C.

Power down the system.

D.

Contact legal authorities.

Question 187

Which of the following is the PRIMARY benefit of an information security awareness training program?

Options:

A.

Influencing human behavior

B.

Evaluating organizational security culture

C.

Defining risk accountability

D.

Enforcing security policy

Question 188

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Question 189

The MOST important reason to classify security incidents is to:

Options:

A.

Improve the efficiency and effectiveness of incident resolution

B.

Better manage security event and incident logging

C.

Align the incident response plan with corporate policy

D.

Enhance the reporting of incident status to the incident lead

Question 190

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

Options:

A.

Frequent updates to the risk register

B.

Regularly scheduled security audits

C.

Frequent security architecture reviews

D.

Regularly scheduled risk assessments

Question 191

Embedding security responsibilities into job descriptions is important PRIMARILY because it:

Options:

A.

supports access management.

B.

simplifies development of the security awareness program.

C.

aligns security to the human resources (HR) function.

D.

strengthens employee accountability.

Question 192

An organization ' s automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

Options:

A.

Report only critical alerts.

B.

Change reporting thresholds.

C.

Reconfigure log recording.

D.

Monitor incidents in a specific time frame.

Question 193

An information security manager is assessing security risk associated with a cloud service provider. Which of the following is the MOST appropriate reference to consult when performing this assessment?

Options:

A.

Previous provider service level agreements (SLAs)

B.

Security control frameworks

C.

Threat intelligence reports

D.

Penetration test results from the provider

Question 194

Which of the following provides the MOST effective response against ransomware attacks?

Options:

A.

Automatic quarantine of systems

B.

Thorough communication plans

C.

Effective backup plans and processes

D.

Strong password requirements

Question 195

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Options:

A.

Instruct IT to deploy controls based on urgent business needs.

B.

Present a business case for additional controls to senior management.

C.

Solicit bids for compensating control products.

D.

Recommend a different application.

Question 196

Which of the following would be MOST important to include in communications to customers impacted by an information security incident?

Options:

A.

Details of the type of data exposed

B.

Identities of the attackers

C.

Costs of the incident to the organization

D.

Technical information related to the incident

Question 197

Which of the following activities is designed to handle a control failure that leads to a breach?

Options:

A.

Risk assessment

B.

Incident management

C.

Root cause analysis

D.

Vulnerability management

Question 198

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Question 199

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

Options:

A.

a function of the likelihood and impact, should a threat exploit a vulnerability.

B.

the magnitude of the impact, should a threat exploit a vulnerability.

C.

a function of the cost and effectiveness of controls over a vulnerability.

D.

the likelihood of a given threat attempting to exploit a vulnerability

Question 200

The PRIMARY goal when conducting post-incident reviews is to identify:

Options:

A.

Additional cybersecurity budget needs

B.

Weaknesses in incident response plans

C.

Information to be shared with senior management

D.

Individuals that need additional training

Question 201

Which of the following is the BEST way to present the status of an information security program to senior management?

Options:

A.

Provide detailed information regarding risk exposure

B.

Display concise dashboards

C.

Detail the latest security trends

D.

Report on root causes of security incidents

Question 202

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Question 203

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Options:

A.

incident has been confirmed.

B.

incident has been contained.

C.

potential incident has been logged.

D.

incident has been mitigated.

Question 204

In information security governance, which of the following has PRIMARY responsibility for ensuring compliance with regulations?

Options:

A.

Senior management

B.

Enterprise risk management

C.

Control owners

D.

Legal counsel

Question 205

Which of the following is an information security manager ' s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.

Increase the frequency of system backups.

B.

Review the mitigating security controls.

C.

Notify staff members of the threat.

D.

Assess the risk to the organization.

Question 206

Which of the following is the BEST indication of information security strategy alignment with the “ &

Options:

A.

Percentage of information security incidents resolved within defined service level agreements (SLAs)

B.

Percentage of corporate budget allocated to information security initiatives

C.

Number of business executives who have attended information security awareness sessions

D.

Number of business objectives directly supported by information security initiatives

Question 207

An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software security?

Options:

A.

Security training for the service provider’s software development staff

B.

Independent assessment against a relevant standard

C.

Verification of certifications held by the individual developers

D.

Review of the service provider’s software development policies

Question 208

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Create a security exception.

B.

Perform a gap analysis to determine needed resources.

C.

Perform a vulnerability assessment.

D.

Assess the risk to business operations.

Question 209

To support effective risk decision making, which of the following is MOST important to have in place?

Options:

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Question 210

Which of the following would BEST enable the timely execution of an incident response plan?

Options:

A.

The introduction of a decision support tool

B.

Definition of trigger events

C.

Clearly defined data classification process

D.

Centralized service desk

Question 211

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.

Management ' s business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Question 212

Which of the following is MOST important to have in place for an organization ' s information security program to be effective?

Options:

A.

Documented information security processes

B.

A comprehensive IT strategy

C.

Senior management support

D.

Defined and allocated budget

Question 213

The PRIMARY goal to a post-incident review should be to:

Options:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Question 214

Which of the following is the PRIMARY reason to perform a business impact analysis (BIA)?

Options:

A.

Determining risk mitigation options

B.

Prioritizing critical processes

C.

Establishing recovery point objectives (RPOs)

D.

Determining information sensitivity

Question 215

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:

A.

Conduct an impact assessment.

B.

Isolate the affected systems.

C.

Rebuild the affected systems.

D.

Initiate incident response.

Question 216

A healthcare company is working with a virtual reality (VR) vendor to provide a training solution for customers of the organization’s products. Which of the following is MOST important to include in the contract?

Options:

A.

A requirement to encrypt the organization’s data

B.

A clause prohibiting reuse of the organization’s data

C.

A clause establishing the right to audit the vendor

D.

A service level agreement (SLA) for uptime

Question 217

Which of the following is the PRIMARY reason to use a phased incident recovery approach?

Options:

A.

To gain management buy-in

B.

To give the response team time to analyze incidents

C.

To ensure critical systems are recovered first

D.

To prioritize remediation steps

Question 218

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Options:

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Question 219

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Options:

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Question 220

For an e-business that requires high availability, which of the following design principles is BEST?

Options:

A.

Manual failover to the website of another e-business that meets the user ' s needs

B.

A single point of entry allowing transactions to be received and processed quickly

C.

Intelligent middleware to direct transactions from a downed system to an alternative

D.

Availability of an adjacent cold site and a standby server with mirrored copies of critical data

Question 221

Which of the following is an information security manager ' s BEST recommendation to senior management following a breach at the organization ' s Software as a Service (SaaS) vendor?

Options:

A.

Update the vendor risk assessment.

B.

Engage legal counsel.

C.

Renegotiate the vendor contract.

D.

Terminate the relationship with the vendor.

Question 222

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Question 223

Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

Options:

A.

strategy.

B.

risk assessments.

C.

key performance indicators (KPIs).

D.

standards.

Question 224

Who is BEST suited to determine how the information in a database should be classified?

Options:

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Question 225

An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done

FIRST?

Options:

A.

Install additional application controls.

B.

Notify senior management.

C.

Invoke the incident response plan.

D.

Prevent access to the application.

Question 226

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Options:

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Question 227

An organization successfully responded to an information security incident. However, the information security manager learned that some of the steps specified in the incident management procedures were not taken by the response team. What should be the information security manager ' s FIRST step?

Options:

A.

Provide additional training to the incident response team.

B.

Review the incident management procedures.

C.

Interview the incident response team.

D.

Remove the steps from the incident management procedures.

Question 228

Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

Options:

A.

Demonstrating the program ' s value to the organization

B.

Discussing governance programs found in similar organizations

C.

Providing the results of external audits

D.

Providing examples of information security incidents within the organization

Question 229

The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

Options:

A.

scope of the business continuity program.

B.

resources needed for business recovery.

C.

recovery time objective (RTO).

D.

scope of the incident response plan.

Question 230

Which of the following is the MOST important consideration for an incident response team seeking to limit the impact of incidents?

Options:

A.

Senior management’s understanding of the risk appetite

B.

Year-to-year analysis of incident response training completion

C.

Understanding of the organization’s operational requirements

D.

Allocation of funding assigned to incident management functions

Question 231

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization ' s hosted payroll service provider?

Options:

A.

Suspend the data exchange with the provider

B.

Notify appropriate regulatory authorities of the breach.

C.

Initiate the business continuity plan (BCP)

D.

Validate the breach with the provider

Question 232

Which of the following is MOST important to the successful implementation of an information security program?

Options:

A.

Adequate security resources are allocated to the program.

B.

Key performance indicators (KPIs) are defined.

C.

A balanced scorecard is approved by the steering committee.

D.

The program is developed using global security standards.

Question 233

Which of the following is the MOST important consideration when determining which type of failover site to employ?

Options:

A.

Reciprocal agreements

B.

Disaster recovery test results

C.

Recovery time objectives (RTOs)

D.

Data retention requirements

Question 234

Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Options:

A.

Mobile application control

B.

Inconsistent device security

C.

Configuration management

D.

End user acceptance

Question 235

Which of the following is the PRIMARY purpose of implementing information security standards?

Options:

A.

To provide management direction with a specific security objective

B.

To provide a basis for developing information security policies

C.

To provide step-by-step instructions for performing security-related tasks

D.

To establish a minimum acceptable security baseline

Question 236

Following an employee security awareness training program, what should be the expected outcome?

Options:

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Question 237

Which of the following provides an information security manager with the MOST useful information on new threats and emerging risks that could impact business objectives?

Options:

A.

External audit report

B.

Internal threat analysis report

C.

Industry threat intelligence report

D.

Internal vulnerability assessment report

Question 238

An organization has an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager ' s BEST course of action?

Options:

A.

Report the findings to senior management with recommendations.

B.

Implement a phishing reporting tool in the email system.

C.

Include regular phishing campaigns after each training session.

D.

Make the training program mandatory for all employees.

Question 239

An incident response team has been alerted to suspicious communications between an end user’s workstation and a possibly infected external server. Which of the following should be done NEXT?

Options:

A.

Reinstall the operating system of the end user’s workstation

B.

Analyze and validate the event

C.

Request an IP address block

D.

Isolate the end user’s workstation and the external server

Question 240

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

Options:

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Question 241

Which of the following is the MOST important objective of a disaster recovery test?

Options:

A.

All critical data is recovered within recovery time objectives

B.

All critical systems are successfully tested

C.

Errors are discovered in the disaster recovery strategy

D.

The business gains assurance it can recover from a disaster

Question 242

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Options:

A.

Lack of availability

B.

Lack of accountability

C.

Improper authorization

D.

Inadequate authentication

Question 243

Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?

Options:

A.

Mitigate

B.

Avoid

C.

Transfer

D.

Accept

Question 244

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Options:

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Question 245

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

Options:

A.

Performing penetration testing

B.

Improving user awareness

C.

Installing new firewalls

D.

Updating security policies

Question 246

Which of the following should be the PRIMARY goal of information security?

Options:

A.

Information management

B.

Regulatory compliance

C.

Data governance

D.

Business alignment

Question 247

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

Options:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Question 248

Which of the following is the MOST important consideration when developing an approach to effectively contain security incidents?

Options:

A.

Isolating systems impacted by incidents from the production environment

B.

Mitigating reputational damage that may affect business

C.

Minimizing financial losses that may result from outages

D.

Assigning senior management accountability for incident containment

Question 249

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Question 250

Which of the following is a prerequisite for formulating a business continuity plan (BCP)?

Options:

A.

Recovery time objectives (RTOs) for the business processes

B.

Process maps for production applications

C.

System recovery procedures for alternate-site processing

D.

Comprehensive property inventory

Question 251

An organization has identified IT failures in a call center application. Of the following, who should own this risk?

Options:

A.

Information security manager

B.

Head of the call center

C.

Chief executive officer (CEO)

D.

Head of the IT department

Question 252

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization ' s existing security posture?

Options:

A.

Reviewing policies and procedures

B.

Performing a risk assessment

C.

Interviewing business managers and employees

D.

Performing a business impact analysis (BIA)

Question 253

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Options:

A.

Implement compensating controls.

B.

Communicate consequences for future instances.

C.

Enhance the data loss prevention (DLP) solution.

D.

Improve the security awareness training program.

Question 254

Which of the following is the BEST way to determine if an information security profile is aligned with business requirements?

Options:

A.

Review the key performance indicator (KPI) dashboard

B.

Review security-related key risk indicators (KRIs)

C.

Review control self-assessment (CSA) results

D.

Review periodic security audits

Question 255

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?

Options:

A.

Backups are maintained offline and regularly tested.

B.

Impacted networks can be detached at the network switch level.

C.

Production data is continuously replicated between primary and secondary sites.

D.

Backups are maintained on multiple sites and regularly reviewed.

Question 256

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager ' s GREATEST concern with this situation?

Options:

A.

Impact on compliance risk.

B.

Inability to determine short-term impact.

C.

Impact on the risk culture.

D.

Deviation from risk management best practices

Question 257

Which of the following has the GREATEST impact on the ability to successfully execute a disaster recovery plan (DRP)?

Options:

A.

Conducting tabletop exercises of the plan

B.

Updating the plan periodically

C.

Communicating the plan to all stakeholders

D.

Reviewing escalation procedures

Question 258

Which of the following should have the MOST influence on the development of information security policies?

Options:

A.

Business strategy

B.

Past and current threats

C.

IT security framework

D.

Industry standards

Question 259

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

Options:

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Question 260

Which of the following is the BEST course of action when using a web application that has known vulnerabilities?

Options:

A.

Monitor application level logs.

B.

Deploy host-based intrusion detection.

C.

Deploy an application firewall.

D.

Install anti-spyware software.

Question 261

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

Options:

A.

While responding to the incident

B.

During a tabletop exercise

C.

During post-incident review

D.

After a risk reassessment

Question 262

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Question 263

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

Options:

A.

Mapping risk scenarios according to sensitivity of data

B.

Reviewing mitigating and compensating controls for each risk scenario

C.

Mapping the risk scenarios by likelihood and impact on a chart

D.

Performing a risk assessment on the laaS provider

Question 264

The PRIMARY goal of the eradication phase in an incident response process is to:

Options:

A.

maintain a strict chain of custody.

B.

provide effective triage and containment of the incident.

C.

remove the threat and restore affected systems

D.

obtain forensic evidence from the affected system.

Question 265

Which of the following is the BEST indication of an effective information security awareness training program?

Options:

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Question 266

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Question 267

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Options:

A.

Regulatory requirements

B.

Compliance acceptance

C.

Management support

D.

Budgetary approval

Question 268

A backdoor has been identified that enabled a cyberattack on an organization’s systems. Integrating which of the following into the software development life cycle would BEST enable the organization to mitigate similar attacks in the future?

Options:

A.

Enhanced user acceptance testing (UAT)

B.

Separation of duties

C.

Customized developer training

D.

Vulnerability testing

Question 269

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Question 270

The PRIMARY purpose of implementing information security governance metrics is to:

Options:

A.

measure alignment with best practices.

B.

assess operational and program metrics.

C.

guide security towards the desired state.

D.

refine control operations.

Question 271

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Question 272

An organization has identified a weakness in the ability of its employees to identify and report cybersecurity incidents. Although training materials have been provided, employees show a lack of interest. Which of the following is the information security manager’s BEST course of action?

Options:

A.

Block network access until security awareness training is complete.

B.

Conduct an enterprise cybersecurity risk assessment.

C.

Obtain key stakeholder and leadership support.

D.

Send an email mandating training for the employees.

Question 273

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

Options:

A.

Senior management

B.

Application owner

C.

Information security manager

D.

Legal representative

Question 274

In a call center, the BEST reason to conduct a social engineering is to:

Options:

A.

Identify candidates for additional security training.

B.

minimize the likelihood of successful attacks.

C.

gain funding for information security initiatives.

D.

improve password policy.

Question 275

Which of the following is the GREATEST benefit resulting from the introduction of data security standards for payment cards?

Options:

A.

It helps achieve the holistic protection of information assets in the industry.

B.

It deters hackers from committing crimes related to card payments.

C.

It optimizes budget allocation for cybersecurity in each organization.

D.

It enables a wider range of more sophisticated payment methods.

Question 276

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization ' s information security requirements?

Options:

A.

Alive demonstration of the third-party supplier ' s security capabilities

B.

The ability to i third-party supplier ' s IT systems and processes

C.

Third-party security control self-assessment (CSA) results

D.

An independent review report indicating compliance with industry standards

Question 277

Which of the following is MOST important when designing an information security governance framework?

Options:

A.

Aligning with the information security strategy

B.

Assessing the availability of information security resources

C.

Aligning with industry best practice frameworks

D.

Assessing the current state of information security

Question 278

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Question 279

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

Options:

A.

To assess service level agreements

B.

To provide metrics to senior management

C.

To estimate the recovery time objective

D.

To evaluate how personnel react to the situation

Question 280

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Question 281

Which of the following metrics would provide an accurate measure of an information security program ' s performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Question 282

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager ' s FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Question 283

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization ' s business goals?

Options:

A.

Metrics to drive the information security program

B.

Information security policies

C.

A defined security organizational structure

D.

An information security strategy

Question 284

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

Options:

A.

Recovery

B.

Identification

C.

Containment

D.

Preparation

Question 285

After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?

Options:

A.

To ensure access rights meet classification requirements

B.

To facilitate the analysis of application logs

C.

To ensure web application availability

D.

To support strong two-factor authentication protocols

Question 286

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

Options:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization ' s risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Question 287

Which of the following should be an information security manager ' s PRIMARY concern when an organization is expanding business to a new country?

Options:

A.

Compliance with local regulations

B.

Changes in IT infrastructure

C.

Cultural differences in the new country

D.

Ability to gather customer data

Question 288

Which of the following has the GREATEST influence on the successful integration of information security within the business?

Options:

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Question 289

An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?

Options:

A.

A risk

B.

A threat

C.

An incident

D.

An event

Question 290

Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?

Options:

A.

Perform malware scanning

B.

Reimage the systems

C.

Block access to the impacted systems

D.

Perform a vulnerability assessment

Question 291

Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

Options:

A.

Statistical reports will be incorrect.

B.

The service desk will be staffed incorrectly.

C.

Escalation procedures will be ineffective.

D.

Timely detection of attacks will be impossible.

Question 292

An outsourced vendor handles an organization’s business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor’s security practices?

Options:

A.

Requiring business continuity plans (BCPs) from the vendor

B.

Reviewing recent information security disclosures from the vendor

C.

Requiring periodic independent third-party reviews

D.

Reviewing the vendor service level agreement (SLA)

Question 293

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

Options:

A.

Enterprise risk committee

B.

Information security steering committee

C.

Data privacy officer (DPO)

D.

Chief information security officer (CISO)

Question 294

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Question 295

An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager ' s BEST approach for communicating the implications of this transition to the board of directors?

Options:

A.

Present a diagram of core Zero Trust logical components to help visualize the architectural changes

B.

Summarize the training plan and end user feedback in an internal portal and send the link to the board

C.

Prepare a report on the Zero Trust implementation that includes a status dashboard and timeline

D.

Provide an outline of the business impact in terms of risk reduction and changes in user experience

Question 296

While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?

Options:

A.

The test is scheduled to reduce operational impact.

B.

The test involves IT members in the test process.

C.

The test addresses the critical components.

D.

The test simulates actual prime-time processing conditions.

Question 297

Which of the following BEST enables an organization to evaluate the security posture of a cloud service?

Options:

A.

Industry peer reviews

B.

Service provider attestations

C.

Penetration testing reports

D.

Third-party audit reports

Question 298

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

the internal audit manager.

B.

the information security officer.

C.

the steering committee.

D.

the board of directors.

Question 299

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Question 300

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Options:

A.

The security strategy is promoted.

B.

Fewer security incidents are reported.

C.

Security behavior is improved.

D.

More security incidents are detected.

Question 301

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Options:

A.

Patch management files

B.

Network system logs

C.

Configuration management files

D.

Intrusion detection system (IDS) logs

Question 302

Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?

Options:

A.

Limiting the number of KRIs

B.

Comprehensively reporting on KRIs

C.

Aggregating common KRIs

D.

Linking KRIs to specific risks

Question 303

Which of the following should be the PRIMARY objective of the information security incident response process?

Options:

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Question 304

Which of the following principles BEST addresses the protection of data from unauthorized modification?

Options:

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Authenticity

Question 305

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Question 306

Which of the following should be done FIRST to determine the impact of a new regulatory requirement for cloud services?

Options:

A.

Perform a risk assessment

B.

Review the information asset inventory

C.

Determine the applicability

D.

Conduct a gap analysis

Question 307

A finance department director has decided to outsource the organization ' s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?

Options:

A.

Determine the required security controls for the new solution

B.

Review the disaster recovery plans (DRPs) of the providers

C.

Obtain audit reports on the service providers ' hosting environment

D.

Align the roles of the organization ' s and the service providers ' stats.

Question 308

What is the BEST way to reduce the impact of a successful ransomware attack?

Options:

A.

Perform frequent backups and store them offline.

B.

Purchase or renew cyber insurance policies.

C.

Include provisions to pay ransoms ih the information security budget.

D.

Monitor the network and provide alerts on intrusions.

Question 309

An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

Options:

A.

inventory sensitive customer data to be processed by the solution.

B.

determine information security resource and budget requirements.

C.

assess potential information security risk to the organization.

D.

develop information security requirements for the big data solution.

Question 310

Which of the following BEST indicates misalignment of security policies with business objectives?

Options:

A.

Low completion rate of employee awareness training

B.

Lack of adequate funding for the security program

C.

A large number of long-term policy exceptions

D.

A large number of user noncompliance incidents

Question 311

When collecting admissible evidence, which of the following is the MOST important requirement?

Options:

A.

Need to know

B.

Preserving audit logs

C.

Due diligence

D.

Chain of custody

Question 312

An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:

Options:

A.

Assign accountability for monitoring social media

B.

Identify security monitoring tools

C.

Evaluate risks to the organization

D.

Develop security awareness training

Question 313

Which of the following is the BEST way to build a risk-aware culture?

Options:

A.

Periodically change risk awareness messages.

B.

Ensure that threats are documented and communicated in a timely manner.

C.

Establish a channel for staff to report risks.

D.

Periodically test compliance with security controls.

Question 314

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents.

B.

identify vulnerabilities.

C.

identify control improvements.

D.

identify the root cause.

Question 315

Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?

Options:

A.

Threat analytics software

B.

Host intrusion detection system

C.

SIEM

D.

Network intrusion detection system

Question 316

Which of the following has the GREATEST impact on the effectiveness of an organization’s security posture?

Options:

A.

Incident metrics are frequently compared against industry benchmarks

B.

New hires are mandated to attend security training

C.

Security is embedded in organizational culture

D.

Senior management has approved and endorsed security practices

Question 317

A balanced scorecard MOST effectively enables information security:

Options:

A.

risk management

B.

project management

C.

governance

D.

performance

Question 318

Which of the following establishes the minimum technical baseline for security controls?

Options:

A.

Procedures

B.

Policies

C.

Standards

D.

Guidelines

Question 319

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Question 320

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?

Options:

A.

Business impact analysis (BIA)

B.

Business requirements

C.

Supplier requirements

D.

Risk appetite

Question 321

Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?

Options:

A.

Establishing the root cause of the incident

B.

Identifying attack vectors utilized in the incident

C.

When business operations were restored after the incident

D.

How incident management processes were executed

Question 322

Which of the following roles is accountable for the protection of data?

Options:

A.

CISO

B.

Data custodian

C.

Data owner

D.

Data administrator

Question 323

Which of the following is the MOST important consideration when attempting to create a security-focused culture?

Options:

A.

Current security strategy benchmarks against peer organizations

B.

The regional rules and legislation regarding information security

C.

The current security awareness level of the employees

D.

The organization’s existing security policies, procedures, and frameworks

Question 324

An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:

Options:

A.

disable the user ' s access to corporate resources.

B.

terminate the device connectivity.

C.

remotely wipe the device

D.

escalate to the user ' s management

Question 325

An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager ' s BEST course of action?

Options:

A.

Assess business impact against security risk.

B.

Provide security awareness training to customers.

C.

Refer to industry best practices.

D.

Quantify the security risk to the business.

Question 326

Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?

Options:

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Question 327

A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?

Options:

A.

Include binding corporate rules into the global agreement

B.

Set up a governance organization for each country

C.

Review the agreement for each country separately

D.

Set up companion agreements for each country

Question 328

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

Options:

A.

IT strategy

B.

Security architecture

C.

Business case

D.

Risk assessment

Question 329

Which of the following metrics BEST demonstrates the effectiveness of an organization ' s security awareness program?

Options:

A.

Number of security incidents reported to the help desk

B.

Percentage of employees who regularly attend security training

C.

Percentage of employee computers and devices infected with malware

D.

Number of phishing emails viewed by end users

Question 330

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Options:

A.

Review current recovery policies.

B.

Define the organizational strategy.

C.

Prioritize the critical processes.

D.

Review existing cyber insurance coverage.

Question 331

Which of the following is the MOST important reason to ensure information security is aligned with the organization ' s strategy?

Options:

A.

To identify the organization ' s risk tolerance

B.

To improve security processes

C.

To align security roles and responsibilities

D.

To optimize security risk management

Question 332

Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?

Options:

A.

Provide regular security awareness training

B.

Require staff to sign confidentiality agreements

C.

Publish the information security policy on the corporate intranet

D.

Develop a RACI matrix for the organization

Question 333

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

Options:

A.

The vendor ' s proposal allows for contract modification during technology refresh cycles.

B.

The vendor ' s proposal aligns with the objectives of the organization.

C.

The vendor ' s proposal requires the provider to have a business continuity plan (BCP).

D.

The vendor ' s proposal allows for escrow in the event the third party goes out of business.

Question 334

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Question 335

Which of the following is the BEST reason to implement a comprehensive information security management system?

To ensure continuous alignment with the organizational strategy

To gain senior management support for the information security program

To support identification of key risk indicators (KRIs)

Options:

A.

To facilitate compliance with external regulatory requirements

Question 336

The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:

Options:

A.

Higher exposure to threats

B.

Diversity of operating systems

C.

Lack of accountability

D.

Complexity of support

Question 337

An organization ' s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Options:

A.

the chief risk officer (CRO).

B.

business senior management.

C.

the information security manager.

D.

the compliance officer.

Question 338

Which of the following BEST describes a buffer overflow?

Options:

A.

A function is carried out with more data than the function can handle

B.

A program contains a hidden and unintended function that presents a security risk

C.

Malicious code designed to interfere with normal operations

D.

A type of covert channel that captures data

Question 339

Which of the following BEST indicates the effectiveness of the vendor risk management process?

Options:

A.

Increase in the percentage of vendors certified to a globally recognized security standard

B.

Increase in the percentage of vendors with a completed due diligence review

C.

Increase in the percentage of vendors conducting mandatory security training

D.

Increase in the percentage of vendors that have reported security breaches

Question 340

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

Options:

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Page: 1 / 114
Total 1135 questions