Month End Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

Isaca CISM Dumps

Page: 1 / 97
Total 967 questions

Certified Information Security Manager Questions and Answers

Question 1

When properly implemented, secure transmission protocols protect transactions:

Options:

A.

from eavesdropping.

B.

from denial of service (DoS) attacks.

C.

on the client desktop.

D.

in the server's database.

Question 2

Which of the following is the BEST way to enhance training for incident response teams?

Options:

A.

Perform post-incident reviews.

B.

Establish incident key performance indicators (KPIs).

C.

Conduct interviews with organizational units.

D.

Participate in emergency response activities.

Question 3

When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to:

Options:

A.

consider the organizations business strategy.

B.

consider the strategic objectives of the program.

C.

leverage industry benchmarks.

D.

identify the program's risk and compensating controls.

Question 4

An information security program is BEST positioned for success when it is closely aligned with:

Options:

A.

information security best practices.

B.

recognized industry frameworks.

C.

information security policies.

D.

the information security strategy.

Question 5

Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?

Options:

A.

Demonstrate the effectiveness of business continuity plans (BCPs).

B.

Report key performance indicator (KPI) trends.

C.

Demonstrate that the program enables business activities.

D.

Provide evidence of increased security events at peer organizations.

Question 6

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

Options:

A.

Post-incident review

B.

Eradication

C.

Containment

D.

Identification

Question 7

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

Options:

A.

Review the risk monitoring plan.

B.

Formally document the decision.

C.

Review the regulations.

D.

Advise the risk management team.

Question 8

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?

Options:

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Question 9

Which of the following BEST indicates the effectiveness of the vendor risk management process?

Options:

A.

Increase in the percentage of vendors certified to a globally recognized security standard

B.

Increase in the percentage of vendors with a completed due diligence review

C.

Increase in the percentage of vendors conducting mandatory security training

D.

Increase in the percentage of vendors that have reported security breaches

Question 10

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Question 11

Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?

Options:

A.

Benchmarking against industry peers

B.

Adoption of an industry recognized framework

C.

Approval from senior management

D.

Identification of business-specific risk factors

Question 12

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

Options:

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Question 13

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Question 14

When building support for an information security program, which of the following elements is MOST important?

Options:

A.

Identification of existing vulnerabilities

B.

Information risk assessment

C.

Business impact analysis (BIA)

D.

Threat analysis

Question 15

When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:

Options:

A.

Review key risk indicators (KRIs)

B.

Perform a gap analysis

C.

Consult process owners

D.

Update key performance indicators (KPIs)

Question 16

Which of the following is MOST important when developing an information security strategy?

Options:

A.

Engage stakeholders.

B.

Assign data ownership.

C.

Determine information types.

D.

Classify information assets.

Question 17

Which of the following is the MOST important detail to capture in an organization's risk register?

Options:

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Question 18

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

Options:

A.

Impact of service interruption

B.

Results of recovery testing

C.

Determination of recovery point objective (RPO)

D.

Direction from senior management

Question 19

To improve the efficiency of the development of a new software application, security requirements should be defined:

Options:

A.

based on code review.

B.

based on available security assessment tools.

C.

after functional requirements.

D.

concurrently with other requirements.

Question 20

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Question 21

Which of the following is the PRIMARY benefit of an information security awareness training program?

Options:

A.

Influencing human behavior

B.

Evaluating organizational security culture

C.

Defining risk accountability

D.

Enforcing security policy

Question 22

Which of the following would MOST effectively ensure that a new server is appropriately secured?

Options:

A.

Performing secure code reviews

B.

Enforcing technical security standards

C.

Conducting penetration testing

D.

Initiating security scanning

Question 23

An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

Options:

A.

The cloud provider can meet recovery point objectives (RPOs).

B.

The cloud provider adheres to applicable regulations.

C.

The cloud provider’s service level agreement (SLA) includes availability requirements.

D.

The hosting contract has a termination clause.

Question 24

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Question 25

Which of the following should have the MOST influence on the development of information security policies?

Options:

A.

Business strategy

B.

Past and current threats

C.

IT security framework

D.

Industry standards

Question 26

Which of the following factors would have the MOST significant impact on an organization's information security governance mode?

Options:

A.

Outsourced processes

B.

Security budget

C.

Number of employees

D.

Corporate culture

Question 27

Which of the following should be done FIRST after a ransomware incident has been successfully contained?

Options:

A.

Notify relevant stakeholders.

B.

Conduct forensic analysis.

C.

Perform lessons learned.

D.

Restore impacted systems.

Question 28

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

Options:

A.

Updated risk assessments

B.

Counts of information security incidents

C.

Audit reports

D.

Monthly metrics

Question 29

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

quickly resolved and eliminated regardless of cost.

B.

tracked and reported on until their final resolution.

C.

documented in security awareness programs.

D.

noted and re-examined later if similar weaknesses are found.

Question 30

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Question 31

Which of the following is the MOST important reason for an information security manager to archive and retain the organization's electronic communication and email data?

Options:

A.

To track personal use of electronic communication by users

B.

To provide as evidence in legal proceedings when required

C.

To meet the requirements of global security standards

D.

To identify and scan attachments for malware

Question 32

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Options:

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Question 33

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Options:

A.

Request the service provider comply with information security policy.

B.

Review a recent independent audit report of the service provider.

C.

Assess the level of security awareness of the service provider.

D.

Review samples of service level reports from the service provider.

Question 34

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Options:

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Question 35

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Options:

A.

Involving information security at each stage of project management

B.

Identifying responsibilities during the project business case analysis

C.

Creating a data classification framework and providing it to stakeholders

D.

Providing stakeholders with minimum information security requirements

Question 36

Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?

Options:

A.

Reviewing and updating access controls in response to changes in organizational structure

B.

Implementing strong password policies and enforcing regular password changes

C.

Ensuring access is granted to only those individuals whose job functions require it

D.

Implementing strong encryption protocols to protect sensitive data

Question 37

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

Options:

A.

To alert on unacceptable risk

B.

To identify residual risk

C.

To reassess risk appetite

D.

To benchmark control performance

Question 38

The PRIMARY consideration when responding to a ransomware attack should be to ensure:

Options:

A.

backups are available.

B.

the most recent patches have been applied.

C.

the ransomware attack is contained

D.

the business can operate

Question 39

Which of the following is MOST helpful in determining whether a phishing email is malicious?

Options:

A.

Security awareness training

B.

Reverse engineering

C.

Threat intelligence

D.

Sandboxing

Question 40

Which of the following should be the PRIMARY consideration when developing an incident response plan?

Options:

A.

The definition of an incident

B.

Compliance with regulations

C.

Management support

D.

Previously reported incidents

Question 41

An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?

Options:

A.

Tabletop testing

B.

Black box testing

C.

Parallel testing

D.

Simulation testing

Question 42

Network isolation techniques are immediately implemented after a security breach to:

Options:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Question 43

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Question 44

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Question 45

Following an employee security awareness training program, what should be the expected outcome?

Options:

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Question 46

Which of the following metrics would provide an accurate measure of an information security program's performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Question 47

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Question 48

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

Options:

A.

Evaluate the results of business continuity testing.

B.

Review key performance indicators (KPIs).

C.

Evaluate the business impact of incidents.

D.

Engage business process owners.

Question 49

Application data integrity risk is MOST directly addressed by a design that includes:

Options:

A.

reconciliation routines such as checksums, hash totals, and record counts.

B.

strict application of an authorized data dictionary.

C.

application log requirements such as field-level audit trails and user activity logs.

D.

access control technologies such as role-based entitlements.

Question 50

To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?

Options:

A.

Data storage procedures

B.

Data classification policy

C.

Results of penetration testing

D.

Features of data protection products

Question 51

Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?

Options:

A.

Determine the final root cause of the incident.

B.

Remove all instances of the incident from the network.

C.

Mitigate exploited vulnerabilities to prevent future incidents.

D.

Isolate affected systems to prevent the spread of damage.

Question 52

To support effective risk decision making, which of the following is MOST important to have in place?

Options:

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Question 53

Which of the following is MOST important to the successful implementation of an information security program?

Options:

A.

Adequate security resources are allocated to the program.

B.

Key performance indicators (KPIs) are defined.

C.

A balanced scorecard is approved by the steering committee.

D.

The program is developed using global security standards.

Question 54

Which of the following is the BEST strategy when determining an organization's approach to risk treatment?

Options:

A.

Implementing risk mitigation controls that are considered quick wins

B.

Prioritizing controls that directly mitigate the organization's most critical risks

C.

Advancing the maturity of existing controls based on risk tolerance

D.

Implementing a one-size-fits-all set of controls across all organizational units

Question 55

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Question 56

Which of the following will BEST enable an effective information asset classification process?

Options:

A.

Including security requirements in the classification process

B.

Analyzing audit findings

C.

Reviewing the recovery time objective (RTO) requirements of the asset

D.

Assigning ownership

Question 57

Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

Options:

A.

To enforce security policy requirements

B.

To maintain business asset inventories

C.

To ensure audit and compliance requirements are met

D.

To ensure the availability of business operations

Question 58

An information security team has started work to mitigate findings from a recent penetration test. Which of the following presents the GREATEST risk to the organization?

Options:

A.

Some findings were reclassified to low risk after evaluation

B.

Not all findings from the penetration test report were fixed

C.

The penetration testing report did not contain any high-risk findings

D.

Risk classification of penetration test findings was not performed

Question 59

Senior management is concerned about data exposure through the use of public Al services. Which of the following is the information security manager's BEST course of action?

Options:

A.

Train all employees on the appropriate use of public Al services and confidential data.

B.

Disable access to public Al from company devices.

C.

Perform a risk assessment of public Al with appropriate recommendations for senior management.

D.

Perform a business impact analysis (BIA) of public Al.

Question 60

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Question 61

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

Options:

A.

An increase in the number of identified security incidents

B.

A decrease in the number of security audit findings

C.

A decrease in the number of security policy exceptions

D.

An increase in the number of compliant business processes

Question 62

Which of the following is the MOST important characteristic of an effective information security metric?

Options:

A.

The metric expresses residual risk relative to risk tolerance.

B.

The metric is frequently reported to senior management.

C.

The metric directly maps to an industry risk management framework.

D.

The metric compares the organization's inherent risk against its risk appetite.

Question 63

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Question 64

Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?

Options:

A.

Enforce the local regulation.

B.

Obtain legal guidance.

C.

Enforce the organization's information security policy.

D.

Obtain an independent assessment of the regulation.

Question 65

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Options:

A.

Legal

B.

Information security

C.

Help desk

D.

Human resources (HR)

Question 66

Which of the following is MOST important for guiding the development and management of a comprehensive information security program?

Options:

A.

Adopting information security program management best practices

B.

Implementing policies and procedures to address the information security strategy

C.

Aligning the organization's business objectives with IT objectives

D.

Establishing and maintaining an information security governance framework

Question 67

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Options:

A.

validate the confidentiality during analysis.

B.

reinstate original data when accidental changes occur.

C.

validate the integrity during analysis.

D.

provide backup in case of media failure.

Question 68

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

Options:

A.

Performing penetration testing

B.

Improving user awareness

C.

Installing new firewalls

D.

Updating security policies

Question 69

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Options:

A.

Employees use smartphone tethering when accessing from remote locations.

B.

Employees physically lock PCs when leaving the immediate area.

C.

Employees are trained on the acceptable use policy.

D.

Employees use the VPN when accessing the organization's online resources.

Question 70

Which of the following is the MOST effective way to detect information security incidents?

Options:

A.

Implementation of regular security awareness programs

B.

Periodic analysis of security event log records

C.

Threshold settings on key risk indicators (KRIs)

D.

Real-time monitoring of network activity

Question 71

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

Options:

A.

Set up communication channels for the target audience.

B.

Determine the needs and requirements of each audience.

C.

Create a comprehensive singular communication

D.

Invoke the organization's incident response plan.

Question 72

Which of the following is the FIRST step when conducting a post-incident review?

Options:

A.

Identify mitigating controls.

B.

Assess the costs of the incident.

C.

Perform root cause analysis.

D.

Assign responsibility for corrective actions.

Question 73

An enterprise has decided to procure security services from a third-party vendor to support its information security program. Which of the following is MOST important to include in the vendor selection criteria?

Options:

A.

Feedback from the vendor's previous clients

B.

Alignment of the vendor's business objectives with enterprise security goals

C.

The maturity of the vendor's internal control environment

D.

Penetration testing against the vendor's network

Question 74

Which of the following is the MOST important objective of post-incident review activities?

Options:

A.

Evidence collection

B.

Continuous improvement

C.

Incident triage

D.

Incident documentation

Question 75

An organization has discovered that a server processing real-time visual data could be vulnerable to a lateral movement stage in a ransomware attack. Which of the following controls BEST mitigates this vulnerability?

Options:

A.

Network segmentation

B.

Data loss prevention (DLP)

C.

Encryption of data in transit

D.

Intrusion detection system (IDS)

Question 76

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

Options:

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Question 77

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Options:

A.

Metrics to drive the information security program

B.

Information security policies

C.

A defined security organizational structure

D.

An information security strategy

Question 78

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

notify the business process owner.

B.

follow the business continuity plan (BCP).

C.

conduct an incident forensic analysis.

D.

follow the incident response plan.

Question 79

While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?

Options:

A.

The test is scheduled to reduce operational impact.

B.

The test involves IT members in the test process.

C.

The test addresses the critical components.

D.

The test simulates actual prime-time processing conditions.

Question 80

Which of the following has the GREATEST influence on an organization's information security strategy?

Options:

A.

The organization's risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Question 81

An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Options:

A.

Create a business case for a new incident response plan.

B.

Revise the existing incident response plan.

C.

Conduct a gap analysis.

D.

Assess the impact to the budget,

Question 82

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Question 83

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Question 84

When defining a security baseline, it is MOST important that the baseline:

Options:

A.

can vary depending on the security classification of systems.

B.

is uniform for all assets of the same type.

C.

is developed based on stakeholder consensus.

D.

aligns to key risk indicators (KRIs).

Question 85

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

Options:

A.

Conduct phishing awareness training.

B.

Implement disciplinary procedures.

C.

Establish an acceptable use policy.

D.

Assess and update spam filtering rules.

Question 86

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Question 87

What is the PRIMARY objective of implementing standard security configurations?

Options:

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Minimize the operational burden of managing and monitoring unsupported systems.

C.

Control vulnerabilities and reduce threats from changed configurations.

D.

Compare configurations between supported and unsupported systems.

Question 88

Which of the following provides the BEST indication of the return on information security investment?

Options:

A.

Increased annualized loss expectancy (ALE)

B.

Increased number of reported incidents

C.

Reduced annualized loss expectancy (ALE)

D.

Decreased number of reported incidents

Question 89

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Options:

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Question 90

Which of the following provides the MOST comprehensive understanding of an organization's information security posture?

Options:

A.

Security maturity assessment results

B.

Threat analysis of the organization's environment

C.

Results of vulnerability assessments

D.

External penetration test findings

Question 91

Which of the following should be done FIRST when a SIEM flags a potential event?

Options:

A.

Validate the event is not a false positive.

B.

Initiate the incident response plan.

C.

Escalate the event to the business owner.

D.

Implement compensating controls.

Question 92

Which of the following is MOST important when designing security controls for new cloud-based services?

Options:

A.

Evaluating different types of deployment models according to the associated risks

B.

Understanding the business and IT strategy for moving resources to the cloud

C.

Defining an incident response policy to protect data moving between onsite and cloud applications

D.

Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies

Question 93

A KEY consideration in the use of quantitative risk analysis is that it:

Options:

A.

aligns with best practice for risk analysis of information assets.

B.

assigns numeric values to exposures of information assets.

C.

applies commonly used labels to information assets.

D.

is based on criticality analysis of information assets.

Question 94

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

Options:

A.

Conduct a threat analysis.

B.

Implement an information security awareness training program.

C.

Establish an audit committee.

D.

Create an information security steering committee.

Question 95

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

Options:

A.

Management support and approval has been obtained.

B.

The incident response team has the appropriate training.

C.

An incident response maturity assessment has been conducted.

D.

A reputable managed security services provider has been engaged.

Question 96

Which of the following is MOST important to have in place when conducting a security control assessment of a system?

Options:

A.

Control specifications

B.

Assurance test plan

C.

Scanning tools

D.

Security documentation

Question 97

Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?

Options:

A.

Adhere to regulatory requirements

B.

Conduct security awareness

C.

Document and distribute security procedures

D.

Communicate and enforce security policies

Question 98

Recovery time objectives (RTOs) are BEST determined by:

Options:

A.

business managers

B.

business continuity officers

C.

executive management

D.

database administrators (DBAs).

Question 99

Which of the following is an information security manager's BEST recommendation to senior management following a breach at the organization's Software as a Service (SaaS) vendor?

Options:

A.

Update the vendor risk assessment.

B.

Engage legal counsel.

C.

Renegotiate the vendor contract.

D.

Terminate the relationship with the vendor.

Question 100

Which of the following is the MOST important consideration when defining control objectives?

Options:

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Question 101

Which of the following is MOST important to determine following the discovery and eradication of a malware attack?

Options:

A.

The malware entry path

B.

The creator of the malware

C.

The type of malware involved

D.

The method of detecting the malware

Question 102

Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?

Options:

A.

Stakeholder plan

B.

Escalation plan

C.

Up-to-date risk register

D.

Asset classification

Question 103

Which of the following is MOST important to include in an information security status report to senior management?

Options:

A.

Key risk indicators (KRIs)

B.

Review of information security policies

C.

Information security budget requests

D.

List of recent security events

Question 104

Which of the following is the BEST indication of an effective information security awareness training program?

Options:

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Question 105

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

Options:

A.

Execution of unauthorized commands

B.

Prevention of authorized access

C.

Defacement of website content

D.

Unauthorized access to resources

Question 106

Which of the following is MOST important to include in an information security strategy?

Options:

A.

Stakeholder requirements

B.

Risk register

C.

Industry benchmarks

D.

Regulatory requirements

Question 107

A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

Options:

A.

the risk assessment has not defined the likelihood of occurrence

B.

the reported vulnerability has not been validated

C.

executive management is not aware of the impact potential

D.

the cost of implementing controls exceeds the potential financial losses.

Question 108

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

Options:

A.

Vendor service level agreements (SLAs)

B.

Independent review of the vendor

C.

Local laws and regulations

D.

Backup and restoration of data

Question 109

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Options:

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Question 110

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

Options:

A.

Implement compensating controls.

B.

Analyze the identified risk.

C.

Prepare a risk mitigation plan.

D.

Add the risk to the risk register.

Question 111

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

Options:

A.

review access rights as the acquisition integration occurs.

B.

perform a risk assessment of the access rights.

C.

escalate concerns for conflicting access rights to management.

D.

implement consistent access control standards.

Question 112

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

Options:

A.

Frequent updates to the risk register

B.

Regularly scheduled security audits

C.

Frequent security architecture reviews

D.

Regularly scheduled risk assessments

Question 113

Which of the following is the BEST indicator of the maturity level of a vendor risk management process?

Options:

A.

Average time required to complete the vendor risk management process

B.

Percentage of vendors that have gone through the vendor onboarding process

C.

Percentage of vendors that are regularly reviewed against defined criteria

D.

Number of vendors rejected because of security review results

Question 114

Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?

Options:

A.

Develop service level agreements (SLAs).

B.

Stipulate insurance requirements.

C.

Require nondisclosure agreements (NDAs).

D.

Create contingency plans.

Question 115

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)

B.

Infrastructure as a Service (laaS)

C.

Platform as a Service (PaaS)

D.

Software as a Service (SaaS)

Question 116

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Options:

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Question 117

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Options:

A.

Establish an organization-wide social media policy.

B.

Develop sanctions for misuse of social media sites.

C.

Monitor social media sites visited by employees.

D.

Restrict social media access on corporate devices.

Question 118

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

Options:

A.

Automated controls

B.

Security policies

C.

Guidelines

D.

Standards

Question 119

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.

Downtime due to malware infections

B.

Number of security vulnerabilities uncovered with network scans

C.

Percentage of servers patched

D.

Annualized loss resulting from security incidents

Question 120

Which of the following BEST illustrates residual risk within an organization?

Options:

A.

Heat map

B.

Risk management framework

C.

Business impact analysis (BIA)

D.

Balanced scorecard

Question 121

Which of the following should be established FIRST when implementing an information security governance framework?

Options:

A.

Security architecture

B.

Security policies

C.

Security incident management team

D.

Security awareness training program

Question 122

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Options:

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Question 123

Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

Options:

A.

Regular reporting to senior management

B.

Supportive tone at the top regarding security

C.

Automation of security controls

D.

Well-documented security policies and procedures

Question 124

Which of the following has the GREATEST influence on the successful integration of information security within the business?

Options:

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Question 125

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Options:

A.

Assess changes in the risk profile.

B.

Activate the disaster recovery plan (DRP).

C.

Invoke the incident response plan.

D.

Conduct security awareness training.

Question 126

An organization requires that business-critical applications be recovered within 30 minutes in the event of a disaster. Which of the following metrics should be in the business continuity plan (BCP) to manage this requirement?

Options:

A.

Maximum tolerable downtime (MTD)

B.

Service level agreement (SLA)

C.

Recovery point objective (RPO)

D.

Recovery time objective (RTO)

Question 127

A department has reported that a security control is no longer effective. Which of the following is the information security manager's BEST course of action?

Options:

A.

Replace the control

B.

Check for defense in depth

C.

Assess the control state

D.

Report the failure to management

Question 128

To effectively manage an organization's information security risk, it is MOST important to:

Options:

A.

assign risk management responsibility to an experienced consultant.

B.

periodically identify and correct new systems vulnerabilities.

C.

establish and communicate risk tolerance.

D.

benchmark risk scenarios against peer organizations.

Question 129

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Options:

A.

Network address translation (NAT)

B.

Message hashing

C.

Transport Layer Security (TLS)

D.

Multi-factor authentication

Question 130

Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?

Options:

A.

Risk heat map.

B.

Security benchmark report.

C.

Security metrics dashboard.

D.

Key risk indicators (KRIs).

Question 131

Which of the following is the PRIMARY impact of organizational culture on the effectiveness of an information security program?

Options:

A.

The culture shapes behaviors toward information security.

B.

The culture defines responsibilities necessary for program implementation.

C.

The culture helps determine budget for information security controls.

D.

The culture has minimal impact as long as information security controls are adhered to.

Question 132

Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?

Options:

A.

Security awareness plan

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Incident response plan

Question 133

Which of the following is the PRIMARY reason to use a phased incident recovery approach?

Options:

A.

To gain management buy-in

B.

To give the response team time to analyze incidents

C.

To ensure critical systems are recovered first

D.

To prioritize remediation steps

Question 134

A security incident has been reported within an organization. When should an information security manager contact the information owner?

Options:

A.

After the incident has been contained

B.

After the incident has been mitigated

C.

After the incident has been confirmed

D.

After the potential incident has been logged

Question 135

An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?

Options:

A.

Assemble the incident response team to evaluate the incidents

B.

Initiate the crisis communication plan to notify stakeholders of the incidents

C.

Engage external incident response consultants to conduct an independent investigation

D.

Prioritize the incidents based on data classification standards

Question 136

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Options:

A.

Industry benchmarks

B.

Security training test results

C.

Performance measures for existing controls

D.

Number of false positives

Question 137

Which of the following BEST enables the assignment of risk and control ownership?

Options:

A.

Aligning to an industry-recognized control framework

B.

Adopting a risk management framework

C.

Obtaining senior management buy-in

D.

Developing an information security strategy

Question 138

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?

Options:

A.

Isolate the PC from the network

B.

Perform a vulnerability scan

C.

Determine why the PC is not included in the inventory

D.

Reinforce information security training

Question 139

Which of the following is MOST important to ensure incident management readiness?

Options:

A.

The plan is compliant with industry standards.

B.

The plan is regularly tested.

C.

The plan is updated annually.

D.

The plan is concise and includes a checklist.

Question 140

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Options:

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Question 141

An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?

Options:

A.

Review of the audit logs

B.

Ownership of the data

C.

Employee's job role

D.

Valid use case

Question 142

Which of the following is the BEST indication of effective information security governance?

Options:

A.

Information security is considered the responsibility of the entire information security team.

B.

Information security controls are assigned to risk owners.

C.

Information security is integrated into corporate governance.

D.

Information security governance is based on an external security framework.

Question 143

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

Options:

A.

the security organization structure.

B.

international security standards.

C.

risk assessment results.

D.

the most stringent requirements.

Question 144

Which of the following is MOST important for the successful implementation of an incident response plan?

Options:

A.

Ensuring response staff are appropriately trained

B.

Developing metrics for incident response reporting

C.

Establishing an escalation process for the help desk

D.

Developing a RACI chart of response staff functions

Question 145

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Question 146

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:

A.

The capabilities and expertise of the information security team

B.

The organization's mission statement and roadmap

C.

A prior successful information security strategy

D.

The organization's information technology (IT) strategy

Question 147

During which of the following development phases is it MOST challenging to implement security controls?

Options:

A.

Post-implementation phase

B.

Implementation phase

C.

Development phase

D.

Design phase

Question 148

Once a suite of security controls has been successfully implemented for an organization's business units, it is MOST important for the information security manager to:

Options:

A.

hand over the controls to the relevant business owners.

B.

ensure the controls are regularly tested for ongoing effectiveness.

C.

perform testing to compare control performance against industry levels.

D.

prepare to adapt the controls for future system upgrades.

Question 149

Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

Options:

A.

To reduce the overall cost of policy development

B.

To share responsibility for addressing security breaches

C.

To decrease the workload of the IT department

D.

To gain acceptance of the policy across the organization

Question 150

A department has reported that a security control is no longer effective. Which of the following is the information security manager's BEST course of action?

Options:

A.

Assess the control state.

B.

Replace the control.

C.

Report the failure to management.

D.

Check for defense in depth.

Question 151

Which of the following BEST enables an organization to maintain an appropriate security control environment?

Options:

A.

Alignment to an industry security framework

B.

Budgetary support for security

C.

Periodic employee security training

D.

Monitoring of the threat landscape

Question 152

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

Options:

A.

Obtain an independent audit report.

B.

Require the provider to follow stringent data classification procedures.

C.

Include high penalties for security breaches in the contract.

D.

Review the provider's information security policies.

Question 153

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

Which of the following would provide the MOST useful information for planning purposes? »

Options:

A.

Results from a business impact analysis (BIA)

B.

Deadlines and penalties for noncompliance

C.

Results from a gap analysis

D.

An inventory of security controls currently in place

Question 154

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Question 155

During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?

Options:

A.

The certification includes industry-recognized security controls.

B.

The certification was issued within the last five years.

C.

The certification is issued for the specific scope.

D.

The certification is easily verified.

Question 156

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Options:

A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Question 157

Which of the following is the MOST important outcome of a post-incident review?

Options:

A.

The impact of the incident is reported to senior management.

B.

The system affected by the incident is restored to its prior state.

C.

The person responsible for the incident is identified.

D.

The root cause of the incident is determined.

Question 158

Which of the following is the PRIMARY objective of incident triage?

Options:

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Question 159

Which of the following is BEST used to determine the maturity of an information security program?

Options:

A.

Security budget allocation

B.

Organizational risk appetite

C.

Risk assessment results

D.

Security metrics

Question 160

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

Options:

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Question 161

Which of the following should be an information security manager's PRIMARY concern when an organization is expanding business to a new country?

Options:

A.

Compliance with local regulations

B.

Changes in IT infrastructure

C.

Cultural differences in the new country

D.

Ability to gather customer data

Question 162

Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?

Options:

A.

To ensure evidence is handled by qualified resources

B.

To validate the incident response process

C.

To provide the response team with expert training on evidence handling

D.

To prevent evidence from being disclosed to any internal staff members

Question 163

Which of the following should be the FIRST step when performing triage of a malware incident?

Options:

A.

Containing the affected system

B.

Preserving the forensic image

C.

Comparing backup against production

D.

Removing the malware

Question 164

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Options:

A.

number of impacted users.

B.

capability of incident handlers.

C.

type of confirmed incident.

D.

predicted incident duration.

Question 165

Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?

Options:

A.

Controls analysis

B.

Emerging risk review

C.

Penetration testing

D.

Traffic monitoring

Question 166

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Options:

A.

Temporarily suspend wire transfers for the organization.

B.

Provide awareness training to the CEO for this type of phishing attack.

C.

Provide awareness training to staff responsible for wire transfers.

D.

Disable emails for staff responsible for wire transfers.

Question 167

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.

control gaps are minimized.

B.

system availability.

C.

effectiveness of controls.

D.

alignment with compliance requirements.

Question 168

A business continuity plan (BCP) should contain:

Options:

A.

information about eradication activities.

B.

hardware and software inventories.

C.

data restoration procedures.

D.

criteria for activation.

Question 169

An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?

Options:

A.

Operations manager

B.

Service owner

C.

Information security manager

D.

Incident response team

Question 170

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Question 171

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor's independent control reports.

Question 172

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Options:

A.

Security incident reporting procedures are followed.

B.

Security staff turnover is reduced.

C.

Information assets are classified appropriately.

D.

Access is granted based on task requirements.

Question 173

An organization's information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?

Options:

A.

No owners were identified for some risks.

B.

Business applications had the highest number of risks.

C.

Risk mitigation action plans had no timelines.

D.

Risk mitigation action plan milestones were delayed.

Question 174

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

Options:

A.

Revise the procurement process.

B.

Update the change management process.

C.

Discuss the issue with senior leadership.

D.

Remove the application from production.

Question 175

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Options:

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Question 176

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Question 177

A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager's PRIMARY focus in this situation?

Options:

A.

Establishing a strong ongoing risk monitoring process

B.

Presenting the risk profile for approval by the risk owner

C.

Conducting an independent review of risk responses

D.

Updating the information security standards to include the accepted risk

Question 178

Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization's business continuity plan (BCP) has not been reviewed or updated in more than a year?

Options:

A.

An outdated BCP may result in less efficient recovery if an actual incident occurs.

B.

The organization may suffer reputational damage for not following industry best practices.

C.

The audit finding may impact the overall risk rating of the organization.

D.

The lack of updates to the BCP may result in noncompliance with internal policies.

Question 179

Data classification is PRIMARILY the responsibility of:

Options:

A.

senior management.

B.

the data custodian.

C.

the data owner.

D.

the security manager.

Question 180

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

Options:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Question 181

Which of the following should be the FIRST consideration when developing a strategy for protecting an organization's data?

Options:

A.

Classification

B.

Encryption

C.

Access monitoring

D.

Access rights

Question 182

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Question 183

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

Options:

A.

Implementing automated vulnerability scanning in the help desk workflow

B.

Changing the default setting for all security incidents to the highest priority

C.

Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

D.

Integrating incident response workflow into the help desk ticketing system

Question 184

An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?

Options:

A.

Focus the review on the infrastructure with the highest risk

B.

Review controls listed in the vendor contract

C.

Determine whether the vendor follows the selected security framework rules

D.

Review the vendor's security policy

Question 185

An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:

Options:

A.

determine the security exposures.

B.

assess the ability to integrate the security department operations.

C.

ensure compliance with international standards.

D.

evaluate the security policy and standards.

Question 186

Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Options:

A.

Incident management procedures

B.

Incident management policy

C.

System risk assessment

D.

Organizational risk register

Question 187

Which of the following is the BEST justification for making a revision to a password policy?

Options:

A.

Vendor recommendation

B.

Audit recommendation

C.

A risk assessment

D.

Industry best practice

Question 188

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

Options:

A.

Perform a risk analysis for critical applications.

B.

Determine whether critical success factors (CSFs) have been defined.

C.

Conduct a capability maturity model evaluation.

D.

Review and update current operational procedures.

Question 189

Which of the following is the MOST important issue in a penetration test?

Options:

A.

Having an independent group perform the test

B.

Obtaining permission from audit

C.

Performing the test without the benefit of any insider knowledge

D.

Having a defined goal as well as success and failure criteria

Question 190

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Question 191

Which of the following is the PRIMARY reason for granting a security exception?

Options:

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Question 192

Which of the following is the BEST way to prevent insider threats?

Options:

A.

Enforce separation of duties and least privilege access.

B.

Conduct organization-wide security awareness training.

C.

Implement logging for all access activities.

D.

Implement strict security policies and password controls.

Question 193

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Options:

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Question 194

An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''

Options:

A.

Deploy mobile device management (MDM)

B.

Implement remote wipe capability.

C.

Create an acceptable use policy.

D.

Conduct a mobile device risk assessment

Question 195

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The total cost of the investment

B.

The cost and associated risk reduction

C.

The number and severity of ransomware incidents

D.

Benchmarks of industry peers impacted by ransomware

Question 196

Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?

Options:

A.

Service level agreement (SLA)

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Business impact analysis (BIA)

Question 197

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

Options:

A.

Monitor the effectiveness of controls

B.

Update the risk assessment framework

C.

Review the inherent risk level

D.

Review the risk probability and impact

Question 198

Which of the following has the GREATEST impact on the effectiveness of an organization’s security posture?

Options:

A.

Incident metrics are frequently compared against industry benchmarks

B.

New hires are mandated to attend security training

C.

Security is embedded in organizational culture

D.

Senior management has approved and endorsed security practices

Question 199

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Options:

A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Question 200

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?

Options:

A.

Information security manager

B.

Information security steering committee

C.

Information owner

D.

Senior management

Question 201

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Options:

A.

Identification of risk

B.

Analysis of control gaps

C.

Design of key risk indicators (KRIs)

D.

Selection of risk treatment options

Question 202

Which of the following BEST enables an organization to determine the costs of downtime for a critical application?

Options:

A.

Fault tree analysis

B.

Cost-benefit analysis

C.

Return on investment (ROI) analysis

D.

Business impact analysis (BIA)

Question 203

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Options:

A.

Developing an information security policy based on risk assessments

B.

Establishing an information security steering committee

C.

Documenting the information security governance framework

D.

Implementing an information security awareness program

Question 204

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

Options:

A.

Inform the public relations officer.

B.

Monitor the third party's response.

C.

Invoke the incident response plan.

D.

Inform customers of the breach.

Question 205

Reverse lookups can be used to prevent successful:

Options:

A.

denial of service (DoS) attacks

B.

session hacking

C.

phishing attacks

D.

Internet protocol (IP) spoofing

Question 206

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

Options:

A.

Perform a risk assessment

B.

Perform a gap analysis

C.

Review information security policies

D.

Review the state of security awareness

Question 207

Which of the following should be done FIRST to prioritize response to incidents?

Options:

A.

Containment

B.

Escalation

C.

Analysis

D.

Triage

Question 208

A PRIMARY benefit of adopting an information security framework is that it provides:

Options:

A.

credible emerging threat intelligence.

B.

security and vulnerability reporting guidelines.

C.

common exploitability indices.

D.

standardized security controls.

Question 209

Which of the following BEST facilitates effective strategic alignment of security initiatives?

Options:

A.

The business strategy is periodically updated

B.

Procedures and standards are approved by department heads.

C.

Periodic security audits are conducted by a third-party.

D.

Organizational units contribute to and agree on priorities

Question 210

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization's data by the user

D.

Monitoring how often the smartphone is used

Question 211

Which of the following is the BEST course of action when an online company discovers a network attack in progress?

Options:

A.

Dump all event logs to removable media

B.

Isolate the affected network segment

C.

Enable trace logging on ail events

D.

Shut off all network access points

Question 212

Which of the following devices, when placed in a demilitarized zone (DMZ), would be considered the MOST significant exposure?

Options:

A.

Mail relay server

B.

Proxy server

C.

Database server

D.

Application server

Question 213

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Question 214

Which of the following has the MOST influence on the inherent risk of an information asset?

Options:

A.

Risk tolerance

B.

Net present value (NPV)

C.

Return on investment (ROI)

D.

Business criticality

Question 215

Which of the following is ESSENTIAL to ensuring effective incident response?

Options:

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Question 216

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

Options:

A.

Access to the hardware

B.

Data encryption

C.

Non-standard event logs

D.

Compressed customer data

Question 217

Which of the following is the PRIMARY objective of a cyber resilience strategy?

Options:

A.

Business continuity

B.

Regulatory compliance

C.

Employee awareness

D.

Executive support

Question 218

An organization's quality process can BEST support security management by providing:

Options:

A.

security configuration controls.

B.

assurance that security requirements are met.

C.

guidance for security strategy.

D.

a repository for security systems documentation.

Question 219

In a call center, the BEST reason to conduct a social engineering is to:

Options:

A.

Identify candidates for additional security training.

B.

minimize the likelihood of successful attacks.

C.

gain funding for information security initiatives.

D.

improve password policy.

Question 220

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Question 221

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

conduct an incident forensic analysis.

B.

fallow the incident response plan

C.

notify the business process owner.

D.

fallow the business continuity plan (BCP).

Question 222

Penetration testing is MOST appropriate when a:

Options:

A.

new system is about to go live.

B.

new system is being designed.

C.

security policy is being developed.

D.

security incident has occurred,

Question 223

Which of the following backup methods requires the MOST time to restore data for an application?

Options:

A.

Full backup

B.

Incremental

C.

Differential

D.

Disk mirroring

Question 224

The MOST important element in achieving executive commitment to an information security governance program is:

Options:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Question 225

A global organization is considering its geopolitical security risks. Which of the following is the information security manager's BEST approach?

Options:

A.

Seek advice from environmental and physical security experts

B.

Implement a third-party risk management framework

C.

Implement controls that deny access from specific jurisdictions

D.

Seek advice from enterprise risk and legal experts

Question 226

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Question 227

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

Options:

A.

Security metrics

B.

Security baselines

C.

Security incident details

D.

Security risk exposure

Question 228

Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?

Options:

A.

Information security manager

B.

Chief risk officer (CRO)

C.

Information security steering committee

D.

Risk owner

Question 229

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Question 230

The PRIMARY objective of a post-incident review of an information security incident is to:

Options:

A.

update the risk profile

B.

minimize impact

C.

prevent recurrence.

D.

determine the impact

Question 231

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Question 232

An incident response team has established that an application has been breached. Which of the following should be done NEXT?

Options:

A.

Maintain the affected systems in a forensically acceptable state

B.

Conduct a risk assessment on the affected application

C.

Inform senior management of the breach.

D.

Isolate the impacted systems from the rest of the network

Question 233

Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?

Options:

A.

Vulnerability assessment

B.

Regulatory requirements

C.

Industry best practices

D.

Enterprise goals

Question 234

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?

Options:

A.

Schedule patching based on the criticality.

B.

Install the patch immediately to eliminate the vulnerability.

C.

Conduct comprehensive testing of the patch.

D.

Validate the authenticity of the patch.

Question 235

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Options:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Question 236

An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Options:

A.

Wipe the affected system.

B.

Notify internal legal counsel.

C.

Notify senior management.

D.

Isolate the impacted endpoints.

Question 237

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:

A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Question 238

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Question 239

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

Options:

A.

Control matrix

B.

Business impact analysis (BIA)

C.

Risk register

D.

Information security policy

Question 240

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Question 241

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Options:

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Question 242

A finance department director has decided to outsource the organization's budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?

Options:

A.

Determine the required security controls for the new solution

B.

Review the disaster recovery plans (DRPs) of the providers

C.

Obtain audit reports on the service providers' hosting environment

D.

Align the roles of the organization's and the service providers' stats.

Question 243

Which of the following BEST ensures information security governance is aligned with corporate governance?

Options:

A.

A security steering committee including IT representation

B.

A consistent risk management approach

C.

An information security risk register

D.

Integration of security reporting into corporate reporting

Question 244

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Options:

A.

Projected Increase in maturity level

B.

Estimated reduction in risk

C.

Projected costs over time

D.

Estimated increase in efficiency

Question 245

Which of the following is the MOST effective way to ensure information security policies are understood?

Options:

A.

Implement a whistle-blower program.

B.

Provide regular security awareness training.

C.

Include security responsibilities in job descriptions.

D.

Document security procedures.

Question 246

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

Options:

A.

To ensure separation of duties is maintained

B.

To ensure system audit trails are not bypassed

C.

To prevent accountability issues

D.

To prevent unauthorized user access

Question 247

A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Question 248

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Question 249

Which of the following provides the MOST effective response against ransomware attacks?

Options:

A.

Automatic quarantine of systems

B.

Thorough communication plans

C.

Effective backup plans and processes

D.

Strong password requirements

Question 250

Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?

Options:

A.

Incident response plan can be activated in a timely manner.

B.

Incident metrics can be communicated.

C.

Risk response options can be identified quickly.

D.

Incident classification times can be improved.

Question 251

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Question 252

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Options:

A.

Integrate risk management into the vendor management process.

B.

Conduct security reviews on the services and solutions delivered.

C.

Review third-party contracts as part of the vendor management process.

D.

Perform an audit on vendors' security controls and practices.

Question 253

Which of the following would BEST enable the timely execution of an incident response plan?

Options:

A.

The introduction of a decision support tool

B.

Definition of trigger events

C.

Clearly defined data classification process

D.

Centralized service desk

Question 254

An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Reinforce security awareness practices for end users.

B.

Temporarily outsource the email system to a cloud provider.

C.

Develop a business case to replace the system.

D.

Monitor outgoing traffic on the firewall.

Question 255

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

Options:

A.

Provide regular updates about the current state of the risks.

B.

Re-perform risk analysis at regular intervals.

C.

Assign a risk owner to each risk

D.

Create mitigating controls to manage the risks.

Question 256

An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purposed?

Options:

A.

Guidelines

B.

Policies

C.

Procedures

D.

Standards

Question 257

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Options:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Question 258

An information security manager is assessing security risk associated with a cloud service provider. Which of the following is the MOST appropriate reference to consult when performing this assessment?

Options:

A.

Previous provider service level agreements (SLAs)

B.

Threat intelligence reports

C.

Penetration test results from the provider

D.

Security control frameworks

Question 259

Which of the following is the BEST option to lower the cost to implement application security controls?

Options:

A.

Perform security tests in the development environment.

B.

Integrate security activities within the development process

C.

Perform a risk analysis after project completion.

D.

Include standard application security requirements

Question 260

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

Options:

A.

Digital currency is immediately available.

B.

Network access requires two-factor authentication.

C.

Data backups are recoverable from an offsite location.

D.

An alternative network link is immediately available.

Question 261

The PRIMARY reason to properly classify information assets is to determine:

Options:

A.

appropriate encryption strength using a risk-based approach.

B.

the business impact if assets are compromised.

C.

the appropriate protection based on sensitivity.

D.

user access levels based on the need to know.

Question 262

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

)the information security officer.

B.

the steering committee.

C.

the board of directors.

D.

the internal audit manager.

Question 263

The BEST way to report to the board on the effectiveness of the information security program is to present:

Options:

A.

a dashboard illustrating key performance metrics.

B.

a summary of the most recent audit findings.

C.

peer-group industry benchmarks.

D.

a report of cost savings from process improvements.

Question 264

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Options:

A.

Perform a full data backup.

B.

Conduct ransomware awareness training for all staff.

C.

Update indicators of compromise in the security systems.

D.

Review the current risk assessment.

Question 265

Which of the following is MOST important to consider when defining control objectives?

Options:

A.

Industry best practices

B.

An information security framework

C.

Control recommendations from a recent audit

D.

The organization's risk appetite

Question 266

Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?

Options:

A.

Mapping the risks to the security classification scheme

B.

Illustrating risk on a heat map

C.

Mapping the risks to existing controls

D.

Providing a technical risk assessment report

Question 267

When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:

Options:

A.

ensure alignment with industry encryption standards.

B.

ensure that systems that handle credit card data are segmented.

C.

review industry best practices for handling secure payments.

D.

review corporate policies regarding credit card information.

Question 268

Which of the following would BEST guide the development and maintenance of an information security program?

Options:

A.

A business impact assessment

B.

A comprehensive risk register

C.

An established risk assessment process

D.

The organization's risk appetite

Question 269

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Options:

A.

Eliminate privileged accounts.

B.

Perform periodic certification of access to privileged accounts.

C.

Frequently monitor activities on privileged accounts.

D.

Provide privileged account access only to users who need it.

Question 270

Which of the following business units should own the data that populates an identity management system?

Options:

A.

Human resources (HR)

B.

Legal

C.

Information technology

D.

Information security

Question 271

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Options:

A.

An industry peer experienced a recent breach with a similar application.

B.

The system can be replicated for additional use cases.

C.

The cost of implementing the system is less than the impact of downtime.

D.

The solution is within the organization's risk tolerance.

Question 272

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Question 273

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

Options:

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Question 274

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Question 275

Which of the following is the BEST way to obtain organization-wide support for an information security program?

Options:

A.

Mandate regular security awareness training.

B.

Develop security performance metrics.

C.

Position security as a business enabler.

D.

Prioritize security initiatives based on IT strategy.

Question 276

Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?

Options:

A.

Information security manager

B.

IT risk manager

C.

Internal auditor

D.

Risk owner

Question 277

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

Options:

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Question 278

Which of the following BEST indicates misalignment of security policies with business objectives?

Options:

A.

Low completion rate of employee awareness training

B.

Lack of adequate funding for the security program

C.

A large number of long-term policy exceptions

D.

A large number of user noncompliance incidents

Question 279

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Options:

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Question 280

What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Options:

A.

Developing a dashboard for communicating the metrics

B.

Agreeing on baseline values for the metrics

C.

Benchmarking the expected value of the metrics against industry standards

D.

Aligning the metrics with the organizational culture

Question 281

Which of the following is MOST effective in monitoring an organization's existing risk?

Options:

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Question 282

Threat and vulnerability assessments are important PRIMARILY because they are:

Options:

A.

used to establish security investments

B.

the basis for setting control objectives.

C.

elements of the organization's security posture.

D.

needed to estimate risk.

Question 283

A business continuity plan (BCP) should contain:

Options:

A.

Hardware and software inventories

B.

Data restoration procedures

C.

Information about eradication activities

D.

Criteria for activation

Question 284

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Question 285

The BEST way to integrate information security governance with corporate governance is to ensure:

Options:

A.

the information security steering committee monitors compliance with security policies.

B.

management teams embed information security into business processes.

C.

awareness programs include industry best practice for information security governance.

D.

the information security program is included in regular external audits.

Question 286

When determining an acceptable risk level which of the following is the MOST important consideration?

Options:

A.

Threat profiles

B.

System criticalities

C.

Vulnerability scores

D.

Risk matrices

Question 287

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Options:

A.

Documentation of control procedures

B.

Standardization of compliance requirements

C.

Automation of controls

D.

Integration of assurance efforts

Question 288

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Options:

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Question 289

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Revise the policy.

B.

Perform a root cause analysis.

C.

Conduct a risk assessment,

D.

Communicate the acceptable use policy.

Question 290

Which of the following is the BEST indicator of a successful intrusion into an organization's systems?

Options:

A.

Decrease in internal network traffic

B.

Increase in the number of failed login attempts

C.

Increase in the number of irregular application requests

D.

Decrease in available storage space

Question 291

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Implement a SIEM solution.

B.

Perform a threat analysis.

C.

Establish performance metrics for the team.

D.

Perform a post-incident review.

Page: 1 / 97
Total 967 questions