Certified Information Security Manager Questions and Answers
An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Which of the following controls would MOST effectively manage risk to the organization?
When determining an acceptable risk level which of the following is the MOST important consideration?
Which of the following is MOST important to include in an information security policy?
Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?
What will BEST facilitate the success of new security initiatives?
Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
What should be an information security manager ' s MOST important consideration when developing a multi-year plan?
An organization has determined that fixing a security vulnerability in a critical application is too costly to be feasible, but the impact is material to the business. Which of the following is the MOST appropriate risk treatment?
Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?
As part of incident response activities, the BEST time to begin the recovery process is after:
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following BEST determines the allocation of resources during a security incident response?
Which of the following is MOST important in increasing the effectiveness of incident responders?
Which of the following is MOST important for building 4 robust information security culture within an organization?
Which of the following is MOST important for the successful implementation of an incident response plan?
An organization plans to implement a new e-commerce operation in a highly regulated market. Which of the following is MOST important to consider when updating the risk management strategy?
Which of the following is MOST helpful in determining an organization ' s current capacity to mitigate risks?
Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?
Which of the following is the PRIMARY objective of information asset classification?
Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
Which of the following should be of GREATEST concern regarding an organization ' s security controls?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
The PRIMARY advantage of involving end users in continuity planning is that they:
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
Which of the following BEST indicates that information assets are classified accurately?
Which of the following is the MOST effective way to demonstrate improvement in security performance?
Which of the following would BEST enable the help desk to recognize an information security incident?
Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?
Which of the following is the MOST important objective of post-incident review activities?
An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
The effectiveness of an information security governance framework will BEST be enhanced if:
Data classification is PRIMARILY the responsibility of:
The resilience requirements of an application are BEST determined by:
In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or
The GREATEST benefit of an effective information security awareness program is the organization’s ability to:
An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?
For which of the following is it MOST important that system administrators be restricted to read-only access?
Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?
When choosing the best controls to mitigate risk to acceptable levels, the information security manager ' s decision should be MAINLY driven by:
Which of the following should be the MOST important consideration when establishing information security policies for an organization?
Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?
A new information security reporting requirement will soon become effective. Which of the following should be the information security manager ' s FIRST action?
Which of the following is MOST important when conducting a forensic investigation?
Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
An information security manager has confirmed the organization ' s cloud provider has unintentionally published some of the organization ' s business data. Which of the following should be done NEXT?
An organization has identified a large volume of old data that appears to be unused. Which of the following should the information
security manager do NEXT?
An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
Which of the following is a PRIMARY function of an incident response team?
Behavioral analytics tools are used PRIMARILY to manage risks within an organization by:
When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:
Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?
Which of the following is the MOST important factor of a successful information security program?
Which of the following is the BEST indicator of the maturity level of a vendor risk management process?
The MOST important reason for an organization to establish a social media policy is to:
An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
A global organization is planning to expand its operations into a new country with stricter data protection regulations than those in the headquarters ' home country. Which of the following is the BEST approach for adopting these new requirements?
What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?
Which of the following is the BEST indication of effective information security governance?
An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:
Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?
Which of the following is the MOST important consideration when defining control objectives?
Which of the following is the MOST important outcome of effective risk treatment?
Of the following, who should be assigned as the owner of a newly identified risk related to an organization ' s new payroll system?
Regular vulnerability scanning on an organization ' s internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?
Results from which of the following would BEST provide an understanding of the effectiveness of an organization’s information security program?
Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?
Which of the following is MOST important to the effectiveness of an information security program?
Which of the following is MOST important to include in a post-incident review following a data breach?
What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following is the MOST effective way to convey information security responsibilities across an organization?
When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:
Which of the following should be the PRIMARY objective for creating a culture of security within an organization?
What is the PRIMARY role of the information security program?
When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:
An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization ' s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?
A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?
Which of the following events is MOST likely to require an organization to revisit its information security framework?
Which of the following BEST helps to ensure the effective execution of an organization ' s disaster recovery plan (DRP)?
Which of the following would BEST justify continued investment in an information security program?
When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
Which of the following BEST enables an organization to transform its culture to support information security?
Which of the following is the BEST tool to monitor the effectiveness of information security governance?
An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?
From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often
What type of control is being implemented when a security information and event management (SIEM) system is installed?
Which of the following would be MOST important to include in a proposal justifying investments for an organization ' s information security program?
To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
Of the following, who is BEST positioned to approve specific information security risk treatment options?
Which of the following should be done FIRST to prioritize response to incidents?
Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization ' s IT asset inventory?
An email digital signature will:
Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?
Which of the following is MOST important to include in monthly information security reports to the board?
Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?
An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
Which of the following BEST enables an organization to effectively manage emerging cyber risk?
From a business perspective, the GREATEST benefit of an incident response plan is that it:
Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
The PRIMARY advantage of single sign-on (SSO) is that it will:
Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?
In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?
Which of the following presents the GREATEST challenge when assessing the impact of emerging risk?
Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?
Which of the following is the BEST option to lower the cost to implement application security controls?
An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?
Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?
When building support for an information security program, which of the following elements is MOST important?
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
Which of the following is the BEST indicator of an organization ' s information security status?
Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
Which of the following security initiatives should be the FIRST step in helping an organization maintain compliance with privacy regulations?
Which of the following BEST enables staff acceptance of information security policies?
Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?
Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?
An organization would like to invest in a new emerging technology. Which of the following is MOST important for the information security manager to consider when evaluating its impact?
Which of the following metrics is MOST appropriate for evaluating the incident notification process?
During which of the following development phases is it MOST challenging to implement security controls?
Which of the following is an information security manager ' s MOST important course of action after receiving information about a new cybersecurity threat?
Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?
To effectively manage an organization ' s information security risk, it is MOST important to:
Which of the following is the MOST important constraint to be considered when developing an information security strategy?
When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:
Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?
An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?
Which of the following is the GREATEST benefit of using AI tools in security operations?
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
For an enterprise implementing a bring your own device program, which of the following would provide the BEST security for corporate data residing on unsecured mobile devices?
Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?
The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:
Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?
Which of the following is an example of a deterrent control?
Of the following, who is BEST suited to own the risk discovered in an application?
Which of the following should be the MOST important consideration of business continuity management?
The MOST important information for influencing management’s support of information security is:
An online bank identifies a successful network attack in progress. The bank should FIRST:
Which of the following is an information security manager ' s MOST important course of action when responding to a major security incident that could disrupt the business?
Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?
Prior to implementing a bring your own device (BYOD) program, it is MOST important to:
Which risk is introduced when using only sanitized data for the testing of applications?
A new risk has been identified in a high availability system. The BEST course of action is to:
The BEST way to identify the risk associated with a social engineering attack is to:
Which of the following BEST enables an organization to increase information security control effectiveness?
A multinational organization is introducing a security governance framework. The information security manager ' s concern is that regional security practices differ. Which of the following should be evaluated FIRST?
Which of the following processes is MOST important for the success of a business continuity plan (BCP)?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?
Which of the following BEST facilitates the effective execution of an incident response plan?
What is the BEST way to inform senior management of the value of information security?
While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?
During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?
An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager ' s MOST important course of action?
Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
Which of the following BEST facilitates recovery of data lost as a result of a cybersecurity incident?
Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization ' s business continuity plan (BCP) has not been reviewed or updated in more than a year?
Which of the following is ESSENTIAL to ensuring effective incident response?
Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
When designing security controls, it is MOST important to:
Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?
The effectiveness of an incident response team will be GREATEST when:
Which of the following would MOST effectively ensure that a new server is appropriately secured?
Which of the following activities MUST be performed by an information security manager for change requests?
Which of the following BEST enables the integration of information security governance into corporate governance?
Which of the following will BEST enable an effective information asset classification process?
Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?
A PRIMARY benefit of adopting an information security framework is that it provides:
When establishing an information security governance framework, it is MOST important for an information security manager to understand:
An organization ' s HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?
An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:
To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?
Which of the following is a PRIMARY benefit of managed security solutions?
Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?
Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?
Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?
Which of the following should be done FIRST once a cybersecurity attack has been confirmed?
Which of the following is the PRIMARY benefit of an information security awareness training program?
A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?
The MOST important reason to classify security incidents is to:
Which of the following is the BEST method for determining whether new risks exist in legacy systems?
Embedding security responsibilities into job descriptions is important PRIMARILY because it:
An organization ' s automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?
An information security manager is assessing security risk associated with a cloud service provider. Which of the following is the MOST appropriate reference to consult when performing this assessment?
Which of the following provides the MOST effective response against ransomware attacks?
An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?
Which of the following would be MOST important to include in communications to customers impacted by an information security incident?
Which of the following activities is designed to handle a control failure that leads to a breach?
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
The PRIMARY goal when conducting post-incident reviews is to identify:
Which of the following is the BEST way to present the status of an information security program to senior management?
Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
In information security governance, which of the following has PRIMARY responsibility for ensuring compliance with regulations?
Which of the following is an information security manager ' s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
Which of the following is the BEST indication of information security strategy alignment with the “ &
An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software security?
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
To support effective risk decision making, which of the following is MOST important to have in place?
Which of the following would BEST enable the timely execution of an incident response plan?
Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
Which of the following is MOST important to have in place for an organization ' s information security program to be effective?
The PRIMARY goal to a post-incident review should be to:
Which of the following is the PRIMARY reason to perform a business impact analysis (BIA)?
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
A healthcare company is working with a virtual reality (VR) vendor to provide a training solution for customers of the organization’s products. Which of the following is MOST important to include in the contract?
Which of the following is the PRIMARY reason to use a phased incident recovery approach?
Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?
For an e-business that requires high availability, which of the following design principles is BEST?
Which of the following is an information security manager ' s BEST recommendation to senior management following a breach at the organization ' s Software as a Service (SaaS) vendor?
Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?
Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:
Who is BEST suited to determine how the information in a database should be classified?
An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done
FIRST?
Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
An organization successfully responded to an information security incident. However, the information security manager learned that some of the steps specified in the incident management procedures were not taken by the response team. What should be the information security manager ' s FIRST step?
Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?
The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:
Which of the following is the MOST important consideration for an incident response team seeking to limit the impact of incidents?
Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization ' s hosted payroll service provider?
Which of the following is MOST important to the successful implementation of an information security program?
Which of the following is the MOST important consideration when determining which type of failover site to employ?
Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Which of the following is the PRIMARY purpose of implementing information security standards?
Following an employee security awareness training program, what should be the expected outcome?
Which of the following provides an information security manager with the MOST useful information on new threats and emerging risks that could impact business objectives?
An organization has an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager ' s BEST course of action?
An incident response team has been alerted to suspicious communications between an end user’s workstation and a possibly infected external server. Which of the following should be done NEXT?
Which of the following BEST indicates that an information security governance framework has been successfully implemented?
Which of the following is the MOST important objective of a disaster recovery test?
An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?
Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?
Which of the following is MOST effective for communicating forward-looking trends within security reporting?
Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?
Which of the following should be the PRIMARY goal of information security?
A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:
Which of the following is the MOST important consideration when developing an approach to effectively contain security incidents?
Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
Which of the following is a prerequisite for formulating a business continuity plan (BCP)?
An organization has identified IT failures in a call center application. Of the following, who should own this risk?
Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization ' s existing security posture?
Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?
Which of the following is the BEST way to determine if an information security profile is aligned with business requirements?
Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?
Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager ' s GREATEST concern with this situation?
Which of the following has the GREATEST impact on the ability to successfully execute a disaster recovery plan (DRP)?
Which of the following should have the MOST influence on the development of information security policies?
Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?
Which of the following is the BEST course of action when using a web application that has known vulnerabilities?
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?
The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
The PRIMARY goal of the eradication phase in an incident response process is to:
Which of the following is the BEST indication of an effective information security awareness training program?
Which of the following is the responsibility of a risk owner?
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
A backdoor has been identified that enabled a cyberattack on an organization’s systems. Integrating which of the following into the software development life cycle would BEST enable the organization to mitigate similar attacks in the future?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
The PRIMARY purpose of implementing information security governance metrics is to:
The fundamental purpose of establishing security metrics is to:
An organization has identified a weakness in the ability of its employees to identify and report cybersecurity incidents. Although training materials have been provided, employees show a lack of interest. Which of the following is the information security manager’s BEST course of action?
Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?
In a call center, the BEST reason to conduct a social engineering is to:
Which of the following is the GREATEST benefit resulting from the introduction of data security standards for payment cards?
Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization ' s information security requirements?
Which of the following is MOST important when designing an information security governance framework?
An information security manager developing an incident response plan MUST ensure it includes:
What is the PRIMARY purpose of an unannounced disaster recovery exercise?
If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
Which of the following metrics would provide an accurate measure of an information security program ' s performance?
An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager ' s FIRST course of action?
Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization ' s business goals?
Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?
After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?
An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:
Which of the following should be an information security manager ' s PRIMARY concern when an organization is expanding business to a new country?
Which of the following has the GREATEST influence on the successful integration of information security within the business?
An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?
Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?
Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?
An outsourced vendor handles an organization’s business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor’s security practices?
Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?
Which of the following MUST be established to maintain an effective information security governance framework?
An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager ' s BEST approach for communicating the implications of this transition to the board of directors?
While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?
Which of the following BEST enables an organization to evaluate the security posture of a cloud service?
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?
Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?
Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?
Which of the following should be the PRIMARY objective of the information security incident response process?
Which of the following principles BEST addresses the protection of data from unauthorized modification?
Which of the following MUST happen immediately following the identification of a malware incident?
Which of the following should be done FIRST to determine the impact of a new regulatory requirement for cloud services?
A finance department director has decided to outsource the organization ' s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?
What is the BEST way to reduce the impact of a successful ransomware attack?
An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:
Which of the following BEST indicates misalignment of security policies with business objectives?
When collecting admissible evidence, which of the following is the MOST important requirement?
An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:
Which of the following is the BEST way to build a risk-aware culture?
The PRIMARY objective of performing a post-incident review is to:
Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?
Which of the following has the GREATEST impact on the effectiveness of an organization’s security posture?
A balanced scorecard MOST effectively enables information security:
Which of the following establishes the minimum technical baseline for security controls?
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
Which of the following BEST determines the data retention strategy and subsequent policy for an organization?
Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?
Which of the following roles is accountable for the protection of data?
Which of the following is the MOST important consideration when attempting to create a security-focused culture?
An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:
An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager ' s BEST course of action?
Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?
A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?
An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?
Which of the following metrics BEST demonstrates the effectiveness of an organization ' s security awareness program?
Which of the following should be done FIRST when developing a business continuity plan (BCP)?
Which of the following is the MOST important reason to ensure information security is aligned with the organization ' s strategy?
Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?
Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?
Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?
Which of the following is the BEST reason to implement a comprehensive information security management system?
To ensure continuous alignment with the organizational strategy
To gain senior management support for the information security program
To support identification of key risk indicators (KRIs)
The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:
An organization ' s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
Which of the following BEST describes a buffer overflow?
Which of the following BEST indicates the effectiveness of the vendor risk management process?
Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?