New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

712-50 Questions and Answers

Question # 6

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?

A.

Provide developer security training

B.

Deploy Intrusion Detection Systems

C.

Provide security testing tools

D.

Implement Compensating Controls

Full Access
Question # 7

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Full Access
Question # 8

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

A.

Failed to identify all stakeholders and their needs

B.

Deployed the encryption solution in an inadequate manner

C.

Used 1024 bit encryption when 256 bit would have sufficed

D.

Used hardware encryption instead of software encryption

Full Access
Question # 9

When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)

A.

The CISO should cut other essential programs to ensure the new solution’s continued use

B.

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

C.

Defer selection until the market improves and cash flow is positive

D.

Implement the solution and ask for the increased operating cost budget when it is time

Full Access
Question # 10

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

A.

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Full Access
Question # 11

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

A.

The software license expiration is probably out of synchronization with other software licenses

B.

The project was initiated without an effort to get support from impacted business units in the organization

C.

The software is out of date and does not provide for a scalable solution across the enterprise

D.

The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Full Access
Question # 12

Which of the following best summarizes the primary goal of a security program?

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Full Access
Question # 13

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A.

Alignment with the business

B.

Effective use of existing technologies

C.

Leveraging existing implementations

D.

Proper budget management

Full Access
Question # 14

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Full Access
Question # 15

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

A.

Vendor’s client list of reputable organizations currently using their solution

B.

Vendor provided attestation of the detailed security controls from a reputable accounting firm

C.

Vendor provided reference from an existing reputable client detailing their implementation

D.

Vendor provided internal risk assessment and security control documentation

Full Access
Question # 16

Which of the following is the BEST indicator of a successful project?

A.

it is completed on time or early as compared to the baseline project plan

B.

it meets most of the specifications as outlined in the approved project definition

C.

it comes in at or below the expenditures planned for in the baseline budget

D.

the deliverables are accepted by the key stakeholders

Full Access
Question # 17

Your incident response plan should include which of the following?

A.

Procedures for litigation

B.

Procedures for reclamation

C.

Procedures for classification

D.

Procedures for charge-back

Full Access
Question # 18

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Full Access
Question # 19

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

A.

Grant her access, the employee has been adequately warned through the AUP.

B.

Assist her with the request, but only after her supervisor signs off on the action.

C.

Reset the employee’s password and give it to the supervisor.

D.

Deny the request citing national privacy laws.

Full Access
Question # 20

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

A.

Lack of asset management processes

B.

Lack of change management processes

C.

Lack of hardening standards

D.

Lack of proper access controls

Full Access
Question # 21

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

A.

Type of data contained in the process/system

B.

Type of connection/protocol used to transfer the data

C.

Type of encryption required for the data once it is at rest

D.

Type of computer the data is processed on

Full Access
Question # 22

Risk appetite is typically determined by which of the following organizational functions?

A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

Full Access
Question # 23

Which business stakeholder is accountable for the integrity of a new information system?

A.

CISO

B.

Compliance Officer

C.

Project manager

D.

Board of directors

Full Access
Question # 24

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Full Access
Question # 25

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

A.

Cost benefit

B.

Risk appetite

C.

Business continuity

D.

Likelihood of impact

Full Access
Question # 26

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

A.

Deploy a SEIM solution and have current staff review incidents first thing in the morning

B.

Contract with a managed security provider and have current staff on recall for incident response

C.

Configure your syslog to send SMS messages to current staff when target events are triggered

D.

Employ an assumption of breach protocol and defend only essential information resources

Full Access
Question # 27

Which of the following is considered the MOST effective tool against social engineering?

A.

Anti-phishing tools

B.

Anti-malware tools

C.

Effective Security Vulnerability Management Program

D.

Effective Security awareness program

Full Access
Question # 28

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Full Access
Question # 29

Credit card information, medical data, and government records are all examples of:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Full Access
Question # 30

What two methods are used to assess risk impact?

A.

Cost and annual rate of expectance

B.

Subjective and Objective

C.

Qualitative and percent of loss realized

D.

Quantitative and qualitative

Full Access
Question # 31

When choosing a risk mitigation method what is the MOST important factor?

A.

Approval from the board of directors

B.

Cost of the mitigation is less than the risk

C.

Metrics of mitigation method success

D.

Mitigation method complies with PCI regulations

Full Access
Question # 32

The success of the Chief Information Security Officer is MOST dependent upon:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Full Access
Question # 33

Which of the following provides an audit framework?

A.

Control Objectives for IT (COBIT)

B.

Payment Card Industry-Data Security Standard (PCI-DSS)

C.

International Organization Standard (ISO) 27002

D.

National Institute of Standards and Technology (NIST) SP 800-30

Full Access
Question # 34

Regulatory requirements typically force organizations to implement

A.

Mandatory controls

B.

Discretionary controls

C.

Optional controls

D.

Financial controls

Full Access
Question # 35

An organization information security policy serves to

A.

establish budgetary input in order to meet compliance requirements

B.

establish acceptable systems and user behavior

C.

define security configurations for systems

D.

define relationships with external law enforcement agencies

Full Access
Question # 36

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

Full Access
Question # 37

The alerting, monitoring and life-cycle management of security related events is typically handled by the

A.

security threat and vulnerability management process

B.

risk assessment process

C.

risk management process

D.

governance, risk, and compliance tools

Full Access
Question # 38

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

A.

The organization uses exclusively a quantitative process to measure risk

B.

The organization uses exclusively a qualitative process to measure risk

C.

The organization’s risk tolerance is high

D.

The organization’s risk tolerance is lo

Full Access
Question # 39

When dealing with a risk management process, asset classification is important because it will impact the overall:

A.

Threat identification

B.

Risk monitoring

C.

Risk treatment

D.

Risk tolerance

Full Access
Question # 40

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

A.

The asset owner

B.

The asset manager

C.

The data custodian

D.

The project manager

Full Access
Question # 41

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

A.

They are objective and can express risk / cost in real numbers

B.

They are subjective and can be completed more quickly

C.

They are objective and express risk / cost in approximates

D.

They are subjective and can express risk /cost in real numbers

Full Access
Question # 42

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

A.

Technology governance defines technology policies and standards while security governance does not.

B.

Security governance defines technology best practices and Information Technology governance does not.

C.

Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

D.

The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Full Access
Question # 43

Developing effective security controls is a balance between:

A.

Risk Management and Operations

B.

Corporate Culture and Job Expectations

C.

Operations and Regulations

D.

Technology and Vendor Management

Full Access
Question # 44

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Full Access
Question # 45

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

A.

Compliance to the Payment Card Industry (PCI) regulations.

B.

Alignment with financial reporting regulations for each country where they operate.

C.

Alignment with International Organization for Standardization (ISO) standards.

D.

Compliance with patient data protection regulations for each country where they operate.

Full Access
Question # 46

Payment Card Industry (PCI) compliance requirements are based on what criteria?

A.

The types of cardholder data retained

B.

The duration card holder data is retained

C.

The size of the organization processing credit card data

D.

The number of transactions performed per year by an organization

Full Access
Question # 47

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

A.

Risk Tolerance

B.

Qualitative risk analysis

C.

Risk Appetite

D.

Quantitative risk analysis

Full Access
Question # 48

What is the BEST way to achieve on-going compliance monitoring in an organization?

A.

Only check compliance right before the auditors are scheduled to arrive onsite.

B.

Outsource compliance to a 3rd party vendor and let them manage the program.

C.

Have Compliance and Information Security partner to correct issues as they arise.

D.

Have Compliance direct Information Security to fix issues after the auditors report.

Full Access
Question # 49

Which of the following intellectual Property components is focused on maintaining brand recognition?

A.

Trademark

B.

Patent

C.

Research Logs

D.

Copyright

Full Access
Question # 50

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Full Access
Question # 51

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

A.

non-repudiation

B.

conflict resolution

C.

strong authentication

D.

digital rights management

Full Access
Question # 52

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

A.

Execute

B.

Read

C.

Administrator

D.

Public

Full Access
Question # 53

Which of the following is the MAIN security concern for public cloud computing?

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Full Access
Question # 54

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Full Access
Question # 55

Physical security measures typically include which of the following components?

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Full Access
Question # 56

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Full Access
Question # 57

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Full Access
Question # 58

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Full Access
Question # 59

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Full Access
Question # 60

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Full Access
Question # 61

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Full Access
Question # 62

Which wireless encryption technology makes use of temporal keys?

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Full Access
Question # 63

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Full Access
Question # 64

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Full Access
Question # 65

Which of the following is a symmetric encryption algorithm?

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Full Access
Question # 66

The process of identifying and classifying assets is typically included in the

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Full Access
Question # 67

An anonymity network is a series of?

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Full Access
Question # 68

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Full Access
Question # 69

What type of attack requires the least amount of technical equipment and has the highest success rate?

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Full Access
Question # 70

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Full Access
Question # 71

What is the FIRST step in developing the vulnerability management program?

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Full Access
Question # 72

Which of the following statements about Encapsulating Security Payload (ESP) is true?

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Full Access
Question # 73

Which of the following information would MOST likely be reported at the board-level within an organization?

A.

System scanning trends and results as they pertain to insider and external threat sources

B.

The capabilities of a security program in terms of staffing support

C.

Significant risks and security incidents that have been discovered since the last assembly of the

membership

D.

The numbers and types of cyberattacks experienced by the organization since the last assembly of the

membership

Full Access
Question # 74

A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

A.

Moderate investment

B.

Passive monitoring

C.

Integrated security controls

D.

Dynamic deception

Full Access
Question # 75

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

A.

The CISO does not report directly to the CEO of the organization

B.

The CISO reports to the IT organization

C.

The CISO has not implemented a policy management framework

D.

The CISO has not implemented a security awareness program

Full Access
Question # 76

What are the primary reasons for the development of a business case for a security project?

A.

To estimate risk and negate liability to the company

B.

To understand the attack vectors and attack sources

C.

To communicate risk and forecast resource needs

D.

To forecast usage and cost per software licensing

Full Access
Question # 77

Which of the following would negatively impact a log analysis of a multinational organization?

A.

Centralized log management

B.

Encrypted log files in transit

C.

Each node set to local time

D.

Log aggregation agent each node

Full Access
Question # 78

Which of the following is an accurate description of a balance sheet?

A.

The percentage of earnings that are retained by the organization for reinvestment in the business

B.

The details of expenses and revenue over a long period of time

C.

A summarized statement of all assets and liabilities at a specific point in time

D.

A review of regulations and requirements impacting the business from a financial perspective

Full Access
Question # 79

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

When multiple regulations or standards apply to your industry you should set controls to meet the:

A.

Easiest regulation or standard to implement

B.

Stricter regulation or standard

C.

Most complex standard to implement

D.

Recommendations of your Legal Staff

Full Access
Question # 80

What is the primary reason for performing vendor management?

A.

To understand the risk coverage that are being mitigated by the vendor

B.

To establish a vendor selection process

C.

To document the relationship between the company and the vendor

D.

To define the partnership for long-term success

Full Access
Question # 81

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Full Access
Question # 82

As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with

third parties outside the organization. What protocol provides the ability to extend the network perimeter with

the use of encapsulation and encryption?

A.

File Transfer Protocol (FTP)

B.

Virtual Local Area Network (VLAN)

C.

Simple Mail Transfer Protocol

D.

Virtual Private Network (VPN)

Full Access
Question # 83

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

A.

Lack of compliance to the Payment Card Industry (PCI) standards

B.

Ineffective security awareness program

C.

Security practices not in alignment with ISO 27000 frameworks

D.

Lack of technical controls when dealing with credit card data

Full Access
Question # 84

Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

A.

Segmentation controls.

B.

Shadow applications.

C.

Deception technology.

D.

Vulnerability management.

Full Access
Question # 85

Which of the following best describes a portfolio?

A.

The portfolio is used to manage and track individual projects

B.

The portfolio is used to manage incidents and events

C.

A portfolio typically consists of several programs

D.

A portfolio delivers one specific service or program to the business

Full Access
Question # 86

Which of the following is the MOST effective method for discovering common technical vulnerabilities within the

IT environment?

A.

Reviewing system administrator logs

B.

Auditing configuration templates

C.

Checking vendor product releases

D.

Performing system scans

Full Access
Question # 87

The rate of change in technology increases the importance of:

A.

Outsourcing the IT functions.

B.

Understanding user requirements.

C.

Hiring personnel with leading edge skills.

D.

Implementing and enforcing good processes.

Full Access
Question # 88

Where does bottom-up financial planning primarily gain information for creating budgets?

A.

By adding all capital and operational costs from the prior budgetary cycle, and determining potential

financial shortages

B.

By reviewing last year’s program-level costs and adding a percentage of expected additional portfolio costs

C.

By adding the cost of all known individual tasks and projects that are planned for the next budgetary cycle

D.

By adding all planned operational expenses per quarter then summarizing them in a budget request

Full Access
Question # 89

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Once supervisors and data owners have approved requests, information system administrators will implement

A.

Technical control(s)

B.

Management control(s)

C.

Policy control(s)

D.

Operational control(s)

Full Access
Question # 90

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

A.

National Institute of Standards and Technology (NIST) Special Publication 800-53

B.

Payment Card Industry Digital Security Standard (PCI DSS)

C.

International Organization for Standardization – ISO 27001/2

D.

British Standard 7799 (BS7799)

Full Access
Question # 91

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team’s activities?

A.

Regular communication of incident status to executives

B.

Eradication of malware and system restoration

C.

Determination of the attack source

D.

Preservation of information

Full Access
Question # 92

When updating the security strategic planning document what two items must be included?

A.

Alignment with the business goals and the vision of the CIO

B.

The risk tolerance of the company and the company mission statement

C.

The executive summary and vision of the board of directors

D.

The alignment with the business goals and the risk tolerance

Full Access
Question # 93

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

A.

To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

B.

To provide a common basis for developing organizational security standards

C.

To provide effective security management practice and to provide confidence in inter-organizational dealings

D.

To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Full Access
Question # 94

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Full Access
Question # 95

The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

A.

Risk metrics

B.

Management metrics

C.

Operational metrics

D.

Compliance metrics

Full Access
Question # 96

The regular review of a firewall ruleset is considered a

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control

Full Access
Question # 97

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

Full Access
Question # 98

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

A.

Determine the annual loss expectancy (ALE)

B.

Create a crisis management plan

C.

Create technology recovery plans

D.

Build a secondary hot site

Full Access
Question # 99

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

A.

Internal Audit

B.

Database Administration

C.

Information Security

D.

Compliance

Full Access
Question # 100

Which of the following illustrates an operational control process:

A.

Classifying an information system as part of a risk assessment

B.

Installing an appropriate fire suppression system in the data center

C.

Conducting an audit of the configuration management process

D.

Establishing procurement standards for cloud vendors

Full Access
Question # 101

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

A.

Penetration testers

B.

External Audit

C.

Internal Audit

D.

Forensic experts

Full Access
Question # 102

Which of the following is a benefit of a risk-based approach to audit planning?

A.

Resources are allocated to the areas of the highest concern

B.

Scheduling may be performed months in advance

C.

Budgets are more likely to be met by the IT audit staff

D.

Staff will be exposed to a variety of technologies

Full Access
Question # 103

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Full Access
Question # 104

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

A.

Single loss expectancy multiplied by the annual rate of occurrence

B.

Total loss expectancy multiplied by the total loss frequency

C.

Value of the asset multiplied by the loss expectancy

D.

Replacement cost multiplied by the single loss expectancy

Full Access
Question # 105

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

A.

Management Control

B.

Technical Control

C.

Training Control

D.

Operational Control

Full Access
Question # 106

To have accurate and effective information security policies how often should the CISO review the organization policies?

A.

Every 6 months

B.

Quarterly

C.

Before an audit

D.

At least once a year

Full Access
Question # 107

Creating a secondary authentication process for network access would be an example of?

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Full Access
Question # 108

When you develop your audit remediation plan what is the MOST important criteria?

A.

To remediate half of the findings before the next audit.

B.

To remediate all of the findings before the next audit.

C.

To validate that the cost of the remediation is less than the risk of the finding.

D.

To validate the remediation process with the auditor.

Full Access
Question # 109

You have implemented the new controls. What is the next step?

A.

Document the process for the stakeholders

B.

Monitor the effectiveness of the controls

C.

Update the audit findings report

D.

Perform a risk assessment

Full Access
Question # 110

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Full Access
Question # 111

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

A.

Number of change orders rejected

B.

Number and length of planned outages

C.

Number of unplanned outages

D.

Number of change orders processed

Full Access
Question # 112

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Full Access
Question # 113

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

A.

Servers, routers, switches, modem

B.

Firewall, exchange, web server, intrusion detection system (IDS)

C.

Firewall, anti-virus console, IDS, syslog

D.

IDS, syslog, router, switches

Full Access
Question # 114

The patching and monitoring of systems on a consistent schedule is required by?

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Full Access
Question # 115

Which of the following is the MOST important goal of risk management?

A.

Identifying the risk

B.

Finding economic balance between the impact of the risk and the cost of the control

C.

Identifying the victim of any potential exploits.

D.

Assessing the impact of potential threats

Full Access
Question # 116

Many successful cyber-attacks currently include:

A.

Phishing Attacks

B.

Misconfigurations

C.

All of these

D.

Social engineering

Full Access
Question # 117

To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

A.

Compliance management

B.

Asset management

C.

Risk management

D.

Security management

Full Access
Question # 118

A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:

A.

Inability to export the private certificate/key

B.

It can double as physical identification at the DMV

C.

It has the user’s photograph to help ID them

D.

It can be used as a secure flash drive

Full Access
Question # 119

A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).

In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

A.

Recovery Point Objective (RPO)

B.

Mean Time to Delivery (MTD)

C.

Recovery Time Objective (RTO)

D.

Maximum Tolerable Downtime (MTD)

Full Access
Question # 120

What is a key policy that should be part of the information security plan?

A.

Account management policy

B.

Training policy

C.

Acceptable Use policy

D.

Remote Access policy

Full Access
Question # 121

XYZ is a publicly-traded software development company.

Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

A.

Chief Financial Officer (CFO)

B.

Chief Software Architect (CIO)

C.

CISO

D.

Chief Executive Officer (CEO)

Full Access
Question # 122

The main purpose of the SOC is:

A.

An organization which provides Tier 1 support for technology issues and provides escalation when needed

B.

A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities

C.

The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation

D.

A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware

Full Access
Question # 123

As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.

The performance quality audit activity is done in what project management process group?

A.

Executing

B.

Controlling

C.

Planning

D.

Closing

Full Access
Question # 124

Many successful cyber-attacks currently include:

A.

Phishing Attacks

B.

Misconfigurations

C.

Social engineering

D.

All of these

Full Access
Question # 125

Which of the following is the MOST important to share with an Information Security Steering Committee:

A.

Include a mix of members from different departments and staff levels

B.

Review audit and compliance reports

C.

Ensure that security policies and procedures have been vetted and approved

D.

Be briefed about new trends and products at each meeting by a vendor

Full Access
Question # 126

What is a Statement of Objectives (SOA)?

A.

A section of a contract that defines tasks to be performed under said contract

B.

An outline of what the military will do during war

C.

A document that outlines specific desired outcomes as part of a request for proposal

D.

Business guidance provided by the CEO

Full Access
Question # 127

Which of the following BEST mitigates ransomware threats?

A.

Phishing exercises

B.

Use immutable data storage

C.

Blocking use of wireless networks

D.

Application of multiple endpoint anti-malware solutions

Full Access
Question # 128

A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets.

What is the MAIN goal of threat hunting to the SecOps Manager?

A.

Improve discovery of valid detected events

B.

Enhance tuning of automated tools to detect and prevent attacks

C.

Replace existing threat detection strategies

D.

Validate patterns of behavior related to an attack

Full Access
Question # 129

What are the common data hiding techniques used by criminals?

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Full Access
Question # 130

The primary responsibility for assigning entitlements to a network share lies with which role?

A.

CISO

B.

Data owner

C.

Chief Information Officer (CIO)

D.

Security system administrator

Full Access
Question # 131

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Full Access
Question # 132

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

A.

The Federal Risk and Authorization Management Program (FedRAMP)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

Payment Card Industry (PCI) Data Security Standard (DSS)

Full Access
Question # 133

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

A.

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

B.

Contracting rules typically require you to have conversations with two or more groups

C.

Discussing decisions with a very large group of people always provides a better outcome

D.

It helps to avoid regulatory or internal compliance issues

Full Access
Question # 134

Which of the following is the MOST effective method to counter phishing attacks?

A.

User awareness and training

B.

Host based Intrusion Detection System (IPS)

C.

Acceptable use guide signed by all system users

D.

Antispam solution

Full Access
Question # 135

Who should be involved in the development of an internal campaign to address email phishing?

A.

Business unit leaders, CIO, CEO

B.

Business Unite Leaders, CISO, CIO and CEO

C.

All employees

D.

CFO, CEO, CIO

Full Access
Question # 136

What is the purpose of the statement of retained earnings of an organization?

A.

It represents the sum of all capital expenditures

B.

It represents the percentage of earnings that could in part be used to finance future security controls

C.

It represents the savings generated by the proper acquisition and implementation of security controls

D.

It has a direct correlation with the CISO’s budget

Full Access
Question # 137

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

A.

SaaS provider’s website certifications and representations (certs and reps)

B.

SOC-2 Report

C.

Metasploit Audit Report

D.

Statement from SaaS provider attesting their ability to secure your data

Full Access
Question # 138

The Board of Directors of a publicly-traded company is concerned about the security implications of a strategic project that will migrate 50% of the organization’s information technology assets to the cloud. They have requested a briefing on the project plan and a progress report of the security stream of the project. As the CISO, you have been tasked with preparing the report for the Chief Executive Officer to present.

Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?

A.

The project is over budget

B.

The project budget has reserves

C.

The project cost is in alignment with the budget

D.

The project is under budget

Full Access