Which of the following is the MOST important consideration when attempting to create a security-focused culture?
Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?
An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?
Which of the following is MOST important to include in a post-incident review following a data breach?
An organization ' s information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?
Which of the following activities MUST be performed by an information security manager for change requests?
An organization has suffered from a large-scale security event impacting a critical system. Following the decision to restore the system at an alternate location, which plan should be invoked?
When developing an asset classification program, which of the following steps should be completed FIRST?
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
A technical vulnerability assessment on a personnel information management server should be performed when:
An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?
Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
Which of the following is the MOST important consideration when defining control objectives?
As part of a risk assessment, a security control was discovered to be inadequate. When assigning a risk owner, which of the following attributes is MOST important to consider?
An organization has remediated a security flaw in a system. Which of the following should be done NEXT?
Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9
What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?
Which of the following BEST illustrates residual risk within an organization?
Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?
Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager ' s PRIMARY focus in this situation?
Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?
Which of the following is the MOST important consideration when planning to implement artificial intelligence to enhance an organization’s vulnerability and control deficiency analysis capabilities?
What is the PRIMARY benefit to an organization that maintains an information security governance framework?
Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?
An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?
An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager ' s FIRST course of action?
Which of the following would be MOST helpful when creating information security policies?
Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?
Which of the following is the BEST way to monitor the effectiveness of security controls?
Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
A global organization is developing an incident response team. The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events. Which of the following BEST supports these objectives?
Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?
Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization ' s information security requirements?
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
Which of the following should be an information security manager ' s PRIMARY concern when an organization is expanding business to a new country?
To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:
Which of the following would BEST help to ensure compliance with an organization ' s information security requirements by an IT service provider?
An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?
Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?
An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?
Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?
Which of the following processes is MOST important for the success of a business continuity plan (BCP)?
Which of the following would BEST justify continued investment in an information security program?
Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
Which of the following is the PRIMARY reason for conducting an incident response tabletop exercise?
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
The BEST way to integrate information security governance with corporate governance is to ensure:
During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?
Which of the following sources is MOST useful when planning a business-aligned information security program?
To inform a risk treatment decision, which of the following should the information security manager compare with the organization ' s risk appetite?
Which of the following BEST enables an organization to identify and contain security incidents?
Which of the following is the PRIMARY purpose of an acceptable use policy?
A global organization is planning to expand its operations into a new country with stricter data protection regulations than those in the headquarters ' home country. Which of the following is the BEST approach for adopting these new requirements?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?
What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?
Which of the following is a function of the information security steering committee?
A penetration test against an organization ' s external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?
An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?
Who is BEST positioned to take ownership of critical IT security risks identified in an application?
Which of the following BEST facilitates an information security manager ' s efforts to obtain senior management commitment for an information security program?
An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?
Of the following, who is BEST positioned to approve specific information security risk treatment options?
Which of the following should be the MOST important consideration when reviewing an information security strategy?
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
An organization ' s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
Which of the following is MOST important when designing security controls for new cloud-based services?
An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
Which of the following BEST demonstrates the added value of an information security program?
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?
Which of the following BEST indicates misalignment of security policies with business objectives?
Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager ' s BEST course of action when developing security standards for mobile access to the organization ' s network?
Results from which of the following would BEST provide an understanding of the effectiveness of an organization’s information security program?
In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?
An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:
Which of the following is the BEST indication ofa successful information security culture?
Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?
Which of the following BEST indicates senior management support for an information security program?
Which of the following is the PRIMARY objective of the incident management recovery phase?
Which of the following BEST enables an organization to effectively manage emerging cyber risk?
Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?
A software vendor has announced a zero-day vulnerability that exposes an organization ' s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?
What is the BEST way to address vulnerabilities associated with a recent increase in the number of zero-day attacks?
When a critical system incident is reported, the FIRST step of the incident handler should be to:
Which of the following is ESSENTIAL to ensuring effective incident response?
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:
Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?
Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?
Of the following, who is BEST suited to own the risk discovered in an application?
Which of the following is the BEST indication that an organization has integrated information security governance with corporate governance?
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
When investigating an information security incident, details of the incident should be shared:
Which of the following provides the BEST assurance that security policies are applied across business operations?
Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?
Which of the following would pose the GREATEST risk to the preparedness of an incident response team?
An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?
Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:
An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?
Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
Which of the following BEST supports investments in an information security program?
Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?
Which of the following defines the triggers within a business continuity plan (BCP)? @
Which of the following is MOST useful to an information security manager when reporting the performance of the information security program to senior management?
An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?
Which of the following presents the GREATEST challenge to a security operations center ' s wna GY of potential security breaches?
Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
It is MOST important that risk owners understand they are accountable for:
A new risk has been identified in a high availability system. The BEST course of action is to:
Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Which of the following provides the BEST indication of the return on information security investment?
Which of the following is the MOST important objective of post-incident review activities?
Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?
Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?
A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?
Which of the following should review and approve the objectives within an organization’s information security framework?
A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?
Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
Which of the following BEST supports the adoption of effective information security practices throughout an organization?
Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?
Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?
Which of the following is the MOST important consideration when developing an approach to effectively contain security incidents?
Which of the following tools would be MOST helpful to an incident response team?
Which of the following principles BEST addresses the protection of data from unauthorized modification?
During which phase of a security event should an incident response team be INITIALLY engaged?
Which of the following should be the PRIMARY consideration when developing an incident response plan?
Which of the following BEST indicates that information assets are classified accurately?
Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?
The BEST way to identify the risk associated with a social engineering attack is to:
Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?
Which risk is introduced when using only sanitized data for the testing of applications?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?
What should an information security manager verify FIRST when reviewing an information asset management program?
A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?
In the context of DevSecOps, which of the following BEST enables the identification of vulnerabilities before software is released?
Which of the following is the MOST useful input for an information security manager when updating the organization’s security policy?
Which of the following is the MOST important objective when planning an incident response program?
Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?
Which of the following roles is MOST appropriate to determine access rights for specific users of an application?
Which of the following should include contact information for representatives of equipment and software vendors?
An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?
Which of the following is the BEST control to protect customer personal information that is stored in the cloud?
A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?
Which of the following would provide the BEST evidence to senior management that security control performance has improved?
An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?
Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
Which of the following is the PRIMARY objective of a cyber resilience strategy?
An organization ' s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?
Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?
A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?
Which of the following BEST helps to ensure risk appetite is considered during the risk treatment process?
An organization has decided to implement an Internet of Things (IoT) solution to remain competitive in the market. Which of the following should information security do FIRST?
Which of the following has the GREATEST impact on the ability to successfully execute a disaster recovery plan (DRP)?
The contribution of recovery point objective (RPO) to disaster recovery is to:
An organization ' s automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?
What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?
An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?
Which of the following is the MOST effective way to identify changes in an information security environment?
What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?
Which of the following events would MOST likely require a revision to the information security program?
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
Which of the following BEST supports information security management in the event of organizational changes in security personnel?
Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?
Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?
Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?
Which of the following BEST determines the data retention strategy and subsequent policy for an organization?
Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?
Which of the following is the BEST security control to minimize the risk of successful ransomware attacks?
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?
Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?
Which of the following is MOST important to verify during a test of an organization’s incident response process?
Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
After a server has been attacked, which of the following is the BEST course of action?
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?
Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?
To optimize the implementation of information security governance in an organization, an information security manager should:
What should an information security manager do FIRST when an organization is planning to use a third-party cloud computing service for a critical business process?
An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?
Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:
What is the role of the information security manager in finalizing contract negotiations with service providers?
What should be an information security manager ' s FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager ' s GREATEST concern with this situation?
An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager ' s MAIN concern?
Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?
Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?
In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?
A business unit recently integrated the organization ' s new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager ' s BEST course of action to address this situation?
After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?
An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?
To help ensure that an information security training program is MOST effective, its contents should be:
A healthcare company is working with a virtual reality (VR) vendor to provide a training solution for customers of the organization’s products. Which of the following is MOST important to include in the contract?
Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?
Which of the following BEST enables an organization to evaluate the security posture of a cloud service?
Which of the following is MOST important to ensuring that incident management plans are executed effectively?
An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization ' s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?
Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
A finance department director has decided to outsource the organization ' s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?
As part of incident response activities, the BEST time to begin the recovery process is after:
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
A business impact analysis (BIA) BEST enables an organization to establish:
An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk ' '
Which of the following is the MOST important consideration when establishing an organization ' s information security governance committee?
Which of the following events is MOST likely to require an organization to revisit its information security framework?
When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:
Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?
Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
Which of the following is MOST important to have in place for an organization ' s information security program to be effective?
Which of the following is the MOST effective way to protect the authenticity of data in transit?
Which of the following is the MAIN feature of a web application firewall?
Which of the following is MOST important to ensure incident management readiness?
In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager ' s FIRST course of action?
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
Which of the following is the PRIMARY reason to perform a business impact analysis (BIA)?
Which of the following is the MOST important constraint to be considered when developing an information security strategy?
An incident response team has been alerted to suspicious communications between an end user’s workstation and a possibly infected external server. Which of the following should be done NEXT?
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Which of the following is MOST important to include in an information security strategy?
An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
Which of the following is MOST important for building 4 robust information security culture within an organization?
Which of the following should be done NEXT following senior management ' s decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?
The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager ' s FIRST course of action should be to:
An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager ' s BEST course of action?
The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:
Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?
Which of the following has the GREATEST influence on an organization ' s information security strategy?
Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?
Which of the following is established during the preparation phase of an incident response plan?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following has the GREATEST influence on the successful integration of information security within the business?
Conducting log analysis falls into which phase of the incident management life cycle?
Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?
Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager ' s BEST approach for communicating the implications of this transition to the board of directors?
An organization has recently purchased cybersecurity insurance after the board voiced concern about the potential for a security breach. With this response to the perceived risk, the organization:
Which of the following should be implemented to BEST reduce the likelihood of a security breach?
Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
Which of the following is MOST important in increasing the effectiveness of incident responders?
Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?
A common drawback of email software packages that provide native encryption of messages is that the encryption:
Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of
confidentiality?
Which of the following is the MOST effective way to increase security awareness in an organization?
A small organization needs to use a solution that is out of support in order to meet business objectives. Which of the following is the information security manager’s BEST course of action to manage the associated risk?
Which of the following is MOST appropriate to communicate to senior management regarding information risk?
Which of the following is the MOST effective way to detect information security incidents?
When developing a categorization method for security incidents, the categories MUST:
When establishing an information security governance framework, it is MOST important for an information security manager to understand:
Which of the following establishes the minimum technical baseline for security controls?
For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?
Which of the following is the BEST tool to monitor the effectiveness of information security governance?
Which of the following is the MOST important benefit of using a cloud access security broker when migrating to a cloud environment?
Which of the following should be the FIRST step in developing an information security strategy?
An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?
Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?
An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?
Which of the following is the BEST indicator of an organization ' s information security status?
The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?
A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:
The MOST important element in achieving executive commitment to an information security governance program is:
Which of the following should be of GREATEST concern to an information security manager when evaluating a cloud service provider?
Which of the following would be MOST important to include in communications to customers impacted by an information security incident?
To align with the principles of Zero Trust, which of the following is the MOST important course of action when engaging with external parties?
Which is following should be an information security manager ' s PRIMARY focus during the development of a critical system storing highly confidential data?
Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?
Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?
A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?
Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?
Which of the following should be triggered FIRST when unknown malware has infected an organization ' s critical system?
A department has reported that a security control is no longer effective. Which of the following is the information security manager ' s BEST course of action?
An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager ' s BEST action?
Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?
What should be an information security manager ' s MOST important consideration when developing a multi-year plan?
Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?
If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?
An organization is selecting security metrics to measure security performance, and a firewall specialist suggests tracking the number of external attacks blocked by the firewalls. Which of the following is the GREATEST concern with using this metric?
Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:
Which of the following is MOST important to consider when determining asset valuation?
Which of the following should be the PRIMARY basis for the development of a business case to obtain support for an information security project?
Following an employee security awareness training program, what should be the expected outcome?
Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?
Which of the following should be the FIRST consideration for an information security manager after a security incident has been confirmed?