Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CISM Questions and Answers

Question # 6

Which of the following is the MOST important consideration when attempting to create a security-focused culture?

A.

Current security strategy benchmarks against peer organizations

B.

The regional rules and legislation regarding information security

C.

The current security awareness level of the employees

D.

The organization’s existing security policies, procedures, and frameworks

Full Access
Question # 7

Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?

A.

Heightened awareness of information security strategies

B.

Improved process resiliency in the event of attacks

C.

Promotion of security-by-design principles to the business

D.

Management accountability for information security

Full Access
Question # 8

An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?

A.

Conduct an internal audit.

B.

Conduct penetration testing.

C.

Perform a vulnerability assessment.

D.

Prepare compensating controls.

Full Access
Question # 9

Which of the following is MOST important to include in a post-incident review following a data breach?

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Full Access
Question # 10

An organization ' s information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?

A.

No owners were identified for some risks.

B.

Business applications had the highest number of risks.

C.

Risk mitigation action plans had no timelines.

D.

Risk mitigation action plan milestones were delayed.

Full Access
Question # 11

Which of the following activities MUST be performed by an information security manager for change requests?

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Full Access
Question # 12

An organization has suffered from a large-scale security event impacting a critical system. Following the decision to restore the system at an alternate location, which plan should be invoked?

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Communications plan

Full Access
Question # 13

When developing an asset classification program, which of the following steps should be completed FIRST?

A.

Categorize each asset.

B.

Create an inventory. &

C.

Create a business case for a digital rights management tool.

D.

Implement a data loss prevention (OLP) system.

Full Access
Question # 14

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

A.

Current resourcing levels

B.

Availability of potential resources

C.

Information security strategy

D.

Information security incidents

Full Access
Question # 15

A technical vulnerability assessment on a personnel information management server should be performed when:

A.

the data owner leaves the organization unexpectedly.

B.

changes are made to the system configuration.

C.

the number of unauthorized access attempts increases.

D.

an unexpected server outage has occurred.

Full Access
Question # 16

An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?

A.

Review of the audit logs

B.

Ownership of the data

C.

Employee ' s job role

D.

Valid use case

Full Access
Question # 17

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Full Access
Question # 18

Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?

A.

A security information and event management (SIEM) system

B.

An intrusion prevention system (IPS)

C.

A virtual private network (VPN) with multi-factor authentication (MFA)

D.

An identity and access management (IAM) system

Full Access
Question # 19

Which of the following is the MOST important consideration when defining control objectives?

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Full Access
Question # 20

As part of a risk assessment, a security control was discovered to be inadequate. When assigning a risk owner, which of the following attributes is MOST important to consider?

A.

The risk owner is able to reassess the risk following remediation.

B.

The risk owner has the authority to take action on the risk.

C.

The risk owner is able to make timely updates to the risk register.

D.

The risk owner also owns the associated control that failed.

Full Access
Question # 21

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

A.

Assess the residual risk.

B.

Share lessons learned with the organization.

C.

Update the system ' s documentation.

D.

Allocate budget for penetration testing.

Full Access
Question # 22

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

A.

Projected Increase in maturity level

B.

Estimated reduction in risk

C.

Projected costs over time

D.

Estimated increase in efficiency

Full Access
Question # 23

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

A.

A validation of the current firewall rule set

B.

A port scan of the firewall from an internal source

C.

A ping test from an external source

D.

A simulated denial of service (DoS) attack against the firewall

Full Access
Question # 24

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

A.

Vendor service level agreements (SLAs)

B.

Independent review of the vendor

C.

Local laws and regulations

D.

Backup and restoration of data

Full Access
Question # 25

The PRIMARY goal of a post-incident review should be to:

A.

establish the cost of the incident to the business.

B.

determine why the incident occurred.

C.

identify policy changes to prevent a recurrence.

D.

determine how to improve the incident handling process.

Full Access
Question # 26

Which of the following BEST illustrates residual risk within an organization?

A.

Heat map

B.

Risk management framework

C.

Business impact analysis (BIA)

D.

Balanced scorecard

Full Access
Question # 27

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

A.

Execution of unauthorized commands

B.

Prevention of authorized access

C.

Defacement of website content

D.

Unauthorized access to resources

Full Access
Question # 28

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Full Access
Question # 29

A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager ' s PRIMARY focus in this situation?

A.

Establishing a strong ongoing risk monitoring process

B.

Presenting the risk profile for approval by the risk owner

C.

Conducting an independent review of risk responses

D.

Updating the information security standards to include the accepted risk

Full Access
Question # 30

Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

A.

A patch management process

B.

Version control

C.

Change management controls

D.

Logical access controls

Full Access
Question # 31

Which of the following is the MOST important consideration when planning to implement artificial intelligence to enhance an organization’s vulnerability and control deficiency analysis capabilities?

A.

The alignment of artificial intelligence tools with the organization’s existing security policies

B.

The adaptability and scalability of artificial intelligence tools

C.

The interoperability of artificial intelligence tools with the existing security infrastructure and technologies

D.

The artificial intelligence-related training requirements for existing security staff

Full Access
Question # 32

What is the PRIMARY benefit to an organization that maintains an information security governance framework?

A.

Resources are prioritized to maximize return on investment (ROI)

B.

Information security guidelines are communicated across the enterprise_

C.

The organization remains compliant with regulatory requirements.

D.

Business risks are managed to an acceptable level.

Full Access
Question # 33

Detailed business continuity plans (BCPs) should be PRIMARILY based on:

A.

strategies validated by senior management.

B.

capabilities of available local vendors.

C.

strategies that cover all applications.

D.

cost and resources needed to execute.

Full Access
Question # 34

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Full Access
Question # 35

An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?

A.

Enforce sanctions on the business unit.

B.

Revise the policy to accommodate the business unit.

C.

Report the business unit for policy noncompliance.

D.

Review the business unit’s function against the policy.

Full Access
Question # 36

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager ' s FIRST course of action?

A.

Identify the skill set of the provider ' s incident response team.

B.

Evaluate the provider ' s audit logging and monitoring controls.

C.

Review the provider’s incident definitions and notification criteria.

D.

Update the incident escalation process.

Full Access
Question # 37

Which of the following would be MOST helpful when creating information security policies?

A.

The information security framework

B.

Business impact analysis (BIA)

C.

Information security metrics

D.

Risk assessment results

Full Access
Question # 38

Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?

A.

Senior management supports funding for ongoing awareness training.

B.

Employees from each department have completed the required training.

C.

There has been an increase in the number of phishing attempts reported.

D.

There have been no reported successful phishing attempts since the training started.

Full Access
Question # 39

Which of the following is the BEST way to monitor the effectiveness of security controls?

A.

Benchmark security controls against similar organizations

B.

Review application and system audit logs

C.

Establish and report security metrics

D.

Conduct regular threat assessments

Full Access
Question # 40

Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?

A.

Adhere to regulatory requirements

B.

Conduct security awareness

C.

Document and distribute security procedures

D.

Communicate and enforce security policies

Full Access
Question # 41

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Full Access
Question # 42

A global organization is developing an incident response team. The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events. Which of the following BEST supports these objectives?

A.

Virtual incident response team

B.

Distributed incident response team

C.

Outsourced incident response team

D.

Centralized incident response team

Full Access
Question # 43

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

A.

To compare emerging trends with the existing organizational security posture

B.

To communicate worst-case scenarios to senior management

C.

To train information security professionals to mitigate new threats

D.

To determine opportunities for expanding organizational information security

Full Access
Question # 44

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization ' s information security requirements?

A.

Alive demonstration of the third-party supplier ' s security capabilities

B.

The ability to i third-party supplier ' s IT systems and processes

C.

Third-party security control self-assessment (CSA) results

D.

An independent review report indicating compliance with industry standards

Full Access
Question # 45

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

A.

)the information security officer.

B.

the steering committee.

C.

the board of directors.

D.

the internal audit manager.

Full Access
Question # 46

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

A.

Lack of a risk framework

B.

Ineffective security controls

C.

Presence of known vulnerabilities

D.

Incomplete identification of threats

Full Access
Question # 47

Which of the following should be an information security manager ' s PRIMARY concern when an organization is expanding business to a new country?

A.

Compliance with local regulations

B.

Changes in IT infrastructure

C.

Cultural differences in the new country

D.

Ability to gather customer data

Full Access
Question # 48

To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:

A.

isolate the infected systems.

B.

preserve the evidence.

C.

image the infected systems.

D.

clean the malware.

Full Access
Question # 49

Which of the following would BEST help to ensure compliance with an organization ' s information security requirements by an IT service provider?

A.

Requiring an external security audit of the IT service provider

B.

Requiring regular reporting from the IT service provider

C.

Defining information security requirements with internal IT

D.

Defining the business recovery plan with the IT service provider

Full Access
Question # 50

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?

A.

Establish processes to publish content on social networks.

B.

Assess the security risk associated with the use of social networks.

C.

Conduct vulnerability assessments on social network platforms.

D.

Develop security controls for the use of social networks.

Full Access
Question # 51

Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?

A.

Risk heat map.

B.

Security benchmark report.

C.

Security metrics dashboard.

D.

Key risk indicators (KRIs).

Full Access
Question # 52

An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?

A.

Conduct a risk assessment and share the result with senior management.

B.

Revise the incident response plan-to align with business processes.

C.

Provide incident response training to data custodians.

D.

Provide incident response training to data owners.

Full Access
Question # 53

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

A.

Monitor the effectiveness of controls

B.

Update the risk assessment framework

C.

Review the inherent risk level

D.

Review the risk probability and impact

Full Access
Question # 54

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Full Access
Question # 55

Which of the following would BEST justify continued investment in an information security program?

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Full Access
Question # 56

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

A.

Management ' s business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Full Access
Question # 57

Which of the following is the PRIMARY reason for conducting an incident response tabletop exercise?

A.

To define incident response resource needs

B.

To mature the organization’s information security program

C.

To prepare the incident response team for a real-world event

D.

To provide the status of incident response preparedness to leadership

Full Access
Question # 58

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

A.

Security risk assessment

B.

Security operations program

C.

Information security policy

D.

Business impact analysis (BIA)

Full Access
Question # 59

The BEST way to integrate information security governance with corporate governance is to ensure:

A.

the information security steering committee monitors compliance with security policies.

B.

management teams embed information security into business processes.

C.

awareness programs include industry best practice for information security governance.

D.

the information security program is included in regular external audits.

Full Access
Question # 60

During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?

A.

Providing annual information security awareness training

B.

Conducting periodic vulnerability scanning

C.

Implementing a strict change control process

D.

Updating configuration baselines

Full Access
Question # 61

Which of the following sources is MOST useful when planning a business-aligned information security program?

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Full Access
Question # 62

To inform a risk treatment decision, which of the following should the information security manager compare with the organization ' s risk appetite?

A.

Gap analysis results

B.

Level of residual risk

C.

Level of risk treatment

D.

Configuration parameters

Full Access
Question # 63

Which of the following BEST enables an organization to identify and contain security incidents?

A.

Risk assessments

B.

Threat modeling

C.

Continuous monitoring

D.

Tabletop exercises

Full Access
Question # 64

Which of the following is the PRIMARY purpose of an acceptable use policy?

A.

To provide steps for carrying out security-related procedures

B.

To facilitate enforcement of security process workflows

C.

To protect the organization from misuse of information assets

D.

To provide minimum security baselines for information assets

Full Access
Question # 65

An incident response policy should include:

A.

A description of testing methodology.

B.

Notification requirements.

C.

An infrastructure diagram.

D.

Recovery time objectives (RTOs).

Full Access
Question # 66

A global organization is planning to expand its operations into a new country with stricter data protection regulations than those in the headquarters ' home country. Which of the following is the BEST approach for adopting these new requirements?

A.

Adjust organization-wide security polices to align with regulations of the new country.

B.

Ensure local operations comply with geographical data protection laws of the headquarters.

C.

Work with legal to interpret the local regulatory requirements and implement applicable controls.

D.

Procure cybersecurity insurance that covers potential breaches and incidents in the new country.

Full Access
Question # 67

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Full Access
Question # 68

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

A.

Right of the subscriber to conduct onsite audits of the vendor

B.

Escrow of software code with conditions for code release

C.

Authority of the subscriber to approve access to its data

D.

Commingling of subscribers ' data on the same physical server

Full Access
Question # 69

The PRIMARY goal to a post-incident review should be to:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Full Access
Question # 70

What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?

A.

Report the noncompliance to senior management.

B.

Assess the risk of noncompliance.

C.

Activate the incident response plan.

D.

Evaluate possible compensating controls.

Full Access
Question # 71

Which of the following is a function of the information security steering committee?

A.

Deliver external communication during incident response.

B.

Align the security framework with security standards.

C.

Align security strategy with business objectives.

D.

Monitor regulatory requirements.

Full Access
Question # 72

A penetration test against an organization ' s external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

A.

A rules of engagement form was not signed prior to the penetration test

B.

Vulnerabilities were not found by internal tests

C.

Vulnerabilities were caused by insufficient user acceptance testing (UAT)

D.

Exploit code for one of the vulnerabilities is publicly available

Full Access
Question # 73

An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?

A.

Operations manager

B.

Service owner

C.

Information security manager

D.

Incident response team

Full Access
Question # 74

Who is BEST positioned to take ownership of critical IT security risks identified in an application?

A.

Chief information officer (CIO)

B.

Chief information security officer (CISO)

C.

Business application owner

D.

Lead application developer

Full Access
Question # 75

Which of the following BEST facilitates an information security manager ' s efforts to obtain senior management commitment for an information security program?

A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Full Access
Question # 76

An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?

A.

Identified vulnerabilities are not published and communicated in awareness programs.

B.

Identified vulnerabilities are not logged and resolved in a timely manner.

C.

The number of vulnerabilities identified exceeds industry benchmarks. D. Vulnerabilities are identified by internal staff rather than by external consultants.

Full Access
Question # 77

Of the following, who is BEST positioned to approve specific information security risk treatment options?

A.

Risk owner

B.

Information security manager

C.

Head of risk management

D.

Senior management

Full Access
Question # 78

Which of the following should be the MOST important consideration when reviewing an information security strategy?

A.

Recent security incidents

B.

New business initiatives

C.

Industry security standards

D.

Internal audit findings

Full Access
Question # 79

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel ' s opinion on the standard ' s applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Full Access
Question # 80

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

A.

enhance the organization ' s antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization ' s detective controls.

D.

reduce the need for a security awareness program.

Full Access
Question # 81

An organization ' s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

A.

Store disaster recovery documentation in a public cloud.

B.

Maintain an outsourced contact center in another country.

C.

Require disaster recovery documentation be stored with all key decision makers.

D.

Provide annual disaster recovery training to appropriate staff.

Full Access
Question # 82

Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?

A.

To improve awareness of information security

B.

To disclose the root cause of the incident

C.

To increase goodwill toward the organization

D.

To comply with regulations regarding notification

Full Access
Question # 83

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

A.

Legal

B.

Information security

C.

Help desk

D.

Human resources (HR)

Full Access
Question # 84

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Full Access
Question # 85

Which of the following is MOST important when designing security controls for new cloud-based services?

A.

Evaluating different types of deployment models according to the associated risks

B.

Understanding the business and IT strategy for moving resources to the cloud

C.

Defining an incident response policy to protect data moving between onsite and cloud applications

D.

Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies

Full Access
Question # 86

Which of the following is an example of a deterrent control?

A.

Separation of responsibilities

B.

Periodic data restoration

C.

An intrusion detection system

D.

A warning banner

Full Access
Question # 87

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party ' s service level agreement (SLA) does not include guarantees of uptime.

Full Access
Question # 88

Which of the following BEST demonstrates the added value of an information security program?

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Full Access
Question # 89

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization ' s incident response process.

Full Access
Question # 90

Which of the following BEST indicates misalignment of security policies with business objectives?

A.

Low completion rate of employee awareness training

B.

Lack of adequate funding for the security program

C.

A large number of long-term policy exceptions

D.

A large number of user noncompliance incidents

Full Access
Question # 91

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager ' s BEST course of action when developing security standards for mobile access to the organization ' s network?

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Full Access
Question # 92

Results from which of the following would BEST provide an understanding of the effectiveness of an organization’s information security program?

A.

Security spot checks

B.

Internal audits

C.

Enterprise risk assessments

D.

Control self-assessments (CSAs)

Full Access
Question # 93

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A.

Access to the hardware

B.

Data encryption

C.

Non-standard event logs

D.

Compressed customer data

Full Access
Question # 94

An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:

A.

Assign accountability for monitoring social media

B.

Identify security monitoring tools

C.

Evaluate risks to the organization

D.

Develop security awareness training

Full Access
Question # 95

Which of the following is the BEST indication ofa successful information security culture?

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Full Access
Question # 96

Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?

A.

Business impact analysis (BIA)

B.

Risk register

C.

Penetration testing

D.

Vulnerability assessment

Full Access
Question # 97

Which of the following BEST indicates senior management support for an information security program?

A.

Top-down communication

B.

Regular security awareness training

C.

Steering committee involvement

D.

Participation in a certification program

Full Access
Question # 98

Which of the following is the PRIMARY objective of the incident management recovery phase?

A.

To recover business operation support

B.

To perform a lessons-learned review

C.

To document actions taken to restore IT systems

D.

To bring IT services back online

Full Access
Question # 99

Which of the following BEST enables an organization to effectively manage emerging cyber risk?

A.

Periodic internal and external audits

B.

Clear lines of responsibility

C.

Sufficient cyber budget allocation

D.

Cybersecurity policies

Full Access
Question # 100

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

A.

Integrity

B.

Authenticity

C.

Confidentiality

D.

Nonrepudiation

Full Access
Question # 101

A software vendor has announced a zero-day vulnerability that exposes an organization ' s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

A.

Ability to test the patch prior to deployment

B.

Documentation of patching procedures

C.

Adequacy of the incident response plan

D.

Availability of resources to implement controls

Full Access
Question # 102

What is the BEST way to address vulnerabilities associated with a recent increase in the number of zero-day attacks?

A.

Implement USB port control throughout the company.

B.

Implement automated antivirus updates.

C.

Implement a behavior anomaly detection solution.

D.

Develop a patching program.

Full Access
Question # 103

When a critical system incident is reported, the FIRST step of the incident handler should be to:

A.

Notify the appropriate parties

B.

Determine the scope of the incident

C.

Validate the incident

D.

Power off the system

Full Access
Question # 104

Which of the following is ESSENTIAL to ensuring effective incident response?

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Full Access
Question # 105

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

A.

Incorporating lessons learned

B.

Implementing an IT resilience solution

C.

Implementing management reviews

D.

Documenting critical business processes

Full Access
Question # 106

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

A.

consistent security.

B.

comprehensive audits

C.

a security-aware culture

D.

compliance with policy

Full Access
Question # 107

Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

A.

Increasing false negatives

B.

Decreasing false negatives

C.

Decreasing false positives

D.

Increasing false positives

Full Access
Question # 108

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Full Access
Question # 109

Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?

A.

Establish an information security steering committee.

B.

Employ a process-based approach for information asset classification.

C.

Utilize an industry-recognized risk management framework.

D.

Provide security awareness training to board executives.

Full Access
Question # 110

What will BEST facilitate the success of new security initiatives?

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Full Access
Question # 111

Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?

A.

Conducting periodic vulnerability assessments

B.

Communicating business impact analysis (BIA) results

C.

Establishing effective stakeholder relationships

D.

Defining the organization ' s risk management framework

Full Access
Question # 112

Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?

A.

It offers the organization flexible deployment options using cloud infrastructure.

B.

It allows the organization to prioritize its core operations.

C.

It is more secure than traditional data backup architecture.

D.

It allows the use of a professional response team at a lower cost.

Full Access
Question # 113

Of the following, who is BEST suited to own the risk discovered in an application?

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Full Access
Question # 114

Which of the following is the BEST indication that an organization has integrated information security governance with corporate governance?

A.

Security performance metrics are measured against business objectives.

B.

Impact is measured according to business loss when assessing IT risk.

C.

Security policies are reviewed whenever business objectives are changed.

D.

Service levels for security vendors are defined according to business needs.

Full Access
Question # 115

What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

A.

Developing a dashboard for communicating the metrics

B.

Agreeing on baseline values for the metrics

C.

Benchmarking the expected value of the metrics against industry standards

D.

Aligning the metrics with the organizational culture

Full Access
Question # 116

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Full Access
Question # 117

When investigating an information security incident, details of the incident should be shared:

A.

widely to demonstrate positive intent.

B.

only with management.

C.

only as needed,

D.

only with internal audit.

Full Access
Question # 118

Which of the following provides the BEST assurance that security policies are applied across business operations?

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Full Access
Question # 119

Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?

A.

Streamlining of event triage and implementation of incident response procedures

B.

Allocation of budget for technical security controls and enhancements to security culture

C.

Assurance of compliance with industry-specific regulations and improvement to business processes

D.

Identification of critical business functions and prioritization of recovery efforts

Full Access
Question # 120

Which of the following would pose the GREATEST risk to the preparedness of an incident response team?

A.

Lack of formal incident response scenarios

B.

A change in information security management

C.

Outdated incident response plans

D.

New attack vectors used by hackers

Full Access
Question # 121

Which of the following is the responsibility of a risk owner?

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Full Access
Question # 122

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

A.

Conduct phishing awareness training.

B.

Implement disciplinary procedures.

C.

Establish an acceptable use policy.

D.

Assess and update spam filtering rules.

Full Access
Question # 123

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?

A.

Information security manager

B.

Information security steering committee

C.

Information owner

D.

Senior management

Full Access
Question # 124

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

A.

the security organization structure.

B.

international security standards.

C.

risk assessment results.

D.

the most stringent requirements.

Full Access
Question # 125

An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?

A.

Information security threat profile

B.

Information security policy

C.

Information security objectives

D.

Information security strategy

Full Access
Question # 126

Which of the following risk responses is an example of risk transfer?

A.

Utilizing third-party applications

B.

Purchasing cybersecurity insurance

C.

Moving risk ownership to another department

D.

Conducting off-site backups

Full Access
Question # 127

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

A.

Implement a mobile device policy and standard.

B.

Provide employee training on secure mobile device practices.

C.

Implement a mobile device management (MDM) solution.

D.

Require employees to install an effective anti-malware app.

Full Access
Question # 128

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

A.

Availability of resources

B.

Root cause analysis results

C.

Adverse effects on the business

D.

Legal and regulatory requirements

Full Access
Question # 129

Which of the following BEST supports investments in an information security program?

A.

Business cases

B.

Business impact analysis (BIA)

C.

Gap analysis results

D.

Risk assessment results

Full Access
Question # 130

Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?

A.

Conduct a business impact analysis (BIA).

B.

Conduct periodic awareness training.

C.

Perform a security gap analysis.

D.

Perform network penetration testing.

Full Access
Question # 131

Which of the following defines the triggers within a business continuity plan (BCP)? @

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Full Access
Question # 132

Which of the following is MOST useful to an information security manager when reporting the performance of the information security program to senior management?

A.

Number of policy exceptions

B.

Number of incidents identified and remediated

C.

System vulnerability scan results

D.

Results of an independent security audit

Full Access
Question # 133

An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?

A.

Allow the practice to continue temporarily for monitoring purposes.

B.

Disable the employees ' remote access to company email and data

C.

Initiate remote wipe of the devices

D.

Assess the business need to provide a secure solution

Full Access
Question # 134

Which of the following presents the GREATEST challenge to a security operations center ' s wna GY of potential security breaches?

A.

IT system clocks are not synchronized with the centralized logging server.

B.

Operating systems are no longer supported by the vendor.

C.

The patch management system does not deploy patches in a timely manner.

D.

An organization has a decentralized data center that uses cloud services.

Full Access
Question # 135

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Full Access
Question # 136

It is MOST important that risk owners understand they are accountable for:

A.

Reporting risk metrics and control compliance status to the information security manager

B.

Escalating control deficiencies associated with the risk to the steering committee for decision making

C.

Collaborating with stakeholders to evaluate the effectiveness of controls associated with the risk

D.

Overseeing and monitoring the effectiveness of controls associated with the risk

Full Access
Question # 137

A new risk has been identified in a high availability system. The BEST course of action is to:

A.

Perform a cost-benefit analysis for mitigating controls

B.

Recommend risk acceptance to the business owner

C.

Develop and implement a plan to mitigate the identified risk

D.

Evaluate and prioritize the identified risk

Full Access
Question # 138

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

A.

Updated security policies

B.

Defined security standards

C.

Threat intelligence

D.

Regular antivirus updates

Full Access
Question # 139

Which of the following provides the BEST indication of the return on information security investment?

A.

Increased annualized loss expectancy (ALE)

B.

Increased number of reported incidents

C.

Reduced annualized loss expectancy (ALE)

D.

Decreased number of reported incidents

Full Access
Question # 140

Which of the following is the MOST important objective of post-incident review activities?

A.

Evidence collection

B.

Continuous improvement

C.

Incident triage

D.

Incident documentation

Full Access
Question # 141

Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?

A.

To prioritize security initiatives

B.

To avoid redundant controls

C.

To align with emerging risk

D.

To address end-user control complaints

Full Access
Question # 142

Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?

A.

Reliable image backups

B.

Impact assessment

C.

Documented eradication procedures

D.

Root cause analysis

Full Access
Question # 143

A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Full Access
Question # 144

Which of the following should review and approve the objectives within an organization’s information security framework?

A.

Information security steering committee

B.

Chief information security officer

C.

Chief information officer

D.

Information security manager

Full Access
Question # 145

A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?

A.

Include binding corporate rules into the global agreement

B.

Set up a governance organization for each country

C.

Review the agreement for each country separately

D.

Set up companion agreements for each country

Full Access
Question # 146

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

A.

IT strategy

B.

Recovery strategy

C.

Risk mitigation strategy

D.

Security strategy

Full Access
Question # 147

Which of the following BEST supports the adoption of effective information security practices throughout an organization?

A.

Business continuity measures

B.

A security-aware culture

C.

The latest security technologies

D.

Information security metrics

Full Access
Question # 148

Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?

A.

Conducting a business impact analysis (BIA) to understand business priorities

B.

Analyzing the integration of information security policies and practices within business processes

C.

Performing both quantitative and qualitative risk analyses

D.

Interviewing key personnel identified within the governance framework

Full Access
Question # 149

Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?

A.

Senior management

B.

Information owner

C.

Business manager

D.

Information security manager

Full Access
Question # 150

Which of the following is the MOST important consideration when developing an approach to effectively contain security incidents?

A.

Isolating systems impacted by incidents from the production environment

B.

Mitigating reputational damage that may affect business

C.

Minimizing financial losses that may result from outages

D.

Assigning senior management accountability for incident containment

Full Access
Question # 151

Which of the following tools would be MOST helpful to an incident response team?

A.

Intrusion detection system (IDS)

B.

Endpoint detection and response (EDR) solution

C.

User and entity behavior analytics

D.

Vulnerability scanning tools

Full Access
Question # 152

Which of the following principles BEST addresses the protection of data from unauthorized modification?

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Authenticity

Full Access
Question # 153

During which phase of a security event should an incident response team be INITIALLY engaged?

A.

Preparation

B.

Eradication

C.

Identification

D.

Recovery

Full Access
Question # 154

Which of the following should be the PRIMARY consideration when developing an incident response plan?

A.

The definition of an incident

B.

Compliance with regulations

C.

Management support

D.

Previously reported incidents

Full Access
Question # 155

Which of the following BEST indicates that information assets are classified accurately?

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Full Access
Question # 156

Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Full Access
Question # 157

The BEST way to identify the risk associated with a social engineering attack is to:

A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Full Access
Question # 158

Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?

A.

Threat analytics software

B.

Host intrusion detection system

C.

SIEM

D.

Network intrusion detection system

Full Access
Question # 159

Which risk is introduced when using only sanitized data for the testing of applications?

A.

Data loss may occur during the testing phase.

B.

Data disclosure may occur during the migration event

C.

Unexpected outcomes may arise in production

D.

Breaches of compliance obligations will occur.

Full Access
Question # 160

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

A.

Perform a privacy impact assessment (PIA).

B.

Perform a vulnerability assessment.

C.

Perform a gap analysis.

D.

Perform a business impact analysis (BIA).

Full Access
Question # 161

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

A.

Ensure security is involved in the procurement process.

B.

Review the third-party contract with the organization ' s legal department.

C.

Conduct an information security audit on the third-party vendor.

D.

Communicate security policy with the third-party vendor.

Full Access
Question # 162

What should an information security manager verify FIRST when reviewing an information asset management program?

A.

System owners have been identified.

B.

Key applications have been secured.

C.

Information assets have been classified.

D.

Information assets have been inventoried.

Full Access
Question # 163

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

A.

Conduct a threat analysis.

B.

Implement an information security awareness training program.

C.

Establish an audit committee.

D.

Create an information security steering committee.

Full Access
Question # 164

In the context of DevSecOps, which of the following BEST enables the identification of vulnerabilities before software is released?

A.

Performing integration testing

B.

Testing executable code

C.

Automating code review

D.

Following secure coding standards

Full Access
Question # 165

Which of the following is the MOST useful input for an information security manager when updating the organization’s security policy?

A.

Security team capabilities

B.

Industry benchmarks

C.

Risk appetite

D.

Vulnerability scan results

Full Access
Question # 166

Which of the following is the MOST important objective when planning an incident response program?

A.

Managing resources

B.

Ensuring IT resiliency

C.

Recovering from a disaster

D.

Minimizing business impact

Full Access
Question # 167

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

A.

Updated risk assessments

B.

Counts of information security incidents

C.

Audit reports

D.

Monthly metrics

Full Access
Question # 168

Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

A.

Data owner

B.

Data custodian

C.

System administrator

D.

Senior management

Full Access
Question # 169

Which of the following should include contact information for representatives of equipment and software vendors?

A.

Information security program charter

B.

Business impact analysis (BIA)

C.

Service level agreements (SLAs)

D.

Business continuity plan (BCP)

Full Access
Question # 170

An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?

A.

Information security policies and procedures

B.

Business continuity plan (BCP)

C.

Incident communication plan

D.

Incident response training program

Full Access
Question # 171

Which of the following is the BEST control to protect customer personal information that is stored in the cloud?

A.

Timely deletion of digital records

B.

Appropriate data anonymization

C.

Strong encryption methods

D.

Strong physical access controls

Full Access
Question # 172

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

A.

Update in accordance with the best business practices.

B.

Perform a risk assessment of the current IT environment.

C.

Gain an understanding of the current business direction.

D.

Inventory and review current security policies.

Full Access
Question # 173

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

A.

Demonstrated return on security investment

B.

Reduction in inherent risk

C.

Results of an emerging threat analysis

D.

Review of security metrics trends

Full Access
Question # 174

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Full Access
Question # 175

Which of the following would BEST mitigate accidental data loss events?

A.

Conduct periodic user awareness training.

B.

Obtain senior management support for the information security strategy.

C.

Conduct a data loss prevention (DLP) audit.

D.

Enforce a data hard drive encryption policy.

Full Access
Question # 176

A KEY consideration in the use of quantitative risk analysis is that it:

A.

aligns with best practice for risk analysis of information assets.

B.

assigns numeric values to exposures of information assets.

C.

applies commonly used labels to information assets.

D.

is based on criticality analysis of information assets.

Full Access
Question # 177

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

A.

Industry benchmarks

B.

Security training test results

C.

Performance measures for existing controls

D.

Number of false positives

Full Access
Question # 178

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

A.

Impact on information security program

B.

Cost of controls

C.

Impact to business function

D.

Cost to replace

Full Access
Question # 179

Which of the following is the PRIMARY objective of a cyber resilience strategy?

A.

Employee awareness

B.

Business continuity

C.

Executive support

D.

Regulatory compliance

Full Access
Question # 180

An organization ' s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Full Access
Question # 181

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Full Access
Question # 182

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Full Access
Question # 183

Which of the following BEST helps to ensure risk appetite is considered during the risk treatment process?

A.

Formalized risk management framework

B.

Organization-wide risk awareness and training programs

C.

Use of a quantitative risk measurement approach

D.

Automated monitoring of key risk indicators (KRIs)

Full Access
Question # 184

An organization has decided to implement an Internet of Things (IoT) solution to remain competitive in the market. Which of the following should information security do FIRST?

A.

Recalculate risk profile

B.

Implement compensating controls

C.

Reassess risk tolerance levels

D.

Update the security architecture

Full Access
Question # 185

Which of the following has the GREATEST impact on the ability to successfully execute a disaster recovery plan (DRP)?

A.

Conducting tabletop exercises of the plan

B.

Updating the plan periodically

C.

Communicating the plan to all stakeholders

D.

Reviewing escalation procedures

Full Access
Question # 186

The contribution of recovery point objective (RPO) to disaster recovery is to:

A.

minimize outage periods.

B.

eliminate single points of failure.

C.

define backup strategy

D.

reduce mean time between failures (MTBF).

Full Access
Question # 187

An organization ' s automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

A.

Report only critical alerts.

B.

Change reporting thresholds.

C.

Reconfigure log recording.

D.

Monitor incidents in a specific time frame.

Full Access
Question # 188

What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?

A.

Perform a vulnerability assessment on the systems within the department.

B.

Introduce additional controls to force compliance with policy.

C.

Require department users to repeat security awareness training.

D.

Report the policy violation to senior management.

Full Access
Question # 189

An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?

A.

To facilitate the continuous improvement of the IT organization

B.

To ensure controls align with security needs

C.

To create and document required IT capabilities

D.

To prioritize security risks on a longer scale than the one-year plan

Full Access
Question # 190

Which of the following is the MOST effective way to identify changes in an information security environment?

A.

Business impact analysis (BIA)

B.

Annual risk assessments

C.

Regular penetration testing

D.

Continuous monitoring

Full Access
Question # 191

What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Full Access
Question # 192

Which of the following events would MOST likely require a revision to the information security program?

A.

An increase in industry threat level .

B.

A significant increase in reported incidents

C.

A change in IT management

D.

A merger with another organization

Full Access
Question # 193

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

A.

a function of the likelihood and impact, should a threat exploit a vulnerability.

B.

the magnitude of the impact, should a threat exploit a vulnerability.

C.

a function of the cost and effectiveness of controls over a vulnerability.

D.

the likelihood of a given threat attempting to exploit a vulnerability

Full Access
Question # 194

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

A.

Formalizing a security strategy and program

B.

Developing an awareness program for staff

C.

Ensuring current documentation of security processes

D.

Establishing processes within the security operations team

Full Access
Question # 195

Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?

A.

Maturity of incident response activities

B.

Threat environment

C.

Quantity of impacted assets

D.

Incident impact

Full Access
Question # 196

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

A.

A capability and maturity assessment

B.

Detailed analysis of security program KPIs

C.

An information security dashboard

D.

An information security risk register

Full Access
Question # 197

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

A.

Alignment with industry benchmarks

B.

Results of business impact analyses (BIAs)

C.

Possibility of reputational loss due to incidents

D.

Availability of security budget

Full Access
Question # 198

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?

A.

Business impact analysis (BIA)

B.

Business requirements

C.

Supplier requirements

D.

Risk appetite

Full Access
Question # 199

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Full Access
Question # 200

Which of the following is the BEST security control to minimize the risk of successful ransomware attacks?

A.

Application deny list

B.

Web security gateway

C.

Host intrusion detection system

D.

Application allow list

Full Access
Question # 201

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

A.

The total cost of the investment

B.

The cost and associated risk reduction

C.

The number and severity of ransomware incidents

D.

Benchmarks of industry peers impacted by ransomware

Full Access
Question # 202

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Full Access
Question # 203

Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

A.

To enforce security policy requirements

B.

To maintain business asset inventories

C.

To ensure audit and compliance requirements are met

D.

To ensure the availability of business operations

Full Access
Question # 204

Which of the following is MOST important to verify during a test of an organization’s incident response process?

A.

Whether users know which numbers to call in the call tree

B.

Whether incident response team members know their responsibilities

C.

Whether incident response team members are cross-trained

D.

Whether senior management endorses the incident response process

Full Access
Question # 205

Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?

A.

The incident response plan is aligned with the disaster recovery strategy

B.

The incident response process is regularly tested

C.

Incident response processes are documented and available to staff

D.

The incident response plan clearly outlines roles and responsibilities

Full Access
Question # 206

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Full Access
Question # 207

After a server has been attacked, which of the following is the BEST course of action?

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Full Access
Question # 208

Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?

A.

The plan has summarized IT costs for implementation.

B.

The plan resolves all potential threats to business processes.

C.

The plan focuses on meeting industry best practices and industry standards.

D.

The plan is based on a review of threats and vulnerabilities.

Full Access
Question # 209

An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?

A.

Immediately suspend the executives ' access privileges.

B.

Notify the CISO of the security policy violation.

C.

Perform a full review of all system transactions over the past 90 days.

D.

Perform a system access review.

Full Access
Question # 210

Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?

A.

Risk assessment program

B.

Information security awareness training

C.

Information security governance

D.

Information security metrics

Full Access
Question # 211

A recovery point objective (RPO) is required in which of the following?

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Full Access
Question # 212

To optimize the implementation of information security governance in an organization, an information security manager should:

A.

Make gradual changes to governance to minimize employee resistance

B.

Ensure change control processes are in place

C.

Utilize existing governance structures when possible

D.

Implement processes consistent with international standards

Full Access
Question # 213

What is the PRIMARY role of the information security program?

A.

To perform periodic risk assessments and business impact analyses (BIAs)

B.

To provide guidance in managing organizational security risk

C.

To approve information security requirements related to the business

D.

To educate stakeholders regarding information security requirements

Full Access
Question # 214

What should an information security manager do FIRST when an organization is planning to use a third-party cloud computing service for a critical business process?

A.

Identify the data to be hosted.

B.

Perform a gap analysis.

C.

Perform a risk assessment.

D.

Analyze the business requirements.

Full Access
Question # 215

An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

A.

Wipe the affected system.

B.

Notify internal legal counsel.

C.

Notify senior management.

D.

Isolate the impacted endpoints.

Full Access
Question # 216

Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

A.

strategy.

B.

risk assessments.

C.

key performance indicators (KPIs).

D.

standards.

Full Access
Question # 217

What is the role of the information security manager in finalizing contract negotiations with service providers?

A.

To perform a risk analysis on the outsourcing process

B.

To obtain a security standard certification from the provider

C.

To update security standards for the outsourced process

D.

To ensure that clauses for periodic audits are included

Full Access
Question # 218

What should be an information security manager ' s FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

A.

Define the issues to be addressed.

B.

Perform a cost-benefit analysis.

C.

Calculate the total cost of ownership (TCO).

D.

Conduct a feasibility study.

Full Access
Question # 219

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager ' s GREATEST concern with this situation?

A.

Impact on compliance risk.

B.

Inability to determine short-term impact.

C.

Impact on the risk culture.

D.

Deviation from risk management best practices

Full Access
Question # 220

In a call center, the BEST reason to conduct a social engineering is to:

A.

Identify candidates for additional security training.

B.

minimize the likelihood of successful attacks.

C.

gain funding for information security initiatives.

D.

improve password policy.

Full Access
Question # 221

An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager ' s MAIN concern?

A.

Local regulations

B.

Data backup strategy

C.

Consistency in awareness programs

D.

Organizational reporting structure

Full Access
Question # 222

Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

A.

The solution contributes to business strategy.

B.

The solution improves business risk tolerance levels.

C.

The solution improves business resiliency.

D.

The solution reduces the cost of noncompliance with regulations.

Full Access
Question # 223

Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?

A.

Incorporate security requirements into job descriptions

B.

Integrate security into the early phases of the development life cycle

C.

Implement a tailored security awareness training program

D.

Standardize secure web development practices

Full Access
Question # 224

In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?

A.

Communicate regular reminders of the acceptable use policy

B.

Include the topic of prohibited texting in security awareness training

C.

Stop providing mobile devices until the organization is able to implement controls

D.

Conduct a business impact analysis (BIA) and provide the report to management

Full Access
Question # 225

A business unit recently integrated the organization ' s new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager ' s BEST course of action to address this situation?

A.

Provide end-user training.

B.

Escalate to senior management.

C.

Continue to enforce the policy.

D.

Conduct a business impact analysis (BIA).

Full Access
Question # 226

After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?

A.

Notify affected stakeholders

B.

Conduct a vulnerability analysis

C.

Perform a root cause analysis

D.

Remove the threat

Full Access
Question # 227

An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?

A.

A risk

B.

A threat

C.

An incident

D.

An event

Full Access
Question # 228

To help ensure that an information security training program is MOST effective, its contents should be:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Full Access
Question # 229

A healthcare company is working with a virtual reality (VR) vendor to provide a training solution for customers of the organization’s products. Which of the following is MOST important to include in the contract?

A.

A requirement to encrypt the organization’s data

B.

A clause prohibiting reuse of the organization’s data

C.

A clause establishing the right to audit the vendor

D.

A service level agreement (SLA) for uptime

Full Access
Question # 230

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?

A.

Protection of business value and assets

B.

Identification of core business strategiesC, Easier entrance into new businesses and technologies

C.

Improved regulatory compliance posture

Full Access
Question # 231

Which of the following BEST enables an organization to evaluate the security posture of a cloud service?

A.

Industry peer reviews

B.

Service provider attestations

C.

Penetration testing reports

D.

Third-party audit reports

Full Access
Question # 232

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

A.

Management support and approval has been obtained.

B.

The incident response team has the appropriate training.

C.

An incident response maturity assessment has been conducted.

D.

A reputable managed security services provider has been engaged.

Full Access
Question # 233

A balanced scorecard MOST effectively enables information security:

A.

risk management

B.

project management

C.

governance

D.

performance

Full Access
Question # 234

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization ' s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

A.

Temporarily suspend wire transfers for the organization.

B.

Provide awareness training to the CEO for this type of phishing attack.

C.

Provide awareness training to staff responsible for wire transfers.

D.

Disable emails for staff responsible for wire transfers.

Full Access
Question # 235

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Full Access
Question # 236

A finance department director has decided to outsource the organization ' s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?

A.

Determine the required security controls for the new solution

B.

Review the disaster recovery plans (DRPs) of the providers

C.

Obtain audit reports on the service providers ' hosting environment

D.

Align the roles of the organization ' s and the service providers ' stats.

Full Access
Question # 237

As part of incident response activities, the BEST time to begin the recovery process is after:

A.

The eradication phase has been completed

B.

The incident response team has been established

C.

The root cause has been determined

D.

The incident manager has declared the incident

Full Access
Question # 238

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Full Access
Question # 239

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Full Access
Question # 240

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

A.

packet filtering.

B.

web surfing controls.

C.

log monitoring.

D.

application awareness.

Full Access
Question # 241

A business impact analysis (BIA) BEST enables an organization to establish:

A.

annualized loss expectancy (ALE).

B.

recovery methods.

C.

total cost of ownership (TCO).

D.

restoration priorities.

Full Access
Question # 242

An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk ' '

A.

Deploy mobile device management (MDM)

B.

Implement remote wipe capability.

C.

Create an acceptable use policy.

D.

Conduct a mobile device risk assessment

Full Access
Question # 243

Which of the following is the MOST important consideration when establishing an organization ' s information security governance committee?

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Full Access
Question # 244

Which of the following events is MOST likely to require an organization to revisit its information security framework?

A.

New services offered by IT

B.

Changes to the risk landscape

C.

A recent cybersecurity attack

D.

A new technology implemented

Full Access
Question # 245

When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:

A.

Review key risk indicators (KRIs)

B.

Perform a gap analysis

C.

Consult process owners

D.

Update key performance indicators (KPIs)

Full Access
Question # 246

Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?

A.

Labeling of data may help to ensure data is assigned to the correct cloud type.

B.

Laws and regulations of the origin country may not be applicable.

C.

There may be liabilities and penalties in the event of a security breach.

D.

Data may be stored in unknown locations and may not be easily retrievable.

Full Access
Question # 247

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

A.

Low number of false positives

B.

Low number of false negatives

C.

High number of false positives

D.

High number of false negatives

Full Access
Question # 248

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

A.

Escalation processes

B.

Technological capabilities

C.

Recovery time objective (RTO)

D.

Security audit reports

Full Access
Question # 249

Which of the following is MOST important to have in place for an organization ' s information security program to be effective?

A.

Documented information security processes

B.

A comprehensive IT strategy

C.

Senior management support

D.

Defined and allocated budget

Full Access
Question # 250

Which of the following is the MOST effective way to protect the authenticity of data in transit?

A.

Digital signature

B.

Private key

C.

Access controls

D.

Public key

Full Access
Question # 251

Which of the following is the MAIN feature of a web application firewall?

A.

Modifying its predefined configuration automatically based on malicious traffic

B.

Restricting external traffic within a private network

C.

Redirecting distributed denial-of-service attacks

D.

Filtering incoming Hypertext Transfer Protocol traffic

Full Access
Question # 252

Which of the following is MOST important to ensure incident management readiness?

A.

The plan is compliant with industry standards.

B.

The plan is regularly tested.

C.

The plan is updated annually.

D.

The plan is concise and includes a checklist.

Full Access
Question # 253

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager ' s FIRST course of action?

A.

Revise the policy.

B.

Perform a root cause analysis.

C.

Conduct a risk assessment,

D.

Communicate the acceptable use policy.

Full Access
Question # 254

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

A.

rely on senior management to enforce security.

B.

promote the relevance and contribution of security.

C.

focus on compliance.

D.

reiterate the necessity of security.

Full Access
Question # 255

Which of the following is the PRIMARY reason to perform a business impact analysis (BIA)?

A.

Determining risk mitigation options

B.

Prioritizing critical processes

C.

Establishing recovery point objectives (RPOs)

D.

Determining information sensitivity

Full Access
Question # 256

Which of the following is the MOST important constraint to be considered when developing an information security strategy?

A.

Legal and regulatory requirements

B.

Established security policies and standards

C.

Compliance with an international security standard

D.

Information security architecture

Full Access
Question # 257

An incident response team has been alerted to suspicious communications between an end user’s workstation and a possibly infected external server. Which of the following should be done NEXT?

A.

Reinstall the operating system of the end user’s workstation

B.

Analyze and validate the event

C.

Request an IP address block

D.

Isolate the end user’s workstation and the external server

Full Access
Question # 258

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

A.

the internal audit manager.

B.

the information security officer.

C.

the steering committee.

D.

the board of directors.

Full Access
Question # 259

Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

A.

Mobile application control

B.

Inconsistent device security

C.

Configuration management

D.

End user acceptance

Full Access
Question # 260

An email digital signature will:

A.

protect the confidentiality of an email message.

B.

verify to recipient the integrity of an email message.

C.

automatically correct unauthorized modification of an email message.

D.

prevent unauthorized modification of an email message.

Full Access
Question # 261

The effectiveness of an incident response team will be GREATEST when:

A.

the incident response team meets on a regular basis to review log files.

B.

the incident response team members are trained security personnel.

C.

the incident response process is updated based on lessons learned.

D.

incidents are identified using a security information and event monitoring {SIEM) system.

Full Access
Question # 262

Which of the following is MOST important to include in an information security strategy?

A.

Stakeholder requirements

B.

Risk register

C.

Industry benchmarks

D.

Regulatory requirements

Full Access
Question # 263

An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?

A.

Perform a manual verification of file counts.

B.

Encrypt and back up the hard drive before copying.

C.

Use the same hardware for the image as the original.

D.

Perform digital hashing of the original and the image.

Full Access
Question # 264

Which of the following is MOST important for building 4 robust information security culture within an organization?

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Full Access
Question # 265

Labeling information according to its security classification:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Full Access
Question # 266

Which of the following should be done NEXT following senior management ' s decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

A.

Encrypt data in transit and at rest.

B.

Complete a return on investment (ROI) analysis.

C.

Create and implement a data minimization plan.

D.

Conduct a gap analysis.

Full Access
Question # 267

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Full Access
Question # 268

After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager ' s FIRST course of action should be to:

A.

determine the potential impact.

B.

reevaluate the standards.

C.

implement compensating controls.

D.

evaluate the cost of replacing the applications.

Full Access
Question # 269

An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager ' s BEST course of action?

A.

Assess business impact against security risk.

B.

Provide security awareness training to customers.

C.

Refer to industry best practices.

D.

Quantify the security risk to the business.

Full Access
Question # 270

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

A.

cause fewer potential production issues.

B.

require less IT staff preparation.

C.

simulate real-world attacks.

D.

identify more threats.

Full Access
Question # 271

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

A.

Assessing how peer organizations using the same technologies have been impacted

B.

Understanding the impact on existing resources

C.

Reviewing vendor contracts and service level agreements (SLAs)

D.

Developing training for end users to familiarize them with the new technology

Full Access
Question # 272

Spoofing should be prevented because it may be used to:

A.

gain illegal entry to a secure system by faking the sender ' s address,

B.

predict which way a program will branch when an option is presented

C.

assemble information, track traffic, and identify network vulnerabilities.

D.

capture information such as passwords traveling through the network

Full Access
Question # 273

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

A.

Existence of a right-to-audit clause

B.

Results of the provider ' s business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider ' s incident response plan

Full Access
Question # 274

Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?

A.

Determine the extent of shadow IT usage

B.

Update the security policy to address shadow IT

C.

Block the end user’s ability to use shadow IT

D.

Determine the value of shadow IT projects

Full Access
Question # 275

Which of the following has the GREATEST influence on an organization ' s information security strategy?

A.

The organization ' s risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Full Access
Question # 276

Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?

A.

Mitigate

B.

Avoid

C.

Transfer

D.

Accept

Full Access
Question # 277

Which of the following is established during the preparation phase of an incident response plan?

A.

Recovery time objectives (RTOs)

B.

Chain of custody procedures

C.

Stakeholder communication plan

D.

Mean time to respond (MTTR)

Full Access
Question # 278

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

A.

Access manager

B.

IT director

C.

System administrator

D.

Business owner

Full Access
Question # 279

Which of the following should be the FIRST step in developing an information security strategy?

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Full Access
Question # 280

Which of the following has the GREATEST influence on the successful integration of information security within the business?

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Full Access
Question # 281

Conducting log analysis falls into which phase of the incident management life cycle?

A.

Post-incident

B.

Containment

C.

Detection

D.

Planning

Full Access
Question # 282

Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Full Access
Question # 283

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Full Access
Question # 284

An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager ' s BEST approach for communicating the implications of this transition to the board of directors?

A.

Present a diagram of core Zero Trust logical components to help visualize the architectural changes

B.

Summarize the training plan and end user feedback in an internal portal and send the link to the board

C.

Prepare a report on the Zero Trust implementation that includes a status dashboard and timeline

D.

Provide an outline of the business impact in terms of risk reduction and changes in user experience

Full Access
Question # 285

An organization has recently purchased cybersecurity insurance after the board voiced concern about the potential for a security breach. With this response to the perceived risk, the organization:

A.

Has avoided the risk associated with a security breach

B.

Can safely reduce its internal security expenditure

C.

Remains ultimately accountable for the impact of a breach

D.

Has implemented redundant controls against a breach

Full Access
Question # 286

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

A.

A data forensics program

B.

A configuration management program

C.

A layered security program

D.

An incident response program

Full Access
Question # 287

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

A.

Regular audits of access controls

B.

Strong background checks when hiring staff

C.

Prompt termination procedures

D.

Role-based access control (RBAC)

Full Access
Question # 288

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

A.

Regulatory requirements

B.

Compliance acceptance

C.

Management support

D.

Budgetary approval

Full Access
Question # 289

Which of the following is MOST important in increasing the effectiveness of incident responders?

A.

Communicating with the management team

B.

Integrating staff with the IT department

C.

Testing response scenarios

D.

Reviewing the incident response plan annually

Full Access
Question # 290

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

A.

Performing penetration testing

B.

Improving user awareness

C.

Installing new firewalls

D.

Updating security policies

Full Access
Question # 291

Which of the following is the BEST indicator of an emerging incident?

A.

A weakness identified within an organization ' s information systems

B.

Customer complaints about lack of website availability

C.

A recent security incident at an industry competitor

D.

Attempted patching of systems resulting in errors

Full Access
Question # 292

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Full Access
Question # 293

While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?

A.

The test is scheduled to reduce operational impact.

B.

The test involves IT members in the test process.

C.

The test addresses the critical components.

D.

The test simulates actual prime-time processing conditions.

Full Access
Question # 294

A common drawback of email software packages that provide native encryption of messages is that the encryption:

A.

cannot encrypt attachments

B.

cannot interoperate across product domains.

C.

has an insufficient key length.

D.

has no key-recovery mechanism.

Full Access
Question # 295

Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of

confidentiality?

A.

Ensuring hashing of administrator credentials

B.

Enforcing service level agreements (SLAs)

C.

Ensuring encryption for data in transit

D.

Utilizing a formal change management process

Full Access
Question # 296

Which of the following is the MOST effective way to increase security awareness in an organization?

A.

Implement regularly scheduled information security audits.

B.

Require signed acknowledgment of information security policies.

C.

Conduct periodic simulated phishing exercises.

D.

Include information security requirements in job descriptions.

Full Access
Question # 297

A small organization needs to use a solution that is out of support in order to meet business objectives. Which of the following is the information security manager’s BEST course of action to manage the associated risk?

A.

Run periodic vulnerability scans

B.

Advise business units to change the system

C.

Recommend that the risk be accepted by senior leadership

D.

Implement compensating security controls

Full Access
Question # 298

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

A.

Emerging security technologies

B.

Risk profile changes

C.

Defined risk appetite

D.

Vulnerability scanning progress

Full Access
Question # 299

Which of the following is the MOST effective way to detect information security incidents?

A.

Implementation of regular security awareness programs

B.

Periodic analysis of security event log records

C.

Threshold settings on key risk indicators (KRIs)

D.

Real-time monitoring of network activity

Full Access
Question # 300

When developing a categorization method for security incidents, the categories MUST:

A.

align with industry standards.

B.

be created by the incident handler.

C.

have agreed-upon definitions.

D.

align with reporting requirements.

Full Access
Question # 301

When establishing an information security governance framework, it is MOST important for an information security manager to understand:

A.

information security best practices.

B.

risk management techniques.

C.

the threat environment.

D.

the corporate culture.

Full Access
Question # 302

Which of the following establishes the minimum technical baseline for security controls?

A.

Procedures

B.

Policies

C.

Standards

D.

Guidelines

Full Access
Question # 303

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

A.

Centralized logging

B.

Time clock synchronization

C.

Available forensic tools

D.

Administrator log access

Full Access
Question # 304

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Full Access
Question # 305

Which of the following is the MOST important benefit of using a cloud access security broker when migrating to a cloud environment?

A.

Enhanced data governance

B.

Increased third-party assurance

C.

)Improved incident management

D.

Reduced total cost of ownership (TCO)

Full Access
Question # 306

Which of the following should be the FIRST step in developing an information security strategy?

A.

Perform a gap analysis based on the current state

B.

Create a roadmap to identify security baselines and controls.

C.

Identify key stakeholders to champion information security.

D.

Determine acceptable levels of information security risk.

Full Access
Question # 307

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Full Access
Question # 308

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

A.

To define security roles and responsibilities

B.

To determine return on investment (ROI)

C.

To establish incident severity levels

D.

To determine the criticality of information assets

Full Access
Question # 309

An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Full Access
Question # 310

Which of the following is the BEST indicator of an organization ' s information security status?

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Full Access
Question # 311

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

A.

Review the risk monitoring plan.

B.

Formally document the decision.

C.

Review the regulations.

D.

Advise the risk management team.

Full Access
Question # 312

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Full Access
Question # 313

The MOST important element in achieving executive commitment to an information security governance program is:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Full Access
Question # 314

Which of the following should be of GREATEST concern to an information security manager when evaluating a cloud service provider?

A.

Data retention policies are not documented

B.

There is no right to audit the security of the provider

C.

The provider is new to the market and lacks references

D.

Security controls offered by the provider are inadequate

Full Access
Question # 315

Which of the following would be MOST important to include in communications to customers impacted by an information security incident?

A.

Details of the type of data exposed

B.

Identities of the attackers

C.

Costs of the incident to the organization

D.

Technical information related to the incident

Full Access
Question # 316

To align with the principles of Zero Trust, which of the following is the MOST important course of action when engaging with external parties?

A.

Requiring external parties to use a specific type of encryption for data at rest and in transit

B.

Insisting on regular comprehensive audits of external parties’ access management practices

C.

Ensuring contracts with external parties mandate continuous verification and least privilege access

D.

Mandating that external parties provide annual security training to their employees

Full Access
Question # 317

Which is following should be an information security manager ' s PRIMARY focus during the development of a critical system storing highly confidential data?

A.

Reducing the number of vulnerabilities detected

B.

Ensuring the amount of residual risk is acceptable

C.

Avoiding identified system threats

D.

Complying with regulatory requirements

Full Access
Question # 318

Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?

A.

Alignment with financial reporting

B.

Alignment with business initiatives

C.

Alignment with industry frameworks

D.

Alignment with risk appetite

Full Access
Question # 319

The resilience requirements of an application are BEST determined by:

A.

A risk assessment

B.

A business impact analysis (BIA)

C.

A cost-benefit analysis

D.

A threat assessment

Full Access
Question # 320

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Full Access
Question # 321

A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?

A.

Validate the scope and impact with the business process owner.

B.

Initiate the incident response plan.

C.

Review and validate the rules within the DLP system.

D.

Escalate the issue to senior management.

Full Access
Question # 322

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

A.

Developing an information security policy based on risk assessments

B.

Establishing an information security steering committee

C.

Documenting the information security governance framework

D.

Implementing an information security awareness program

Full Access
Question # 323

An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?

A.

Using secure communication channels

B.

Establishing mutual non-disclosure agreements (NDAs)

C.

Requiring third-party privacy policies

D.

Obtaining industry references

Full Access
Question # 324

Which of the following should be triggered FIRST when unknown malware has infected an organization ' s critical system?

A.

Incident response plan

B.

Disaster recovery plan (DRP)

C.

Business continuity plan (BCP)

D.

Vulnerability management plan

Full Access
Question # 325

A department has reported that a security control is no longer effective. Which of the following is the information security manager ' s BEST course of action?

A.

Replace the control

B.

Check for defense in depth

C.

Assess the control state

D.

Report the failure to management

Full Access
Question # 326

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager ' s BEST action?

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Full Access
Question # 327

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

A.

Impact of service interruption

B.

Results of recovery testing

C.

Determination of recovery point objective (RPO)

D.

Direction from senior management

Full Access
Question # 328

Which of the following BEST describes a buffer overflow?

A.

A function is carried out with more data than the function can handle

B.

A program contains a hidden and unintended function that presents a security risk

C.

Malicious code designed to interfere with normal operations

D.

A type of covert channel that captures data

Full Access
Question # 329

What should be an information security manager ' s MOST important consideration when developing a multi-year plan?

A.

Ensuring contingency plans are in place for potential information security risks

B.

Ensuring alignment with the plans of other business units

C.

Allowing the information security program to expand its capabilities

D.

Demonstrating projected budget increases year after year

Full Access
Question # 330

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Full Access
Question # 331

If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?

A.

Initiate the escalation process.

B.

Continue the investigation.

C.

Invoke the business continuity plan (BCP).

D.

Engage the crisis management team.

Full Access
Question # 332

An organization is selecting security metrics to measure security performance, and a firewall specialist suggests tracking the number of external attacks blocked by the firewalls. Which of the following is the GREATEST concern with using this metric?

A.

The number of blocked external attacks is not representative of the true threat profile.

B.

The number of blocked external attacks will vary by month, causing inconsistent graphs.

C.

The number of blocked external attacks is an indicator of the organization ' s popularity.

D.

The number of blocked external attacks over time does not explain the attackers ' motivations.

Full Access
Question # 333

Risk treatment options should PRIMARILY focus on:

A.

The criticality of impacted assets

B.

Reducing risk to an acceptable level

C.

High- and medium-rated risks

D.

Inherent and residual risks

Full Access
Question # 334

Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?

A.

Perform security testing on legacy systems

B.

Identify all information assets in the legacy environment

C.

Assign owners to be responsible for the transfer of each asset

D.

Conduct a business impact analysis (BIA)

Full Access
Question # 335

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization ' s risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Full Access
Question # 336

Which of the following is MOST important to consider when determining asset valuation?

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Full Access
Question # 337

Which of the following should be the PRIMARY basis for the development of a business case to obtain support for an information security project?

A.

Budgetary requirements

B.

Feasibility study

C.

Enterprise architecture (EA)

D.

Risk tolerance levels

Full Access
Question # 338

Following an employee security awareness training program, what should be the expected outcome?

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Full Access
Question # 339

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Full Access
Question # 340

Which of the following should be the FIRST consideration for an information security manager after a security incident has been confirmed?

A.

Executing containment procedures

B.

Determining the root cause

C.

Developing incident reporting criteria

D.

Restoring business operations

Full Access