New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Isaca > Isaca Certification > CISM

CISM Certified Information Security Manager Question and Answers

Question # 4

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Full Access
Question # 5

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

A.

Host patching

B.

Penetration testing

C.

Infrastructure hardening

D.

Data classification

Full Access
Question # 6

The fundamental purpose of establishing security metrics is to:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Full Access
Question # 7

Which of the following should be the FIRST step in developing an information security strategy?

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Full Access
Question # 8

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset's value is critical to risk management.

D.

The responsibility for security rests with all employees.

Full Access
Question # 9

Which of the following is the MOST important requirement for a successful security program?

A.

Mapping security processes to baseline security standards

B.

Penetration testing on key systems

C.

Management decision on asset value

D.

Nondisclosure agreements (NDA) with employees

Full Access
Question # 10

Which of the following is the BEST justification for making a revision to a password policy?

A.

Industry best practice

B.

A risk assessment

C.

Audit recommendation

D.

Vendor recommendation

Full Access
Question # 11

To support effective risk decision making, which of the following is MOST important to have in place?

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Full Access
Question # 12

Which risk is introduced when using only sanitized data for the testing of applications?

A.

Data loss may occur during the testing phase.

B.

Data disclosure may occur during the migration event

C.

Unexpected outcomes may arise in production

D.

Breaches of compliance obligations will occur.

Full Access
Question # 13

Which of the following is the MOST critical factor for information security program success?

A.

comprehensive risk assessment program for information security

B.

The information security manager's knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Full Access
Question # 14

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

A.

security metrics are included in the service level agreement (SLA).

B.

contract clauses comply with the organization's information security policy.

C.

the information security policy of the third-party service provider is reviewed.

D.

right to audit is included in the service level agreement (SLA).

Full Access
Question # 15

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

A.

Prevent the user from using personal mobile devices.

B.

Report the incident to the police.

C.

Wipe the device remotely.

D.

Remove user's access to corporate data.

Full Access
Question # 16

Which of the following is the BEST indication that an organization has a mature information security culture?

A.

Information security training is mandatory for all staff.

B.

The organization's information security policy is documented and communicated.

C.

The chief information security officer (CISO) regularly interacts with the board.

D.

Staff consistently consider risk in making decisions.

Full Access
Question # 17

The PRIMARY advantage of single sign-on (SSO) is that it will:

A.

increase efficiency of access management

B.

increase the security of related applications.

C.

strengthen user passwords.

D.

support multiple authentication mechanisms.

Full Access
Question # 18

A Seat a-hosting organization's data center houses servers, appli

BEST approach for developing a physical access control policy for the organization?

A.

Review customers’ security policies.

B.

Conduct a risk assessment to determine security risks and mitigating controls.

C.

Develop access control requirements for each system and application.

D.

Design single sign-on (SSO) or federated access.

Full Access
Question # 19

Which of the following sources is MOST useful when planning a business-aligned information security program?

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Full Access
Question # 20

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Full Access
Question # 21

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?

A.

Ensure a risk assessment is performed to evaluate the findings

B.

Ensure vulnerabilities found are resolved within acceptable timeframes

C.

Request funding needed to resolve the top vulnerabilities

D.

Report findings to senior management

Full Access
Question # 22

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

A.

Adopt the cloud provider's incident response procedures.

B.

Transfer responsibility for incident response to the cloud provider.

C.

Continue using the existing incident response procedures.

D.

Revise incident response procedures to encompass the cloud environment.

Full Access
Question # 23

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Full Access
Question # 24

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

A.

review access rights as the acquisition integration occurs.

B.

perform a risk assessment of the access rights.

C.

escalate concerns for conflicting access rights to management.

D.

implement consistent access control standards.

Full Access
Question # 25

Relationships between critical systems are BEST understood by

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Full Access
Question # 26

Which of the following is the PRIMARY objective of incident triage?

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Full Access
Question # 27

When collecting admissible evidence, which of the following is the MOST important requirement?

A.

Need to know

B.

Preserving audit logs

C.

Due diligence

D.

Chain of custody

Full Access
Question # 28

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Full Access
Question # 29

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Full Access
Question # 30

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Full Access
Question # 31

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

A.

Security risk assessment

B.

Security operations program

C.

Information security policy

D.

Business impact analysis (BIA)

Full Access
Question # 32

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

A.

Skills required for the incident response team

B.

A list of external resources to assist with incidents

C.

Service level agreements (SLAs)

D.

A detailed incident notification process

Full Access
Question # 33

Which of the following documents should contain the INITIAL prioritization of recovery of services?

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Full Access
Question # 34

Labeling information according to its security classification:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Full Access
Question # 35

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Full Access
Question # 36

Which of the following roles is BEST able to influence the security culture within an organization?

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Full Access
Question # 37

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

A.

Business process owner

B.

Business continuity coordinator

C.

Senior management

D.

Information security manager

Full Access
Question # 38

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Full Access
Question # 39

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

A.

Conduct a penetration test of the vendor.

B.

Review the vendor's technical security controls

C.

Review the vendor contract

D.

Disconnect the real-time access

Full Access
Question # 40

Reevaluation of risk is MOST critical when there is:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Full Access
Question # 41

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

A.

validate the confidentiality during analysis.

B.

reinstate original data when accidental changes occur.

C.

validate the integrity during analysis.

D.

provide backup in case of media failure.

Full Access
Question # 42

Which of the following has the MOST influence on the inherent risk of an information asset?

A.

Risk tolerance

B.

Net present value (NPV)

C.

Return on investment (ROI)

D.

Business criticality

Full Access
Question # 43

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

A.

Purchase cyber insurance

B.

Encrypt sensitive production data

C.

Perform Integrity checks on backups

D.

Maintain multiple offline backups

Full Access
Question # 44

Which of the following is the BEST approach to make strategic information security decisions?

A.

Establish regular information security status reporting.

B.

Establish an information security steering committee.

C.

Establish business unit security working groups.

D.

Establish periodic senior management meetings.

Full Access
Question # 45

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

A.

results of exit interviews.

B.

previous training sessions.

C.

examples of help desk requests.

D.

responses to security questionnaires.

Full Access
Question # 46

The PRIMARY objective of performing a post-incident review is to:

A.

re-evaluate the impact of incidents

B.

identify vulnerabilities

C.

identify control improvements.

D.

identify the root cause.

Full Access
Question # 47

Which of the following is the responsibility of a risk owner?

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Full Access
Question # 48

Which of the following defines the triggers within a business continuity plan (BCP)? @

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Full Access
Question # 49

Which of the following backup methods requires the MOST time to restore data for an application?

A.

Full backup

B.

Incremental

C.

Differential

D.

Disk mirroring

Full Access
Question # 50

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Full Access
Question # 51

Which of the following should be the PRIMARY basis for an information security strategy?

A.

The organization's vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Full Access
Question # 52

Which of the following is an example of risk mitigation?

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Full Access
Question # 53

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Full Access
Question # 54

Which of the following is the BEST indication of effective information security governance?

A.

Information security is considered the responsibility of the entire information security team.

B.

Information security controls are assigned to risk owners.

C.

Information security is integrated into corporate governance.

D.

Information security governance is based on an external security framework.

Full Access
Question # 55

A balanced scorecard MOST effectively enables information security:

A.

project management

B.

governance.

C.

performance.

D.

risk management.

Full Access
Question # 56

Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Full Access
Question # 57

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Full Access
Question # 58

Implementing the principle of least privilege PRIMARILY requires the identification of:

A.

job duties

B.

data owners

C.

primary risk factors.

D.

authentication controls

Full Access
Question # 59

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Full Access
Question # 60

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Full Access
Question # 61

Which of the following is the MOST important detail to capture in an organization's risk register?

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Full Access
Question # 62

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Full Access
Question # 63

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

A.

Impact on information security program

B.

Cost of controls

C.

Impact to business function

D.

Cost to replace

Full Access
Question # 64

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Full Access
Question # 65

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

A.

Risk acceptance by the business has been documented

B.

Teams and individuals responsible for recovery have been identified

C.

Copies of recovery and incident response plans are kept offsite

D.

Incident response and recovery plans are documented in simple language

Full Access
Question # 66

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Full Access
Question # 67

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

A.

Clearer segregation of duties

B.

Increased user productivity

C.

Increased accountability

D.

Fewer security incidents

Full Access
Question # 68

Which of the following BEST demonstrates the added value of an information security program?

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Full Access
Question # 69

Which of the following should be the PRIMARY objective of an information security governance framework?

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization's information security policies.

Full Access
Question # 70

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Full Access
Question # 71

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

A.

Install the OS, patches, and application from the original source.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Remove all signs of the intrusion from the OS and application.

Full Access
Question # 72

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Full Access
Question # 73

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

Which of the following would provide the MOST useful information for planning purposes? »

A.

Results from a business impact analysis (BIA)

B.

Deadlines and penalties for noncompliance

C.

Results from a gap analysis

D.

An inventory of security controls currently in place

Full Access
Question # 74

Which of the following is MOST important to include in monthly information security reports to the board?

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Full Access
Question # 75

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

A.

Preventive

B.

Corrective

C.

Detective

D.

Deterrent

Full Access
Question # 76

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

A.

rely on senior management to enforce security.

B.

promote the relevance and contribution of security.

C.

focus on compliance.

D.

reiterate the necessity of security.

Full Access
Question # 77

Which of the following is the BEST course of action when an online company discovers a network attack in progress?

A.

Dump all event logs to removable media

B.

Isolate the affected network segment

C.

Enable trace logging on ail events

D.

Shut off all network access points

Full Access
Question # 78

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

A.

Security metrics

B.

Security baselines

C.

Security incident details

D.

Security risk exposure

Full Access
Question # 79

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Full Access
Question # 80

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Full Access
Question # 81

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

A.

Integrate information security risk assessments into the procurement process.

B.

Provide regular information security training to the procurement team.

C.

Invite IT members into regular procurement team meetings to influence best practice.

D.

Enforce the right to audit in procurement contracts with SaaS vendors.

Full Access
Question # 82

Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

A.

Follow the escalation process.

B.

Identify the indicators of compromise.

C.

Notify law enforcement.

D.

Contact forensic investigators.

Full Access
Question # 83

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Full Access
Question # 84

Which of the following will result in the MOST accurate controls assessment?

A.

Mature change management processes

B.

Senior management support

C.

Well-defined security policies

D.

Unannounced testing

Full Access
Question # 85

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Full Access
Question # 86

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Full Access
Question # 87

Which of the following is MOST effective in monitoring an organization's existing risk?

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Full Access
Question # 88

Which of the following BEST enables staff acceptance of information security policies?

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Full Access
Question # 89

Which of the following BEST ensures timely and reliable access to services?

A.

Nonrepudiation

B.

Authenticity

C.

Availability

D.

Recovery time objective (RTO)

Full Access
Question # 90

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.

Before relying on this certification, it is MOST important that the information security manager confirms that the:

A.

current international standard was used to assess security processes.

B.

certification will remain current through the life of the contract.

C.

certification scope is relevant to the service being offered.

D.

certification can be extended to cover the client's business.

Full Access
Question # 91

Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?

A.

To identify the organization's risk tolerance

B.

To improve security processes

C.

To align security roles and responsibilities

D.

To optimize security risk management

Full Access
Question # 92

Which of the following is MOST critical when creating an incident response plan?

A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Documenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Full Access
Question # 93

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Full Access
Question # 94

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

A.

Responsible entities

B.

Key risk indicators (KRIS)

C.

Compensating controls

D.

Potential business impact

Full Access
Question # 95

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

A.

Establishing risk metrics

B.

Training on risk management procedures

C.

Reporting on documented deficiencies

D.

Assigning a risk owner

Full Access
Question # 96

Which of the following BEST indicates that information security governance and corporate governance are integrated?

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Full Access
Question # 97

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Full Access
Question # 98

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

A.

Formalizing a security strategy and program

B.

Developing an awareness program for staff

C.

Ensuring current documentation of security processes

D.

Establishing processes within the security operations team

Full Access
Question # 99

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

A.

Conduct an impact assessment.

B.

Isolate the affected systems.

C.

Rebuild the affected systems.

D.

Initiate incident response.

Full Access
Question # 100

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

A.

Identification of risk

B.

Analysis of control gaps

C.

Design of key risk indicators (KRIs)

D.

Selection of risk treatment options

Full Access
Question # 101

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Full Access
Question # 102

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

A.

Intrusion detection

B.

Log monitoring

C.

Patch management

D.

Antivirus software

Full Access
Question # 103

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Full Access
Question # 104

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization's incident response process.

Full Access
Question # 105

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Full Access
Question # 106

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Full Access
Question # 107

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

A.

Cost of the attack to the organization

B.

Location of the attacker

C.

Method of operation used by the attacker

D.

Details from intrusion detection system (IDS) logs

Full Access
Question # 108

When investigating an information security incident, details of the incident should be shared:

A.

widely to demonstrate positive intent.

B.

only with management.

C.

only as needed,

D.

only with internal audit.

Full Access
Question # 109

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Full Access
Question # 110

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Full Access
Question # 111

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

A.

incident has been confirmed.

B.

incident has been contained.

C.

potential incident has been logged.

D.

incident has been mitigated.

Full Access
Question # 112

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

A.

Developing an information security policy based on risk assessments

B.

Establishing an information security steering committee

C.

Documenting the information security governance framework

D.

Implementing an information security awareness program

Full Access
Question # 113

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

A.

Implement the application and request the cloud service provider to fix the vulnerability.

B.

Assess whether the vulnerability is within the organization's risk tolerance levels.

C.

Commission further penetration tests to validate initial test results,

D.

Postpone the implementation until the vulnerability has been fixed.

Full Access
Question # 114

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

A.

reduces unauthorized access to systems.

B.

promotes efficiency in control of the environment.

C.

prevents inconsistencies in information in the distributed environment.

D.

allows administrative staff to make management decisions.

Full Access
Question # 115

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.

Which of the following should be given immediate focus?

A.

Moving to a zero trust access model

B.

Enabling network-level authentication

C.

Enhancing cyber response capability

D.

Strengthening endpoint security

Full Access
Question # 116

Which of the following is the BEST approach for governing noncompliance with security requirements?

A.

Base mandatory review and exception approvals on residual risk,

B.

Require users to acknowledge the acceptable use policy.

C.

Require the steering committee to review exception requests.

D.

Base mandatory review and exception approvals on inherent risk.

Full Access
Question # 117

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

A.

To compare emerging trends with the existing organizational security posture

B.

To communicate worst-case scenarios to senior management

C.

To train information security professionals to mitigate new threats

D.

To determine opportunities for expanding organizational information security

Full Access
Question # 118

Which of the following MUST happen immediately following the identification of a malware incident?

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Full Access
Question # 119

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Full Access
Question # 120

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:

A.

evaluate results of the most recent incident response test.

B.

review the number of reported security incidents.

C.

ensure established security metrics are reported.

D.

assess progress of risk mitigation efforts.

Full Access
Question # 121

Of the following, who is in the BEST position to evaluate business impacts?

A.

Senior management

B.

Information security manager

C.

IT manager

D.

Process manager

Full Access
Question # 122

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Full Access
Question # 123

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Full Access
Question # 124

Which of the following is the BEST indication of an effective information security awareness training program?

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Full Access
Question # 125

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

A.

Security risk analysis

B.

Gap assessment

C.

Maturity assessment

D.

Vulnerability scan report

Full Access
Question # 126

The BEST way to identify the risk associated with a social engineering attack is to:

A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Full Access
Question # 127

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Full Access
Question # 128

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Full Access
Question # 129

A recovery point objective (RPO) is required in which of the following?

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Full Access
Question # 130

Which of the following processes BEST supports the evaluation of incident response effectiveness?

A.

Root cause analysis

B.

Post-incident review

C.

Chain of custody

D.

Incident logging

Full Access
Question # 131

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Full Access
Question # 132

Which of the following BEST indicates that information assets are classified accurately?

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Full Access
Question # 133

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

A.

Updated security policies

B.

Defined security standards

C.

Threat intelligence

D.

Regular antivirus updates

Full Access
Question # 134

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Full Access
Question # 135

Which of the following is a desired outcome of information security governance?

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Full Access
Question # 136

Which of the following is the BEST indication ofa successful information security culture?

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Full Access
Question # 137

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Full Access
Question # 138

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Full Access
Question # 139

Which of the following is MOST important for building 4 robust information security culture within an organization?

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Full Access
Question # 140

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Full Access
Question # 141

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Full Access
Question # 142

Which of the following should be the PRIMARY objective of the information security incident response process?

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Full Access
Question # 143

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Full Access
Question # 144

Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?

A.

Capability maturity model

B.

Vulnerability assessment

C.

IT security risk and exposure

D.

Business impact analysis (BIA)

Full Access
Question # 145

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Full Access
Question # 146

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Full Access
Question # 147

A PRIMARY purpose of creating security policies is to:

A.

define allowable security boundaries.

B.

communicate management's security expectations.

C.

establish the way security tasks should be executed.

D.

implement management's security governance strategy.

Full Access
Question # 148

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

A.

Cost of replacing the asset

B.

Cost of additional mitigation

C.

Annual loss expectancy (ALE)

D.

Annual rate of occurrence

Full Access
Question # 149

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Full Access
Question # 150

Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?

A.

Review the previous risk assessment and countermeasures.

B.

Perform a new risk assessment,

C.

Evaluate countermeasures to mitigate new risks.

D.

Transfer the new risk to a third party.

Full Access
Question # 151

Which of the following is the PRIMARY role of an information security manager in a software development project?

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Full Access
Question # 152

Which of the following activities is designed to handle a control failure that leads to a breach?

A.

Risk assessment

B.

Incident management

C.

Root cause analysis

D.

Vulnerability management

Full Access
Question # 153

Who is BEST suited to determine how the information in a database should be classified?

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Full Access
Question # 154

Which of the following would BEST ensure that security is integrated during application development?

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Full Access
Question # 155

An information security manager developing an incident response plan MUST ensure it includes:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Full Access
Question # 156

Network isolation techniques are immediately implemented after a security breach to:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Full Access
Question # 157

When properly implemented, secure transmission protocols protect transactions:

A.

from eavesdropping.

B.

from denial of service (DoS) attacks.

C.

on the client desktop.

D.

in the server's database.

Full Access
Question # 158

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?

A.

Enforce the policy.

B.

Modify the policy.

C.

Present the risk to senior management.

D.

Create an exception for the deviation.

Full Access
Question # 159

When integrating security risk management into an organization it is MOST important to ensure:

A.

business units approve the risk management methodology.

B.

the risk treatment process is defined.

C.

information security policies are documented and understood.

D.

the risk management methodology follows an established framework.

Full Access
Question # 160

The PRIMARY consideration when responding to a ransomware attack should be to ensure:

A.

backups are available.

B.

the most recent patches have been applied.

C.

the ransomware attack is contained

D.

the business can operate

Full Access
Question # 161

Which of the following is MOST important to the effectiveness of an information security program?

A.

Security metrics

B.

Organizational culture

C.

IT governance

D.

Risk management

Full Access
Question # 162

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

A.

Place the web server in quarantine.

B.

Rebuild the server from the last verified backup.

C.

Shut down the server in an organized manner.

D.

Rebuild the server with relevant patches from the original media.

Full Access
Question # 163

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

A.

Management support and approval has been obtained.

B.

The incident response team has the appropriate training.

C.

An incident response maturity assessment has been conducted.

D.

A reputable managed security services provider has been engaged.

Full Access
Question # 164

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

A.

Access manager

B.

IT director

C.

System administrator

D.

Business owner

Full Access
Question # 165

Of the following, who is BEST suited to own the risk discovered in an application?

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Full Access
Question # 166

Which of the following is the MOST effective way to detect information security incidents?

A.

Implementation of regular security awareness programs

B.

Periodic analysis of security event log records

C.

Threshold settings on key risk indicators (KRIs)

D.

Real-time monitoring of network activity

Full Access
Question # 167

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

A.

Ensure a plan with milestones is developed.

B.

Implement a distributed denial of service (DDoS) control.

C.

Engage the incident response team.

D.

Define new key performance indicators (KPIs).

Full Access
Question # 168

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

A.

An industry peer experienced a recent breach with a similar application.

B.

The system can be replicated for additional use cases.

C.

The cost of implementing the system is less than the impact of downtime.

D.

The solution is within the organization's risk tolerance.

Full Access
Question # 169

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

A.

Inadequate incident response controls

B.

Lack of legal review

C.

Inadequate change control

D.

Lack of quality control

Full Access
Question # 170

Which of the following is MOST important when defining how an information security budget should be allocated?

A.

Regulatory compliance standards

B.

Information security strategy

C.

Information security policy

D.

Business impact assessment

Full Access
Question # 171

An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

A.

inventory sensitive customer data to be processed by the solution.

B.

determine information security resource and budget requirements.

C.

assess potential information security risk to the organization.

D.

develop information security requirements for the big data solution.

Full Access
Question # 172

Which of the following is the BEST defense against a brute force attack?

A.

Time-of-day restrictions

B.

Mandatory access control

C.

Discretionary access control

D.

Multi-factor authentication (MFA)

Full Access
Question # 173

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

A.

Implement compensating controls to address the risk.

B.

Report the risk associated with the policy breach.

C.

Implement a privileged access management system.

D.

Enforce the security configuration and require the change to be reverted.

Full Access
Question # 174

Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Full Access
Question # 175

Which of the following is MOST important for the effective implementation of an information security governance program?

A.

Employees receive customized information security training

B.

The program budget is approved and monitored by senior management

C.

The program goals are communicated and understood by the organization.

D.

Information security roles and responsibilities are documented.

Full Access
Question # 176

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

A.

Mapping risk scenarios according to sensitivity of data

B.

Reviewing mitigating and compensating controls for each risk scenario

C.

Mapping the risk scenarios by likelihood and impact on a chart

D.

Performing a risk assessment on the laaS provider

Full Access
Question # 177

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

A.

Eradication

B Recovery

B.

Lessons learned review

C.

Incident declaration

Full Access
Question # 178

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

A.

Lack of a risk framework

B.

Ineffective security controls

C.

Presence of known vulnerabilities

D.

Incomplete identification of threats

Full Access
Question # 179

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

A.

Gain an understanding of the current business direction.

B.

Perform a risk assessment of the current IT environment.

C.

Inventory and review current security policies.

D.

Update in accordance with the best business practices.

Full Access
Question # 180

Which of the following is the BEST way to enhance training for incident response teams?

A.

Perform post-incident reviews.

B.

Establish incident key performance indicators (KPIs).

C.

Conduct interviews with organizational units.

D.

Participate in emergency response activities.

Full Access
Question # 181

Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

A.

The information security manager

B.

The service provider that hosts the data

C.

The incident response team

D.

The business data owner

Full Access
Question # 182

Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?

A.

Service level agreement (SLA)

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Business impact analysis (BIA)

Full Access
Question # 183

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

A.

Notify senior management of the issue.

B.

Report the issue to legal personnel.

C.

Initiate contract renegotiation.

D.

Assess the extent of the issue.

Full Access
Question # 184

Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

A.

Quantitative loss

B.

Industry benchmarks

C.

Threat analysis

D.

Root cause analysis

Full Access
Question # 185

Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of

confidentiality?

A.

Ensuring hashing of administrator credentials

B.

Enforcing service level agreements (SLAs)

C.

Ensuring encryption for data in transit

D.

Utilizing a formal change management process

Full Access
Question # 186

An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?

A.

Local regulations

B.

Data backup strategy

C.

Consistency in awareness programs

D.

Organizational reporting structure

Full Access
Question # 187

Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

A.

Incident response plan

B.

Disaster recovery plan (DRP)

C.

Business continuity plan (BCP)

D.

Vulnerability management plan

Full Access
Question # 188

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

A.

the integrity of evidence is preserved.

B.

forensic investigation software is loaded on the server.

C.

the incident is reported to senior management.

D.

the server is unplugged from power.

Full Access
Question # 189

An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purposed?

A.

Guidelines

B.

Policies

C.

Procedures

D.

Standards

Full Access
Question # 190

Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

A.

Crisis management plan

B.

Disaster recovery plan (DRP)

C.

Incident response plan

D.

Business continuity plan (BCP)

Full Access
Question # 191

Which of the following is the PRIMARY benefit of an information security awareness training program?

A.

Influencing human behavior

B.

Evaluating organizational security culture

C.

Defining risk accountability

D.

Enforcing security policy

Full Access
Question # 192

Which of the following is MOST important to determine following the discovery and eradication of a malware attack?

A.

The malware entry path

B.

The creator of the malware

C.

The type of malware involved

D.

The method of detecting the malware

Full Access
Question # 193

Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?

A.

Develop service level agreements (SLAs).

B.

Stipulate insurance requirements.

C.

Require nondisclosure agreements (NDAs).

D.

Create contingency plans.

Full Access
Question # 194

Which of the following is the MOST important input to the development of an effective information security strategy?

A.

Risk and business impact assessments

B.

Business processes and requirements

C.

Current and desired state of security

D.

Well-defined security policies and procedures

Full Access
Question # 195

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

A.

To ensure industry best practices for enterprise security are followed

B.

To establish the minimum level of controls needed

C.

To determine the desired state of enterprise security

D.

To satisfy auditors' recommendations for enterprise security

Full Access
Question # 196

Which of the following is MOST important to the effectiveness of an information security steering committee?

A.

The committee has strong regulatory knowledge.

B.

The committee is comprised of representatives from senior management.

C.

The committee has cross-organizational representation.

D.

The committee uses a risk management framework.

Full Access
Question # 197

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

A.

Alignment with industry benchmarks

B.

Results of business impact analyses (BIAs)

C.

Possibility of reputational loss due to incidents

D.

Availability of security budget

Full Access
Question # 198

Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

A.

strategy.

B.

risk assessments.

C.

key performance indicators (KPIs).

D.

standards.

Full Access
Question # 199

An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Full Access
Question # 200

An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?

A.

Business impact analysis (BIA)

B.

Business continuity plan (BCP)

C.

Incident response plan

D.

Disaster recovery plan (DRP)

Full Access
Question # 201

Which of the following is the MOST important consideration when updating procedures for managing security devices?

A.

Updates based on the organization's security framework

B.

Notification to management of the procedural changes

C.

Updates based on changes m risk technology and process

D.

Review and approval of procedures by management

Full Access
Question # 202

When developing a categorization method for security incidents, the categories MUST:

A.

align with industry standards.

B.

be created by the incident handler.

C.

have agreed-upon definitions.

D.

align with reporting requirements.

Full Access
Question # 203

Which of the following would provide the MOST effective security outcome in an organizations contract management process?

A.

Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage

B.

Ensuring security requirements are defined at the request-for-proposal (RFP) stage

C.

Extending security assessment to cover asset disposal on contract termination

D.

Extending security assessment to include random penetration testing

Full Access
Question # 204

Which of the following BEST helps to enable the desired information security culture within an organization?

A.

Information security awareness training and campaigns

B.

Effective information security policies and procedures

C.

Delegation of information security roles and responsibilities

D.

Incentives for appropriate information security-related behavior

Full Access
Question # 205

An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRST step to ensure the security policy framework encompasses the new business model is to:

A.

perform a gap analysis.

B.

implement both companies' policies separately

C.

merge both companies' policies

D.

perform a vulnerability assessment

Full Access
Question # 206

Which of the following would BEST mitigate accidental data loss events?

A.

Conduct periodic user awareness training.

B.

Obtain senior management support for the information security strategy.

C.

Conduct a data loss prevention (DLP) audit.

D.

Enforce a data hard drive encryption policy.

Full Access
Question # 207

The MOST important element in achieving executive commitment to an information security governance program is:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Full Access
Question # 208

To improve the efficiency of the development of a new software application, security requirements should be defined:

A.

based on code review.

B.

based on available security assessment tools.

C.

after functional requirements.

D.

concurrently with other requirements.

Full Access
Question # 209

Which of the following should be done FIRST when a SIEM flags a potential event?

A.

Validate the event is not a false positive.

B.

Initiate the incident response plan.

C.

Escalate the event to the business owner.

D.

Implement compensating controls.

Full Access
Question # 210

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A.

Access to the hardware

B.

Data encryption

C.

Non-standard event logs

D.

Compressed customer data

Full Access
Question # 211

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

A.

Increase in false positives

B.

Increase in false negatives

C.

Decrease in false negatives

D.

Decrease in false positives

Full Access
Question # 212

A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

A.

A rules of engagement form was not signed prior to the penetration test

B.

Vulnerabilities were not found by internal tests

C.

Vulnerabilities were caused by insufficient user acceptance testing (UAT)

D.

Exploit code for one of the vulnerabilities is publicly available

Full Access
Question # 213

The contribution of recovery point objective (RPO) to disaster recovery is to:

A.

minimize outage periods.

B.

eliminate single points of failure.

C.

define backup strategy

D.

reduce mean time between failures (MTBF).

Full Access
Question # 214

Which of the following would BEST guide the development and maintenance of an information security program?

A.

A business impact assessment

B.

A comprehensive risk register

C.

An established risk assessment process

D.

The organization's risk appetite

Full Access
Question # 215

The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:

A.

the partition table on the disk has been deleted.

B.

the tile has been overwritten.

C.

all files in the directory have been deleted.

D.

high-level disk formatting has been performed.

Full Access
Question # 216

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?

A.

Alive demonstration of the third-party supplier's security capabilities

B.

The ability to i third-party supplier's IT systems and processes

C.

Third-party security control self-assessment (CSA) results

D.

An independent review report indicating compliance with industry standards

Full Access
Question # 217

The BEST way to report to the board on the effectiveness of the information security program is to present:

A.

a dashboard illustrating key performance metrics.

B.

a summary of the most recent audit findings.

C.

peer-group industry benchmarks.

D.

a report of cost savings from process improvements.

Full Access
Question # 218

Which of the following is the BEST way to obtain organization-wide support for an information security program?

A.

Mandate regular security awareness training.

B.

Develop security performance metrics.

C.

Position security as a business enabler.

D.

Prioritize security initiatives based on IT strategy.

Full Access
Question # 219

After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager's FIRST course of action should be to:

A.

determine the potential impact.

B.

reevaluate the standards.

C.

implement compensating controls.

D.

evaluate the cost of replacing the applications.

Full Access
Question # 220

How does an organization PRIMARILY benefit from the creation of an information security steering committee?

A.

An increase in information security risk awareness

B.

An increased alignment with industry security trends that impact the business

C.

An increased focus on information security resource management

D.

An increased alignment of information security with the business

Full Access
Question # 221

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager's BEST course of action?

A.

Automate user provisioning activities.

B.

Maintain strict control over user provisioning activities.

C.

Formally document IT administrator activities.

D.

Implement monitoring of IT administrator activities.

Full Access
Question # 222

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

A.

Assess the residual risk.

B.

Share lessons learned with the organization.

C.

Update the system's documentation.

D.

Allocate budget for penetration testing.

Full Access
Question # 223

Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

A.

Stakeholder feedback analysis

B.

Business continuity risk analysis

C.

Incident root cause analysis

D.

Business impact analysis (BIA)

Full Access
Question # 224

Which of the following BEST indicates the effectiveness of the vendor risk management process?

A.

Increase in the percentage of vendors certified to a globally recognized security standard

B.

Increase in the percentage of vendors with a completed due diligence review

C.

Increase in the percentage of vendors conducting mandatory security training

D.

Increase in the percentage of vendors that have reported security breaches

Full Access
Question # 225

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

A.

)the information security officer.

B.

the steering committee.

C.

the board of directors.

D.

the internal audit manager.

Full Access
Question # 226

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

A.

Execution of unauthorized commands

B.

Prevention of authorized access

C.

Defacement of website content

D.

Unauthorized access to resources

Full Access
Question # 227

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

A.

Security risk assessments

B.

Lessons learned analysis

C.

Information security audits

D.

Key performance indicators (KPIs)

Full Access
Question # 228

Recovery time objectives (RTOs) are an output of which of the following?

A.

Business continuity plan (BCP)

B.

Disaster recovery plan (DRP)

C.

Service level agreement (SLA)

D.

Business impact analysis (BIA)

Full Access
Question # 229

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?

A.

Local regulatory requirements

B.

Global framework standards

C.

Cross-border data mobility

D.

Training requirements of the framework

Full Access
Question # 230

Which of the following BEST minimizes information security risk in deploying applications to the production environment?

A.

Integrating security controls in each phase of the life cycle

B.

Conducting penetration testing post implementation

C.

Having a well-defined change process

D.

Verifying security during the testing process

Full Access
Question # 231

An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done

FIRST?

A.

Install additional application controls.

B.

Notify senior management.

C.

Invoke the incident response plan.

D.

Prevent access to the application.

Full Access
Question # 232

Which of the following is the FIRST step when conducting a post-incident review?

A.

Identify mitigating controls.

B.

Assess the costs of the incident.

C.

Perform root cause analysis.

D.

Assign responsibility for corrective actions.

Full Access
Question # 233

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?

A.

Engage an independent audit of the third party's external provider.

B.

Recommend canceling the contract with the third party.

C.

Evaluate the third party's agreements with its external provider.

D.

Conduct an external audit of the contracted third party.

Full Access
Question # 234

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

A.

Regular audits of access controls

B.

Strong background checks when hiring staff

C.

Prompt termination procedures

D.

Role-based access control (RBAC)

Full Access
Question # 235

Which of the following will BEST enable an effective information asset classification process?

A.

Including security requirements in the classification process

B.

Analyzing audit findings

C.

Reviewing the recovery time objective (RTO) requirements of the asset

D.

Assigning ownership

Full Access
Question # 236

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

A.

Ensure security is involved in the procurement process.

B.

Review the third-party contract with the organization's legal department.

C.

Conduct an information security audit on the third-party vendor.

D.

Communicate security policy with the third-party vendor.

Full Access
Question # 237

Which of the following is the BEST way to determine the effectiveness of an incident response plan?

A.

Reviewing previous audit reports

B.

Conducting a tabletop exercise

C.

Benchmarking the plan against best practices

D.

Performing a penetration test

Full Access