Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Isaca > Isaca Certification > CISM

CISM Certified Information Security Manager Question and Answers

Question # 4

Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?

A.

Maturity of incident response activities

B.

Threat environment

C.

Quantity of impacted assets

D.

Incident impact

Full Access
Question # 5

Senior management wants to thoroughly test a disaster recovery plan (DRP) for a mission-critical system. Which of the following would provide the MOST reliable results?

A.

Full interruption test

B.

Parallel test

C.

Simulation test

D.

Structured walk-through

Full Access
Question # 6

Which of the following is the PRIMARY reason for granting a security exception?

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Full Access
Question # 7

The PRIMARY purpose of implementing information security governance metrics is to:

A.

measure alignment with best practices.

B.

assess operational and program metrics.

C.

guide security towards the desired state.

D.

refine control operations.

Full Access
Question # 8

Which of the following is MOST important to consider when defining control objectives?

A.

Industry best practices

B.

An information security framework

C.

Control recommendations from a recent audit

D.

The organization ' s risk appetite

Full Access
Question # 9

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

A.

Adopt the cloud provider ' s incident response procedures.

B.

Transfer responsibility for incident response to the cloud provider.

C.

Continue using the existing incident response procedures.

D.

Revise incident response procedures to encompass the cloud environment.

Full Access
Question # 10

Which of the following is the MOST effective way to detect information security incidents?

A.

Implementation of regular security awareness programs

B.

Periodic analysis of security event log records

C.

Threshold settings on key risk indicators (KRIs)

D.

Real-time monitoring of network activity

Full Access
Question # 11

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Full Access
Question # 12

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Full Access
Question # 13

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

A.

Enterprise risk committee

B.

Information security steering committee

C.

Data privacy officer (DPO)

D.

Chief information security officer (CISO)

Full Access
Question # 14

An organization plans to implement a new e-commerce operation in a highly regulated market. Which of the following is MOST important to consider when updating the risk management strategy?

A.

Strategy of industry peers

B.

Outsourcing needs

C.

Business culture

D.

Compliance requirements

Full Access
Question # 15

Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?

A.

Develop service level agreements (SLAs).

B.

Stipulate insurance requirements.

C.

Require nondisclosure agreements (NDAs).

D.

Create contingency plans.

Full Access
Question # 16

Which of the following BEST facilitates the development of a comprehensive information security policy?

A.

Alignment with an established information security framework

B.

An established internal audit program

C.

Security key performance indicators (KPIs)

D.

Areview of recent information security incidents

Full Access
Question # 17

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?

A.

Protection of business value and assets

B.

Identification of core business strategiesC, Easier entrance into new businesses and technologies

C.

Improved regulatory compliance posture

Full Access
Question # 18

When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:

A.

Meets internal requirements

B.

Complies with industry standards

C.

Achieves projected financial benefits

D.

Delivers anticipated risk reduction

Full Access
Question # 19

What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Full Access
Question # 20

An organization has purchased an Internet sales company to extend the sales department. The information security manager ' s FIRST step to ensure the security policy framework encompasses the new business model is to:

A.

perform a gap analysis.

B.

implement both companies ' policies separately

C.

merge both companies ' policies

D.

perform a vulnerability assessment

Full Access
Question # 21

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Full Access
Question # 22

The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:

A.

Higher exposure to threats

B.

Diversity of operating systems

C.

Lack of accountability

D.

Complexity of support

Full Access
Question # 23

Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

A.

The level of inherent risk

B.

Vulnerability assessments

C.

The level of exposure

D.

Threat assessments

Full Access
Question # 24

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

A.

Performing penetration testing

B.

Improving user awareness

C.

Installing new firewalls

D.

Updating security policies

Full Access
Question # 25

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

A.

Business process owner

B.

Business continuity coordinator

C.

Senior management

D.

Information security manager

Full Access
Question # 26

Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

A.

Mobile application control

B.

Inconsistent device security

C.

Configuration management

D.

End user acceptance

Full Access
Question # 27

An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:

A.

disable the user ' s access to corporate resources.

B.

terminate the device connectivity.

C.

remotely wipe the device

D.

escalate to the user ' s management

Full Access
Question # 28

The MOST important reason for an organization to establish a social media policy is to:

A.

Protect the company brand

B.

Increase employee productivity

C.

Monitor employee activity on the internet

D.

Prevent the spread of malware

Full Access
Question # 29

An information security manager is updating the organization ' s incident response plan. Which of the following is the BEST way to validate that the process and procedures provided by IT and business units are complete, accurate, and known by all responsible teams?

A.

Review the test objectives with stakeholders.

B.

Conduct a data breach incident tabletop exercise.

C.

Conduct an incident response plan survey.

D.

Review data breach incident triage steps.

Full Access
Question # 30

Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?

A.

Provide regular security awareness training

B.

Require staff to sign confidentiality agreements

C.

Publish the information security policy on the corporate intranet

D.

Develop a RACI matrix for the organization

Full Access
Question # 31

The effectiveness of an information security governance framework will BEST be enhanced if:

A.

consultants review the information security governance framework.

B.

a culture of legal and regulatory compliance is promoted by management.

C.

risk management is built into operational and strategic activities.

D.

IS auditors are empowered to evaluate governance activities

Full Access
Question # 32

An information security manager has confirmed the organization ' s cloud provider has unintentionally published some of the organization ' s business data. Which of the following should be done NEXT?

A.

Identify users associated with the exposed data.

B.

Initiate the organization ' s data loss prevention (DLP) processes.

C.

Review the cloud provider ' s service level agreement (SLA).

D.

Invoke the incident response plan.

Full Access
Question # 33

Which of the following sources is MOST useful when planning a business-aligned information security program?

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Full Access
Question # 34

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Full Access
Question # 35

Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?

A.

Confirm the change implementation is scheduled.

B.

Verify the change request has been approved.

C.

Confirm rollback plans are in place.

D.

Notify users affected by the change.

Full Access
Question # 36

The executive management of a domestic organization has announced plans to expand operations to multiple international locations. Which of the following should be the information security manager ' s FIRST step upon learning of these plans?

A.

Perform a gap analysis against international information security standards

B.

Update security training and awareness resources accordingly

C.

Research legal and regulatory requirements impacting the new locations

D.

Prepare localized information security policies for each new location

Full Access
Question # 37

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

A.

Escalation processes

B.

Technological capabilities

C.

Recovery time objective (RTO)

D.

Security audit reports

Full Access
Question # 38

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

A.

Vendor service level agreements (SLAs)

B.

Independent review of the vendor

C.

Local laws and regulations

D.

Backup and restoration of data

Full Access
Question # 39

Which of the following backup methods requires the MOST time to restore data for an application?

A.

Full backup

B.

Incremental

C.

Differential

D.

Disk mirroring

Full Access
Question # 40

Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?

A.

Conducting a business impact analysis (BIA) to understand business priorities

B.

Analyzing the integration of information security policies and practices within business processes

C.

Performing both quantitative and qualitative risk analyses

D.

Interviewing key personnel identified within the governance framework

Full Access
Question # 41

A backdoor has been identified that enabled a cyberattack on an organization’s systems. Integrating which of the following into the software development life cycle would BEST enable the organization to mitigate similar attacks in the future?

A.

Enhanced user acceptance testing (UAT)

B.

Separation of duties

C.

Customized developer training

D.

Vulnerability testing

Full Access
Question # 42

An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?

A.

Allow the practice to continue temporarily for monitoring purposes.

B.

Disable the employees ' remote access to company email and data

C.

Initiate remote wipe of the devices

D.

Assess the business need to provide a secure solution

Full Access
Question # 43

Which of the following is a desired outcome of information security governance?

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Full Access
Question # 44

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

A.

Implementing automated vulnerability scanning in the help desk workflow

B.

Changing the default setting for all security incidents to the highest priority

C.

Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

D.

Integrating incident response workflow into the help desk ticketing system

Full Access
Question # 45

Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?

A.

Endpoint detection and response (EDR)

B.

Network intrusion detection system (NIDS)

C.

Extended detection and response (XDR)

D.

Security information and event management (SIEM)

Full Access
Question # 46

Which of the following is MOST important to include in monthly information security reports to the board?

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Full Access
Question # 47

Which of the following BEST enables the integration of information security governance into corporate governance?

A.

Well-decumented information security policies and standards

B.

An information security steering committee with business representation

C.

Clear lines of authority across the organization

D.

Senior management approval of the information security strategy

Full Access
Question # 48

During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?

A.

Providing annual information security awareness training

B.

Conducting periodic vulnerability scanning

C.

Implementing a strict change control process

D.

Updating configuration baselines

Full Access
Question # 49

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

A.

Update in accordance with the best business practices.

B.

Perform a risk assessment of the current IT environment.

C.

Gain an understanding of the current business direction.

D.

Inventory and review current security policies.

Full Access
Question # 50

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

A.

Post-incident review

B.

Eradication

C.

Containment

D.

Identification

Full Access
Question # 51

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Full Access
Question # 52

Which of the following is the MOST important objective when planning an incident response program?

A.

Managing resources

B.

Ensuring IT resiliency

C.

Recovering from a disaster

D.

Minimizing business impact

Full Access
Question # 53

Information security policies should PRIMARILY reflect alignment with:

A.

an information security framework.

B.

industry best practices.

C.

data security standards.

D.

senior management intent.

Full Access
Question # 54

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

A.

Ownership of security

B.

Compliance with policies

C.

Auditability of systems

D.

Allocation of training resources

Full Access
Question # 55

A new information security reporting requirement will soon become effective. Which of the following should be the information security manager ' s FIRST action?

A.

Conduct a cost-benefit analysis related to noncompliance with the new requirement.

B.

Perform a gap assessment against the new requirement.

C.

Investigate to determine whether the new requirement applies to the business.

D.

Inform senior management of the new requirement.

Full Access
Question # 56

Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Full Access
Question # 57

After a ransomware incident an organization ' s systems were restored. Which of the following should be of MOST concern to the information security manager?

A.

The service level agreement (SLA) was not met.

B.

The recovery time objective (RTO) was not met.

C.

The root cause was not identified.

D.

Notification to stakeholders was delayed.

Full Access
Question # 58

Which of the following is the GREATEST benefit of classifying information security incidents?

A.

Reporting capabilities

B.

Improved chain of custody

C.

Comprehensive documentation

D.

Prioritized recovery

Full Access
Question # 59

Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

A.

select mobile device management (MDM) software.

B.

survey employees for requested applications.

C.

develop an acceptable use policy.

D.

review currently utilized applications.

Full Access
Question # 60

An organization ' s HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

A.

Multi-factor authentication (MFA) system

B.

Identity and access management (IAM) system

C.

Privileged access management (PAM) system

D.

Governance, risk, and compliance (GRC) system

Full Access
Question # 61

An organization has recently purchased cybersecurity insurance after the board voiced concern about the potential for a security breach. With this response to the perceived risk, the organization:

A.

Has avoided the risk associated with a security breach

B.

Can safely reduce its internal security expenditure

C.

Remains ultimately accountable for the impact of a breach

D.

Has implemented redundant controls against a breach

Full Access
Question # 62

A business continuity plan (BCP) should contain:

A.

Hardware and software inventories

B.

Data restoration procedures

C.

Information about eradication activities

D.

Criteria for activation

Full Access
Question # 63

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Full Access
Question # 64

The BEST way to integrate information security governance with corporate governance is to ensure:

A.

the information security steering committee monitors compliance with security policies.

B.

management teams embed information security into business processes.

C.

awareness programs include industry best practice for information security governance.

D.

the information security program is included in regular external audits.

Full Access
Question # 65

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

A.

Vulnerability assessment

B.

Asset classification

C.

Threat analysis

D.

Internal audit findings

Full Access
Question # 66

What is the role of the information security manager in finalizing contract negotiations with service providers?

A.

To perform a risk analysis on the outsourcing process

B.

To obtain a security standard certification from the provider

C.

To update security standards for the outsourced process

D.

To ensure that clauses for periodic audits are included

Full Access
Question # 67

Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?

A.

Mitigate

B.

Avoid

C.

Transfer

D.

Accept

Full Access
Question # 68

When establishing an information security governance framework, it is MOST important for an information security manager to understand:

A.

information security best practices.

B.

risk management techniques.

C.

the threat environment.

D.

the corporate culture.

Full Access
Question # 69

To optimize the implementation of information security governance in an organization, an information security manager should:

A.

Make gradual changes to governance to minimize employee resistance

B.

Ensure change control processes are in place

C.

Utilize existing governance structures when possible

D.

Implement processes consistent with international standards

Full Access
Question # 70

Which of the following would be MOST helpful to identify worst-case disruption scenarios?

A.

Business impact analysis (BIA)

B.

Business process analysis

C.

SWOT analysis

D.

Cast-benefit analysis

Full Access
Question # 71

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor ' s independent control reports.

Full Access
Question # 72

An organization that has recently suffered a cyberattack is considering engaging law enforcement. Which of the following is the MOST important course of action for the incident response team?

A.

Encrypt digital evidence

B.

Solicit input from senior management

C.

Engage legal counsel

D.

Hire a digital forensic expert for evidence analysis

Full Access
Question # 73

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

A.

Training project managers on risk assessment

B.

Having the information security manager participate on the project steering committees

C.

Applying global security standards to the IT projects

D.

Integrating the risk assessment into the internal audit program

Full Access
Question # 74

It is MOST important that risk owners understand they are accountable for:

A.

Reporting risk metrics and control compliance status to the information security manager

B.

Escalating control deficiencies associated with the risk to the steering committee for decision making

C.

Collaborating with stakeholders to evaluate the effectiveness of controls associated with the risk

D.

Overseeing and monitoring the effectiveness of controls associated with the risk

Full Access
Question # 75

Which of the following defines the triggers within a business continuity plan (BCP)? @

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Full Access
Question # 76

An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?

A.

Include the requirement in information security awareness materials

B.

Perform a policy compliance assessment

C.

Ensure the policy has been communicated to the system administrators

Full Access
Question # 77

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

A.

Assessing how peer organizations using the same technologies have been impacted

B.

Understanding the impact on existing resources

C.

Reviewing vendor contracts and service level agreements (SLAs)

D.

Developing training for end users to familiarize them with the new technology

Full Access
Question # 78

Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?

A.

Contractual provisions for the right to audit

B.

Contractual provisions for data repatriation

C.

Effective data loss prevention (DLP) controls

D.

The purchase of cybersecurity insurance

Full Access
Question # 79

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization ' s risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Full Access
Question # 80

Which of the following is the MOST important factor in successfully implementing Zero Trust?

A.

Preferring networks that have undergone penetration testing

B.

Focusing on logging and monitoring of user behavior

C.

Authenticating and authorizing strategic points of the architecture

D.

Understanding each component of the network

Full Access
Question # 81

Which of the following is the GREATEST benefit resulting from the introduction of data security standards for payment cards?

A.

It helps achieve the holistic protection of information assets in the industry.

B.

It deters hackers from committing crimes related to card payments.

C.

It optimizes budget allocation for cybersecurity in each organization.

D.

It enables a wider range of more sophisticated payment methods.

Full Access
Question # 82

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?

A.

Establish processes to publish content on social networks.

B.

Assess the security risk associated with the use of social networks.

C.

Conduct vulnerability assessments on social network platforms.

D.

Develop security controls for the use of social networks.

Full Access
Question # 83

The contribution of recovery point objective (RPO) to disaster recovery is to:

A.

minimize outage periods.

B.

eliminate single points of failure.

C.

define backup strategy

D.

reduce mean time between failures (MTBF).

Full Access
Question # 84

In a call center, the BEST reason to conduct a social engineering is to:

A.

Identify candidates for additional security training.

B.

minimize the likelihood of successful attacks.

C.

gain funding for information security initiatives.

D.

improve password policy.

Full Access
Question # 85

An organization ' s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

A.

the chief risk officer (CRO).

B.

business senior management.

C.

the information security manager.

D.

the compliance officer.

Full Access
Question # 86

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

A.

relates the investment to the organization ' s strategic plan.

B.

translates information security policies and standards into business requirements.

C.

articulates management ' s intent and information security directives in clear language.

D.

realigns information security objectives to organizational strategy.

Full Access
Question # 87

Which of the following should be the MOST important consideration when reviewing an information security strategy?

A.

Recent security incidents

B.

New business initiatives

C.

Industry security standards

D.

Internal audit findings

Full Access
Question # 88

Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?

A.

Limiting the number of KRIs

B.

Comprehensively reporting on KRIs

C.

Aggregating common KRIs

D.

Linking KRIs to specific risks

Full Access
Question # 89

What should an information security manager verify FIRST when reviewing an information asset management program?

A.

System owners have been identified.

B.

Key applications have been secured.

C.

Information assets have been classified.

D.

Information assets have been inventoried.

Full Access
Question # 90

Which of the following should be the FIRST consideration when developing a strategy for protecting an organization ' s data?

A.

Classification

B.

Encryption

C.

Access monitoring

D.

Access rights

Full Access
Question # 91

Who is accountable for approving an information security governance framework?

A.

The board of directors

B.

The chief information security officer (ClSO)

C.

The enterprise risk committee

D.

The chief information officer (CIO)

Full Access
Question # 92

Which of the following is the FIRST step to establishing an effective information security program?

A.

Conduct a compliance review.

B.

Assign accountability.

C.

Perform a business impact analysis (BIA).

D.

Create a business case.

Full Access
Question # 93

Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?

A.

Root cause analysis

B.

Continuous log monitoring

C.

Penetration testing

D.

Computer forensics

Full Access
Question # 94

An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?

A.

Operations manager

B.

Service owner

C.

Information security manager

D.

Incident response team

Full Access
Question # 95

A common drawback of email software packages that provide native encryption of messages is that the encryption:

A.

cannot encrypt attachments

B.

cannot interoperate across product domains.

C.

has an insufficient key length.

D.

has no key-recovery mechanism.

Full Access
Question # 96

Which of the following is MOST important to include in an information security status report to senior management?

A.

Key risk indicators (KRIs)

B.

Review of information security policies

C.

Information security budget requests

D.

List of recent security events

Full Access
Question # 97

For which of the following is it MOST important that system administrators be restricted to read-only access?

A.

User access log files

B.

Administrator user profiles

C.

Administrator log files

D.

System logging options

Full Access
Question # 98

The MOST appropriate time to conduct a disaster recovery test would be after:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Full Access
Question # 99

Which of the following is the MOST important consideration when determining which type of failover site to employ?

A.

Reciprocal agreements

B.

Disaster recovery test results

C.

Recovery time objectives (RTOs)

D.

Data retention requirements

Full Access
Question # 100

Which of the following is the BEST indication of information security strategy alignment with the “ &

A.

Percentage of information security incidents resolved within defined service level agreements (SLAs)

B.

Percentage of corporate budget allocated to information security initiatives

C.

Number of business executives who have attended information security awareness sessions

D.

Number of business objectives directly supported by information security initiatives

Full Access
Question # 101

To ensure that a new application complies with information security policy, the BEST approach is to:

A.

review the security of the application before implementation.

B.

integrate functionality the development stage.

C.

perform a vulnerability analysis.

D.

periodically audit the security of the application.

Full Access
Question # 102

Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?

A.

Information security manager

B.

Chief risk officer (CRO)

C.

Information security steering committee

D.

Risk owner

Full Access
Question # 103

During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?

A.

The certification includes industry-recognized security controls.

B.

The certification was issued within the last five years.

C.

The certification is issued for the specific scope.

D.

The certification is easily verified.

Full Access
Question # 104

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?

A.

Business impact analysis (BIA)

B.

Business requirements

C.

Supplier requirements

D.

Risk appetite

Full Access
Question # 105

Which of the following provides the BEST indication of the return on information security investment?

A.

Increased annualized loss expectancy (ALE)

B.

Increased number of reported incidents

C.

Reduced annualized loss expectancy (ALE)

D.

Decreased number of reported incidents

Full Access
Question # 106

Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?

A.

The risks are reported to the business unit’s senior management

B.

The risks are escalated to the IT department for remediation

C.

The risks are communicated to the central risk function

D.

The risks are entered in the organization ' s risk register

Full Access
Question # 107

Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?

A.

Information security manager

B.

IT risk manager

C.

Internal auditor

D.

Risk owner

Full Access
Question # 108

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Full Access
Question # 109

Which of the following BEST enables staff acceptance of information security policies?

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Full Access
Question # 110

Which of the following provides an information security manager with the MOST useful information on new threats and emerging risks that could impact business objectives?

A.

External audit report

B.

Internal threat analysis report

C.

Industry threat intelligence report

D.

Internal vulnerability assessment report

Full Access
Question # 111

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

A.

Legal and regulatory requirements

B.

Likelihood of a disaster

C.

Organizational tolerance to service interruption

D.

Geographical location of the backup site

Full Access
Question # 112

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

A.

While responding to the incident

B.

During a tabletop exercise

C.

During post-incident review

D.

After a risk reassessment

Full Access
Question # 113

Which of the following risks is an example of risk transfer?

A.

Utilizing third-party applications

B.

Moving risk ownership to another department

C.

Conducting off-site backups

D.

Purchasing cybersecurity insurance

Full Access
Question # 114

Which of the following events would MOST likely require a revision to the information security program?

A.

An increase in industry threat level .

B.

A significant increase in reported incidents

C.

A change in IT management

D.

A merger with another organization

Full Access
Question # 115

Which of the following BEST enables an organization to maintain legally admissible evidence7

A.

Documented processes around forensic records retention

B.

Robust legal framework with notes of legal actions

C.

Chain of custody forms with points of contact

D.

Forensic personnel training that includes technical actions

Full Access
Question # 116

Which of the following is MOST important to consider when determining asset valuation?

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Full Access
Question # 117

Risk treatment options should PRIMARILY focus on:

A.

The criticality of impacted assets

B.

Reducing risk to an acceptable level

C.

High- and medium-rated risks

D.

Inherent and residual risks

Full Access
Question # 118

Which of the following business units should own the data that populates an identity management system?

A.

Human resources (HR)

B.

Legal

C.

Information technology

D.

Information security

Full Access
Question # 119

An information security team is investigating an alleged breach of an organization ' s network. Which of the following would be the BEST single source of evidence to review?

A.

File integrity monitoring software

B.

Security information and event management (SIEM) tool

C.

Antivirus software

D.

Intrusion detection system (IDS)

Full Access
Question # 120

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Full Access
Question # 121

Which of the following is MOST helpful in determining an organization ' s current capacity to mitigate risks?

A.

Capability maturity model

B.

Vulnerability assessment

C.

IT security risk and exposure

D.

Business impact analysis (BIA)

Full Access
Question # 122

Which of the following is MOST important to the successful implementation of an information security program?

A.

Adequate security resources are allocated to the program.

B.

Key performance indicators (KPIs) are defined.

C.

A balanced scorecard is approved by the steering committee.

D.

The program is developed using global security standards.

Full Access
Question # 123

Spoofing should be prevented because it may be used to:

A.

gain illegal entry to a secure system by faking the sender ' s address,

B.

predict which way a program will branch when an option is presented

C.

assemble information, track traffic, and identify network vulnerabilities.

D.

capture information such as passwords traveling through the network

Full Access
Question # 124

At what point should risk ownership be assigned?

A.

When the risk treatment plan is executed

B.

When asset ownership is assigned

C.

When the risk is identified

D.

When the related vulnerability is identified

Full Access
Question # 125

Which of the following is the MOST beneficial outcome of testing an incident response plan?

A.

The response includes escalation to senior management

B.

Incident response time is improved

C.

The plan is enhanced to reflect the findings of the test

D.

Test plan results are documented

Full Access
Question # 126

Which of the following should be the PRIMARY outcome of an information security program?

A.

Strategic alignment

B.

Risk elimination

C.

Cost reduction

D.

Threat reduction

Full Access
Question # 127

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Full Access
Question # 128

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Full Access
Question # 129

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

A.

Assess changes in the risk profile.

B.

Activate the disaster recovery plan (DRP).

C.

Invoke the incident response plan.

D.

Conduct security awareness training.

Full Access
Question # 130

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

A.

Revise the procurement process.

B.

Update the change management process.

C.

Discuss the issue with senior leadership.

D.

Remove the application from production.

Full Access
Question # 131

Which of the following is the PRIMARY purpose of implementing information security standards?

A.

To provide management direction with a specific security objective

B.

To provide a basis for developing information security policies

C.

To provide step-by-step instructions for performing security-related tasks

D.

To establish a minimum acceptable security baseline

Full Access
Question # 132

Which of the following provides an information security manager with the MOST accurate indication of the organization ' s ability to respond to a cyber attack?

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Full Access
Question # 133

Which of the following is MOST helpful to identify whether information security policies have been followed?

A.

Preventive controls

B.

Detective controls

C.

Directive controls

D.

Corrective controls

Full Access
Question # 134

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

A.

Perform a full data backup.

B.

Conduct ransomware awareness training for all staff.

C.

Update indicators of compromise in the security systems.

D.

Review the current risk assessment.

Full Access
Question # 135

Which of the following is established during the preparation phase of an incident response plan?

A.

Recovery time objectives (RTOs)

B.

Chain of custody procedures

C.

Stakeholder communication plan

D.

Mean time to respond (MTTR)

Full Access
Question # 136

Which of the following is the PRIMARY reason to assign a risk owner in an organization?

A.

To remediate residual risk

B.

To define responsibilities

C.

To ensure accountability

D.

To identify emerging risk

Full Access
Question # 137

Which of the following would BEST help to ensure appropriate security controls are built into software?

A.

Integrating security throughout the development process

B.

Performing security testing prior to deployment

C.

Providing standards for implementation during development activities

D.

Providing security training to the software development team

Full Access
Question # 138

An organization recently activated its business continuity plan (BCP). Employees were notified during the event, but some did not fully follow the communications plan. What is the BEST way to prevent a recurrence?

A.

Enhance external communication instructions in the BCP

B.

Perform tabletop testing with appropriate employees

C.

Incentivize employees for following the plan

D.

Update the business impact analysis (BIA)

Full Access
Question # 139

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Full Access
Question # 140

An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:

A.

the business users.

B.

the information owners.

C.

the system administrators.

D.

senior management.

Full Access
Question # 141

Which of the following is the BEST way to help ensure an organization ' s risk appetite will be considered as part of the risk treatment process?

A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Full Access
Question # 142

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

A.

Intrusion detection

B.

Log monitoring

C.

Patch management

D.

Antivirus software

Full Access
Question # 143

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Full Access
Question # 144

Which of the following principles BEST addresses the protection of data from unauthorized modification?

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Authenticity

Full Access
Question # 145

The effectiveness of an incident response team will be GREATEST when:

A.

the incident response team meets on a regular basis to review log files.

B.

the incident response team members are trained security personnel.

C.

the incident response process is updated based on lessons learned.

D.

incidents are identified using a security information and event monitoring {SIEM) system.

Full Access
Question # 146

Which of the following has the GREATEST influence on the successful integration of information security within the business?

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Full Access
Question # 147

An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software security?

A.

Security training for the service provider’s software development staff

B.

Independent assessment against a relevant standard

C.

Verification of certifications held by the individual developers

D.

Review of the service provider’s software development policies

Full Access
Question # 148

An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?

A.

Conduct a risk assessment.

B.

Communicate the changes to stakeholders.

C.

Update the organization ' s risk register.

D.

Develop a policy exception process.

Full Access
Question # 149

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization ' s information security policy,

Full Access
Question # 150

An information security program is BEST positioned for success when it is closely aligned with:

A.

information security best practices.

B.

recognized industry frameworks.

C.

information security policies.

D.

the information security strategy.

Full Access
Question # 151

Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?

A.

To improve awareness of information security

B.

To disclose the root cause of the incident

C.

To increase goodwill toward the organization

D.

To comply with regulations regarding notification

Full Access
Question # 152

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization ' s information security strategy?

A.

Internal security audit

B.

External security audit

C.

Organizational risk appetite

D.

Business impact analysis (BIA)

Full Access
Question # 153

When developing a categorization method for security incidents, the categories MUST:

A.

align with industry standards.

B.

be created by the incident handler.

C.

have agreed-upon definitions.

D.

align with reporting requirements.

Full Access
Question # 154

Which of the following is the MOST important consideration when evaluating the performance of existing security controls?

A.

Obtaining senior management support to facilitate testing

B.

Interviewing control owners to accurately collect metrics data

C.

Selecting testing methods that match the purpose of the testing

D.

Establishing testing scenarios based on international standards

Full Access
Question # 155

Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

A.

To reduce the overall cost of policy development

B.

To share responsibility for addressing security breaches

C.

To decrease the workload of the IT department

D.

To gain acceptance of the policy across the organization

Full Access
Question # 156

A new regulatory requirement affecting an organization ' s information security program is released. Which of the following should be the information security manager ' s FIRST course of action?

A.

Perform a gap analysis.

B.

Conduct benchmarking.

C.

Notify the legal department.

D.

Determine the disruption to the business.

Full Access
Question # 157

Which of the following should be the PRIMARY goal of information security?

A.

Information management

B.

Regulatory compliance

C.

Data governance

D.

Business alignment

Full Access
Question # 158

Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?

A.

The strategy aligns with management’s acceptable level of risk.

B.

The strategy addresses ineffective information security controls.

C.

The strategy aligns with industry benchmarks and standards.

D.

The strategy addresses organizational maturity and the threat environment.

Full Access
Question # 159

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

A.

Perform a risk assessment

B.

Perform a gap analysis

C.

Review information security policies

D.

Review the state of security awareness

Full Access
Question # 160

Which of the following is MOST difficult to measure following an information security breach?

A.

Reputational damage

B.

Human resource costs

C.

Regulatory sanctions

D.

Replacement efforts

Full Access
Question # 161

Which of the following MUST be established to maintain an effective information security governance framework?

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Full Access
Question # 162

Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?

A.

It offers the organization flexible deployment options using cloud infrastructure.

B.

It allows the organization to prioritize its core operations.

C.

It is more secure than traditional data backup architecture.

D.

It allows the use of a professional response team at a lower cost.

Full Access
Question # 163

Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?

A.

Program metrics

B.

Key risk indicators (KRIs)

C.

Risk register

D.

Security strategy

Full Access
Question # 164

What should be the PRIMARY objective of an information classification scheme?

A.

To meet legislative and regulatory requirements

B.

To develop an asset inventory

C.

To define data retention requirements

D.

To implement controls proportionate to risk

Full Access
Question # 165

What is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

A.

To share responsibility for addressing security breaches

B.

To gain acceptance of the policy across the organization

C.

To decrease the workload of the IT department

D.

To reduce the overall cost of policy development

Full Access
Question # 166

What is the MOST important consideration for an organization operating in a highly regulated market when new regulatory requirements with high impact to the business need to be implemented?

A.

Engaging an external audit

B.

Establishing compensating controls

C.

Enforcing strong monitoring controls

D.

Conducting a gap analysis

Full Access
Question # 167

Which of the following is the BEST control to protect customer personal information that is stored in the cloud?

A.

Timely deletion of digital records

B.

Appropriate data anonymization

C.

Strong encryption methods

D.

Strong physical access controls

Full Access
Question # 168

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

A.

Purchase forensic standard operating procedures.

B.

Provide forensics training to the information security team.

C.

Ensure the incident response policy allows hiring a forensics firm.

D.

Retain a forensics firm prior to experiencing an incident.

Full Access
Question # 169

When properly implemented, secure transmission protocols protect transactions:

A.

from eavesdropping.

B.

from denial of service (DoS) attacks.

C.

on the client desktop.

D.

in the server ' s database.

Full Access
Question # 170

Which of the following is the PRIMARY impact of organizational culture on the effectiveness of an information security program?

A.

The culture shapes behaviors toward information security.

B.

The culture defines responsibilities necessary for program implementation.

C.

The culture helps determine budget for information security controls.

D.

The culture has minimal impact as long as information security controls are adhered to.

Full Access
Question # 171

Which of the following is the BEST method to ensure compliance with password standards?

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Full Access
Question # 172

Which of the following is MOST important when designing security controls for new cloud-based services?

A.

Evaluating different types of deployment models according to the associated risks

B.

Understanding the business and IT strategy for moving resources to the cloud

C.

Defining an incident response policy to protect data moving between onsite and cloud applications

D.

Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies

Full Access
Question # 173

Which of the following would BEST guide the development and maintenance of an information security program?

A.

A business impact assessment

B.

A comprehensive risk register

C.

An established risk assessment process

D.

The organization ' s risk appetite

Full Access
Question # 174

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Full Access
Question # 175

Which of the following is MOST important when defining how an information security budget should be allocated?

A.

Regulatory compliance standards

B.

Information security strategy

C.

Information security policy

D.

Business impact assessment

Full Access
Question # 176

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Full Access
Question # 177

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

A.

Network address translation (NAT)

B.

Message hashing

C.

Transport Layer Security (TLS)

D.

Multi-factor authentication

Full Access
Question # 178

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

A.

Feedback from affected departments

B.

Historical data from past incidents

C.

Technical capabilities of the team

D.

Procedures for incident triage

Full Access
Question # 179

An organization has determined that fixing a security vulnerability in a critical application is too costly to be feasible, but the impact is material to the business. Which of the following is the MOST appropriate risk treatment?

A.

Purchase cybersecurity insurance.

B.

Accept the risk associated with continued use of the application.

C.

Implement compensating controls for the application.

D.

Discontinue using the application.

Full Access
Question # 180

Which of the following is the GREATEST concern with implementing all controls recommended by a security framework?

A.

Increased time for implementation

B.

Lack of approval from senior management

C.

Negative return on investment

D.

Increased risk levels

Full Access
Question # 181

Which of the following is the MOST important consideration for an incident response team seeking to limit the impact of incidents?

A.

Senior management’s understanding of the risk appetite

B.

Year-to-year analysis of incident response training completion

C.

Understanding of the organization’s operational requirements

D.

Allocation of funding assigned to incident management functions

Full Access
Question # 182

Which of the following BEST encourages staff to report issues related to information security?

A.

Tabletop exercises are performed on a regular basis

B.

Incentives are offered for security skills training

C.

The leaders set a positive security culture

D.

Formal incident response processes are in place

Full Access
Question # 183

Which of the following documents should contain the INITIAL prioritization of recovery of services?

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Full Access
Question # 184

Which of the following is the BEST source of information to support an organization ' s information security vision and strategy?

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Full Access
Question # 185

An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?

A.

Perform a gap analysis.

B.

Consult with senior management on the best course of action.

C.

Implement a program of work to comply with the new legislation.

D.

Understand the cost of noncompliance.

Full Access
Question # 186

Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?

A.

Stakeholder plan

B.

Escalation plan

C.

Up-to-date risk register

D.

Asset classification

Full Access
Question # 187

Which of the following should be done NEXT following senior management ' s decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

A.

Encrypt data in transit and at rest.

B.

Complete a return on investment (ROI) analysis.

C.

Create and implement a data minimization plan.

D.

Conduct a gap analysis.

Full Access
Question # 188

Which of the following would BEST address the risk of a system failing to detect a breach?

A.

User access reviews

B.

Log monitoring

C.

Vulnerability scanning

D.

Security control testing

Full Access
Question # 189

An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?

A.

Assemble the incident response team to evaluate the incidents

B.

Initiate the crisis communication plan to notify stakeholders of the incidents

C.

Engage external incident response consultants to conduct an independent investigation

D.

Prioritize the incidents based on data classification standards

Full Access
Question # 190

Which of the following is the MOST effective way to ensure information security policies are understood?

A.

Implement a whistle-blower program.

B.

Provide regular security awareness training.

C.

Include security responsibilities in job descriptions.

D.

Document security procedures.

Full Access
Question # 191

Which of the following MOST directly influences the efficiency of incident response immediately after an incident has been detected?

A.

Incident containment and mitigation

B.

Root cause analysis

C.

Incident categorization

D.

Lessons learned

Full Access
Question # 192

The PRIMARY goal to a post-incident review should be to:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Full Access
Question # 193

Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

A.

Quantitative loss

B.

Industry benchmarks

C.

Threat analysis

D.

Root cause analysis

Full Access
Question # 194

Which of the following will BEST facilitate integrating the information security program into corporate governance?

A.

Documentation of the threat landscape

B.

An up-to-date security strategy

C.

A minimum security baseline

D.

Documentation of residual risk

Full Access
Question # 195

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Full Access
Question # 196

An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?

A.

Review of the audit logs

B.

Ownership of the data

C.

Employee ' s job role

D.

Valid use case

Full Access
Question # 197

An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

A.

The cloud provider can meet recovery point objectives (RPOs).

B.

The cloud provider adheres to applicable regulations.

C.

The cloud provider’s service level agreement (SLA) includes availability requirements.

D.

The hosting contract has a termination clause.

Full Access
Question # 198

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Full Access
Question # 199

Which of the following is the BEST way to present the status of an information security program to senior management?

A.

Provide detailed information regarding risk exposure

B.

Display concise dashboards

C.

Detail the latest security trends

D.

Report on root causes of security incidents

Full Access
Question # 200

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

A.

Centralized logging

B.

Time clock synchronization

C.

Available forensic tools

D.

Administrator log access

Full Access
Question # 201

Which of the following is the PRIMARY objective of incident triage?

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Full Access
Question # 202

Which of the following BEST helps to enable the desired information security culture within an organization?

A.

Information security awareness training and campaigns

B.

Effective information security policies and procedures

C.

Delegation of information security roles and responsibilities

D.

Incentives for appropriate information security-related behavior

Full Access
Question # 203

When developing security processes for handling credit card data on the business unit ' s information system, the information security manager should FIRST:

A.

ensure alignment with industry encryption standards.

B.

ensure that systems that handle credit card data are segmented.

C.

review industry best practices for handling secure payments.

D.

review corporate policies regarding credit card information.

Full Access
Question # 204

Which of the following is an input used to calculate system-level risk?

A.

Key risk indicators

B.

Business impact analysis

C.

System risk appetite

D.

System vulnerabilities

Full Access
Question # 205

Which of the following is the MOST important consideration when attempting to create a security-focused culture?

A.

Current security strategy benchmarks against peer organizations

B.

The regional rules and legislation regarding information security

C.

The current security awareness level of the employees

D.

The organization’s existing security policies, procedures, and frameworks

Full Access
Question # 206

A recovery point objective (RPO) is required in which of the following?

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Full Access
Question # 207

Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?

A.

Security information and event management (SIEM)

B.

Extended detection and response (XDR)

C.

Endpoint detection and response (EDR)

D.

Network intrusion detection system (NIDS)

Full Access
Question # 208

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

A.

Implement a mobile device policy and standard.

B.

Provide employee training on secure mobile device practices.

C.

Implement a mobile device management (MDM) solution.

D.

Require employees to install an effective anti-malware app.

Full Access
Question # 209

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

A.

Legal

B.

Information security

C.

Help desk

D.

Human resources (HR)

Full Access
Question # 210

Which of the following is the MOST important factor of a successful information security program?

A.

The program follows industry best practices.

B.

The program is based on a well-developed strategy.

C.

The program is cost-efficient and within budget,

D.

The program is focused on risk management.

Full Access
Question # 211

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

A.

Obtain an independent audit report.

B.

Require the provider to follow stringent data classification procedures.

C.

Include high penalties for security breaches in the contract.

D.

Review the provider ' s information security policies.

Full Access
Question # 212

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel ' s opinion on the standard ' s applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Full Access
Question # 213

Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

A.

Incident management procedures

B.

Incident management policy

C.

System risk assessment

D.

Organizational risk register

Full Access
Question # 214

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:

A.

signature analysis.

B.

behavior analysis.

C.

penetration testing.

D.

data packet analysis.

Full Access
Question # 215

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

A.

Developing an information security policy based on risk assessments

B.

Establishing an information security steering committee

C.

Documenting the information security governance framework

D.

Implementing an information security awareness program

Full Access
Question # 216

A business impact analysis (BIA) BEST enables an organization to establish:

A.

annualized loss expectancy (ALE).

B.

recovery methods.

C.

total cost of ownership (TCO).

D.

restoration priorities.

Full Access
Question # 217

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Full Access
Question # 218

After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager ' s FIRST course of action should be to:

A.

determine the potential impact.

B.

reevaluate the standards.

C.

implement compensating controls.

D.

evaluate the cost of replacing the applications.

Full Access
Question # 219

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

A.

Recovery

B.

Identification

C.

Containment

D.

Preparation

Full Access
Question # 220

The PRIMARY objective of a post-incident review of an information security incident is to:

A.

update the risk profile

B.

minimize impact

C.

prevent recurrence.

D.

determine the impact

Full Access
Question # 221

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization ' s data by the user

D.

Monitoring how often the smartphone is used

Full Access
Question # 222

Which of the following roles has the PRIMARY responsibility to ensure the operating effectiveness of IT controls?

A.

Risk owner

B.

Control tester

C.

IT compliance leader

D.

Information security manager

Full Access
Question # 223

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Full Access
Question # 224

Which of the following is the BEST indication of an effective information security awareness training program?

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Full Access
Question # 225

Which of the following is MOST important to emphasize when presenting information to gain senior management support for control enhancements?

A.

Residual risk exposure

B.

Threats against internal systems

C.

Control gaps within defense-in-depth architecture

D.

Recent data breaches in the same industry sector

Full Access
Question # 226

Which of the following is the MOST effective control to prevent proliferation of shadow IT?

A.

Install a solution to detect unlicensed software.

B.

Conduct software audits.

C.

Implement a software allow list.

D.

Conduct periodic vulnerability scanning.

Full Access
Question # 227

Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?

A.

Risk assessment program

B.

Information security awareness training

C.

Information security governance

D.

Information security metrics

Full Access
Question # 228

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager ' s BEST course of action when developing security standards for mobile access to the organization ' s network?

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Full Access
Question # 229

Which of the following is the MOST common cause of cybersecurity breaches?

A.

Lack of adequate password rotation

B.

Human error

C.

Abuse of privileged accounts

D.

Lack of control baselines

Full Access
Question # 230

Which of the following is the MOST critical activity for an information security manager to perform periodically throughout the term of a contract with an outsourced third party?

A.

Participatory disaster recovery testing

B.

Comprehensive risk assessments

C.

Service level agreement (SLA) updates

D.

Financial alignment reviews

Full Access
Question # 231

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

A.

the security organization structure.

B.

international security standards.

C.

risk assessment results.

D.

the most stringent requirements.

Full Access
Question # 232

Which of the following would BEST support the business case for an increase in the information security budget?

A.

Cost-benefit analysis results

B.

Comparison of information security budgets with peer organizations

C.

Business impact analysis (BIA) results

D.

Frequency of information security incidents

Full Access
Question # 233

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

A.

Implement the application and request the cloud service provider to fix the vulnerability.

B.

Assess whether the vulnerability is within the organization ' s risk tolerance levels.

C.

Commission further penetration tests to validate initial test results,

D.

Postpone the implementation until the vulnerability has been fixed.

Full Access
Question # 234

Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

A.

Increasing false negatives

B.

Decreasing false negatives

C.

Decreasing false positives

D.

Increasing false positives

Full Access
Question # 235

Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?

A.

The risks are entered in the organization ' s risk register.

B.

The risks are reported to the business unit ' s senior management.

C.

The risks are escalated to the IT department for remediation.

D.

The risks are communicated to the central risk function.

Full Access
Question # 236

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

A.

IT strategy

B.

Security architecture

C.

Business case

D.

Risk assessment

Full Access
Question # 237

Which of the following is MOST important to the ongoing success of an information security program?

A.

Executive sponsorship

B.

Skilled personnel

C.

Process automation

D.

Regular awareness training

Full Access
Question # 238

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

A.

Eliminate privileged accounts.

B.

Perform periodic certification of access to privileged accounts.

C.

Frequently monitor activities on privileged accounts.

D.

Provide privileged account access only to users who need it.

Full Access
Question # 239

Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

A.

Risk assessment results

B.

Audit findings

C.

Key risk indicators (KRIs)

D.

Baseline controls

Full Access
Question # 240

Which type of backup BEST enables an organization to recover data after a ransomware attack?

A.

Online backup

B.

Incremental backup

C.

Differential backup

D.

Offline backup

Full Access
Question # 241

Which of the following is the MOST important benefit of using a cloud access security broker when migrating to a cloud environment?

A.

Enhanced data governance

B.

Increased third-party assurance

C.

)Improved incident management

D.

Reduced total cost of ownership (TCO)

Full Access
Question # 242

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Full Access
Question # 243

The PRIMARY goal of the eradication phase in an incident response process is to:

A.

maintain a strict chain of custody.

B.

provide effective triage and containment of the incident.

C.

remove the threat and restore affected systems

D.

obtain forensic evidence from the affected system.

Full Access
Question # 244

Which of the following should be the FIRST step in developing an information security strategy?

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Full Access
Question # 245

Which of the following is MOST important for responding effectively to security breaches?

A.

Incident classification

B.

Chain of custody

C.

Communication plan

D.

Log monitoring

Full Access
Question # 246

Which of the following should be the FIRST step in developing an information security strategy?

A.

Perform a gap analysis based on the current state

B.

Create a roadmap to identify security baselines and controls.

C.

Identify key stakeholders to champion information security.

D.

Determine acceptable levels of information security risk.

Full Access
Question # 247

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

A.

Perform a patch update.

B.

Conduct a risk assessment.

C.

Perform a penetration test.

D.

Conduct an impact assessment.

Full Access
Question # 248

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

A.

Obtain consensus on the strategy from the executive board.

B.

Review alignment with business goals.

C.

Define organizational risk tolerance.

D.

Develop a project plan to implement the strategy.

Full Access
Question # 249

An organization has identified a weakness in the ability of its employees to identify and report cybersecurity incidents. Although training materials have been provided, employees show a lack of interest. Which of the following is the information security manager’s BEST course of action?

A.

Block network access until security awareness training is complete.

B.

Conduct an enterprise cybersecurity risk assessment.

C.

Obtain key stakeholder and leadership support.

D.

Send an email mandating training for the employees.

Full Access
Question # 250

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Full Access
Question # 251

Which of the following roles is BEST able to influence the security culture within an organization?

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Full Access
Question # 252

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Full Access
Question # 253

Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Full Access
Question # 254

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Full Access
Question # 255

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

A.

Data masking

B.

Data retention strategy

C.

Data encryption standards

D.

Data loss prevention (DLP)

Full Access
Question # 256

Which of the following should be the KEY consideration when creating an information security communication plan with industry peers?

A.

Balancing the benefits of information sharing with the drawbacks of sharing sensitive information

B.

Reducing the costs associated with information sharing by automating the process

C.

Ensuring information is detailed enough to be of use to other organizations

D.

Notifying the legal department whenever incident-related information is shared

Full Access
Question # 257

Which of the following BEST indicates that information security governance and corporate governance are integrated?

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Full Access
Question # 258

When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

A.

strong encryption

B.

regulatory compliance.

C.

data availability.

D.

security awareness training

Full Access
Question # 259

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Full Access
Question # 260

Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?

A.

Isolate affected systems to prevent the spread of damage

B.

Determine the final root cause of the incident

C.

Mitigate exploited vulnerabilities to prevent future incidents

D.

Remove all instances of the incident from the network

Full Access
Question # 261

Which of the following is the MOST important outcome of effective risk treatment?

A.

Elimination of risk

B.

Timely reporting of incidents

C.

Reduced cost of acquiring controls

D.

Implementation of corrective actions

Full Access
Question # 262

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

A.

Evaluate the results of business continuity testing.

B.

Review key performance indicators (KPIs).

C.

Evaluate the business impact of incidents.

D.

Engage business process owners.

Full Access
Question # 263

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Full Access
Question # 264

Which of the following provides the MOST effective response against ransomware attacks?

A.

Automatic quarantine of systems

B.

Thorough communication plans

C.

Effective backup plans and processes

D.

Strong password requirements

Full Access
Question # 265

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

A.

Frequent updates to the risk register

B.

Regularly scheduled security audits

C.

Frequent security architecture reviews

D.

Regularly scheduled risk assessments

Full Access
Question # 266

Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?

A.

The plan has summarized IT costs for implementation.

B.

The plan resolves all potential threats to business processes.

C.

The plan focuses on meeting industry best practices and industry standards.

D.

The plan is based on a review of threats and vulnerabilities.

Full Access
Question # 267

Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?

A.

The incident response plan is aligned with the disaster recovery strategy

B.

The incident response process is regularly tested

C.

Incident response processes are documented and available to staff

D.

The incident response plan clearly outlines roles and responsibilities

Full Access
Question # 268

An organization has identified a large volume of old data that appears to be unused. Which of the following should the information

security manager do NEXT?

A.

Consult the record retention policy.

B.

Update the awareness and training program.

C.

Implement media sanitization procedures.

D.

Consult the backup and recovery policy.

Full Access
Question # 269

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Full Access
Question # 270

What is the PRIMARY objective of implementing standard security configurations?

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Minimize the operational burden of managing and monitoring unsupported systems.

C.

Control vulnerabilities and reduce threats from changed configurations.

D.

Compare configurations between supported and unsupported systems.

Full Access
Question # 271

Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?

A.

Alignment with financial reporting

B.

Alignment with business initiatives

C.

Alignment with industry frameworks

D.

Alignment with risk appetite

Full Access
Question # 272

Which of the following is MOST likely to reduce the effectiveness of a SIEM system?

A.

Complex user interface

B.

Misconfiguration of alert thresholds

C.

Weakly encrypted log files

D.

Lack of multi-factor authentication (MFA) for system access

Full Access
Question # 273

Which of the following should include contact information for representatives of equipment and software vendors?

A.

Information security program charter

B.

Business impact analysis (BIA)

C.

Service level agreements (SLAs)

D.

Business continuity plan (BCP)

Full Access
Question # 274

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization ' s hosted payroll service provider?

A.

Suspend the data exchange with the provider

B.

Notify appropriate regulatory authorities of the breach.

C.

Initiate the business continuity plan (BCP)

D.

Validate the breach with the provider

Full Access
Question # 275

Which of the following is MOST important for the successful implementation of an incident response plan?

A.

Ensuring response staff are appropriately trained

B.

Developing metrics for incident response reporting

C.

Establishing an escalation process for the help desk

D.

Developing a RACI chart of response staff functions

Full Access
Question # 276

Which of the following would be MOST important to include in communications to customers impacted by an information security incident?

A.

Details of the type of data exposed

B.

Identities of the attackers

C.

Costs of the incident to the organization

D.

Technical information related to the incident

Full Access
Question # 277

Which of the following should be done FIRST once a cybersecurity attack has been confirmed?

A.

Isolate the affected system.

B.

Notify senior management.

C.

Power down the system.

D.

Contact legal authorities.

Full Access
Question # 278

An organization ' s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Full Access
Question # 279

Which of the following is the GREATEST threat posed by quantum computing technology for information security?

A.

Quantum computers can break several current encryption schemes protecting the confidentiality of data

B.

Quantum computers can allow for secure communication that benefits only the few who can afford it

C.

Quantum computers can compromise availability through extremely rapid processing of large data sets

D.

Quantum computers can simulate complex physical systems beyond traditional computing capabilities

Full Access
Question # 280

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Full Access
Question # 281

Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Full Access
Question # 282

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

A.

Access manager

B.

IT director

C.

System administrator

D.

Business owner

Full Access
Question # 283

Which of the following is a prerequisite for formulating a business continuity plan (BCP)?

A.

Recovery time objectives (RTOs) for the business processes

B.

Process maps for production applications

C.

System recovery procedures for alternate-site processing

D.

Comprehensive property inventory

Full Access
Question # 284

Which of the following is the MOST cost-effective method for assessing an organization’s incident response capabilities?

A.

Tabletop exercise

B.

Senior management interview

C.

Penetration testing

D.

Third-party assessment

Full Access
Question # 285

Which of the following is the BEST approach for governing noncompliance with security requirements?

A.

Base mandatory review and exception approvals on residual risk,

B.

Require users to acknowledge the acceptable use policy.

C.

Require the steering committee to review exception requests.

D.

Base mandatory review and exception approvals on inherent risk.

Full Access
Question # 286

Information security controls should be designed PRIMARILY based on:

A.

a business impact analysis (BIA).

B.

regulatory requirements.

C.

business risk scenarios,

D.

a vulnerability assessment.

Full Access
Question # 287

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Full Access
Question # 288

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party ' s service level agreement (SLA) does not include guarantees of uptime.

Full Access
Question # 289

Which of the following is the PRIMARY benefit of an information security awareness training program?

A.

Influencing human behavior

B.

Evaluating organizational security culture

C.

Defining risk accountability

D.

Enforcing security policy

Full Access
Question # 290

The MOST important element in achieving executive commitment to an information security governance program is:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Full Access
Question # 291

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Full Access
Question # 292

An organization has discovered that a server processing real-time visual data could be vulnerable to a lateral movement stage in a ransomware attack. Which of the following controls BEST mitigates this vulnerability?

A.

Network segmentation

B.

Data loss prevention (DLP)

C.

Encryption of data in transit

D.

Intrusion detection system (IDS)

Full Access
Question # 293

Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

A.

strategy.

B.

risk assessments.

C.

key performance indicators (KPIs).

D.

standards.

Full Access
Question # 294

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Full Access
Question # 295

Which of the following BEST contributes to establishing an information security culture within an organization?

A.

Conducting regular information security awareness initiatives

B.

Obtaining executive approval of information security policy

C.

Following industry best practices for information security

D.

Incorporating information security requirements in the software development life cycle

Full Access
Question # 296

Which of the following is the BEST strategy when determining an organization ' s approach to risk treatment?

A.

Implementing risk mitigation controls that are considered quick wins

B.

Prioritizing controls that directly mitigate the organization ' s most critical risks

C.

Advancing the maturity of existing controls based on risk tolerance

D.

Implementing a one-size-fits-all set of controls across all organizational units

Full Access
Question # 297

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider ' s data center. Which of the following should the CISO do FIRST?

A.

Recommend canceling the outsourcing contract.

B.

Request an independent review of the provider ' s data center.

C.

Notify affected customers of the data breach.

D.

Determine the extent of the impact to the organization.

Full Access
Question # 298

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Full Access
Question # 299

Which of the following is the BEST approach for addressing noncompliance with security standards?

A.

Develop new security standards.

B.

Maintain a security exceptions process.

C.

Discontinue affected activities until security requirements can be met.

D.

Apply additional logging and monitoring to affected assets.

Full Access
Question # 300

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

A.

Control matrix

B.

Business impact analysis (BIA)

C.

Risk register

D.

Information security policy

Full Access
Question # 301

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

A.

Determine which country ' s information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Full Access
Question # 302

Which of the following is MOST important to ensure incident management readiness?

A.

The plan is compliant with industry standards.

B.

The plan is regularly tested.

C.

The plan is updated annually.

D.

The plan is concise and includes a checklist.

Full Access
Question # 303

Which of the following should be the PRIMARY objective of an information security governance framework?

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization ' s information security policies.

Full Access
Question # 304

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

A.

Place the web server in quarantine.

B.

Rebuild the server from the last verified backup.

C.

Shut down the server in an organized manner.

D.

Rebuild the server with relevant patches from the original media.

Full Access
Question # 305

An organization ' s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

A.

Store disaster recovery documentation in a public cloud.

B.

Maintain an outsourced contact center in another country.

C.

Require disaster recovery documentation be stored with all key decision makers.

D.

Provide annual disaster recovery training to appropriate staff.

Full Access
Question # 306

Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?

A.

Perform malware scanning

B.

Reimage the systems

C.

Block access to the impacted systems

D.

Perform a vulnerability assessment

Full Access
Question # 307

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

A.

Current resourcing levels

B.

Availability of potential resources

C.

Information security strategy

D.

Information security incidents

Full Access
Question # 308

Which of the following BEST protects against emerging advanced persistent threat (APT) actors?

A.

Honeypot environment

B.

Updated security awareness materials

C.

Ongoing incident response training

D.

Proactive monitoring

Full Access
Question # 309

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Full Access
Question # 310

Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?

A.

Streamlining of event triage and implementation of incident response procedures

B.

Allocation of budget for technical security controls and enhancements to security culture

C.

Assurance of compliance with industry-specific regulations and improvement to business processes

D.

Identification of critical business functions and prioritization of recovery efforts

Full Access
Question # 311

Which of the following BEST enables an organization to transform its culture to support information security?

A.

Periodic compliance audits

B.

Strong management support

C.

Robust technical security controls

D.

Incentives for security incident reporting

Full Access
Question # 312

Which of the following presents the GREATEST challenge when assessing the impact of emerging risk?

A.

Complexity of the emerging risk

B.

Insufficient data related to the emerging risk

C.

Outdated risk management strategy

D.

Lack of resources to perform risk assessments

Full Access
Question # 313

After a server has been attacked, which of the following is the BEST course of action?

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Full Access
Question # 314

A new type of ransomware has infected an organization ' s network. Which of the following would have BEST enabled the organization to detect this situation?

A.

Regular review of the threat landscape

B.

Periodic information security training for end users

C.

Use of integrated patch deployment tools

D.

Monitoring of anomalies in system behavior

Full Access
Question # 315

Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?

A.

Conduct a business impact analysis (BIA).

B.

Conduct periodic awareness training.

C.

Perform a security gap analysis.

D.

Perform network penetration testing.

Full Access
Question # 316

Which of the following is the MOST essential element of an information security program?

A.

Benchmarking the program with global standards for relevance

B.

Prioritizing program deliverables based on available resources

C.

Involving functional managers in program development

D.

Applying project management practices used by the business

Full Access
Question # 317

A security incident has been reported within an organization When should an information security manager contact the information owner?

A.

After the incident has been mitigated

B.

After the incident has been confirmed.

C.

After the potential incident has been togged

D.

After the incident has been contained

Full Access
Question # 318

Regular vulnerability scanning on an organization ' s internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Full Access
Question # 319

Which of the following should be done FIRST to prioritize response to incidents?

A.

Containment

B.

Escalation

C.

Analysis

D.

Triage

Full Access
Question # 320

Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?

A.

Record and close security incident tickets.

B.

Test and verify that compromisedsystems are clean.

C.

Document recovery steps for senior management reporting.

D.

Capture and preserve forensic images of affected systems.

Full Access
Question # 321

Which of the following is the BEST indication of effective information security governance?

A.

Information security is considered the responsibility of the entire information security team.

B.

Information security controls are assigned to risk owners.

C.

Information security is integrated into corporate governance.

D.

Information security governance is based on an external security framework.

Full Access
Question # 322

Which of the following would BEST mitigate accidental data loss events?

A.

Conduct periodic user awareness training.

B.

Obtain senior management support for the information security strategy.

C.

Conduct a data loss prevention (DLP) audit.

D.

Enforce a data hard drive encryption policy.

Full Access
Question # 323

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

A.

Forensics certification

B.

Disaster recovery drills

C.

Tabletop exercises

D.

Penetration tests

Full Access
Question # 324

An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager’s FIRST course of action?

A.

Develop customized security training for employees at the new office

B.

Encrypt the data for transfer to the head office based on security manager approval

C.

Update privacy policies to include the other country’s laws and regulations

D.

Identify applicable regulatory requirements to establish security policies

Full Access
Question # 325

Which of the following should be the PRIMARY objective of the information security incident response process?

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Full Access
Question # 326

Which of the following presents the GREATEST challenge to a security operations center ' s wna GY of potential security breaches?

A.

IT system clocks are not synchronized with the centralized logging server.

B.

Operating systems are no longer supported by the vendor.

C.

The patch management system does not deploy patches in a timely manner.

D.

An organization has a decentralized data center that uses cloud services.

Full Access
Question # 327

Which of the following is the BEST indication ofa successful information security culture?

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Full Access
Question # 328

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

A.

Review current recovery policies.

B.

Define the organizational strategy.

C.

Prioritize the critical processes.

D.

Review existing cyber insurance coverage.

Full Access
Question # 329

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Full Access
Question # 330

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Full Access
Question # 331

Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?

A.

Vulnerability scan

B.

Control self-assessment (CSA)

C.

Gap analysis

D.

Risk assessment

Full Access
Question # 332

Which of the following should be the PRIMARY basis for an information security strategy?

A.

The organization ' s vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Full Access
Question # 333

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

A.

enhance the organization ' s antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization ' s detective controls.

D.

reduce the need for a security awareness program.

Full Access
Question # 334

To help ensure that an information security training program is MOST effective, its contents should be:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Full Access
Question # 335

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

A.

A data forensics program

B.

A configuration management program

C.

A layered security program

D.

An incident response program

Full Access
Question # 336

Which of the following is the MOST important consideration when defining control objectives?

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Full Access
Question # 337

The MOST important reason for having an information security manager serve on the change management committee is to:

A.

identify changes to the information security policy.

B.

ensure that changes are tested.

C.

ensure changes are properly documented.

D.

advise on change-related risk.

Full Access
Question # 338

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

A.

review access rights as the acquisition integration occurs.

B.

perform a risk assessment of the access rights.

C.

escalate concerns for conflicting access rights to management.

D.

implement consistent access control standards.

Full Access
Question # 339

Which of the following has the GREATEST impact on the effectiveness of an organization’s security posture?

A.

Incident metrics are frequently compared against industry benchmarks

B.

New hires are mandated to attend security training

C.

Security is embedded in organizational culture

D.

Senior management has approved and endorsed security practices

Full Access
Question # 340

Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?

A.

Benchmarking against industry peers

B.

Adoption of an industry recognized framework

C.

Approval from senior management

D.

Identification of business-specific risk factors

Full Access