Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?
Senior management wants to thoroughly test a disaster recovery plan (DRP) for a mission-critical system. Which of the following would provide the MOST reliable results?
Which of the following is the PRIMARY reason for granting a security exception?
The PRIMARY purpose of implementing information security governance metrics is to:
Which of the following is MOST important to consider when defining control objectives?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
Which of the following is the MOST effective way to detect information security incidents?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Which of the following should be the MOST important consideration when establishing information security policies for an organization?
Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?
An organization plans to implement a new e-commerce operation in a highly regulated market. Which of the following is MOST important to consider when updating the risk management strategy?
Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?
Which of the following BEST facilitates the development of a comprehensive information security policy?
Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?
When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:
What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?
An organization has purchased an Internet sales company to extend the sales department. The information security manager ' s FIRST step to ensure the security policy framework encompasses the new business model is to:
A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:
Which of the following is MOST relevant for an information security manager to communicate to the board of directors?
Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?
When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?
Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:
The MOST important reason for an organization to establish a social media policy is to:
An information security manager is updating the organization ' s incident response plan. Which of the following is the BEST way to validate that the process and procedures provided by IT and business units are complete, accurate, and known by all responsible teams?
Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?
The effectiveness of an information security governance framework will BEST be enhanced if:
An information security manager has confirmed the organization ' s cloud provider has unintentionally published some of the organization ' s business data. Which of the following should be done NEXT?
Which of the following sources is MOST useful when planning a business-aligned information security program?
A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:
Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?
The executive management of a domestic organization has announced plans to expand operations to multiple international locations. Which of the following should be the information security manager ' s FIRST step upon learning of these plans?
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?
Which of the following backup methods requires the MOST time to restore data for an application?
Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?
A backdoor has been identified that enabled a cyberattack on an organization’s systems. Integrating which of the following into the software development life cycle would BEST enable the organization to mitigate similar attacks in the future?
An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?
Which of the following is a desired outcome of information security governance?
An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?
Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?
Which of the following is MOST important to include in monthly information security reports to the board?
Which of the following BEST enables the integration of information security governance into corporate governance?
During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?
A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?
During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?
Which of the following is the BEST way to obtain support for a new organization-wide information security program?
Which of the following is the MOST important objective when planning an incident response program?
In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?
A new information security reporting requirement will soon become effective. Which of the following should be the information security manager ' s FIRST action?
Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?
After a ransomware incident an organization ' s systems were restored. Which of the following should be of MOST concern to the information security manager?
Which of the following is the GREATEST benefit of classifying information security incidents?
Prior to implementing a bring your own device (BYOD) program, it is MOST important to:
An organization ' s HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?
An organization has recently purchased cybersecurity insurance after the board voiced concern about the potential for a security breach. With this response to the perceived risk, the organization:
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The BEST way to integrate information security governance with corporate governance is to ensure:
Which of the following provides the BEST input to determine the level of protection needed for an IT system?
What is the role of the information security manager in finalizing contract negotiations with service providers?
Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?
When establishing an information security governance framework, it is MOST important for an information security manager to understand:
To optimize the implementation of information security governance in an organization, an information security manager should:
Which of the following would be MOST helpful to identify worst-case disruption scenarios?
Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?
An organization that has recently suffered a cyberattack is considering engaging law enforcement. Which of the following is the MOST important course of action for the incident response team?
Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
It is MOST important that risk owners understand they are accountable for:
Which of the following defines the triggers within a business continuity plan (BCP)? @
An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?
Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?
Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?
An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:
Which of the following is the MOST important factor in successfully implementing Zero Trust?
Which of the following is the GREATEST benefit resulting from the introduction of data security standards for payment cards?
An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?
The contribution of recovery point objective (RPO) to disaster recovery is to:
An organization ' s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
The use of a business case to obtain funding for an information security investment is MOST effective when the business case:
Which of the following should be the MOST important consideration when reviewing an information security strategy?
Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?
What should an information security manager verify FIRST when reviewing an information asset management program?
Which of the following should be the FIRST consideration when developing a strategy for protecting an organization ' s data?
Who is accountable for approving an information security governance framework?
Which of the following is the FIRST step to establishing an effective information security program?
Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?
An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?
A common drawback of email software packages that provide native encryption of messages is that the encryption:
Which of the following is MOST important to include in an information security status report to senior management?
For which of the following is it MOST important that system administrators be restricted to read-only access?
The MOST appropriate time to conduct a disaster recovery test would be after:
Which of the following is the MOST important consideration when determining which type of failover site to employ?
Which of the following is the BEST indication of information security strategy alignment with the “ &
To ensure that a new application complies with information security policy, the BEST approach is to:
Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?
During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?
Which of the following BEST determines the data retention strategy and subsequent policy for an organization?
Which of the following provides the BEST indication of the return on information security investment?
Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?
Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
Which of the following BEST enables staff acceptance of information security policies?
Which of the following provides an information security manager with the MOST useful information on new threats and emerging risks that could impact business objectives?
Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?
Which of the following events would MOST likely require a revision to the information security program?
Which of the following BEST enables an organization to maintain legally admissible evidence7
Which of the following is MOST important to consider when determining asset valuation?
Which of the following business units should own the data that populates an identity management system?
An information security team is investigating an alleged breach of an organization ' s network. Which of the following would be the BEST single source of evidence to review?
Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
Which of the following is MOST helpful in determining an organization ' s current capacity to mitigate risks?
Which of the following is MOST important to the successful implementation of an information security program?
Which of the following is the MOST beneficial outcome of testing an incident response plan?
Which of the following should be the PRIMARY outcome of an information security program?
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?
Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?
Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
Which of the following is the PRIMARY purpose of implementing information security standards?
Which of the following provides an information security manager with the MOST accurate indication of the organization ' s ability to respond to a cyber attack?
Which of the following is MOST helpful to identify whether information security policies have been followed?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following is established during the preparation phase of an incident response plan?
Which of the following is the PRIMARY reason to assign a risk owner in an organization?
Which of the following would BEST help to ensure appropriate security controls are built into software?
An organization recently activated its business continuity plan (BCP). Employees were notified during the event, but some did not fully follow the communications plan. What is the BEST way to prevent a recurrence?
Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:
Which of the following is the BEST way to help ensure an organization ' s risk appetite will be considered as part of the risk treatment process?
Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
Which of the following principles BEST addresses the protection of data from unauthorized modification?
Which of the following has the GREATEST influence on the successful integration of information security within the business?
An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software security?
An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
An information security program is BEST positioned for success when it is closely aligned with:
Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?
Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization ' s information security strategy?
When developing a categorization method for security incidents, the categories MUST:
Which of the following is the MOST important consideration when evaluating the performance of existing security controls?
Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?
A new regulatory requirement affecting an organization ' s information security program is released. Which of the following should be the information security manager ' s FIRST course of action?
Which of the following should be the PRIMARY goal of information security?
Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?
During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
Which of the following is MOST difficult to measure following an information security breach?
Which of the following MUST be established to maintain an effective information security governance framework?
Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?
Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?
What should be the PRIMARY objective of an information classification scheme?
What is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?
What is the MOST important consideration for an organization operating in a highly regulated market when new regulatory requirements with high impact to the business need to be implemented?
Which of the following is the BEST control to protect customer personal information that is stored in the cloud?
When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?
When properly implemented, secure transmission protocols protect transactions:
Which of the following is the PRIMARY impact of organizational culture on the effectiveness of an information security program?
Which of the following is the BEST method to ensure compliance with password standards?
Which of the following is MOST important when designing security controls for new cloud-based services?
Which of the following would BEST guide the development and maintenance of an information security program?
Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
Which of the following is MOST important when defining how an information security budget should be allocated?
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
An organization has determined that fixing a security vulnerability in a critical application is too costly to be feasible, but the impact is material to the business. Which of the following is the MOST appropriate risk treatment?
Which of the following is the GREATEST concern with implementing all controls recommended by a security framework?
Which of the following is the MOST important consideration for an incident response team seeking to limit the impact of incidents?
Which of the following BEST encourages staff to report issues related to information security?
Which of the following documents should contain the INITIAL prioritization of recovery of services?
Which of the following is the BEST source of information to support an organization ' s information security vision and strategy?
An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?
Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?
Which of the following should be done NEXT following senior management ' s decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?
Which of the following would BEST address the risk of a system failing to detect a breach?
An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?
Which of the following is the MOST effective way to ensure information security policies are understood?
Which of the following MOST directly influences the efficiency of incident response immediately after an incident has been detected?
Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?
Which of the following will BEST facilitate integrating the information security program into corporate governance?
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?
An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Which of the following is the BEST way to present the status of an information security program to senior management?
For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?
Which of the following BEST helps to enable the desired information security culture within an organization?
When developing security processes for handling credit card data on the business unit ' s information system, the information security manager should FIRST:
Which of the following is the MOST important consideration when attempting to create a security-focused culture?
Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?
Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Which of the following is the MOST important factor of a successful information security program?
Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?
The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:
Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
A business impact analysis (BIA) BEST enables an organization to establish:
How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager ' s FIRST course of action should be to:
Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?
The PRIMARY objective of a post-incident review of an information security incident is to:
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
Which of the following roles has the PRIMARY responsibility to ensure the operating effectiveness of IT controls?
Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?
Which of the following is the BEST indication of an effective information security awareness training program?
Which of the following is MOST important to emphasize when presenting information to gain senior management support for control enhancements?
Which of the following is the MOST effective control to prevent proliferation of shadow IT?
Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?
Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager ' s BEST course of action when developing security standards for mobile access to the organization ' s network?
Which of the following is the MOST common cause of cybersecurity breaches?
Which of the following is the MOST critical activity for an information security manager to perform periodically throughout the term of a contract with an outsourced third party?
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:
Which of the following would BEST support the business case for an increase in the information security budget?
An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?
An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?
Which of the following is MOST important to the ongoing success of an information security program?
Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?
Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?
Which type of backup BEST enables an organization to recover data after a ransomware attack?
Which of the following is the MOST important benefit of using a cloud access security broker when migrating to a cloud environment?
Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
The PRIMARY goal of the eradication phase in an incident response process is to:
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following is MOST important for responding effectively to security breaches?
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?
Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?
An organization has identified a weakness in the ability of its employees to identify and report cybersecurity incidents. Although training materials have been provided, employees show a lack of interest. Which of the following is the information security manager’s BEST course of action?
When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:
Which of the following roles is BEST able to influence the security culture within an organization?
Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?
Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?
Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
Which of the following should be the KEY consideration when creating an information security communication plan with industry peers?
Which of the following BEST indicates that information security governance and corporate governance are integrated?
When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:
A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?
Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?
Which of the following is the MOST important outcome of effective risk treatment?
Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?
Security administration efforts will be greatly reduced following the deployment of which of the following techniques?
Which of the following provides the MOST effective response against ransomware attacks?
Which of the following is the BEST method for determining whether new risks exist in legacy systems?
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?
An organization has identified a large volume of old data that appears to be unused. Which of the following should the information
security manager do NEXT?
Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
What is the PRIMARY objective of implementing standard security configurations?
Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?
Which of the following is MOST likely to reduce the effectiveness of a SIEM system?
Which of the following should include contact information for representatives of equipment and software vendors?
Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization ' s hosted payroll service provider?
Which of the following is MOST important for the successful implementation of an incident response plan?
Which of the following would be MOST important to include in communications to customers impacted by an information security incident?
Which of the following should be done FIRST once a cybersecurity attack has been confirmed?
An organization ' s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?
Which of the following is the GREATEST threat posed by quantum computing technology for information security?
Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is a prerequisite for formulating a business continuity plan (BCP)?
Which of the following is the MOST cost-effective method for assessing an organization’s incident response capabilities?
Which of the following is the BEST approach for governing noncompliance with security requirements?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
Which of the following is the PRIMARY benefit of an information security awareness training program?
The MOST important element in achieving executive commitment to an information security governance program is:
An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
An organization has discovered that a server processing real-time visual data could be vulnerable to a lateral movement stage in a ransomware attack. Which of the following controls BEST mitigates this vulnerability?
Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
Which of the following BEST contributes to establishing an information security culture within an organization?
Which of the following is the BEST strategy when determining an organization ' s approach to risk treatment?
ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider ' s data center. Which of the following should the CISO do FIRST?
Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
Which of the following is the BEST approach for addressing noncompliance with security standards?
Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?
An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?
Which of the following is MOST important to ensure incident management readiness?
Which of the following should be the PRIMARY objective of an information security governance framework?
Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?
An organization ' s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
Which of the following BEST protects against emerging advanced persistent threat (APT) actors?
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?
Which of the following BEST enables an organization to transform its culture to support information security?
Which of the following presents the GREATEST challenge when assessing the impact of emerging risk?
After a server has been attacked, which of the following is the BEST course of action?
A new type of ransomware has infected an organization ' s network. Which of the following would have BEST enabled the organization to detect this situation?
Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?
Which of the following is the MOST essential element of an information security program?
A security incident has been reported within an organization When should an information security manager contact the information owner?
Regular vulnerability scanning on an organization ' s internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?
Which of the following should be done FIRST to prioritize response to incidents?
Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?
Which of the following is the BEST indication of effective information security governance?
Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager’s FIRST course of action?
Which of the following should be the PRIMARY objective of the information security incident response process?
Which of the following presents the GREATEST challenge to a security operations center ' s wna GY of potential security breaches?
Which of the following is the BEST indication ofa successful information security culture?
Which of the following should be done FIRST when developing a business continuity plan (BCP)?
Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?
Which of the following should be the PRIMARY basis for an information security strategy?
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
To help ensure that an information security training program is MOST effective, its contents should be:
Which of the following should be implemented to BEST reduce the likelihood of a security breach?
Which of the following is the MOST important consideration when defining control objectives?
The MOST important reason for having an information security manager serve on the change management committee is to:
Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:
Which of the following has the GREATEST impact on the effectiveness of an organization’s security posture?
Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?