Weekend Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CISM Questions and Answers

Question # 6

An organization has suffered from a large-scale security event impacting a critical system. Following the decision to restore the system at an alternate location, which plan should be invoked?

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Communications plan

Full Access
Question # 7

Which of the following is MOST important when developing an AI security awareness program?

A.

Creating an interactive training environment

B.

Aligning the training to user roles

C.

Defining the level of user interaction with AI

D.

Assessing the maturity of the organization

Full Access
Question # 8

Which of the following is the PRIMARY reason to assign a risk owner in an organization?

A.

To remediate residual risk

B.

To define responsibilities

C.

To ensure accountability

D.

To identify emerging risk

Full Access
Question # 9

Which type of test is MOST effective in communicating the roles of end users to support timely identification and response to information security incidents?

A.

Parallel

B.

Complete failover

C.

Checklist

D.

Walkthrough

Full Access
Question # 10

Which of the following is the BEST approach for data owners to use when defining access privileges for users?

Define access privileges based on user roles.

Adopt user account settings recommended by the vendor.

Perform a risk assessment of the users ' access privileges.

A.

Implement an identity and access management (IDM) tool.

Full Access
Question # 11

Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?

A.

Threat analytics software

B.

Host intrusion detection system

C.

SIEM

D.

Network intrusion detection system

Full Access
Question # 12

Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization ' s business continuity plan (BCP) has not been reviewed or updated in more than a year?

A.

An outdated BCP may result in less efficient recovery if an actual incident occurs.

B.

The organization may suffer reputational damage for not following industry best practices.

C.

The audit finding may impact the overall risk rating of the organization.

D.

The lack of updates to the BCP may result in noncompliance with internal policies.

Full Access
Question # 13

Which of the following would be MOST helpful to identify worst-case disruption scenarios?

A.

Business impact analysis (BIA)

B.

Business process analysis

C.

SWOT analysis

D.

Cast-benefit analysis

Full Access
Question # 14

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Full Access
Question # 15

An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?

A.

Using secure communication channels

B.

Establishing mutual non-disclosure agreements (NDAs)

C.

Requiring third-party privacy policies

D.

Obtaining industry references

Full Access
Question # 16

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Full Access
Question # 17

Which of the following BEST enables users to recover from ransomware or malware attacks?

A.

Incident response plans

B.

Frequent system backups

C.

Regular antivirus updates

D.

End-user awareness training

Full Access
Question # 18

When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager?

A.

Managing the impact

B.

Identifying unacceptable risk levels

C.

Assessing vulnerabilities

D.

Evaluating potential threats

Full Access
Question # 19

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Full Access
Question # 20

Which of the following is MOST important when defining how an information security budget should be allocated?

A.

Regulatory compliance standards

B.

Information security strategy

C.

Information security policy

D.

Business impact assessment

Full Access
Question # 21

Which of the following should be the PRIMARY objective of an information security governance framework?

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization ' s information security policies.

Full Access
Question # 22

Which of the following is the MOST important outcome of effective risk treatment?

A.

Elimination of risk

B.

Timely reporting of incidents

C.

Reduced cost of acquiring controls

D.

Implementation of corrective actions

Full Access
Question # 23

Which type of control is an incident response team?

A.

Preventive

B.

Detective

C.

Corrective

D.

Directive

Full Access
Question # 24

Which of the following is ESSENTIAL to ensuring effective incident response?

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Full Access
Question # 25

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

A.

Communicate disciplinary processes for policy violations.

B.

Require staff to participate in information security awareness training.

C.

Require staff to sign confidentiality agreements.

D.

Include information security responsibilities in job descriptions.

Full Access
Question # 26

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

A.

Inadequate incident response controls

B.

Lack of legal review

C.

Inadequate change control

D.

Lack of quality control

Full Access
Question # 27

Which of the following is MOST important to have in place when conducting a security control assessment of a system?

A.

Control specifications

B.

Assurance test plan

C.

Scanning tools

D.

Security documentation

Full Access
Question # 28

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Full Access
Question # 29

Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

A.

To enforce security policy requirements

B.

To maintain business asset inventories

C.

To ensure audit and compliance requirements are met

D.

To ensure the availability of business operations

Full Access
Question # 30

Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?

A.

To validate the incident

B.

To review network configurations

C.

To validate the payload signature

D.

To devise the incident response strategy

Full Access
Question # 31

A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

A.

Perform a backup of the hard drive using backup utilities.

B.

Perform a bit-by-bit backup of the hard disk using a write-blocking device

C.

Perform a backup of the computer using the network

D.

Reboot the system using third-party forensic software in the CD-ROM drive

Full Access
Question # 32

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:

A.

signature analysis.

B.

behavior analysis.

C.

penetration testing.

D.

data packet analysis.

Full Access
Question # 33

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

A.

Performing penetration tests against the network to demonstrate business vulnerability

B.

Highlighting competitor performance regarding network best security practices

C.

Demonstrating that targeted security controls tie to business objectives

D.

Presenting comparable security implementation estimates from several vendors

Full Access
Question # 34

To support effective risk decision making, which of the following is MOST important to have in place?

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Full Access
Question # 35

Which of the following is the MOST beneficial outcome of testing an incident response plan?

A.

The response includes escalation to senior management

B.

Incident response time is improved

C.

The plan is enhanced to reflect the findings of the test

D.

Test plan results are documented

Full Access
Question # 36

Which of the following is the FIRST step to establishing an effective information security program?

A.

Conduct a compliance review.

B.

Assign accountability.

C.

Perform a business impact analysis (BIA).

D.

Create a business case.

Full Access
Question # 37

Which of the following is the MOST critical factor for information security program success?

A.

comprehensive risk assessment program for information security

B.

The information security manager ' s knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Full Access
Question # 38

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

A.

Training project managers on risk assessment

B.

Having the information security manager participate on the project steering committees

C.

Applying global security standards to the IT projects

D.

Integrating the risk assessment into the internal audit program

Full Access
Question # 39

Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?

A.

Standards

B.

Procedures

C.

Regulations

D.

Baselines

Full Access
Question # 40

Which of the following has the MOST influence on the information security investment process?

A.

IT governance framework

B.

Information security policy

C.

Organizational risk appetite

D.

Security key performance indicators (KPIs)

Full Access
Question # 41

Network sniffing is difficult to detect because it can be performed:

A.

Passively.

B.

Continuously.

C.

Actively.

D.

Remotely.

Full Access
Question # 42

After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?

A.

To ensure access rights meet classification requirements

B.

To facilitate the analysis of application logs

C.

To ensure web application availability

D.

To support strong two-factor authentication protocols

Full Access
Question # 43

Which of the following is the BEST way to obtain organization-wide support for an information security program?

A.

Mandate regular security awareness training.

B.

Develop security performance metrics.

C.

Position security as a business enabler.

D.

Prioritize security initiatives based on IT strategy.

Full Access
Question # 44

A new regulatory requirement affecting an organization ' s information security program is released. Which of the following should be the information security manager ' s FIRST course of action?

A.

Perform a gap analysis.

B.

Conduct benchmarking.

C.

Notify the legal department.

D.

Determine the disruption to the business.

Full Access
Question # 45

Which of the following control types should be considered FIRST for aligning employee behavior with an organization ' s information security objectives?

A.

Administrative security controls

B.

Technical security controls

C.

Physical security controls

D.

Access security controls

Full Access
Question # 46

Conducting log analysis falls into which phase of the incident management life cycle?

A.

Post-incident

B.

Containment

C.

Detection

D.

Planning

Full Access
Question # 47

Which of the following is the MOST important detail to capture in an organization ' s risk register?

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Full Access
Question # 48

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

A.

Security metrics

B.

Security baselines

C.

Security incident details

D.

Security risk exposure

Full Access
Question # 49

Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?

A.

Isolate affected systems to prevent the spread of damage

B.

Determine the final root cause of the incident

C.

Mitigate exploited vulnerabilities to prevent future incidents

D.

Remove all instances of the incident from the network

Full Access
Question # 50

Which of the following would provide the MOST effective security outcome in an organizations contract management process?

A.

Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage

B.

Ensuring security requirements are defined at the request-for-proposal (RFP) stage

C.

Extending security assessment to cover asset disposal on contract termination

D.

Extending security assessment to include random penetration testing

Full Access
Question # 51

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

A.

Implement a SIEM solution.

B.

Perform a threat analysis.

C.

Establish performance metrics for the team.

D.

Perform a post-incident review.

Full Access
Question # 52

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Full Access
Question # 53

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

A.

While responding to the incident

B.

During a tabletop exercise

C.

During post-incident review

D.

After a risk reassessment

Full Access
Question # 54

Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

A.

strategy.

B.

risk assessments.

C.

key performance indicators (KPIs).

D.

standards.

Full Access
Question # 55

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Full Access
Question # 56

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

A.

Frequent updates to the risk register

B.

Regularly scheduled security audits

C.

Frequent security architecture reviews

D.

Regularly scheduled risk assessments

Full Access
Question # 57

To improve the efficiency of the development of a new software application, security requirements should be defined:

A.

based on code review.

B.

based on available security assessment tools.

C.

after functional requirements.

D.

concurrently with other requirements.

Full Access
Question # 58

When remote access is granted to a company ' s internal network, the MOST important consideration should be that access is provided:

A.

on a need-to-know basis subject to controls.

B.

subject to legal and regulatory requirements.

C.

by the use of a remote access server.

D.

if a robust IT infrastructure exists.

Full Access
Question # 59

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

A.

Forensics certification

B.

Disaster recovery drills

C.

Tabletop exercises

D.

Penetration tests

Full Access
Question # 60

Which of the following tools would be MOST helpful to an incident response team?

A.

Intrusion detection system (IDS)

B.

Endpoint detection and response (EDR) solution

C.

User and entity behavior analytics

D.

Vulnerability scanning tools

Full Access
Question # 61

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party ' s service level agreement (SLA) does not include guarantees of uptime.

Full Access
Question # 62

An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?

A.

Perform a gap analysis.

B.

Consult with senior management on the best course of action.

C.

Implement a program of work to comply with the new legislation.

D.

Understand the cost of noncompliance.

Full Access
Question # 63

Of the following, who is BEST suited to own the risk discovered in an application?

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Full Access
Question # 64

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Full Access
Question # 65

Which of the following is the BEST way to prevent insider threats?

A.

Enforce separation of duties and least privilege access.

B.

Conduct organization-wide security awareness training.

C.

Implement logging for all access activities.

D.

Implement strict security policies and password controls.

Full Access
Question # 66

After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?

A.

Notify affected stakeholders

B.

Conduct a vulnerability analysis

C.

Perform a root cause analysis

D.

Remove the threat

Full Access
Question # 67

Which of the following is the PRIMARY purpose of implementing information security standards?

A.

To provide management direction with a specific security objective

B.

To provide a basis for developing information security policies

C.

To provide step-by-step instructions for performing security-related tasks

D.

To establish a minimum acceptable security baseline

Full Access
Question # 68

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

A.

Projected Increase in maturity level

B.

Estimated reduction in risk

C.

Projected costs over time

D.

Estimated increase in efficiency

Full Access
Question # 69

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

A.

Data owner

B.

Business owner

C.

Information security manager

D.

Compliance manager

Full Access
Question # 70

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

A.

Regulatory requirements

B.

Compliance acceptance

C.

Management support

D.

Budgetary approval

Full Access
Question # 71

To optimize the implementation of information security governance in an organization, an information security manager should:

A.

Make gradual changes to governance to minimize employee resistance

B.

Ensure change control processes are in place

C.

Utilize existing governance structures when possible

D.

Implement processes consistent with international standards

Full Access
Question # 72

An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?

A.

Enforce sanctions on the business unit.

B.

Revise the policy to accommodate the business unit.

C.

Report the business unit for policy noncompliance.

D.

Review the business unit’s function against the policy.

Full Access
Question # 73

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

A.

To facilitate a qualitative risk assessment following the BIA

B.

To increase awareness of information security among key stakeholders

C.

To ensure the stakeholders providing input own the related risk

D.

To obtain input from as many relevant stakeholders as possible

Full Access
Question # 74

When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?

A.

Gap analysis

B.

Project plans

C.

Vulnerability assessment

D.

Business impact analysis (BIA)

Full Access
Question # 75

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

A.

Formalizing a security strategy and program

B.

Developing an awareness program for staff

C.

Ensuring current documentation of security processes

D.

Establishing processes within the security operations team

Full Access
Question # 76

An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?

A.

Review of the audit logs

B.

Ownership of the data

C.

Employee ' s job role

D.

Valid use case

Full Access
Question # 77

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Full Access
Question # 78

The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of

GREATEST concern?

A.

Varying threat environments

B.

Disparate reporting lines

C.

Conflicting legal requirements

D.

Differences in work culture

Full Access
Question # 79

The MOST important information for influencing management’s support of information security is:

A.

an demonstration of alignment with the business strategy.

B.

An identification of the overall threat landscape.

C.

A report of a successful attack on a competitor.

D.

An identification of organizational risks.

Full Access
Question # 80

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

A.

Existence of a right-to-audit clause

B.

Results of the provider ' s business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider ' s incident response plan

Full Access
Question # 81

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Full Access
Question # 82

Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

A.

Demonstrating the program ' s value to the organization

B.

Discussing governance programs found in similar organizations

C.

Providing the results of external audits

D.

Providing examples of information security incidents within the organization

Full Access
Question # 83

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization ' s risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Full Access
Question # 84

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

A.

Implement compensating controls.

B.

Analyze the identified risk.

C.

Prepare a risk mitigation plan.

D.

Add the risk to the risk register.

Full Access
Question # 85

Which of the following is the MOST important consideration when attempting to create a security-focused culture?

A.

Current security strategy benchmarks against peer organizations

B.

The regional rules and legislation regarding information security

C.

The current security awareness level of the employees

D.

The organization’s existing security policies, procedures, and frameworks

Full Access
Question # 86

Which of the following security initiatives should be the FIRST step in helping an organization maintain compliance with privacy regulations?

A.

Developing security awareness training

B.

Implementing security information and event management (SIEM)

C.

Implementing a data classification framework

D.

Installing a data loss prevention (DLP) solution

Full Access
Question # 87

Which of the following should an information security manager do FIRST when creating an organization ' s disaster recovery plan (DRP)?

A.

Conduct a business impact analysis (BIA)

B.

Identify the response and recovery learns.

C.

Review the communications plan.

D.

Develop response and recovery strategies.

Full Access
Question # 88

An information security policy was amended recently to support an organization ' s new information security strategy. Which of the following should be the information security manager ' s NEXT step?

A.

Evaluate the alignment with business strategy.

B.

Review technical controls.

C.

Update standards and procedures.

D.

Refresh the security training program.

Full Access
Question # 89

Which of the following is the BEST indication of a mature information security program?

A.

Security incidents are managed properly.

B.

Security spending is below budget.

C.

Security resources are optimized.

D.

Security audit findings are reduced.

Full Access
Question # 90

Which of the following is a PRIMARY reason for senior management to review reports on information security?

A.

To assess the effectiveness of the security program

B.

To ensure adequate security resources are available

C.

To confirm security audits are regularly performed

D.

To ensure security risk is managed cost-effectively

Full Access
Question # 91

Which of the following is the BEST indicator of an organization ' s information security status?

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Full Access
Question # 92

When defining a security baseline, it is MOST important that the baseline:

A.

can vary depending on the security classification of systems.

B.

is uniform for all assets of the same type.

C.

is developed based on stakeholder consensus.

D.

aligns to key risk indicators (KRIs).

Full Access
Question # 93

Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

A.

Indemnification clause

B.

Breach detection and notification

C.

Compliance status reporting

D.

Physical access to service provider premises

Full Access
Question # 94

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Full Access
Question # 95

Which of the following should be done FIRST to determine the impact of a new regulatory requirement for cloud services?

A.

Perform a risk assessment

B.

Review the information asset inventory

C.

Determine the applicability

D.

Conduct a gap analysis

Full Access
Question # 96

Which of the following is the PRIMARY benefit of a vulnerability scanning tool to an organization?

A.

Identifying vulnerabilities within organizational processes

B.

Identifying potential risks posed by devices on the network

C.

Automating the information security risk analysis program

D.

Ensuring complex vulnerabilities are not missed

Full Access
Question # 97

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

A.

consistent security.

B.

comprehensive audits

C.

a security-aware culture

D.

compliance with policy

Full Access
Question # 98

A finance department director has decided to outsource the organization ' s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?

A.

Determine the required security controls for the new solution

B.

Review the disaster recovery plans (DRPs) of the providers

C.

Obtain audit reports on the service providers ' hosting environment

D.

Align the roles of the organization ' s and the service providers ' stats.

Full Access
Question # 99

The business value of an information asset is derived from:

A.

the threat profile.

B.

its criticality.

C.

the risk assessment.

D.

its replacement cost.

Full Access
Question # 100

Which of the following BEST ensures information security governance is aligned with corporate governance?

A.

A security steering committee including IT representation

B.

A consistent risk management approach

C.

An information security risk register

D.

Integration of security reporting into corporate reporting

Full Access
Question # 101

Which of the following is the GREATEST concern with implementing all controls recommended by a security framework?

A.

Increased time for implementation

B.

Lack of approval from senior management

C.

Negative return on investment

D.

Increased risk levels

Full Access
Question # 102

Which of the following processes BEST supports the evaluation of incident response effectiveness?

A.

Root cause analysis

B.

Post-incident review

C.

Chain of custody

D.

Incident logging

Full Access
Question # 103

Which of the following is the MOST important consideration when defining control objectives?

A.

Senior management support

B.

Risk appetite

C.

Threat environment

D.

Budget allocation

Full Access
Question # 104

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application ' s security compliance?

A.

During user acceptance testing (UAT)

B.

During the design phase

C.

During static code analysis

D.

During regulatory review

Full Access
Question # 105

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Full Access
Question # 106

A PRIMARY purpose of creating security policies is to:

A.

define allowable security boundaries.

B.

communicate management ' s security expectations.

C.

establish the way security tasks should be executed.

D.

implement management ' s security governance strategy.

Full Access
Question # 107

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

A.

Limited liability clause

B.

Explanation of information usage

C.

Information encryption requirements

D.

Access control requirements

Full Access
Question # 108

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

A.

Alignment with industry benchmarks

B.

Results of business impact analyses (BIAs)

C.

Possibility of reputational loss due to incidents

D.

Availability of security budget

Full Access
Question # 109

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

A.

Implementing automated vulnerability scanning in the help desk workflow

B.

Changing the default setting for all security incidents to the highest priority

C.

Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

D.

Integrating incident response workflow into the help desk ticketing system

Full Access
Question # 110

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

A.

Request the service provider comply with information security policy.

B.

Review a recent independent audit report of the service provider.

C.

Assess the level of security awareness of the service provider.

D.

Review samples of service level reports from the service provider.

Full Access
Question # 111

Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?

A.

Perform security testing on legacy systems

B.

Identify all information assets in the legacy environment

C.

Assign owners to be responsible for the transfer of each asset

D.

Conduct a business impact analysis (BIA)

Full Access
Question # 112

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager ' s FIRST course of action?

A.

Ensure a risk assessment is performed to evaluate the findings

B.

Ensure vulnerabilities found are resolved within acceptable timeframes

C.

Request funding needed to resolve the top vulnerabilities

D.

Report findings to senior management

Full Access
Question # 113

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

A.

Assess changes in the risk profile.

B.

Activate the disaster recovery plan (DRP).

C.

Invoke the incident response plan.

D.

Conduct security awareness training.

Full Access
Question # 114

Which of the following is a function of the information security steering committee?

A.

Deliver external communication during incident response.

B.

Align the security framework with security standards.

C.

Align security strategy with business objectives.

D.

Monitor regulatory requirements.

Full Access
Question # 115

Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

A.

Data owner

B.

Data custodian

C.

System administrator

D.

Senior management

Full Access
Question # 116

Which of the following BEST enables an organization to maintain legally admissible evidence7

A.

Documented processes around forensic records retention

B.

Robust legal framework with notes of legal actions

C.

Chain of custody forms with points of contact

D.

Forensic personnel training that includes technical actions

Full Access
Question # 117

During which phase of a security event should an incident response team be INITIALLY engaged?

A.

Preparation

B.

Eradication

C.

Identification

D.

Recovery

Full Access
Question # 118

Which of the following BEST indicates misalignment of security policies with business objectives?

A.

Low completion rate of employee awareness training

B.

Lack of adequate funding for the security program

C.

A large number of long-term policy exceptions

D.

A large number of user noncompliance incidents

Full Access
Question # 119

An organization requires that business-critical applications be recovered within 30 minutes in the event of a disaster. Which of the following metrics should be defined in the business continuity plan (BCP) to manage this requirement?

A.

Recovery time objective (RTO)

B.

Recovery point objective (RPO)

C.

Maximum tolerable downtime (MTD)

D.

Service level agreement (SLA)

Full Access
Question # 120

An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?

A.

The individual who has the most privileges within the application

B.

The individual who manages the process supported by the application

C.

The individual responsible for providing support for the application

D.

The individual who manages users of the application

Full Access
Question # 121

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

A.

a function of the likelihood and impact, should a threat exploit a vulnerability.

B.

the magnitude of the impact, should a threat exploit a vulnerability.

C.

a function of the cost and effectiveness of controls over a vulnerability.

D.

the likelihood of a given threat attempting to exploit a vulnerability

Full Access
Question # 122

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?

A.

Backups are maintained offline and regularly tested.

B.

Impacted networks can be detached at the network switch level.

C.

Production data is continuously replicated between primary and secondary sites.

D.

Backups are maintained on multiple sites and regularly reviewed.

Full Access
Question # 123

Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?

A.

Establish an information security steering committee.

B.

Employ a process-based approach for information asset classification.

C.

Utilize an industry-recognized risk management framework.

D.

Provide security awareness training to board executives.

Full Access
Question # 124

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager ' s BEST course of action?

A.

Enforce the policy.

B.

Modify the policy.

C.

Present the risk to senior management.

D.

Create an exception for the deviation.

Full Access
Question # 125

Which of the following is the PRIMARY responsibility of an information security governance committee?

A.

Discussing upcoming information security projects

B.

Reviewing the information security risk register

C.

Approving changes to the information security strategy

D.

Reviewing monthly information security metrics

Full Access
Question # 126

Which of the following is the BEST reason to implement a comprehensive information security management system?

To ensure continuous alignment with the organizational strategy

To gain senior management support for the information security program

To support identification of key risk indicators (KRIs)

A.

To facilitate compliance with external regulatory requirements

Full Access
Question # 127

Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

A.

Crisis management plan

B.

Disaster recovery plan (DRP)

C.

Incident response plan

D.

Business continuity plan (BCP)

Full Access
Question # 128

What is the PRIMARY objective of implementing standard security configurations?

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Minimize the operational burden of managing and monitoring unsupported systems.

C.

Control vulnerabilities and reduce threats from changed configurations.

D.

Compare configurations between supported and unsupported systems.

Full Access
Question # 129

Which of the following BEST encourages staff to report issues related to information security?

A.

Tabletop exercises are performed on a regular basis

B.

Incentives are offered for security skills training

C.

The leaders set a positive security culture

D.

Formal incident response processes are in place

Full Access
Question # 130

Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?

A.

Restore affected systems for normal operations.

B.

Mitigate exploited vulnerabilities to stop future incidents.

C.

Estimate the amount of damage caused by the incident.

D.

Isolate affected systems to prevent further damage

Full Access
Question # 131

An organization has identified IT failures in a call center application. Of the following, who should own this risk?

A.

Information security manager

B.

Head of the call center

C.

Chief executive officer (CEO)

D.

Head of the IT department

Full Access
Question # 132

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

A.

Demonstrated return on security investment

B.

Reduction in inherent risk

C.

Results of an emerging threat analysis

D.

Review of security metrics trends

Full Access
Question # 133

Which of the following would be MOST useful when determining the business continuity strategy for a large organization ' s data center?

A.

Stakeholder feedback analysis

B.

Business continuity risk analysis

C.

Incident root cause analysis

D.

Business impact analysis (BIA)

Full Access
Question # 134

Implementing the principle of least privilege PRIMARILY requires the identification of:

A.

job duties

B.

data owners

C.

primary risk factors.

D.

authentication controls

Full Access
Question # 135

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Full Access
Question # 136

Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?

A.

Data protection regulations

B.

Data storage limitations

C.

Business requirements

D.

Type and nature of data

Full Access
Question # 137

Which of the following BEST enables the design of an effective incident escalation process?

A.

Enforceable control baselines

B.

Controls designed for defense in depth

C.

A well-defined organizational hierarchy

D.

A comprehensive risk register

Full Access
Question # 138

Which of the following BEST demonstrates the added value of an information security program?

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Full Access
Question # 139

Which of the following BEST facilitates the development of a comprehensive information security policy?

A.

Alignment with an established information security framework

B.

An established internal audit program

C.

Security key performance indicators (KPIs)

D.

Areview of recent information security incidents

Full Access
Question # 140

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

A.

Cost of replacing the asset

B.

Cost of additional mitigation

C.

Annual loss expectancy (ALE)

D.

Annual rate of occurrence

Full Access
Question # 141

Which of the following provides the MOST useful information for identifying security control gaps on an application server?

A.

Risk assessments

B.

Threat models

C.

Penetration testing

D.

Internal audit reports

Full Access
Question # 142

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

A.

Implement compensating controls.

B.

Communicate consequences for future instances.

C.

Enhance the data loss prevention (DLP) solution.

D.

Improve the security awareness training program.

Full Access
Question # 143

Which type of recovery site is MOST reliable and can support stringent recovery requirements?

A.

Cold site

B.

Warm site

C.

Hot site

D.

Mobile site

Full Access
Question # 144

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

A.

Perform a full data backup.

B.

Conduct ransomware awareness training for all staff.

C.

Update indicators of compromise in the security systems.

D.

Review the current risk assessment.

Full Access
Question # 145

A new risk has been identified in a high availability system. The BEST course of action is to:

A.

Perform a cost-benefit analysis for mitigating controls

B.

Recommend risk acceptance to the business owner

C.

Develop and implement a plan to mitigate the identified risk

D.

Evaluate and prioritize the identified risk

Full Access
Question # 146

Information security controls should be designed PRIMARILY based on:

A.

a business impact analysis (BIA).

B.

regulatory requirements.

C.

business risk scenarios,

D.

a vulnerability assessment.

Full Access
Question # 147

Which of the following BEST supports effective communication during information security incidents?

A.

Frequent incident response training sessions

B.

Centralized control monitoring capabilities

C.

Responsibilities defined within role descriptions

D.

Predetermined service level agreements (SLAs)

Full Access
Question # 148

Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?

A.

Contractual provisions for the right to audit

B.

Contractual provisions for data repatriation

C.

Effective data loss prevention (DLP) controls

D.

The purchase of cybersecurity insurance

Full Access
Question # 149

Regular vulnerability scanning on an organization ' s internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Full Access
Question # 150

A global organization is considering its geopolitical security risks. Which of the following is the information security manager ' s BEST approach?

A.

Seek advice from environmental and physical security experts

B.

Implement a third-party risk management framework

C.

Implement controls that deny access from specific jurisdictions

D.

Seek advice from enterprise risk and legal experts

Full Access
Question # 151

When investigating an information security incident, details of the incident should be shared:

A.

widely to demonstrate positive intent.

B.

only with management.

C.

only as needed,

D.

only with internal audit.

Full Access
Question # 152

Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?

A.

Reliable image backups

B.

Impact assessment

C.

Documented eradication procedures

D.

Root cause analysis

Full Access
Question # 153

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

A.

Purchase forensic standard operating procedures.

B.

Provide forensics training to the information security team.

C.

Ensure the incident response policy allows hiring a forensics firm.

D.

Retain a forensics firm prior to experiencing an incident.

Full Access
Question # 154

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Full Access
Question # 155

In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?

A.

Communicate regular reminders of the acceptable use policy

B.

Include the topic of prohibited texting in security awareness training

C.

Stop providing mobile devices until the organization is able to implement controls

D.

Conduct a business impact analysis (BIA) and provide the report to management

Full Access
Question # 156

Which of the following BEST enables the assignment of risk and control ownership?

A.

Aligning to an industry-recognized control framework

B.

Adopting a risk management framework

C.

Obtaining senior management buy-in

D.

Developing an information security strategy

Full Access
Question # 157

What should be an information security manager ' s MOST important consideration when developing a multi-year plan?

A.

Ensuring contingency plans are in place for potential information security risks

B.

Ensuring alignment with the plans of other business units

C.

Allowing the information security program to expand its capabilities

D.

Demonstrating projected budget increases year after year

Full Access
Question # 158

Which of the following is MOST important to the effectiveness of an information security steering committee?

A.

The committee has strong regulatory knowledge.

B.

The committee is comprised of representatives from senior management.

C.

The committee has cross-organizational representation.

D.

The committee uses a risk management framework.

Full Access
Question # 159

As part of a risk assessment, a security control was discovered to be inadequate. When assigning a risk owner, which of the following attributes is MOST important to consider?

A.

The risk owner is able to reassess the risk following remediation.

B.

The risk owner has the authority to take action on the risk.

C.

The risk owner is able to make timely updates to the risk register.

D.

The risk owner also owns the associated control that failed.

Full Access
Question # 160

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

A.

Current resourcing levels

B.

Availability of potential resources

C.

Information security strategy

D.

Information security incidents

Full Access
Question # 161

Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?

A.

Ensuring the continued resilience and security of IT services

B.

Decreasing the percentage of security deployments that cause failures in production

C.

Reducing the number of control assessments to optimize resources

D.

Identifying and addressing security team performance issues

Full Access
Question # 162

Which of the following should be the PRIMARY objective of the information security incident response process?

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Full Access
Question # 163

Which of the following would MOST effectively ensure that a new server is appropriately secured?

A.

Performing secure code reviews

B.

Enforcing technical security standards

C.

Conducting penetration testing

D.

Initiating security scanning

Full Access
Question # 164

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Full Access
Question # 165

Which of the following is the BEST indicator of a successful intrusion into an organization ' s systems?

A.

Decrease in internal network traffic

B.

Increase in the number of failed login attempts

C.

Increase in the number of irregular application requests

D.

Decrease in available storage space

Full Access
Question # 166

Which of the following is the MOST essential element of an information security program?

A.

Benchmarking the program with global standards for relevance

B.

Prioritizing program deliverables based on available resources

C.

Involving functional managers in program development

D.

Applying project management practices used by the business

Full Access
Question # 167

Which of the following is the BEST approach to make strategic information security decisions?

A.

Establish regular information security status reporting.

B.

Establish an information security steering committee.

C.

Establish business unit security working groups.

D.

Establish periodic senior management meetings.

Full Access
Question # 168

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

A.

Mapping risk scenarios according to sensitivity of data

B.

Reviewing mitigating and compensating controls for each risk scenario

C.

Mapping the risk scenarios by likelihood and impact on a chart

D.

Performing a risk assessment on the laaS provider

Full Access
Question # 169

Which of the following should an information security manager do FIRST when there is a conflict between the organization ' s information security policy and a local regulation?

A.

Enforce the local regulation.

B.

Obtain legal guidance.

C.

Enforce the organization ' s information security policy.

D.

Obtain an independent assessment of the regulation.

Full Access
Question # 170

Which of the following should have the MOST influence on an organization ' s response to a new industry regulation?

A.

The organization ' s control objectives

B.

The organization ' s risk management framework

C.

The organization ' s risk appetite

D.

The organization ' s risk control baselines

Full Access
Question # 171

An organization’s human resources department is planning to migrate a legacy application to a new application in the cloud. What is the BEST way for the information security manager to support this effort?

A.

Update the policies to add controls for protecting the data

B.

Encrypt the data to the cloud so that the data is secure

C.

Conduct a security assessment on the cloud provider

D.

Conduct vulnerability scans on the cloud provider

Full Access
Question # 172

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

A.

enhance the organization ' s antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization ' s detective controls.

D.

reduce the need for a security awareness program.

Full Access
Question # 173

Which of the following BEST helps to ensure the effective execution of an organization ' s disaster recovery plan (DRP)?

A.

The plan is reviewed by senior and IT operational management.

B.

The plan is based on industry best practices.

C.

Process steps are documented by the disaster recovery team.

D.

Procedures are available at the primary and failover location.

Full Access
Question # 174

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.

Which of the following should be given immediate focus?

A.

Moving to a zero trust access model

B.

Enabling network-level authentication

C.

Enhancing cyber response capability

D.

Strengthening endpoint security

Full Access
Question # 175

Which of the following is the MOST effective way to detect information security incidents?

A.

Implementation of regular security awareness programs

B.

Periodic analysis of security event log records

C.

Threshold settings on key risk indicators (KRIs)

D.

Real-time monitoring of network activity

Full Access
Question # 176

When designing security controls, it is MOST important to:

A.

Apply a risk-based approach

B.

Apply technical controls for sensitive data

C.

Consider business impact analysis (BIA) results

D.

Focus on preventive controls

Full Access
Question # 177

The PRIMARY objective of timely declaration of a disaster is to:

A.

ensure engagement of business management in the recovery process.

B.

assess and correct disaster recovery process deficiencies.

C.

protect critical physical assets from further loss.

D.

ensure the continuity of the organization ' s essential services.

Full Access
Question # 178

When collecting admissible evidence, which of the following is the MOST important requirement?

A.

Need to know

B.

Preserving audit logs

C.

Due diligence

D.

Chain of custody

Full Access
Question # 179

Which of the following is the MOST effective way to help assure the integrity of an organization’s accounting system?

A.

Providing security awareness training to accounting staff

B.

Implementing two-factor authentication

C.

Performing frequent security reviews of the audit log

D.

Conducting an annual security audit of the system

Full Access
Question # 180

Which of the following is MOST critical when creating an incident response plan?

A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Documenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Full Access
Question # 181

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Full Access
Question # 182

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

A.

the security organization structure.

B.

international security standards.

C.

risk assessment results.

D.

the most stringent requirements.

Full Access
Question # 183

An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?

A.

Include the requirement in information security awareness materials

B.

Perform a policy compliance assessment

C.

Ensure the policy has been communicated to the system administrators

Full Access
Question # 184

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Full Access
Question # 185

Which of the following is the MOST useful input for an information security manager when updating the organization’s security policy?

A.

Security team capabilities

B.

Industry benchmarks

C.

Risk appetite

D.

Vulnerability scan results

Full Access
Question # 186

To ensure that a new application complies with information security policy, the BEST approach is to:

A.

review the security of the application before implementation.

B.

integrate functionality the development stage.

C.

perform a vulnerability analysis.

D.

periodically audit the security of the application.

Full Access
Question # 187

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Full Access
Question # 188

While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

A.

Assign responsibility to the database administrator (DBA).

B.

Review the databases for sensitive content.

C.

Prepare a report of the databases for senior management.

D.

Assign the highest classification level to those databases.

Full Access
Question # 189

An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager ' s BEST approach for communicating the implications of this transition to the board of directors?

A.

Present a diagram of core Zero Trust logical components to help visualize the architectural changes

B.

Summarize the training plan and end user feedback in an internal portal and send the link to the board

C.

Prepare a report on the Zero Trust implementation that includes a status dashboard and timeline

D.

Provide an outline of the business impact in terms of risk reduction and changes in user experience

Full Access
Question # 190

Which of the following is MOST helpful to identify whether information security policies have been followed?

A.

Preventive controls

B.

Detective controls

C.

Directive controls

D.

Corrective controls

Full Access
Question # 191

The PRIMARY reason for creating a business case when proposing an information security project is to:

A.

articulate inherent risks.

B.

provide demonstrated return on investment (ROI).

C.

establish the value of the project in relation to business objectives.

D.

gain key business stakeholder engagement.

Full Access
Question # 192

Which of the following is the GREATEST benefit resulting from the introduction of data security standards for payment cards?

A.

It helps achieve the holistic protection of information assets in the industry.

B.

It deters hackers from committing crimes related to card payments.

C.

It optimizes budget allocation for cybersecurity in each organization.

D.

It enables a wider range of more sophisticated payment methods.

Full Access
Question # 193

Which of the following is the MOST important reason to have documented security procedures?

A.

To guide the implementation of policy requirements

B.

To facilitate the process of information security metrics reporting

C.

To meet regulatory requirements related to standard operating procedures

D.

To demonstrate alignment with business security objectives

Full Access
Question # 194

The PRIMARY purpose of implementing information security governance metrics is to:

A.

measure alignment with best practices.

B.

assess operational and program metrics.

C.

guide security towards the desired state.

D.

refine control operations.

Full Access
Question # 195

When developing an asset classification program, which of the following steps should be completed FIRST?

A.

Categorize each asset.

B.

Create an inventory. &

C.

Create a business case for a digital rights management tool.

D.

Implement a data loss prevention (OLP) system.

Full Access
Question # 196

To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:

A.

isolate the infected systems.

B.

preserve the evidence.

C.

image the infected systems.

D.

clean the malware.

Full Access
Question # 197

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

A.

Senior management

B.

Application owner

C.

Information security manager

D.

Legal representative

Full Access
Question # 198

Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?

A.

Develop service level agreements (SLAs).

B.

Stipulate insurance requirements.

C.

Require nondisclosure agreements (NDAs).

D.

Create contingency plans.

Full Access
Question # 199

Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?

A.

Confirm the change implementation is scheduled.

B.

Verify the change request has been approved.

C.

Confirm rollback plans are in place.

D.

Notify users affected by the change.

Full Access
Question # 200

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Full Access
Question # 201

When assigning a risk owner, the MOST important consideration is to ensure the owner has:

A.

adequate knowledge of risk treatment and related control activities.

B.

decision-making authority and the ability to allocate resources for risk.

C.

sufficient time for monitoring and managing the risk effectively.

D.

risk communication and reporting skills to enable decision-making.

Full Access
Question # 202

Which of the following is the MOST important requirement for a successful security program?

A.

Mapping security processes to baseline security standards

B.

Penetration testing on key systems

C.

Management decision on asset value

D.

Nondisclosure agreements (NDA) with employees

Full Access
Question # 203

Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

A.

select mobile device management (MDM) software.

B.

survey employees for requested applications.

C.

develop an acceptable use policy.

D.

review currently utilized applications.

Full Access
Question # 204

Which of the following BEST indicates that information assets are classified accurately?

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Full Access
Question # 205

Which of the following is the GREATEST threat posed by quantum computing technology for information security?

A.

Quantum computers can break several current encryption schemes protecting the confidentiality of data

B.

Quantum computers can allow for secure communication that benefits only the few who can afford it

C.

Quantum computers can compromise availability through extremely rapid processing of large data sets

D.

Quantum computers can simulate complex physical systems beyond traditional computing capabilities

Full Access
Question # 206

Which of the following is the MOST effective way to protect the authenticity of data in transit?

A.

Digital signature

B.

Private key

C.

Access controls

D.

Public key

Full Access
Question # 207

Which of the following is MOST important to include in an information security status report to senior management?

A.

Key risk indicators (KRIs)

B.

Review of information security policies

C.

Information security budget requests

D.

List of recent security events

Full Access
Question # 208

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

A.

Vendor service level agreements (SLAs)

B.

Independent review of the vendor

C.

Local laws and regulations

D.

Backup and restoration of data

Full Access
Question # 209

Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?

A.

Risk assessment program

B.

Information security awareness training

C.

Information security governance

D.

Information security metrics

Full Access
Question # 210

Which of the following is MOST important for building 4 robust information security culture within an organization?

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Full Access
Question # 211

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

A.

Clearer segregation of duties

B.

Increased user productivity

C.

Increased accountability

D.

Fewer security incidents

Full Access
Question # 212

Which of the following should be the PRIMARY basis for determining the value of assets?

A.

Cost of replacing the assets

B.

Business cost when assets are not available

C.

Original cost of the assets minus depreciation

D.

Total cost of ownership (TCO)

Full Access
Question # 213

Which of the following would BEST ensure that security is integrated during application development?

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Full Access
Question # 214

Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

A.

Average return on investment (ROI) associated with security initiatives

B.

Average number of security incidents across business units

C.

Mean time to resolution (MTTR) for enterprise-wide security incidents

D.

Number of vulnerabilities identified for high-risk information assets

Full Access
Question # 215

Which of the following should be done FIRST after a ransomware incident has been successfully contained?

A.

Notify relevant stakeholders.

B.

Conduct forensic analysis.

C.

Perform lessons learned.

D.

Restore impacted systems.

Full Access
Question # 216

Which is following should be an information security manager ' s PRIMARY focus during the development of a critical system storing highly confidential data?

A.

Reducing the number of vulnerabilities detected

B.

Ensuring the amount of residual risk is acceptable

C.

Avoiding identified system threats

D.

Complying with regulatory requirements

Full Access
Question # 217

Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?

A.

Streamlining of event triage and implementation of incident response procedures

B.

Allocation of budget for technical security controls and enhancements to security culture

C.

Assurance of compliance with industry-specific regulations and improvement to business processes

D.

Identification of critical business functions and prioritization of recovery efforts

Full Access
Question # 218

An organization plans to implement a new e-commerce operation in a highly regulated market. Which of the following is MOST important to consider when updating the risk management strategy?

A.

Strategy of industry peers

B.

Outsourcing needs

C.

Business culture

D.

Compliance requirements

Full Access
Question # 219

Once a suite of security controls has been successfully implemented for an organization ' s business units, it is MOST important for the information security manager to:

A.

hand over the controls to the relevant business owners.

B.

ensure the controls are regularly tested for ongoing effectiveness.

C.

perform testing to compare control performance against industry levels.

D.

prepare to adapt the controls for future system upgrades.

Full Access
Question # 220

Which of the following is the MAIN feature of a web application firewall?

A.

Modifying its predefined configuration automatically based on malicious traffic

B.

Restricting external traffic within a private network

C.

Redirecting distributed denial-of-service attacks

D.

Filtering incoming Hypertext Transfer Protocol traffic

Full Access
Question # 221

A security incident has been reported within an organization When should an information security manager contact the information owner?

A.

After the incident has been mitigated

B.

After the incident has been confirmed.

C.

After the potential incident has been togged

D.

After the incident has been contained

Full Access
Question # 222

The PRIMARY purpose for conducting cybersecurity risk assessments is to:

A.

Assist in security reporting to senior management

B.

Provide metrics to indicate cybersecurity program effectiveness

C.

Verify compliance across multiple sectors

D.

Understand the organization ' s current security posture

Full Access
Question # 223

Which of the following should be an information security manager ' s FIRST course of action when a newly introduced privacy regulation affects the business?

A.

Consult with IT staff and assess the risk based on their recommendations

B.

Update the security policy based on the regulatory requirements

C.

Propose relevant controls to ensure the business complies with the regulation

D.

Identify and assess the risk in the context of business objectives

Full Access
Question # 224

From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often

A.

website transactions and taxation.

B.

software patches and corporate date.

C.

encryption tools and personal data.

D.

lack of competition and free trade.

Full Access
Question # 225

Which of the following would BEST support the business case for an increase in the information security budget?

A.

Cost-benefit analysis results

B.

Comparison of information security budgets with peer organizations

C.

Business impact analysis (BIA) results

D.

Frequency of information security incidents

Full Access
Question # 226

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

A.

Poor documentation of results and lessons learned

B.

Lack of communication to affected users

C.

Disruption to the production environment

D.

Lack of coordination among departments

Full Access
Question # 227

Which of the following provides an information security manager with the MOST accurate indication of the organization ' s ability to respond to a cyber attack?

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Full Access
Question # 228

Which of the following is the BEST evidence of alignment between corporate and information security governance?

A.

Security key performance indicators (KPIs)

B.

Project resource optimization

C.

Regular security policy reviews

D.

Senior management sponsorship

Full Access
Question # 229

Which of the following would pose the GREATEST risk to the preparedness of an incident response team?

A.

Lack of formal incident response scenarios

B.

A change in information security management

C.

Outdated incident response plans

D.

New attack vectors used by hackers

Full Access
Question # 230

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

A.

An increase in the number of identified security incidents

B.

A decrease in the number of security audit findings

C.

A decrease in the number of security policy exceptions

D.

An increase in the number of compliant business processes

Full Access
Question # 231

Which of the following is the MOST important benefit of using a cloud access security broker when migrating to a cloud environment?

A.

Enhanced data governance

B.

Increased third-party assurance

C.

)Improved incident management

D.

Reduced total cost of ownership (TCO)

Full Access
Question # 232

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

A.

Integrate risk management into the vendor management process.

B.

Conduct security reviews on the services and solutions delivered.

C.

Review third-party contracts as part of the vendor management process.

D.

Perform an audit on vendors ' security controls and practices.

Full Access
Question # 233

An organization requires that business-critical applications be recovered within 30 minutes in the event of a disaster. Which of the following metrics should be in the business continuity plan (BCP) to manage this requirement?

A.

Maximum tolerable downtime (MTD)

B.

Service level agreement (SLA)

C.

Recovery point objective (RPO)

D.

Recovery time objective (RTO)

Full Access
Question # 234

Which of the following has the GREATEST influence on an organization ' s information security strategy?

A.

The organization ' s risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Full Access
Question # 235

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

A.

Eliminate privileged accounts.

B.

Perform periodic certification of access to privileged accounts.

C.

Frequently monitor activities on privileged accounts.

D.

Provide privileged account access only to users who need it.

Full Access
Question # 236

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

A.

Perform a risk assessment

B.

Perform a gap analysis

C.

Review information security policies

D.

Review the state of security awareness

Full Access
Question # 237

An information security manager is updating the organization ' s incident response plan. Which of the following is the BEST way to validate that the process and procedures provided by IT and business units are complete, accurate, and known by all responsible teams?

A.

Review the test objectives with stakeholders.

B.

Conduct a data breach incident tabletop exercise.

C.

Conduct an incident response plan survey.

D.

Review data breach incident triage steps.

Full Access
Question # 238

When an information security manager presents an information security program status report to senior management, the MAIN focus should be:

A.

Key controls evaluation

B.

Net present value

C.

Security return on investment

D.

Key performance indicators

Full Access
Question # 239

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization ' s incident response process.

Full Access
Question # 240

Which of the following is the PRIMARY reason to conduct a post-incident review?

A.

To aid in future risk assessments

B.

To improve the response process

C.

To determine whether digital evidence is admissible

D.

To notify regulatory authorities

Full Access
Question # 241

An organization ' s security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Full Access
Question # 242

Which of the following is MOST important for a healthcare organization to address during the requirements gathering phase of AI development?

A.

Algorithm selection challenges

B.

Data privacy concerns

C.

Inadequate computational resources

D.

Data labeling inefficiencies

Full Access
Question # 243

Which of the following should be the PRIMARY objective when establishing a new information security program?

A.

Executing the security strategy

B.

Minimizing organizational risk

C.

Optimizing resources

D.

Facilitating operational security

Full Access
Question # 244

Which of the following BEST enables an organization to effectively manage emerging cyber risk?

A.

Periodic internal and external audits

B.

Clear lines of responsibility

C.

Sufficient cyber budget allocation

D.

Cybersecurity policies

Full Access
Question # 245

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Full Access
Question # 246

Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?

A.

Limiting the number of KRIs

B.

Comprehensively reporting on KRIs

C.

Aggregating common KRIs

D.

Linking KRIs to specific risks

Full Access
Question # 247

Which of the following would BEST help to ensure appropriate security controls are built into software?

A.

Integrating security throughout the development process

B.

Performing security testing prior to deployment

C.

Providing standards for implementation during development activities

D.

Providing security training to the software development team

Full Access
Question # 248

Which of the following should be done FIRST when implementing a security program?

A.

Perform a risk analysis

B.

Implement data encryption.

C.

Create an information asset inventory.

D.

Determine the value of information assets.

Full Access
Question # 249

Which of the following will BEST enable an effective information asset classification process?

A.

Including security requirements in the classification process

B.

Analyzing audit findings

C.

Reviewing the recovery time objective (RTO) requirements of the asset

D.

Assigning ownership

Full Access
Question # 250

An organization is in the process of selecting a third party to process customer information. Which of the following provides the BEST evidence that the third party’s controls will operate as required?

A.

Results of incident response tests

B.

An independent assessment

C.

An external vulnerability assessment

D.

An information security questionnaire

Full Access
Question # 251

Which of the following is MOST important to include in security incident escalation procedures?

A.

Key objectives of the security program

B.

Recovery procedures

C.

Notification criteria

D.

Containment procedures

Full Access
Question # 252

Which of the following establishes the minimum technical baseline for security controls?

A.

Procedures

B.

Policies

C.

Standards

D.

Guidelines

Full Access
Question # 253

Which of the following is an information security manager ' s BEST recommendation to senior management following a breach at the organization ' s Software as a Service (SaaS) vendor?

A.

Update the vendor risk assessment.

B.

Engage legal counsel.

C.

Renegotiate the vendor contract.

D.

Terminate the relationship with the vendor.

Full Access
Question # 254

What should be the FIRST step when implementing data loss prevention (DLP) technology?

A.

Perform due diligence with vendor candidates.

B.

Build a business case.

C.

Classify the organization ' s data.

D.

Perform a cost-benefit analysis.

Full Access
Question # 255

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

A.

cause fewer potential production issues.

B.

require less IT staff preparation.

C.

simulate real-world attacks.

D.

identify more threats.

Full Access
Question # 256

Which of the following BEST facilitates effective strategic alignment of security initiatives?

A.

The business strategy is periodically updated

B.

Procedures and standards are approved by department heads.

C.

Periodic security audits are conducted by a third-party.

D.

Organizational units contribute to and agree on priorities

Full Access
Question # 257

Which of the following is the MOST important constraint to be considered when developing an information security strategy?

A.

Legal and regulatory requirements

B.

Established security policies and standards

C.

Compliance with an international security standard

D.

Information security architecture

Full Access
Question # 258

Which of the following documents should contain the INITIAL prioritization of recovery of services?

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Full Access
Question # 259

Which of the following is a prerequisite for formulating a business continuity plan (BCP)?

A.

Recovery time objectives (RTOs) for the business processes

B.

Process maps for production applications

C.

System recovery procedures for alternate-site processing

D.

Comprehensive property inventory

Full Access
Question # 260

A business continuity plan (BCP) should contain:

A.

Hardware and software inventories

B.

Data restoration procedures

C.

Information about eradication activities

D.

Criteria for activation

Full Access
Question # 261

Which of the following is MOST important to the ongoing success of an information security program?

A.

Executive sponsorship

B.

Skilled personnel

C.

Process automation

D.

Regular awareness training

Full Access
Question # 262

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

A.

Monitor the effectiveness of controls

B.

Update the risk assessment framework

C.

Review the inherent risk level

D.

Review the risk probability and impact

Full Access
Question # 263

Which of the following would be MOST important to include in a proposal justifying investments for an organization ' s information security program?

A.

Vulnerability scan results

B.

Competitor benchmark analysis

C.

Previous security budget

D.

Business requirements

Full Access
Question # 264

An organization ' s information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?

A.

No owners were identified for some risks.

B.

Business applications had the highest number of risks.

C.

Risk mitigation action plans had no timelines.

D.

Risk mitigation action plan milestones were delayed.

Full Access
Question # 265

When developing an incident escalation process, the BEST approach is to classify incidents based on:

A.

estimated time to recover.

B.

information assets affected.

C.

recovery point objectives (RPOs).

D.

their root causes.

Full Access
Question # 266

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

A.

Evaluate the security posture of the organization.

B.

Identify unmitigated risk.

C.

Prevent incident recurrence.

D.

Support business investments in security.

Full Access
Question # 267

Which of the following has the GREATEST influence on the successful integration of information security within the business?

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Full Access
Question # 268

Which of the following devices, when placed in a demilitarized zone (DMZ), would be considered the MOST significant exposure?

A.

Mail relay server

B.

Proxy server

C.

Database server

D.

Application server

Full Access
Question # 269

Which of the following would BEST guide the development and maintenance of an information security program?

A.

A business impact assessment

B.

A comprehensive risk register

C.

An established risk assessment process

D.

The organization ' s risk appetite

Full Access
Question # 270

The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

A.

scope of the business continuity program.

B.

resources needed for business recovery.

C.

recovery time objective (RTO).

D.

scope of the incident response plan.

Full Access
Question # 271

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Full Access
Question # 272

Which of the following should be the PRIMARY goal of information security?

A.

Information management

B.

Regulatory compliance

C.

Data governance

D.

Business alignment

Full Access
Question # 273

Which of the following is the PRIMARY reason to use a phased incident recovery approach?

A.

To gain management buy-in

B.

To give the response team time to analyze incidents

C.

To ensure critical systems are recovered first

D.

To prioritize remediation steps

Full Access
Question # 274

Which of the following should be an information security manager ' s FIRST course of action when a potential business breach is discovered in a critical business system?

A.

Implement mitigating actions immediately.

B.

Invoke the incident response plan.

C.

Inform senior management of the breach.

D.

Validate the breach.

Full Access
Question # 275

Which is MOST important to identify when developing an effective information security strategy?

A.

Security awareness training needs

B.

Potential savings resulting from security governance

C.

Business assets to be secured

D.

Residual risk levels

Full Access
Question # 276

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

A.

Employees use smartphone tethering when accessing from remote locations.

B.

Employees physically lock PCs when leaving the immediate area.

C.

Employees are trained on the acceptable use policy.

D.

Employees use the VPN when accessing the organization ' s online resources.

Full Access
Question # 277

Who is BEST suited to determine how the information in a database should be classified?

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Full Access
Question # 278

How does an organization PRIMARILY benefit from the creation of an information security steering committee?

A.

An increase in information security risk awareness

B.

An increased alignment with industry security trends that impact the business

C.

An increased focus on information security resource management

D.

An increased alignment of information security with the business

Full Access
Question # 279

The resilience requirements of an application are BEST determined by:

A.

A risk assessment

B.

A business impact analysis (BIA)

C.

A cost-benefit analysis

D.

A threat assessment

Full Access
Question # 280

An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

A.

inventory sensitive customer data to be processed by the solution.

B.

determine information security resource and budget requirements.

C.

assess potential information security risk to the organization.

D.

develop information security requirements for the big data solution.

Full Access
Question # 281

Which of the following would BEST enable a new information security manager to assess the current state of information security governance within the organization?

A.

Conducting a business impact analysis (BIA) to understand business priorities

B.

Analyzing the integration of information security policies and practices within business processes

C.

Performing both quantitative and qualitative risk analyses

D.

Interviewing key personnel identified within the governance framework

Full Access
Question # 282

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Full Access
Question # 283

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager ' s GREATEST concern with this situation?

A.

Impact on compliance risk.

B.

Inability to determine short-term impact.

C.

Impact on the risk culture.

D.

Deviation from risk management best practices

Full Access
Question # 284

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

A.

Preventive

B.

Corrective

C.

Detective

D.

Deterrent

Full Access
Question # 285

Which of the following is the PRIMARY reason for granting a security exception?

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Full Access
Question # 286

Which of the following is the BEST source of information to support an organization ' s information security vision and strategy?

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Full Access
Question # 287

Which of the following BEST enables an organization to maintain an appropriate security control environment?

A.

Alignment to an industry security framework

B.

Budgetary support for security

C.

Periodic employee security training

D.

Monitoring of the threat landscape

Full Access
Question # 288

In the context of DevSecOps, which of the following BEST enables the identification of vulnerabilities before software is released?

A.

Performing integration testing

B.

Testing executable code

C.

Automating code review

D.

Following secure coding standards

Full Access
Question # 289

A hacking group has posted an organization’s employee data on social media. What should the information security manager do FIRST?

A.

Inform the impacted employees.

B.

Initiate the incident response process.

C.

Escalate to senior management.

D.

Engage a forensic analysis team.

Full Access
Question # 290

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

A.

reduces unauthorized access to systems.

B.

promotes efficiency in control of the environment.

C.

prevents inconsistencies in information in the distributed environment.

D.

allows administrative staff to make management decisions.

Full Access
Question # 291

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

A.

To assess service level agreements

B.

To provide metrics to senior management

C.

To estimate the recovery time objective

D.

To evaluate how personnel react to the situation

Full Access
Question # 292

An organization uses a security standard that has undergone a major revision by the certifying authority. The old version of the standard will no longer be used for organizations wishing to maintain their certifications. Which of the following should be the FIRST

course of action?

A.

Evaluate the cost of maintaining the certification.

B.

Review the new standard for applicability to the business.

C.

Modify policies to ensure new requirements are covered.

D.

Communicate the new standard to senior leadership.

Full Access
Question # 293

Which of the following provides the BEST assurance that security policies are applied across business operations?

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Full Access
Question # 294

Which of the following is the BEST indication that an organization has a mature information security culture?

A.

Information security training is mandatory for all staff.

B.

The organization ' s information security policy is documented and communicated.

C.

The chief information security officer (CISO) regularly interacts with the board.

D.

Staff consistently consider risk in making decisions.

Full Access
Question # 295

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

A.

adherence to international standards

B.

availability of financial resources

C.

the organization s risk tolerance

D.

alignment with business needs

Full Access
Question # 296

A business impact analysis (BIA) should be periodically executed PRIMARILY to:

A.

validate vulnerabilities on environmental changes.

B.

analyze the importance of assets.

C.

check compliance with regulations.

D.

verify the effectiveness of controls.

Full Access
Question # 297

Which of the following should be the FIRST step when performing triage of a malware incident?

A.

Containing the affected system

B.

Preserving the forensic image

C.

Comparing backup against production

D.

Removing the malware

Full Access
Question # 298

Due to changes in an organization ' s environment, security controls may no longer be adequate. What is the information security manager ' s BEST course of action?

A.

Review the previous risk assessment and countermeasures.

B.

Perform a new risk assessment,

C.

Evaluate countermeasures to mitigate new risks.

D.

Transfer the new risk to a third party.

Full Access
Question # 299

When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:

A.

expected duration of outage.

B.

management direction.

C.

type of security incident.

D.

the root cause of the event.

Full Access
Question # 300

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

A.

Notify senior management of the issue.

B.

Report the issue to legal personnel.

C.

Initiate contract renegotiation.

D.

Assess the extent of the issue.

Full Access
Question # 301

A recent audit found that an organization ' s new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

A.

Automated controls

B.

Security policies

C.

Guidelines

D.

Standards

Full Access
Question # 302

The PRIMARY objective of performing a post-incident review is to:

A.

re-evaluate the impact of incidents.

B.

identify vulnerabilities.

C.

identify control improvements.

D.

identify the root cause.

Full Access
Question # 303

An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Which of the following controls would MOST effectively manage risk to the organization?

A.

Implementing separation of duties between systems and data

B.

Including penalty clauses for noncompliance in the vendor contract

C.

Disabling vendor access and only re-enabling when access is needed

D.

Monitoring key risk indicators (KRIs)

Full Access
Question # 304

Which of the following is the BEST way for an information security manager to learn of zero-day vulnerabilities?

A.

Up-to-date vulnerability scanning tools

B.

Signature-based malware detection tools

C.

Cybersecurity threat intelligence groups

D.

Penetration test findings

Full Access
Question # 305

What is the PRIMARY role of the information security program?

A.

To perform periodic risk assessments and business impact analyses (BIAs)

B.

To provide guidance in managing organizational security risk

C.

To approve information security requirements related to the business

D.

To educate stakeholders regarding information security requirements

Full Access
Question # 306

Which of the following is BEST used to determine the maturity of an information security program?

A.

Security budget allocation

B.

Organizational risk appetite

C.

Risk assessment results

D.

Security metrics

Full Access
Question # 307

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Full Access
Question # 308

Which of the following BEST enables an organization to determine the costs of downtime for a critical application?

A.

Fault tree analysis

B.

Cost-benefit analysis

C.

Return on investment (ROI) analysis

D.

Business impact analysis (BIA)

Full Access
Question # 309

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Full Access
Question # 310

Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?

A.

Including a situational forecast

B.

Using appropriate language for the target audience

C.

Including trend charts for metrics

D.

Using a rating system to demonstrate program effectiveness

Full Access
Question # 311

Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Full Access
Question # 312

What should be the PRIMARY objective of an information classification scheme?

A.

To meet legislative and regulatory requirements

B.

To develop an asset inventory

C.

To define data retention requirements

D.

To implement controls proportionate to risk

Full Access
Question # 313

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

A.

Review independent security assessment reports for each vendor.

B.

Benchmark each vendor ' s services with industry best practices.

C.

Analyze the risks and propose mitigating controls.

D.

Define information security requirements and processes.

Full Access
Question # 314

An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?

A.

Identified vulnerabilities are not published and communicated in awareness programs.

B.

Identified vulnerabilities are not logged and resolved in a timely manner.

C.

The number of vulnerabilities identified exceeds industry benchmarks. D. Vulnerabilities are identified by internal staff rather than by external consultants.

Full Access
Question # 315

An advantage of decentralized information security functions is:

A.

Improved responsiveness

B.

Greater objectivity

C.

Improved compliance

D.

Greater uniformity

Full Access
Question # 316

Which of the following MUST be established to maintain an effective information security governance framework?

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Full Access
Question # 317

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

A.

Provide regular updates about the current state of the risks.

B.

Re-perform risk analysis at regular intervals.

C.

Assign a risk owner to each risk

D.

Create mitigating controls to manage the risks.

Full Access
Question # 318

Which of the following is MOST important when responding to a major securi ty incident?

A.

Contacting forensic investigators

B.

Following the escalation process

C.

Notifying law enforcement

D.

Identifying the indicators of compromise

Full Access
Question # 319

Which of the following is the FIRST step when conducting a post-incident review?

A.

Identify mitigating controls.

B.

Assess the costs of the incident.

C.

Perform root cause analysis.

D.

Assign responsibility for corrective actions.

Full Access
Question # 320

Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?

A.

Service level agreement (SLA)

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Business impact analysis (BIA)

Full Access
Question # 321

What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?

A.

Report the noncompliance to senior management.

B.

Assess the risk of noncompliance.

C.

Activate the incident response plan.

D.

Evaluate possible compensating controls.

Full Access
Question # 322

Which of the following should an information security manager do FIRST when noncompliance with security standards is identified?

A.

Report the noncompliance to senior management.

B.

Validate the noncompliance.

C.

Include the noncompliance in the risk register.

D.

Implement compensating controls to mitigate the noncompliance.

Full Access
Question # 323

A business unit recently integrated the organization ' s new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager ' s BEST course of action to address this situation?

A.

Provide end-user training.

B.

Escalate to senior management.

C.

Continue to enforce the policy.

D.

Conduct a business impact analysis (BIA).

Full Access
Question # 324

Which of the following is the MOST effective way to increase security awareness in an organization?

A.

Implement regularly scheduled information security audits.

B.

Require signed acknowledgment of information security policies.

C.

Conduct periodic simulated phishing exercises.

D.

Include information security requirements in job descriptions.

Full Access
Question # 325

Which of the following is an input used to calculate system-level risk?

A.

Key risk indicators

B.

Business impact analysis

C.

System risk appetite

D.

System vulnerabilities

Full Access
Question # 326

Recovery time objectives (RTOs) are BEST determined by:

A.

business managers

B.

business continuity officers

C.

executive management

D.

database administrators (DBAs).

Full Access
Question # 327

Which of the following BEST supports the adoption of effective information security practices throughout an organization?

A.

Business continuity measures

B.

A security-aware culture

C.

The latest security technologies

D.

Information security metrics

Full Access
Question # 328

In order to understand an organization ' s security posture, it is MOST important for an organization ' s senior leadership to:

A.

evaluate results of the most recent incident response test.

B.

review the number of reported security incidents.

C.

ensure established security metrics are reported.

D.

assess progress of risk mitigation efforts.

Full Access
Question # 329

Which of the following principles BEST addresses the protection of data from unauthorized modification?

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Authenticity

Full Access
Question # 330

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager ' s FIRST response?

A.

Notify the regulatory agency of the incident.

B.

Implement mitigating controls.

C.

Evaluate the impact to the business.

D.

Examine firewall logs to identify the attacker.

Full Access
Question # 331

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

A.

Industry benchmarks

B.

Security training test results

C.

Performance measures for existing controls

D.

Number of false positives

Full Access
Question # 332

The MOST appropriate time to conduct a disaster recovery test would be after:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Full Access
Question # 333

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

A.

Data masking

B.

Data retention strategy

C.

Data encryption standards

D.

Data loss prevention (DLP)

Full Access
Question # 334

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

A.

relates the investment to the organization ' s strategic plan.

B.

translates information security policies and standards into business requirements.

C.

articulates management ' s intent and information security directives in clear language.

D.

realigns information security objectives to organizational strategy.

Full Access
Question # 335

The PRIMARY consideration when responding to a ransomware attack should be to ensure:

A.

backups are available.

B.

the most recent patches have been applied.

C.

the ransomware attack is contained

D.

the business can operate

Full Access
Question # 336

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Full Access
Question # 337

Which of the following is the PRIMARY purpose of an acceptable use policy?

A.

To provide steps for carrying out security-related procedures

B.

To facilitate enforcement of security process workflows

C.

To protect the organization from misuse of information assets

D.

To provide minimum security baselines for information assets

Full Access
Question # 338

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

A.

Set up communication channels for the target audience.

B.

Determine the needs and requirements of each audience.

C.

Create a comprehensive singular communication

D.

Invoke the organization ' s incident response plan.

Full Access
Question # 339

Which of the following should be the MOST important consideration of business continuity management?

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Full Access
Question # 340

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Full Access
Question # 341

Which of the following metrics would provide an accurate measure of an information security program ' s performance?

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Full Access
Question # 342

What is the BEST way to inform senior management of the value of information security?

A.

Present the benefits of security awareness training

B.

Describe how security enables business objectives

C.

Describe potential impact of compromises

D.

Present anticipated return on security investment

Full Access
Question # 343

Which of the following should be the MOST important consideration when reviewing an information security strategy?

A.

Recent security incidents

B.

New business initiatives

C.

Industry security standards

D.

Internal audit findings

Full Access
Question # 344

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Full Access