Question1: The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
Question2: Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
Question3: In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:
Question4: Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:
Question5: An information security manager uses security metrics to measure the:
Question6: Acceptable levels of information security risk should be determined by:
Question7: What is the BEST defense against a Structured Query Language (SQL) injection attack?
Question8: An information security manager must understand the relationship between information security and business operations in order to:
Question9: The PRIMARY purpose of using risk analysis within a security program is to:
Question10: The configuration management plan should PRIMARILY be based upon input from:
Question11: It is important to classify and determine relative sensitivity of assets to ensure that:
Question12: Who can BEST approve plans to implement an information security governance framework?
Question13: Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
Question14: What is the BEST technique to determine which security controls to implement with a limited budget?
Question15: When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
Question16: To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?
Question17: What is the GREATEST risk when there is an excessive number of firewall rules?
Question18: Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
Question19: Which of the following is MOST important in determining whether a disaster recovery test is successful?
Question20: Information security projects should be prioritized on the basis of:
Question21: From an information security perspective, information that no longer supports the main purpose of the business should be:
Question22: What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
Question23: Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?
Question24: Which of the following mechanisms is the MOST secure way to implement a secure wireless network?
Question25: The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
Question26: When developing an information security program, what is the MOST useful source of information for determining available resources?
Question27: Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?
Question28: Which of the following is a key area of the ISO 27001 framework?
Question29: Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:
Question30: Which of the following is the MOST important factor when designing information security architecture?
Question31: Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?
Question32: When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:
Question33: The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
Question34: Which of the following would BEST address the risk of data leakage?
Question35: What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
Question36: An unauthorized user gained access to a merchant's database server and customer credit card information. Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?
Question37: After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?
Question38: When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:
Question39: Which of the following is an example of a corrective control?
Question40: Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?
Question41: Which of the following would a security manager establish to determine the target for restoration of normal processing?
Question42: Which of the following is MOST important to the successful promotion of good security management practices?
Question43: The PRIORITY action to be taken when a server is infected with a virus is to:
Question44: The MOST important objective of a post incident review is to:
Question45: A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?
Question46: In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:
Question47: Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
Question48: Which of the following is MOST effective in protecting against the attack technique known as phishing?
Question49: What is an appropriate frequency for updating operating system (OS) patches on production servers?
Question50: The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:
Question51: Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
Question52: An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?
Question53: Which of the following is the MOST important information to include in a strategic plan for information security?
Question54: An intrusion detection system (IDS) should:
Question55: A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?
Question56: The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
Question57: Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?
Question58: The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:
Question59: Which of the following would be the MOST significant security risk in a pharmaceutical institution?
Question60: Which of the following controls would BEST prevent accidental system shutdown from the console or operations area?
Question61: The effectiveness of virus detection software is MOST dependent on which of the following?
Question62: Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
Question63: The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:
Question64: When personal information is transmitted across networks, there MUST be adequate controls over:
Question65: The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
Question66: To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
Question67: A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?
Question68: In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
Question69: The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:
Question70: Which of the following should be determined while defining risk management strategies?
Question71: The PRIMARY reason for initiating a policy exception process is when:
Question72: Who is ultimately responsible for the organization's information?
Question73: What is the BEST method to verify that all security patches applied to servers were properly documented?
Question74: Which of the following are the essential ingredients of a business impact analysis (B1A)?
Question75: An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?
Question76: What is the BEST way to ensure data protection upon termination of employment?
Question77: An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
Question78: An information security program should focus on:
Question79: A common concern with poorly written web applications is that they can allow an attacker to:
Question80: A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
Question81: A digital signature using a public key infrastructure (PKI) will:
Question82: Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?
Question83: Which of the following is the BEST indicator that security awareness training has been effective?
Question84: The information classification scheme should:
Question85: The FIRST step to create an internal culture that focuses on information security is to:
Question86: Why is "slack space" of value to an information security manager as pan of an incident investigation?
Question87: Risk assessment is MOST effective when performed:
Question88: To determine the selection of controls required to meet business objectives, an information security manager should:
Question89: Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
Question90: A border router should be placed on which of the following?
Question91: Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
Question92: An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:
Question93: A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?
Question94: Retention of business records should PRIMARILY be based on:
Question95: Which of the following measures would be MOST effective against insider threats to confidential information?
Question96: The BEST way to ensure that security settings on each platform are in compliance with information security policies and procedures is to:
Question97: Which of the following is the MOST important item to include when developing web hosting agreements with third-party providers?
Question98: Priority should be given to which of the following to ensure effective implementation of information security governance?
Question99: What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?
Question100: Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?
Question101: To achieve effective strategic alignment of security initiatives, it is important that:
Question102: Which of the following should be included in an annual information security budget that is submitted for management approval?
Question103: What is the MOS T cost-effective means of improving security awareness of staff personnel?
Question104: Reviewing which of the following would BEST ensure that security controls are effective?
Question105: At what stage of the applications development process would encryption key management initially be addressed?
Question106: The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
Question107: Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?
Question108: Which of the following is characteristic of centralized information security management?
Question109: Which of the following authentication methods prevents authentication replay?
Question110: The BEST way to ensure that information security policies are followed is to:
Question111: Which of the following will BEST ensure that management takes ownership of the decision making process for information security?
Question112: Investment in security technology and processes should be based on:
Question113: The PRIMARY objective of a security steering group is to:
Question114: A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GRF.ATEST weakness in recovery capability?
Question115: To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
Question116: Which of the following MOST commonly falls within the scope of an information security governance steering committee?
Question117: Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?
Question118: Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
Question119: Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?
Question120: Which of the following will BEST prevent external security attacks?
Question121: Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?
Question122: Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
Question123: The PRIMARY reason for using metrics to evaluate information security is to:
Question124: The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:
Question125: A successful information security management program should use which of the following to determine the amount of resources devoted to mitigating exposures?
Question126: Minimum standards for securing the technical infrastructure should be defined in a security:
Question127: What is the MOST effective access control method to prevent users from sharing files with unauthorized users?
Question128: Which of the following results from the risk assessment process would BEST assist risk management decision making?
Question129: A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
Question130: The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?
Question131: A post-incident review should be conducted by an incident management team to determine:
Question132: Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
Question133: Which of the following is MOST important for measuring the effectiveness of a security awareness program?
Question134: What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?
Question135: In the course of examining a computer system for forensic evidence, data on the suspect media were inadvertently altered. Which of the following should have been the FIRST course of action in the investigative process?
Question136: During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:
Question137: The value of information assets is BEST determined by:
Question138: An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to:
Question139: Which of the following devices should be placed within a DMZ?
Question140: Which of (lie following would be the MOST relevant factor when defining the information classification policy?
Question141: Isolation and containment measures lor a compromised computer have been taken and information security management is now investigating. What is the MOST appropriate next step?
Question142: The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
Question143: Which of the following steps should be performed FIRST in the risk assessment process?
Question144: Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?
Question145: After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?
Question146: Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?
Question147: Which of the following BEST indicates a successful risk management practice?
Question148: Senior management commitment and support for information security can BEST be obtained through presentations that:
Question149: One way to determine control effectiveness is by determining:
Question150: In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:
Question151: What is the MOST important reason for conducting security awareness programs throughout an organization?
Question152: Which of the following BEST ensures that information transmitted over the Internet will remain confidential?
Question153: Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?
Question154: Based on the information provided, which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations?
Question155: Which of the following is MOST effective in preventing security weaknesses in operating systems?
Question156: In designing a backup strategy that will be consistent with a disaster recovery strategy, the PRIMARY factor to be taken into account will be the:
Question157: Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?
Question158: The PRIMARY benefit of performing an information asset classification is to:
Question159: What is the MOST important factor in the successful implementation of an enterprise wide information security program?
Question160: When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?
Question161: When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?
Question162: When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
Question163: The MOST important function of a risk management program is to:
Question164: A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?
Question165: What is the MOST important success factor in launching a corporate information security awareness program?
Question166: An intrusion detection system should be placed:
Question167: The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:
Question168: To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:
Question169: Which of the following is the MOST effective, positive method to promote security awareness?
Question170: An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
Question171: In assessing risk, it is MOST essential to:
Question172: The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
Question173: Which of the following presents the GREATEST exposure to internal attack on a network?
Question174: Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?
Question175: Which of the following would raise security awareness among an organization's employees?
Question176: Which of the following is MOST important to understand when developing a meaningful information security strategy?
Question177: Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?
Question178: The MOST complete business case for security solutions is one that.
Question179: Which of the following would be the MOST important goal of an information security governance program?
Question180: Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?
Question181: Successful social engineering attacks can BEST be prevented through:
Question182: Which of the following would BEST ensure the success of information security governance within an organization?
Question183: Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?
Question184: Which of the following is MOST closely associated with a business continuity program?
Question185: Information security policy enforcement is the responsibility of the:
Question186: Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?
Question187: Which of the following is responsible for legal and regulatory liability?
Question188: Access control to a sensitive intranet application by mobile users can BEST be implemented through:
Question189: A risk assessment should be conducted:
Question190: Risk management programs are designed to reduce risk to:
Question191: Data owners will determine what access and authorizations users will have by:
Question192: The BEST approach in managing a security incident involving a successful penetration should be to:
Question193: Of the following, which is the MOST important aspect of forensic investigations?
Question194: What is the BEST way to alleviate security team understaffing while retaining the capability in-house?
Question195: An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:
Question196: Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
Question197: Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?
Question198: Risk acceptance is a component of which of the following?
Question199: Which of the following is MOST important to the success of an information security program?
Question200: The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:
Question201: An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
Question202: Security policies should be aligned MOST closely with:
Question203: The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:
Question204: Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?
Question205: Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?
Question206: The MOST important factor in ensuring the success of an information security program is effective:
Question207: Who in an organization has the responsibility for classifying information?
Question208: Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:
Question209: Which of the following is generally considered a fundamental component of an information security program?
Question210: The MOST important success factor to design an effective IT security awareness program is to:
Question211: Which resource is the MOST effective in preventing physical access tailgating/piggybacking?
Question212: A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:
Question213: Which of the following is the BEST method to securely transfer a message?
Question214: Detailed business continuity plans should be based PRIMARILY on:
Question215: Which of the following are the MOST important individuals to include as members of an information security steering committee?
Question216: Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
Question217: At what stage of the applications development process should the security department initially become involved?
Question218: An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:
Question219: Which of the following will BEST protect an organization from internal security attacks?
Question220: A test plan to validate the security controls of a new system should be developed during which phase of the project?
Question221: Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
Question222: An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is to:
Question223: Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?
Question224: An information security manager wishing to establish security baselines would:
Question225: Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
Question226: When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:
Question227: What task should be performed once a security incident has been verified?
Question228: Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?
Question229: Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
Question230: A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
Question231: For risk management purposes, the value of an asset should be based on:
Question232: What is the BEST method for mitigating against network denial of service (DoS) attacks?
Question233: When an organization is implementing an information security governance program, its board of directors should be responsible for:
Question234: The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
Question235: Which of the following will BEST protect against malicious activity by a former employee?
Question236: When a significant security breach occurs, what should be reported FIRST to senior management?
Question237: A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?
Question238: Which of the following are likely to be updated MOST frequently?
Question239: Nonrepudiation can BEST be assured by using:
Question240: The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:
Question241: To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
Question242: Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?
Question243: When performing a qualitative risk analysis, which of the following will BEST produce reliable results?
Question244: Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining?
The number of:
Question245: The PRIMARY goal of a corporate risk management program is to ensure that an organization's:
Question246: Which of the following devices should be placed within a DMZ?
Question247: Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?
Question248: Logging is an example of which type of defense against systems compromise?
Question249: The criticality and sensitivity of information assets is determined on the basis of:
Question250: Security technologies should be selected PRIMARILY on the basis of their:
Question251: An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?
Question252: The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:
Question253: When performing an information risk analysis, an information security manager should FIRST:
Question254: Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:
Question255: Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?
Question256: Which of the following is the MOST important reason why information security objectives should be defined?
Question257: A business impact analysis (BIA) is the BEST tool for calculating:
Question258: In an organization, information systems security is the responsibility of:
Question259: A risk analysis should:
Question260: When implementing security controls, an information security manager must PRIMARILY focus on:
Question261: An e-commerce order fulfillment web server should generally be placed on which of the following?
Question262: From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?
Question263: Which of the following is the MOST usable deliverable of an information security risk analysis?
Question264: An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?
Question265: Nonrepudiation can BEST be ensured by using:
Question266: A risk management program would be expected to:
Question267: What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
Question268: In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:
Question269: Who is responsible for raising awareness of the need for adequate funding for risk action plans?
Question270: Which of the following is the BEST justification to convince management to invest in an information security program?
Question271: The return on investment of information security can BEST be evaluated through which of the following?
Question272: The data access requirements for an application should be determined by the:
Question273: Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?
Question274: A security manager meeting the requirements for the international flow of personal data will need to ensure:
Question275: If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
Question276: What is the MOST appropriate change management procedure for the handling of emergency program changes?
Question277: An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?
Question278: The MOST appropriate role for senior management in supporting information security is the:
Question279: Which of the following is the MOST important information to include in an information security standard?
Question280: An incident response policy must contain:
Question281: A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager should PRIMARILY ensure that there is:
Question282: Identification and prioritization of business risk enables project managers to:
Question283: Which of the following is a benefit of information security governance?
Question284: Which of the following roles would represent a conflict of interest for an information security manager?
Question285: During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
Question286: Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?
Question287: The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:
Question288: Which item would be the BEST to include in the information security awareness training program for new general staff employees?
Question289: Change management procedures to ensure that disaster recovery/business continuity plans are kept up- to- date can be BEST achieved through which of the following?
Question290: Which of the following situations would be the MOST concern to a security manager?
Question291: Who can BEST advocate the development of and ensure the success of an information security program?
Question292: On a company's e-commerce web site, a good legal statement regarding data privacy should include:
Question293: The MAIN advantage of implementing automated password synchronization is that it:
Question294: In business-critical applications, user access should be approved by the:
Question295: Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
Question296: Which of the following is the BEST reason to perform a business impact analysis (BIA)?
Question297: Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?
Question298: Which of the following is the MOST appropriate frequency for updating antivirus signature files for antivirus software on production servers?
Question299: An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:
Question300: Obtaining senior management support for establishing a warm site can BEST be accomplished by:
Question301: Information security governance is PRIMARILY driven by:
Question302: Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
Question303: What is the MOST important element to include when developing user security awareness material?
Question304: What is the PRIMARY objective of a post-event review in incident response?
Question305: An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?
Question306: Secure customer use of an e-commerce application can BEST be accomplished through:
Question307: The MOST effective way to incorporate risk management practices into existing production systems is through:
Question308: An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
Question309: Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?
Question310: What is the PRIMARY role of the information security manager in the process of information classification within an organization?
Question311: A risk management program should reduce risk to:
Question312: When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?
Question313: The BEST metric for evaluating the effectiveness of a firewall is the:
Question314: An organization without any formal information security program that has decided to implement information security best practices should FIRST:
Question315: How would an organization know if its new information security program is accomplishing its goals?
Question316: A critical component of a continuous improvement program for information security is:
Question317: Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?
Question318: Which of the following has the highest priority when defining an emergency response plan?
Question319: Who is responsible for ensuring that information is classified?
Question320: The recovery time objective (RTO) is reached at which of the following milestones?
Question321: When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?
Question322: The PRIMARY goal in developing an information security strategy is to:
Question323: A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors?
Question324: A security risk assessment exercise should be repeated at regular intervals because:
Question325: Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
Question326: An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:
Question327: Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
Question328: Because of its importance to the business, an organization wants to quickly implement a technical solution which deviates from the company's policies. An information security manager should:
Question329: What will have the HIGHEST impact on standard information security governance models?
Question330: An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
Question331: On which of the following should a firewall be placed?
Question332: Which of the following is the MOST appropriate use of gap analysis?
Question333: Which of the following actions should be taken when an online trading company discovers a network attack in progress?
Question334: A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:
Question335: Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?
Question336: Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?
Question337: Which of the following areas is MOST susceptible to the introduction of security weaknesses?
Question338: The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
Question339: When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
Question340: Which of the following BEST ensures that security risks will be reevaluated when modifications in application developments are made?
Question341: Which of the following steps in conducting a risk assessment should be performed FIRST?
Question342: Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
Question343: Which of the following is the MOST important prerequisite for establishing information security management within an organization?
Question344: When designing an information security quarterly report to management, the MOST important element to be considered should be the:
Question345: In a business impact analysis, the value of an information system should be based on the overall cost:
Question346: Which of the following attacks is BEST mitigated by utilizing strong passwords?
Question347: Which of the following is MOST essential for a risk management program to be effective?
Question348: Recovery point objectives (RPOs) can be used to determine which of the following?
Question349: Security monitoring mechanisms should PRIMARILY:
Question350: When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
Question351: The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager
Question352: Which of the following is the MOST important reason for an information security review of contracts? To help ensure that:
Question353: In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?
Question354: Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
Question355: Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
Question356: Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
Question357: Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?
Question358: An organization has decided to implement additional security controls to treat the risks of a new process.
This is an example of:
Question359: What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?
Question360: The implementation of continuous monitoring controls is the BEST option where:
Question361: A security awareness program should:
Question362: The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:
Question363: A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited.
What process should the information security manager deploy to determine the necessity for remedial action?
Question364: When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
Question365: Who should be responsible for enforcing access rights to application data?
Question366: The FIRST priority when responding to a major security incident is:
Question367: Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?
Question368: When performing a risk assessment, the MOST important consideration is that:
Question369: A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
Question370: Which of the following is the MOST appropriate method of ensuring password strength in a large organization?
Question371: Which of the following would help to change an organization's security culture?
Question372: Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?
Question373: What does a network vulnerability assessment intend to identify?
Question374: When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?
Question375: Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?
Question376: Which would be the BEST recommendation to protect against phishing attacks?
Question377: Which of the following would generally have the GREATEST negative impact on an organization?
Question378: Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
Question379: Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
Question380: The PRIMARY objective of a risk management program is to:
Question381: Which of the following is the MOST important to keep in mind when assessing the value of information?
Question382: Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?
Question383: Which of the following application systems should have the shortest recovery time objective (RTO)?
Question384: Which of the following is the PRIMARY reason for implementing a risk management program?
Question385: At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?
Question386: The valuation of IT assets should be performed by:
Question387: Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
Question388: To justify the establishment of an incident management team, an information security manager would find which of the following to be the MOST effective?
Question389: Phishing is BEST mitigated by which of the following?
Question390: Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
Question391: The FIRST step in an incident response plan is to:
Question392: A desktop computer that was involved in a computer security incident should be secured as evidence by:
Question393: Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?
Question394: Which of the following would be the BEST metric for the IT risk management process?
Question395: Which of the following is MOST likely to be discretionary?
Question396: In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
Question397: A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
Question398: Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?
Question399: Which of the following risks is represented in the risk appetite of an organization?
Question400: Good information security procedures should:
Question401: Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?
Question402: A web server in a financial institution that has been compromised using a super-user account has been isolated, and proper forensic processes have been followed. The next step should be to:
Question403: An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:
Question404: The BEST strategy for risk management is to:
Question405: When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?
Question406: Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:
Question407: Which of the following are seldom changed in response to technological changes?
Question408: A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?
Question409: A successful risk management program should lead to:
Question410: Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?
Question411: A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?
Question412: Relationships among security technologies are BEST defined through which of the following?
Question413: The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
Question414: The MOST effective use of a risk register is to:
Question415: A risk mitigation report would include recommendations for:
Question416: Acceptable risk is achieved when:
Question417: An information security program should be sponsored by:
Question418: Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
Question419: Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does il always introduce?
Question420: An organization has implemented an enterprise resource planning (ERP) system used by 500 employees from various departments. Which of the following access control approaches is MOST appropriate?
Question421: Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?
Question422: Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?
Question423: Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:
Question424: The PRIMARY objective of an Internet usage policy is to prevent:
Question425: Information security policies should:
Question426: Which of the following is the BEST method to provide a new user with their initial password for e-mail system access?
Question427: Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?
Question428: When a security standard conflicts with a business objective, the situation should be resolved by:
Question429: What is the FIRST action an information security manager should take when a company laptop is reported stolen?
Question430: Which of the following is an advantage of a centralized information security organizational structure?
Question431: The PRIMARY objective of security awareness is to:
Question432: An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:
Question433: The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is:
Question434: A risk assessment study carried out by an organization noted that there is no segmentation of the local area network (LAN). Network segmentation would reduce the potential impact of which of the following?
Question435: A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?
Question436: When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
Question437: Information security managers should use risk assessment techniques to:
Question438: The MOST important component of a privacy policy is:
Question439: Which of the following represents the MAJOR focus of privacy regulations?
Question440: Data owners are normally responsible for which of the following?
Question441: The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
Question442: Which of the following is MOST important in developing a security strategy?
Question443: Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?
Question444: Which of the following situations would MOST inhibit the effective implementation of security governance:
Question445: Which of the following represents a PRIMARY area of interest when conducting a penetration test?
Question446: A risk management approach to information protection is:
Question447: When residual risk is minimized:
Question448: An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:
Question449: Which of the following is the BEST approach for improving information security management processes?
Question450: There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?
Question451: Which of the following requirements would have the lowest level of priority in information security?
Question452: An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
Question453: The MOST basic requirement for an information security governance program is to:
Question454: Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?
Question455: Previously accepted risk should be:
Question456: A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?
Question457: The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
Question458: Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
Question459: Which of the following would present the GREATEST risk to information security?
Question460: Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?
Question461: Which of the following is the MOST appropriate method to protect a password that opens a confidential file?
Question462: The cost of implementing a security control should not exceed the:
Question463: Which program element should be implemented FIRST in asset classification and control?
Question464: When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
Question465: When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:
Question466: Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
Question467: Effective IT governance is BEST ensured by:
Question468: Which of the following would BEST prepare an information security manager for regulatory reviews?
Question469: Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
Question470: Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
Question471: Which of the following is an inherent weakness of signature-based intrusion detection systems?
Question472: What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?
Question473: For virtual private network (VPN) access to the corporate network, the information security manager is requiring strong authentication. Which of the following is the strongest method to ensure that logging onto the network is secure?
Question474: Attackers who exploit cross-site scripting vulnerabilities take advantage of:
Question475: The MAIN goal of an information security strategic plan is to:
Question476: When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:
Question477: Which of the following is the MOST important to ensure a successful recovery?
Question478: Which of the following guarantees that data in a file have not changed?
Question479: Which of the following is the MOST important risk associated with middleware in a client-server environment?
Question480: Which of the following would help management determine the resources needed to mitigate a risk to the organization?
Question481: Which of the following is the BEST indicator that an effective security control is built into an organization?
Question482: In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
Question483: Which of the following would be MOST appropriate for collecting and preserving evidence?
Question484: When an emergency security patch is received via electronic mail, the patch should FIRST be:
Question485: A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
Question486: Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
Question487: The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:
Question488: While implementing information security governance an organization should FIRST:
Question489: Successful implementation of information security governance will FIRST require:
Question490: When security policies are strictly enforced, the initial impact is that:
Question491: Emergency actions are taken at the early stage of a disaster with the purpose of preventing injuries or loss of life and:
Question492: Which of the following recovery strategies has the GREATEST chance of failure?
Question493: What would be the MOST significant security risks when using wireless local area network (LAN) technology?
Question494: A good privacy statement should include:
Question495: What is the MOST important item to be included in an information security policy?
Question496: What is the BEST way to ensure users comply with organizational security requirements for password complexity?
Question497: The FIRST step in establishing a security governance program is to:
Question498: It is MOST important that information security architecture be aligned with which of the following?
Question499: An intranet server should generally be placed on the:
Question500: Senior management commitment and support for information security can BEST be enhanced through:
Question501: The MOST important characteristic of good security policies is that they:
Question502: Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
Question503: Which of the following is MOST important for a successful information security program?
Question504: Which two components PRIMARILY must be assessed in an effective risk analysis?
Question505: Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?
Question506: Security awareness training is MOST likely to lead to which of the following?
Question507: An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:
Question508: Investments in information security technologies should be based on:
Question509: There is reason to believe that a recently modified web application has allowed unauthorized access.
Which is the BEST way to identify an application backdoor?
Question510: The recovery point objective (RPO) requires which of the following?
Question511: An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?
Question512: Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?
Question513: An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?
Question514: Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
Question515: A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
Question516: When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?
Question517: In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?
Question518: Information security should be:
Question519: The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?
Question520: When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:
Question521: The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
Question522: An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?
Question523: Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?
Question524: Which of the following events generally has the highest information security impact?
Question525: When collecting evidence for forensic analysis, it is important to:
Question526: Which of the following should be determined FIRST when establishing a business continuity program?
Question527: Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system?
Question528: Which of the following would be MOST critical to the successful implementation of a biometric authentication system?
Question529: Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?
Question530: Security audit reviews should PRIMARILY:
Question531: The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:
Question532: After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to:
Question533: Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?
Question534: As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:
Question535: To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOS T important item to include?
Question536: Which of the following is MOST appropriate for inclusion in an information security strategy?
Question537: When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSI.), confidentiality is MOST vulnerable to which of the following?
Question538: The security responsibility of data custodians in an organization will include:
Question539: Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?
Question540: Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
Question541: Which of the following should be in place before a black box penetration test begins?
Question542: An organization's information security strategy should be based on:
Question543: An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:
Question544: Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:
Question545: An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
Question546: The MOST useful way to describe the objectives in the information security strategy is through:
Question547: It is important to develop an information security baseline because it helps to define:
Question548: In order to highlight to management the importance of network security, the security manager should FIRST:
Question549: The BEST way to ensure that an external service provider complies with organizational security policies is to:
Question550: Which of the following would be MOST effective in successfully implementing restrictive password policies?
Question551: Which of the following are the MOST important criteria when selecting virus protection software?
Question552: The decision as to whether a risk has been reduced to an acceptable level should be determined by:
Question553: An organization has to comply with recently published industry regulatory requirements-compliance that potentially has high implementation costs. What should the information security manager do FIRST?
Question554: Managing the life cycle of a digital certificate is a role of a(n):
Question555: Security awareness training should be provided to new employees:
Question556: Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?
Question557: An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?
Question558: Which of the following BEST describes the scope of risk analysis?
Question559: An organization is entering into an agreement with a new business partner to conduct customer mailings.
What is the MOST important action that the information security manager needs to perform?
Question560: Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?
Question561: What is the MOST cost-effective method of identifying new vendor vulnerabilities?
Question562: An outcome of effective security governance is:
Question563: Good information security standards should:
Question564: All risk management activities are PRIMARILY designed to reduce impacts to:
Question565: Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?
Question566: The MOST important reason for conducting periodic risk assessments is because:
Question567: Which of the following is the BEST method to reduce the number of incidents of employees forwarding spam and chain e-mail messages?
Question568: Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?
Question569: How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
Question570: Which of the following devices should be placed within a demilitarized zone (DMZ )?
Question571: An information security organization should PRIMARILY:
Question572: Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
Question573: When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:
Question574: When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?
Question575: A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?
Question576: Which of the following groups would be in the BEST position to perform a risk analysis for a business?
Question577: In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:
Question578: To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:
Question579: After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?
Question580: Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
Question581: Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?
Question582: An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?
Question583: Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?
Question584: The purpose of a corrective control is to:
Question585: Several business units reported problems with their systems after multiple security patches were deployed.
The FIRST step in handling this problem would be to:
Question586: A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BES T approach of the information security manager?
Question587: Which of the following would be the FIRST step in establishing an information security program?
Question588: An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?
Question589: To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?
Question590: An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
Question591: The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
Question592: The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
Question593: An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?
Question594: The PRIMARY focus of the change control process is to ensure that changes are:
Question595: Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?
Question596: After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:
Question597: A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
Question598: The BEST time to perform a penetration test is after:
Question599: What is the BEST way to ensure that contract programmers comply with organizational security policies?
Question600: The MAIN reason why asset classification is important to a successful information security program is because classification determines:
Question601: When creating a forensic image of a hard drive, which of the following should be the FIRST step?
Question602: Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
Question603: Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center"?
Question604: Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
Question605: Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?
Question606: Which of the following is the MOST effective type of access control?
Question607: In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
Question608: What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:
Question609: Which of the following is the MOST likely outcome of a well-designed information security awareness course?
Question610: Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?
Question611: Who should drive the risk analysis for an organization?
Question612: The FIRST step in developing an information security management program is to:
Question613: Which of the following environments represents the GREATEST risk to organizational security?
Question614: To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
Question615: Which of the following is the MOST important element of an information security strategy?
Question616: Which of the following should be the FIRST step in developing an information security plan?
Question617: The MOST important reason for formally documenting security procedures is to ensure:
Question618: When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?
Question619: Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?