EMT Practice Test

1. Question Content...


Question List

Question1: What is the MOST cost-effective method of identifying new vendor vulnerabilities?

Question2: Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?

Question3: Quantitative risk analysis is MOST appropriate when assessment data:

Question4: The implementation of a capacity plan would prevent:

Question5: An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resource to support clients. The BEST approach to obtain the support of business unit management would be to:

Question6: An organization to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

Question7: When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?

Question8: An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?

Question9: Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?

Question10: Which of the following are the essential ingredients of a business impact analysis (B1A)?

Question11: A critical component of a continuous improvement program for information security is:

Question12: The PRIMARY goal of a corporate risk management program is to ensure that an organization's:

Question13: An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?

Question14: A risk management program would be expected to:

Question15: Of the following, retention of business records should be PRIMARILY based on:

Question16: Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?

Question17: Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?

Question18: The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:

Question19: Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?

Question20: What does a network vulnerability assessment intend to identify?

Question21: Recovery point objectives (RPOs) can be used to determine which of the following?

Question22: A successful risk management program should lead to:

Question23: Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?

Question24: Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?

Question25: Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does it always introduce?

Question26: The criticality and sensitivity of information assets is determined on the basis of:

Question27: What is the MOST appropriate change management procedure for the handling of emergency program changes?

Question28: An extranet server should be placed:

Question29: Risk acceptance is a component of which of the following?

Question30: The FIRST step in an incident response plan is to:

Question31: Why is "slack space" of value to an information security manager as pan of an incident investigation?

Question32: Which of the following BEST ensures timely and reliable access to services?

Question33: Which of the following will protect the confidentiality of data transmitted over the Internet?

Question34: A security risk assessment exercise should be repeated at regular intervals because:

Question35: Managing the life cycle of a digital certificate is a role of a(n):

Question36: Which of the following devices should be placed within a DMZ?

Question37: An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:

Question38: Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?

Question39: A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?

Question40: Which of the following is the MOST effective, positive method to promote security awareness?

Question41: Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?

Question42: An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

Question43: Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?

Question44: When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:

Question45: The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:

Question46: The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:

Question47: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question48: Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?

Question49: Based on the information provided, which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations?

Question50: A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager should PRIMARILY ensure that there is:

Question51: Which of the following has the highest priority when defining an emergency response plan?

Question52: Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?

Question53: When a significant security breach occurs, what should be reported FIRST to senior management?

Question54: Security governance is MOST associated with which of the following IT infrastructure components?

Question55: Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?

Question56: To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.

Question57: Which of the following are the MOST important criteria when selecting virus protection software?

Question58: Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?

Question59: Which of the following would raise security awareness among an organization's employees?

Question60: Who can BEST advocate the development of and ensure the success of an information security program?

Question61: The PRIORITY action to be taken when a server is infected with a virus is to:

Question62: When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?

Question63: Emergency actions are taken at the early stage of a disaster with the purpose of preventing injuries or loss of life and:

Question64: What is the GREATEST risk when there is an excessive number of firewall rules?

Question65: The MOST important function of a risk management program is to:

Question66: An organization has to comply with recently published industry regulatory requirements-compliance that potentially has high implementation costs. What should the information security manager do FIRST?

Question67: What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?

Question68: Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?

Question69: In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:

Question70: A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?

Question71: Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?

Question72: The effectiveness of virus detection software is MOST dependent on which of the following?

Question73: A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?

Question74: A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?

Question75: An organization is entering into an agreement with a new business partner to conduct customer mailings.
What is the MOST important action that the information security manager needs to perform?

Question76: To determine the selection of controls required to meet business objectives, an information security manager should:

Question77: A newly hired information security manager reviewing an existing security investment plan is MOST likely to be concerned when the plan:

Question78: A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?

Question79: The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:

Question80: The business continuity policy should contain which of the following?

Question81: What is the PRIMARY objective of a post-event review in incident response?

Question82: It is important to classify and determine relative sensitivity of assets to ensure that:

Question83: Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?

Question84: Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?

Question85: Which item would be the BEST to include in the information security awareness training program for new general staff employees?

Question86: In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:

Question87: Which of the following is the BEST method to reduce the number of incidents of employees forwarding spam and chain e-mail messages?

Question88: What is the MOS T cost-effective means of improving security awareness of staff personnel?

Question89: Which would be the BEST recommendation to protect against phishing attacks?

Question90: To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?

Question91: A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?

Question92: Who can BEST approve plans to implement an information security governance framework?

Question93: Which of the following is MOST difficult to achieve in a public cloud-computing environment?

Question94: A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?

Question95: Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?

Question96: Which of the following should be determined FIRST when establishing a business continuity program?

Question97: Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?

Question98: Which of the following is an example of a corrective control?

Question99: The purpose of a corrective control is to:

Question100: A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?

Question101: When performing an information risk analysis, an information security manager should FIRST:

Question102: An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?

Question103: An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

Question104: After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?

Question105: A semi-annual disaster recovery test has been completed. Which of the following issues discussed during the lessons learned phase should be of GREATEST concern?

Question106: An unauthorized user gained access to a merchant's database server and customer credit card information. Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?

Question107: When creating a forensic image of a hard drive, which of the following should be the FIRST step?

Question108: An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?

Question109: Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:

Question110: What is the BEST method for mitigating against network denial of service (DoS) attacks?

Question111: The valuation of IT assets should be performed by:

Question112: Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?

Question113: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies would be the BEST approach for developing a physical access control policy for the organization?

Question114: The MOST important objective of a post incident review is to:

Question115: Phishing is BEST mitigated by which of the following?

Question116: When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:

Question117: The PRIMARY reason for initiating a policy exception process is when:

Question118: Of the following, which is the MOST important aspect of forensic investigations?

Question119: Which of the following risks would BEST be assessed using qualitative risk assessment techniques?

Question120: Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

Question121: An incident response policy must contain:

Question122: After detecting an advanced persistent threat (APT), which of the following should be the information security manager's FIRST step?

Question123: An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?

Question124: To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?

Question125: When security policies are strictly enforced, the initial impact is that:

Question126: Risk management programs are designed to reduce risk to:

Question127: When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:

Question128: An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:

Question129: A desktop computer that was involved in a computer security incident should be secured as evidence by:

Question130: Which of the following would BEST help to identify vulnerabilities introduced by changes to an organization's technical infrastructure?

Question131: What task should be performed once a security incident has been verified?

Question132: The MOST important element in achieving executive commitment to an information security governance program is:

Question133: A business impact analysis (BIA) is the BEST tool for calculating:

Question134: An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:

Question135: Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?

Question136: Which of the following is the MOST appropriate method of ensuring password strength in a large organization?

Question137: There is reason to believe that a recently modified web application has allowed unauthorized access.
Which is the BEST way to identify an application backdoor?

Question138: Which resource is the MOST effective in preventing physical access tailgating/piggybacking?

Question139: In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:

Question140: Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?

Question141: Which of (lie following would be the MOST relevant factor when defining the information classification policy?

Question142: Risk assessment is MOST effective when performed:

Question143: After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

Question144: The BEST strategy for risk management is to:

Question145: A risk management approach to information protection is:

Question146: Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?

Question147: When implementing security controls, an information security manager must PRIMARILY focus on:

Question148: Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?

Question149: Which of the following risks is represented in the risk appetite of an organization?

Question150: Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?

Question151: The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:

Question152: In the course of examining a computer system for forensic evidence, data on the suspect media were inadvertently altered. Which of the following should have been the FIRST course of action in the investigative process?

Question153: After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:

Question154: What is the BEST way to alleviate security team understaffing while retaining the capability in-house?

Question155: When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?

Question156: The FIRST priority when responding to a major security incident is:

Question157: The business advantage of implementing authentication tokens is that they:

Question158: Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?

Question159: Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?

Question160: The security responsibility of data custodians in an organization will include:

Question161: Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?

Question162: Which of the following attacks is BEST mitigated by utilizing strong passwords?

Question163: What is the FIRST action an information security manager should take when a company laptop is reported stolen?

Question164: Which of the following is MOST important in determining whether a disaster recovery test is successful?

Question165: Which of the following will BEST prevent external security attacks?

Question166: Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:

Question167: The BEST approach in managing a security incident involving a successful penetration should be to:

Question168: A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager should FIRST:

Question169: After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to:

Question170: Which of the following actions should lake place immediately after a security breach is reported to an information security manager?

Question171: Which of the following BEST describes the scope of risk analysis?

Question172: An information security program should focus on:

Question173: Which of the following would be the BEST indicator that an organization is appropriately managing risk?

Question174: Which of the following risks would BEST be assessed using quantitative risk assessment techniques?

Question175: Which of the following should be in place before a black box penetration test begins?

Question176: The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:

Question177: An intrusion detection system (IDS) should:

Question178: When performing a qualitative risk analysis, which of the following will BEST produce reliable results?

Question179: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

Question180: To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:

Question181: Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?

Question182: Which of the following tools is MOST appropriate for determining how long a security project will take to implement?

Question183: An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:

Question184: Which of the following measures would be MOST effective against insider threats to confidential information?

Question185: If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:

Question186: At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?

Question187: Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?

Question188: Security monitoring mechanisms should PRIMARILY:

Question189: Which of the following results from the risk assessment process would BEST assist risk management decision making?

Question190: Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:

Question191: Which of the following would a security manager establish to determine the target for restoration of normal processing?

Question192: An information security manager has completed a risk assessment and has determined the residual risk.
Which of the following should be the NEXT step?

Question193: Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Question194: An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?

Question195: Which of the following is MOST important for an information security manager to regularly report to senior management?

Question196: What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:

Question197: The BEST way to facilitate the reporting and escalation of potential security incidents to appropriate stakeholders is to define incident classifications based on the:

Question198: When developing a security architecture, which of the following steps should be executed FIRST?

Question199: Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?

Question200: Which of the following is the initial step in creating a firewall policy?

Question201: Which of the following recovery strategies has the GREATEST chance of failure?

Question202: As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:

Question203: The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:

Question204: Which of the following tasks should be performed once a disaster recovery plan has been developed?

Question205: Because of its importance to the business, an organization wants to quickly implement a technical solution which deviates from the company's policies. An information security manager should:

Question206: Who is responsible for ensuring that information is classified?

Question207: Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center"?

Question208: Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?

Question209: A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?

Question210: Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?

Question211: Which of the following is generally considered a fundamental component of an information security program?

Question212: An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements. Which of the following should be the information security manager's FIRST course of action?

Question213: Which of the following is MOST closely associated with a business continuity program?

Question214: What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?

Question215: The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

Question216: Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:

Question217: Information security managers should use risk assessment techniques to:

Question218: An information security organization should PRIMARILY:

Question219: Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?

Question220: The PRIMARY focus of the change control process is to ensure that changes are:

Question221: When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?

Question222: Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question223: Which of the following is the MOST usable deliverable of an information security risk analysis?

Question224: Which of the following is MOST essential for a risk management program to be effective?

Question225: Isolation and containment measures for a compromised computer has been taken and information security management is now investigating. What is the MOST appropriate next step?

Question226: Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

Question227: What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?

Question228: An intrusion detection system should be placed:

Question229: During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:

Question230: Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?

Question231: Which of the following is the MOST appropriate use of gap analysis?

Question232: When developing security standards, which of the following would be MOST appropriate to include?

Question233: A post-incident review should be conducted by an incident management team to determine:

Question234: Which of the following events generally has the highest information security impact?

Question235: Which of the following steps should be performed FIRST in the risk assessment process?

Question236: Which of the following BEST ensures that security risks will be reevaluated when modifications in application developments are made?

Question237: Which of the following is a risk of cross-training?

Question238: Which of the following application systems should have the shortest recovery time objective (RTO)?

Question239: Which of the following reduces the potential impact of social engineering attacks?

Question240: The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:

Question241: Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?

Question242: A risk assessment should be conducted:

Question243: A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited.
What process should the information security manager deploy to determine the necessity for remedial action?

Question244: The recovery point objective (RPO) requires which of the following?

Question245: The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:

Question246: How would an organization know if its new information security program is accomplishing its goals?

Question247: An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:

Question248: When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:

Question249: Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?

Question250: When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?

Question251: Which of the following would BEST address the risk of data leakage?

Question252: The decision as to whether a risk has been reduced to an acceptable level should be determined by:

Question253: Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?

Question254: Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:

Question255: Attackers who exploit cross-site scripting vulnerabilities take advantage of:

Question256: To justify the establishment of an incident management team, an information security manager would find which of the following to be the MOST effective?

Question257: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

Question258: A web server in a financial institution that has been compromised using a super-user account has been isolated, and proper forensic processes have been followed. The next step should be to:

Question259: The MOST important reason for formally documenting security procedures is to ensure:

Question260: When training an incident response team, the advantage of using tabletop exercises is that they:

Question261: Which of the following is the PRIMARY reason for implementing a risk management program?

Question262: What is the BEST technique to determine which security controls to implement with a limited budget?

Question263: The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:

Question264: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Question265: When the computer incident response team (CIRT) finds clear evidence that a hacker has penetrated the corporate network and modified customer information, an information security manager should FIRST notify:

Question266: Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

Question267: Which of the following vulnerabilities presents the GREATEST risk of external hackers gaining access to the corporate network?

Question268: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Question269: The effectiveness of the information security process is reduced when an outsourcing organization:

Question270: An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?

Question271: Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?

Question272: When residual risk is minimized:

Question273: What is the MOST important success factor in launching a corporate information security awareness program?

Question274: An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is to:

Question275: Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?

Question276: The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?

Question277: Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining?
The number of:

Question278: Which of the following is the BEST approach for improving information security management processes?

Question279: When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:

Question280: Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?

Question281: Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Question282: In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?

Question283: Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?

Question284: The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:

Question285: A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?

Question286: When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:

Question287: Which of the following would be MOST critical to the successful implementation of a biometric authentication system?

Question288: A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?

Question289: An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:

Question290: The configuration management plan should PRIMARILY be based upon input from:

Question291: When performing a risk assessment, the MOST important consideration is that:

Question292: Change management procedures to ensure that disaster recovery/business continuity plans are kept up- to- date can be BEST achieved through which of the following?

Question293: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain any effective information security program?

Question294: Previously accepted risk should be:

Question295: An organization has decided to implement additional security controls to treat the risks of a new process.
This is an example of:

Question296: A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:

Question297: In designing a backup strategy that will be consistent with a disaster recovery strategy, the PRIMARY factor to be taken into account will be the:

Question298: It is MOST important for an information security manager to ensure that security risk assessments are performed:

Question299: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question300: Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?

Question301: Which of the following is the BEST approach for an organization desiring to protect its intellectual property?

Question302: Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?

Question303: The PRIMARY purpose of using risk analysis within a security program is to:

Question304: The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?

Question305: Good information security procedures should:

Question306: Which of the following is the MOST likely outcome of a well-designed information security awareness course?

Question307: Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

Question308: Identification and prioritization of business risk enables project managers to:

Question309: When collecting evidence for forensic analysis, it is important to:

Question310: A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:

Question311: A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:

Question312: Which of the following defines the triggers within a business continuity plan (BCP)?

Question313: What is the MOST important element to include when developing user security awareness material?

Question314: In business-critical applications, user access should be approved by the:

Question315: Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?

Question316: Which of the following would be MOST effective in the strategic alignment of security initiatives?

Question317: Which program element should be implemented FIRST in asset classification and control?

Question318: A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors?

Question319: There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?

Question320: Which of the following actions should be taken when an online trading company discovers a network attack in progress?

Question321: An organization plans to allow employees to use their own devices on the organization's network. Which of the following is the information security manager's BEST course of action?

Question322: The MAIN reason why asset classification is important to a successful information security program is because classification determines:

Question323: Which of the following is the MOST effective type of access control?

Question324: All risk management activities are PRIMARILY designed to reduce impacts to:

Question325: Which of the following would be the MOST significant security risk in a pharmaceutical institution?

Question326: One way to determine control effectiveness is by determining:

Question327: Several business units reported problems with their systems after multiple security patches were deployed.
The FIRST step in handling this problem would be to:

Question328: An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:

Question329: Which two components PRIMARILY must be assessed in an effective risk analysis?

Question330: When segregation of duties concerns exists between IT support staff and end users, what would be a suitable compensating control?

Question331: The MOST effective use of a risk register is to:

Question332: A common concern with poorly written web applications is that they can allow an attacker to:

Question333: Which of the following would help management determine the resources needed to mitigate a risk to the organization?

Question334: Data owners will determine what access and authorizations users will have by:

Question335: When considering whether to adopt a new information security framework, an organization's information security manager should FIRST:

Question336: Which of the following would be MOST appropriate for collecting and preserving evidence?

Question337: A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?

Question338: Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?

Question339: The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:

Question340: An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?

Question341: What is the BEST way to ensure data protection upon termination of employment?

Question342: Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?

Question343: An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?

Question344: Which of the following steps in conducting a risk assessment should be performed FIRST?

Question345: Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?

Question346: Which of the following groups would be in the BEST position to perform a risk analysis for a business?

Question347: The PRIMARY objective of a risk management program is to:

Question348: Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:

Question349: Which of the following is MOST effective in preventing security weaknesses in operating systems?

Question350: In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:

Question351: Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?

Question352: Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:

Question353: Which of the following BEST ensures that information transmitted over the Internet will remain confidential?

Question354: Which of the following is the BEST indicator that an effective security control is built into an organization?

Question355: After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?

Question356: When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?

Question357: An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?

Question358: Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?

Question359: In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?

Question360: A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question361: Who is responsible for raising awareness of the need for adequate funding for risk action plans?

Question362: In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:

Question363: An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?

Question364: An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:

Question365: The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager

Question366: Which of the following situations would be the MOST concern to a security manager?

Question367: An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following would be MOST important to include in the business case?

Question368: To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOST important item to include?

Question369: In assessing risk, it is MOST essential to:

Question370: An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to:

Question371: Which of the following is the MOST important to ensure a successful recovery?

Question372: A contract bid is digitally signed and electronically mailed. The PRIMARY advantage to using a digital signature is that:

Question373: A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:

Question374: Detailed business continuity plans should be based PRIMARILY on:

Question375: The BEST way to mitigate the risk associated with a social engineering attack is to:

Question376: In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?

Question377: A risk analysis should:

Question378: During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Question379: The implementation of continuous monitoring controls is the BEST option where:

Question380: Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?

Question381: Attacks using multiple methods to spread should be classified:

Question382: The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:

Question383: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST help to prevent this occurrence?

Question384: The PRIMARY benefit of performing an information asset classification is to:

Question385: An organization has implemented an enterprise resource planning (ERP) system used by 500 employees from various departments. Which of the following access control approaches is MOST appropriate?

Question386: Which of the following activities performed by a database administrator (DBA) should be performed by a different person?

Question387: Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Question388: An organization is considering moving one of its critical business applications to a cloud hosting service.
The cloud provider may not provide the same level of security for this application as the organization.
Which of the following will provide the BEST information to help maintain the security posture?

Question389: An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?

Question390: An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:

Question391: Which of the following authentication methods prevents authentication replay?

Question392: Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system?