EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following would be the BEST defense against sniffing?

Question2: Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?

Question3: To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOST important item to include?

Question4: On which of the following should a firewall be placed?

Question5: An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?

Question6: A security awareness program should:

Question7: Which of the following presents the GREATEST exposure to internal attack on a network?

Question8: Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?

Question9: Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:

Question10: Which of the following is the MOST effective type of access control?

Question11: When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?

Question12: Isolation and containment measures for a compromised computer has been taken and information security management is now investigating. What is the MOST appropriate next step?

Question13: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

Question14: Information security policies should:

Question15: The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?

Question16: An organization without any formal information security program that has decided to implement information security best practices should FIRST:

Question17: Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining?
The number of:

Question18: Which of the following is an inherent weakness of signature-based intrusion detection systems?

Question19: When developing a security architecture, which of the following steps should be executed FIRST?

Question20: The BEST way to facilitate the reporting and escalation of potential security incidents to appropriate stakeholders is to define incident classifications based on the:

Question21: An incident response policy must contain:

Question22: The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:

Question23: An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?

Question24: Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?

Question25: Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?

Question26: When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:

Question27: Which of the following is the MOST important risk associated with middleware in a client-server environment?

Question28: Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?

Question29: A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?

Question30: A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?

Question31: Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?

Question32: A digital signature using a public key infrastructure (PKI) will:

Question33: The BEST time to perform a penetration test is after:

Question34: Which of the following is a key area of the ISO 27001 framework?

Question35: Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?

Question36: Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?

Question37: Priority should be given to which of the following to ensure effective implementation of information security governance?

Question38: When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?

Question39: Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?

Question40: In an organization, information systems security is the responsibility of:

Question41: An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?

Question42: Which of the following will BEST protect against malicious activity by a former employee?

Question43: A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?

Question44: The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:

Question45: Which of the following would be MOST effective in the strategic alignment of security initiatives?

Question46: Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?

Question47: Security governance is MOST associated with which of the following IT infrastructure components?

Question48: The implementation of a capacity plan would prevent:

Question49: An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?

Question50: Of the following, which is the MOST important aspect of forensic investigations?

Question51: A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?

Question52: In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?

Question53: Which of the following is the BEST method to reduce the number of incidents of employees forwarding spam and chain e-mail messages?

Question54: Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?

Question55: An organization is considering moving one of its critical business applications to a cloud hosting service.
The cloud provider may not provide the same level of security for this application as the organization.
Which of the following will provide the BEST information to help maintain the security posture?

Question56: In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:

Question57: Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

Question58: Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

Question59: The MOST effective use of a risk register is to:

Question60: Which of the following recovery strategies has the GREATEST chance of failure?

Question61: A desktop computer that was involved in a computer security incident should be secured as evidence by:

Question62: The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:

Question63: Which of the following would be the FIRST step in establishing an information security program?

Question64: Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system?

Question65: Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?

Question66: The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:

Question67: Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?

Question68: Which of the following would be MOST critical to the successful implementation of a biometric authentication system?

Question69: The MOST important reason for formally documenting security procedures is to ensure:

Question70: Which of the following is the BEST method to provide a new user with their initial password for e-mail system access?

Question71: What is the BEST method to verify that all security patches applied to servers were properly documented?

Question72: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question73: To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?

Question74: Which of the following is MOST effective in protecting against the attack technique known as phishing?

Question75: Which of the following is MOST effective in preventing security weaknesses in operating systems?

Question76: Security policies should be aligned MOST closely with:

Question77: Which of the following BEST ensures that security risks will be reevaluated when modifications in application developments are made?

Question78: An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?

Question79: The configuration management plan should PRIMARILY be based upon input from:

Question80: Data owners are normally responsible for which of the following?

Question81: What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?

Question82: Which of the following tools is MOST appropriate for determining how long a security project will take to implement?

Question83: The PRIORITY action to be taken when a server is infected with a virus is to:

Question84: A test plan to validate the security controls of a new system should be developed during which phase of the project?

Question85: Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?

Question86: Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?

Question87: Which of the following is the MOST important to ensure a successful recovery?

Question88: Emergency actions are taken at the early stage of a disaster with the purpose of preventing injuries or loss of life and:

Question89: In designing a backup strategy that will be consistent with a disaster recovery strategy, the PRIMARY factor to be taken into account will be the:

Question90: Previously accepted risk should be:

Question91: Which of the following is the MOST important item to include when developing web hosting agreements with third-party providers?

Question92: An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:

Question93: Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?

Question94: There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?

Question95: Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?

Question96: Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?

Question97: After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?

Question98: In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?

Question99: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Question100: An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

Question101: Which of the following devices should be placed within a DMZ?

Question102: The information classification scheme should:

Question103: Which of the following will protect the confidentiality of data transmitted over the Internet?

Question104: An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?

Question105: When implementing security controls, an information security manager must PRIMARILY focus on:

Question106: Which of the following application systems should have the shortest recovery time objective (RTO)?

Question107: Which of the following situations would be the MOST concern to a security manager?

Question108: Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?

Question109: Which of the following tasks should be performed once a disaster recovery plan has been developed?

Question110: Which of the following actions should be taken when an online trading company discovers a network attack in progress?

Question111: Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:

Question112: All risk management activities are PRIMARILY designed to reduce impacts to:

Question113: Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:

Question114: The PRIMARY focus of the change control process is to ensure that changes are:

Question115: The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:

Question116: Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?

Question117: Which of the following will BEST ensure that management takes ownership of the decision making process for information security?

Question118: What is the MOST important reason for conducting security awareness programs throughout an organization?

Question119: Which of the following is MOST important for measuring the effectiveness of a security awareness program?

Question120: Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?

Question121: Which of the following events generally has the highest information security impact?

Question122: Which of the following are the MOST important criteria when selecting virus protection software?

Question123: When performing a qualitative risk analysis, which of the following will BEST produce reliable results?

Question124: After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

Question125: The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:

Question126: Good information security procedures should:

Question127: Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?

Question128: When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?

Question129: In the course of examining a computer system for forensic evidence, data on the suspect media were inadvertently altered. Which of the following should have been the FIRST course of action in the investigative process?

Question130: Which of the following devices should be placed within a demilitarized zone (DMZ )?

Question131: In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:

Question132: Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?

Question133: To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.

Question134: In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:

Question135: The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:

Question136: Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?

Question137: The PRIMARY objective of security awareness is to:

Question138: A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:

Question139: Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?

Question140: A web server in a financial institution that has been compromised using a super-user account has been isolated, and proper forensic processes have been followed. The next step should be to:

Question141: When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:

Question142: Attacks using multiple methods to spread should be classified:

Question143: Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Question144: Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?

Question145: Of the following, retention of business records should be PRIMARILY based on:

Question146: Which of the following has the highest priority when defining an emergency response plan?

Question147: What is the MOST important element to include when developing user security awareness material?

Question148: Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?

Question149: To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:

Question150: When security policies are strictly enforced, the initial impact is that:

Question151: Which of the following controls would BEST prevent accidental system shutdown from the console or operations area?

Question152: When segregation of duties concerns exists between IT support staff and end users, what would be a suitable compensating control?

Question153: Which of the following is MOST important for a successful information security program?

Question154: Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?

Question155: A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question156: Which of the following is generally considered a fundamental component of an information security program?

Question157: Which of the following would present the GREATEST risk to information security?

Question158: To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:

Question159: The BEST way to ensure that information security policies are followed is to:

Question160: The business advantage of implementing authentication tokens is that they:

Question161: Which of the following areas is MOST susceptible to the introduction of security weaknesses?

Question162: Who can BEST approve plans to implement an information security governance framework?

Question163: Which of the following BEST ensures timely and reliable access to services?

Question164: The BEST way to ensure that an external service provider complies with organizational security policies is to:

Question165: In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?

Question166: Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?

Question167: Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?

Question168: The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:

Question169: Who can BEST advocate the development of and ensure the success of an information security program?

Question170: What is the BEST method for mitigating against network denial of service (DoS) attacks?

Question171: Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?

Question172: Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?

Question173: A risk management approach to information protection is:

Question174: What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?

Question175: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

Question176: When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:

Question177: The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:

Question178: Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

Question179: To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:

Question180: An information security manager wishing to establish security baselines would:

Question181: What is the GREATEST risk when there is an excessive number of firewall rules?

Question182: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain any effective information security program?

Question183: Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?

Question184: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies would be the BEST approach for developing a physical access control policy for the organization?

Question185: An intrusion detection system should be placed:

Question186: The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:

Question187: The MAIN advantage of implementing automated password synchronization is that it:

Question188: A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?

Question189: Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?

Question190: Which of the following devices should be placed within a DMZ?

Question191: Which of the following is the MOST appropriate method to protect a password that opens a confidential file?

Question192: The BEST way to ensure that security settings on each platform are in compliance with information security policies and procedures is to:

Question193: Which of the following is MOST important in determining whether a disaster recovery test is successful?

Question194: An unauthorized user gained access to a merchant's database server and customer credit card information. Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?

Question195: What is the BEST way to ensure users comply with organizational security requirements for password complexity?

Question196: A post-incident review should be conducted by an incident management team to determine:

Question197: The business continuity policy should contain which of the following?

Question198: Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?

Question199: Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?

Question200: The FIRST priority when responding to a major security incident is:

Question201: What is the BEST way to ensure data protection upon termination of employment?

Question202: The MOST appropriate individual to determine the level of information security needed for a specific business application is the:

Question203: An organization is entering into an agreement with a new business partner to conduct customer mailings.
What is the MOST important action that the information security manager needs to perform?

Question204: Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?

Question205: A risk assessment study carried out by an organization noted that there is no segmentation of the local area network (LAN). Network segmentation would reduce the potential impact of which of the following?

Question206: Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question207: Why is "slack space" of value to an information security manager as pan of an incident investigation?

Question208: Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?

Question209: An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements. Which of the following should be the information security manager's FIRST course of action?

Question210: Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?

Question211: At what stage of the applications development process would encryption key management initially be addressed?

Question212: A border router should be placed on which of the following?

Question213: Which of the following is the BEST method to securely transfer a message?

Question214: The MOST important success factor to design an effective IT security awareness program is to:

Question215: What is the MOST important success factor in launching a corporate information security awareness program?

Question216: An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?

Question217: Which of the following steps should be performed FIRST in the risk assessment process?

Question218: When training an incident response team, the advantage of using tabletop exercises is that they:

Question219: When developing security standards, which of the following would be MOST appropriate to include?

Question220: The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:

Question221: Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?

Question222: When creating a forensic image of a hard drive, which of the following should be the FIRST step?

Question223: Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:

Question224: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST help to prevent this occurrence?

Question225: The MOST important element in achieving executive commitment to an information security governance program is:

Question226: When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?

Question227: Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?

Question228: A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?

Question229: When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:

Question230: A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager should PRIMARILY ensure that there is:

Question231: Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?

Question232: The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:

Question233: Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?

Question234: Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?

Question235: Which of the following would be the BEST metric for the IT risk management process?

Question236: Which of the following mechanisms is the MOST secure way to implement a secure wireless network?

Question237: A semi-annual disaster recovery test has been completed. Which of the following issues discussed during the lessons learned phase should be of GREATEST concern?

Question238: Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Question239: It is MOST important for an information security manager to ensure that security risk assessments are performed:

Question240: Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:

Question241: Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?

Question242: An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?

Question243: The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:

Question244: Managing the life cycle of a digital certificate is a role of a(n):

Question245: Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?

Question246: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question247: What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:

Question248: Risk assessment is MOST effective when performed:

Question249: Security monitoring mechanisms should PRIMARILY:

Question250: Which of the following is the BEST indicator that an effective security control is built into an organization?

Question251: The purpose of a corrective control is to:

Question252: What task should be performed once a security incident has been verified?

Question253: When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?

Question254: Secure customer use of an e-commerce application can BEST be accomplished through:

Question255: A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?

Question256: An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:

Question257: An information security program should focus on:

Question258: Which of the following should be determined FIRST when establishing a business continuity program?

Question259: Which of the following is the MOST important reason for an information security review of contracts? To help ensure that:

Question260: Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?

Question261: The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:

Question262: Which of the following activities performed by a database administrator (DBA) should be performed by a different person?

Question263: The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is:

Question264: Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center"?

Question265: Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?

Question266: When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:

Question267: Change management procedures to ensure that disaster recovery/business continuity plans are kept up- to- date can be BEST achieved through which of the following?

Question268: An information security manager has completed a risk assessment and has determined the residual risk.
Which of the following should be the NEXT step?

Question269: Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?

Question270: A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?

Question271: Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?

Question272: Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:

Question273: What is the MOST appropriate change management procedure for the handling of emergency program changes?

Question274: What is the MOST important item to be included in an information security policy?

Question275: Access control to a sensitive intranet application by mobile users can BEST be implemented through:

Question276: For virtual private network (VPN) access to the corporate network, the information security manager is requiring strong authentication. Which of the following is the strongest method to ensure that logging onto the network is secure?

Question277: Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?

Question278: An information security organization should PRIMARILY:

Question279: An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to:

Question280: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Question281: When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?

Question282: Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?

Question283: Which of the following reduces the potential impact of social engineering attacks?

Question284: When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?

Question285: Which of the following would be the BEST indicator that an organization is appropriately managing risk?

Question286: The effectiveness of the information security process is reduced when an outsourcing organization:

Question287: The PRIMARY reason for using metrics to evaluate information security is to:

Question288: A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?

Question289: Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?

Question290: The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:

Question291: An organization plans to allow employees to use their own devices on the organization's network. Which of the following is the information security manager's BEST course of action?

Question292: Which of the following is the MOST effective, positive method to promote security awareness?

Question293: An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?

Question294: Which of the following is MOST important to the success of an information security program?

Question295: Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?

Question296: What is the BEST policy for securing data on mobile universal serial bus (USB) drives?

Question297: Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?

Question298: When collecting evidence for forensic analysis, it is important to:

Question299: Which of the following is MOST difficult to achieve in a public cloud-computing environment?

Question300: An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?

Question301: The effectiveness of virus detection software is MOST dependent on which of the following?

Question302: There is reason to believe that a recently modified web application has allowed unauthorized access.
Which is the BEST way to identify an application backdoor?

Question303: Which of the following are the MOST important individuals to include as members of an information security steering committee?

Question304: As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:

Question305: An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?

Question306: When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:

Question307: If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:

Question308: Successful social engineering attacks can BEST be prevented through:

Question309: Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?

Question310: The MAIN goal of an information security strategic plan is to:

Question311: Which resource is the MOST effective in preventing physical access tailgating/piggybacking?

Question312: Which of the following would be MOST appropriate for collecting and preserving evidence?

Question313: An information security program should be sponsored by:

Question314: The BEST metric for evaluating the effectiveness of a firewall is the:

Question315: When considering whether to adopt a new information security framework, an organization's information security manager should FIRST:

Question316: Security awareness training should be provided to new employees:

Question317: Nonrepudiation can BEST be assured by using:

Question318: When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:

Question319: Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?

Question320: Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?

Question321: An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:

Question322: Which of the following is the MOST important reason why information security objectives should be defined?

Question323: What is the MOST effective access control method to prevent users from sharing files with unauthorized users?

Question324: To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?

Question325: Who is responsible for raising awareness of the need for adequate funding for risk action plans?

Question326: Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?

Question327: Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?

Question328: An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?

Question329: What is the BEST way to alleviate security team understaffing while retaining the capability in-house?

Question330: Which of the following guarantees that data in a file have not changed?

Question331: It is important to develop an information security baseline because it helps to define:

Question332: Which of the following is an example of a corrective control?

Question333: Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?

Question334: Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:

Question335: Which of the following is the initial step in creating a firewall policy?

Question336: The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:

Question337: What is the BEST way to ensure that contract programmers comply with organizational security policies?

Question338: Nonrepudiation can BEST be ensured by using:

Question339: Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?

Question340: An intranet server should generally be placed on the:

Question341: Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?

Question342: The return on investment of information security can BEST be evaluated through which of the following?

Question343: Security audit reviews should PRIMARILY:

Question344: An e-commerce order fulfillment web server should generally be placed on which of the following?

Question345: Which of the following defines the triggers within a business continuity plan (BCP)?

Question346: Recovery point objectives (RPOs) can be used to determine which of the following?

Question347: How would an organization know if its new information security program is accomplishing its goals?

Question348: A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager should FIRST:

Question349: Which of the following authentication methods prevents authentication replay?

Question350: Security awareness training is MOST likely to lead to which of the following?

Question351: Which of the following are the essential ingredients of a business impact analysis (B1A)?

Question352: The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:

Question353: Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?

Question354: Which of the following environments represents the GREATEST risk to organizational security?

Question355: Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?

Question356: What is the BEST defense against a Structured Query Language (SQL) injection attack?

Question357: Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?

Question358: What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?

Question359: Which of the following represents a PRIMARY area of interest when conducting a penetration test?

Question360: In business-critical applications, user access should be approved by the:

Question361: Which of the following BEST ensures that information transmitted over the Internet will remain confidential?

Question362: Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?

Question363: During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:

Question364: A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:

Question365: Which of the following is MOST important to the successful promotion of good security management practices?

Question366: Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?

Question367: In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?

Question368: Which of the following is MOST closely associated with a business continuity program?

Question369: The FIRST step in an incident response plan is to:

Question370: An information security manager uses security metrics to measure the:

Question371: A contract bid is digitally signed and electronically mailed. The PRIMARY advantage to using a digital signature is that:

Question372: Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?

Question373: An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?

Question374: During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Question375: Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does it always introduce?

Question376: When an emergency security patch is received via electronic mail, the patch should FIRST be:

Question377: Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:

Question378: Which of the following vulnerabilities presents the GREATEST risk of external hackers gaining access to the corporate network?

Question379: Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:

Question380: Which would be the BEST recommendation to protect against phishing attacks?

Question381: Which of the following is the MOST appropriate frequency for updating antivirus signature files for antivirus software on production servers?

Question382: The MOST important objective of a post incident review is to:

Question383: An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?

Question384: The BEST way to mitigate the risk associated with a social engineering attack is to:

Question385: When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?

Question386: An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

Question387: When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?

Question388: The PRIMARY objective of an Internet usage policy is to prevent:

Question389: Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:

Question390: When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:

Question391: Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?

Question392: Which of the following is the BEST approach for an organization desiring to protect its intellectual property?

Question393: Which of the following should be in place before a black box penetration test begins?

Question394: To justify the establishment of an incident management team, an information security manager would find which of the following to be the MOST effective?

Question395: An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:

Question396: Which of the following actions should lake place immediately after a security breach is reported to an information security manager?

Question397: An extranet server should be placed:

Question398: The BEST approach in managing a security incident involving a successful penetration should be to:

Question399: Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?

Question400: An organization has decided to implement additional security controls to treat the risks of a new process.
This is an example of:

Question401: Which of the following is a risk of cross-training?

Question402: In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:

Question403: Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?

Question404: A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:

Question405: Which of the following is the BEST indicator that security awareness training has been effective?

Question406: Good information security standards should:

Question407: In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?

Question408: At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?

Question409: An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?

Question410: Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?

Question411: What is an appropriate frequency for updating operating system (OS) patches on production servers?

Question412: Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?

Question413: Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?

Question414: An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

Question415: In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?

Question416: Detailed business continuity plans should be based PRIMARILY on:

Question417: Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Question418: What is the PRIMARY objective of a post-event review in incident response?

Question419: A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:

Question420: An intrusion detection system (IDS) should:

Question421: An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resource to support clients. The BEST approach to obtain the support of business unit management would be to:

Question422: Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?

Question423: Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?

Question424: What is the FIRST action an information security manager should take when a company laptop is reported stolen?

Question425: Which of the following is the PRIMARY advantage of desk checking a business continuity plan (BCP)?