Question1: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST help to prevent this occurrence?
Question2: An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:
Question3: The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:
Question4: In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
Question5: Information security managers should use risk assessment techniques to:
Question6: Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?
Question7: An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?
Question8: When an organization is implementing an information security governance program, its board of directors should be responsible for:
Question9: Developing a successful business case for the acquisition of information security software products can BEST be assisted by:
Question10: Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:
Question11: Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
Question12: Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
Question13: Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?
Question14: An intranet server should generally be placed on the:
Question15: Which of the following will protect the confidentiality of data transmitted over the Internet?
Question16: An organization has to comply with recently published industry regulatory requirements-compliance that potentially has high implementation costs. What should the information security manager do FIRST?
Question17: Which of the following is the MOST important information to include in an information security standard?
Question18: Which of the following environments represents the GREATEST risk to organizational security?
Question19: Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
Question20: The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
Question21: Secure customer use of an e-commerce application can BEST be accomplished through:
Question22: Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:
Question23: A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?
Question24: Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
Question25: The MOST important reason for conducting periodic risk assessments is because:
Question26: Security technologies should be selected PRIMARILY on the basis of their:
Question27: From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?
Question28: In an organization, information systems security is the responsibility of:
Question29: A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
Question30: Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:
Question31: The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
Question32: The PRIORITY action to be taken when a server is infected with a virus is to:
Question33: Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?
Question34: Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?
Question35: A risk management approach to information protection is:
Question36: Which of the following risks is represented in the risk appetite of an organization?
Question37: Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
Question38: Which of the following is the MOST effective, positive method to promote security awareness?
Question39: A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
Question40: Which of the following is the MOST important step in risk ranking?
Question41: Which of the following is the MOST appropriate course of action when the risk occurrence rate is low but the impact is high?
Question42: When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?
Question43: What of the following is MOST important to include in an information security policy?
Question44: An organization is considering whether to allow employees to use personal computing devices for business purposes. To BEST facilitate senior management's decision, the information security manager should:
Question45: An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
Question46: Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:
Question47: When designing an information security quarterly report to management, the MOST important element to be considered should be the:
Question48: Which of the following is MOST important for a successful information security program?
Question49: In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?
Question50: Which of the following is the GREATEST security threat when an organization allows remote access to a virtual private network (VPN)?
Question51: A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager's FIRST course of action?
Question52: Which of the following are seldom changed in response to technological changes?
Question53: In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
Question54: When developing an information security governance framework, which of the following would be the MAIN impact when lacking senior management involvement?
Question55: An organization without any formal information security program that has decided to implement information security best practices should FIRST:
Question56: When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?
Question57: Who can BEST approve plans to implement an information security governance framework?
Question58: A multinational organization wants to monitor outbound traffic for data leakage from the use of unapproved cloud services. Which of the following should be the information security manager's GREATEST consideration when implementing this control?
Question59: When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?
Question60: Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?
Question61: A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
Question62: An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?
Question63: The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:
Question64: A risk assessment study carried out by an organization noted that there is no segmentation of the local area network (LAN). Network segmentation would reduce the potential impact of which of the following?
Question65: Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
Question66: A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
Question67: Which of the following BEST ensures that information transmitted over the Internet will remain confidential?
Question68: The implementation of continuous monitoring controls is the BEST option where:
Question69: Which of the following is an example of a corrective control?
Question70: Acceptable risk is achieved when:
Question71: Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?
Question72: When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
Question73: A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:
Question74: Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
Question75: The business continuity policy should contain which of the following?
Question76: Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
Question77: An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:
Question78: A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?
Question79: To implement a security framework, an information security manager must FIRST develop:
Question80: Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
Question81: Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?
Question82: In order to highlight to management the importance of network security, the security manager should FIRST:
Question83: Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?
Question84: Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
Question85: In assessing risk, it is MOST essential to:
Question86: What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?
Question87: Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?
Question88: A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BES T approach of the information security manager?
Question89: Which of the following devices should be placed within a DMZ?
Question90: Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?
Question91: During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?
Question92: Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
Question93: Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining?
The number of:
Question94: Which of the following is the MOST appropriate board-level activity for information security governance?
Question95: Reviewing which of the following would BEST ensure that security controls are effective?
Question96: The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
Question97: An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?
Question98: An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
Question99: The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
Question100: Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
Question101: In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?
Question102: Successful social engineering attacks can BEST be prevented through:
Question103: Who is ultimately responsible for the organization's information?
Question104: Which of the following is MOST essential for a risk management program to be effective?
Question105: Which of the following reduces the potential impact of social engineering attacks?
Question106: The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:
Question107: Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?
Question108: Emergency actions are taken at the early stage of a disaster with the purpose of preventing injuries or loss of life and:
Question109: Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?
Question110: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?
Question111: It is MOST important that information security architecture be aligned with which of the following?
Question112: An information security program should focus on:
Question113: The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
Question114: The PRIMARY goal of a corporate risk management program is to ensure that an organization's:
Question115: Which of the following BEST indicates a successful risk management practice?
Question116: An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is to:
Question117: What is the MOST important factor in the successful implementation of an enterprise wide information security program?
Question118: When residual risk is minimized:
Question119: What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
Question120: A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager should PRIMARILY ensure that there is:
Question121: The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:
Question122: An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements. Which of the following should be the information security manager's FIRST course of action?
Question123: The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
Question124: What task should be performed once a security incident has been verified?
Question125: A critical component of a continuous improvement program for information security is:
Question126: The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:
Question127: Previously accepted risk should be:
Question128: Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:
Question129: Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
Question130: The value of information assets is BEST determined by:
Question131: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?
Question132: An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization's information security manager?
Question133: Which of the following is the MOST appropriate use of gap analysis?
Question134: An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?
Question135: The valuation of IT assets should be performed by:
Question136: To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:
Question137: Which of the following are the essential ingredients of a business impact analysis (B1A)?
Question138: When personal information is transmitted across networks, there MUST be adequate controls over:
Question139: Which of the following is the MOST important element of an information security strategy?
Question140: A new system has been developed that does not comply with password-aging rules. This noncompliance can BEST be identified through:
Question141: The cost of implementing a security control should not exceed the:
Question142: Which of the following would BEST address the risk of data leakage?
Question143: What is the MOST important element to include when developing user security awareness material?
Question144: Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?
Question145: Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?
Question146: What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
Question147: To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
Question148: The PRIMARY advantage of single sign-on (SSO) is that it will:
Question149: Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
Question150: Based on the information provided, which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations?
Question151: Which of the following is MOST difficult to achieve in a public cloud-computing environment?
Question152: Which two components PRIMARILY must be assessed in an effective risk analysis?
Question153: Which of the following should be the FIRST step in developing an information security plan?
Question154: An organization is entering into an agreement with a new business partner to conduct customer mailings.
What is the MOST important action that the information security manager needs to perform?
Question155: When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:
Question156: When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?
Question157: Which of the following is the BEST approach for improving information security management processes?
Question158: An information security manager is reviewing the impact of a regulation on the organization's human resources system. The NEXT course of action should be to:
Question159: Which of the following would be the BEST metric for the IT risk management process?
Question160: Information security policies should:
Question161: A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?
Question162: The PRIMARY reason for initiating a policy exception process is when:
Question163: The FIRST step in establishing a security governance program is to:
Question164: Which of the following are likely to be updated MOST frequently?
Question165: Which of the following results from the risk assessment process would BEST assist risk management decision making?
Question166: Logging is an example of which type of defense against systems compromise?
Question167: A risk management program would be expected to:
Question168: In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:
Question169: Information security should be:
Question170: When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
Question171: Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?
Question172: Which of the following is the MOST important reason for performing vulnerability assessments periodically?
Question173: Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?
Question174: Which of the following would help to change an organization's security culture?
Question175: When outsourcing data to a cloud service provider, which of the following should be the information security manager's MOST important consideration?
Question176: Utilizing external resources for highly technical information security tasks allows an information security manager to:
Question177: Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following would be the manager's BEST course of action?
Question178: Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
Question179: The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:
Question180: It is important to classify and determine relative sensitivity of assets to ensure that:
Question181: An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?
Question182: The MOST important objective of a post incident review is to:
Question183: Which of the following BEST ensures that security risks will be reevaluated when modifications in application developments are made?
Question184: It is MOST important for an information security manager to ensure that security risk assessments are performed:
Question185: Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
Question186: When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:
Question187: At what stage of the applications development process would encryption key management initially be addressed?
Question188: How would an organization know if its new information security program is accomplishing its goals?
Question189: Who should drive the risk analysis for an organization?
Question190: When implementing security controls, an information security manager must PRIMARILY focus on:
Question191: Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization's information security risk position?
Question192: To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
Question193: Which of the following is the MOST effective way to communicate information security risk to senior management?
Question194: The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
Question195: Which of the following is done PRIMARILY to address the integrity of information?
Question196: Most security vulnerabilities in software exit because:
Question197: An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:
Question198: At what stage of the applications development process should the security department initially become involved?
Question199: The FIRST step in an incident response plan is to:
Question200: When creating a forensic image of a hard drive, which of the following should be the FIRST step?
Question201: The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
Question202: Which of the following is MOST important to the successful promotion of good security management practices?
Question203: Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
Question204: Which of the following would be MOST appropriate for collecting and preserving evidence?
Question205: What is the MOST effective access control method to prevent users from sharing files with unauthorized users?
Question206: Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?
Question207: A risk assessment should be conducted:
Question208: Which of the following will BEST protect confidential data when connecting large wireless networks to an existing wired-network infrastructure?
Question209: Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
Question210: When performing an information risk analysis, an information security manager should FIRST:
Question211: Security awareness training is MOST likely to lead to which of the following?
Question212: A web server in a financial institution that has been compromised using a super-user account has been isolated, and proper forensic processes have been followed. The next step should be to:
Question213: The PRIMARY reason for using metrics to evaluate information security is to:
Question214: The purpose of a corrective control is to:
Question215: What is the MOST important reason for conducting security awareness programs throughout an organization?
Question216: Which of the following steps should be performed FIRST in the risk assessment process?
Question217: Which of the following is the MOST important objective of testing a security incident response plan?
Question218: Which of the following attacks is BEST mitigated by utilizing strong passwords?
Question219: A newly hired information security manager reviewing an existing security investment plan is MOST likely to be concerned when the plan:
Question220: The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
Question221: Which of the following will BEST protect against malicious activity by a former employee?
Question222: An information security manager uses security metrics to measure the:
Question223: When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?
Question224: Which of the following authentication methods prevents authentication replay?
Question225: Which of the following is the MOST important to keep in mind when assessing the value of information?
Question226: Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?
Question227: Effective IT governance is BEST ensured by:
Question228: The implementation of a capacity plan would prevent:
Question229: Which of the following would be MOST critical to the successful implementation of a biometric authentication system?
Question230: When developing security standards, which of the following would be MOST appropriate to include?
Question231: In a large organization, defining recovery time objectives (RTOs) is PRIMARILY the responsibility of:
Question232: When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
Question233: A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors?
Question234: Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does it always introduce?
Question235: Which of the following is the MOST effective method of preventing deliberate internal security breaches?
Question236: The PRIMARY purpose of using risk analysis within a security program is to:
Question237: Which of the following is MOST effective in preventing security weaknesses in operating systems?
Question238: Why is "slack space" of value to an information security manager as pan of an incident investigation?
Question239: Security governance is MOST associated with which of the following IT infrastructure components?
Question240: Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?
Question241: Retention of business records should PRIMARILY be based on:
Question242: Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?
Question243: Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?
Question244: Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
Question245: Investment in security technology and processes should be based on:
Question246: When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:
Question247: Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?
Question248: What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?
Question249: Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?
Question250: The MOST useful way to describe the objectives in the information security strategy is through:
Question251: The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
Question252: An information security organization should PRIMARILY:
Question253: Which of the following is the BEST approach to make strategic information security decisions?
Question254: A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:
Question255: A contract bid is digitally signed and electronically mailed. The PRIMARY advantage to using a digital signature is that:
Question256: The data access requirements for an application should be determined by the:
Question257: In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
Question258: The contribution of recovery point objective (RPO) to disaster recovery is to:
Question259: The effectiveness of an information security governance framework will BEST be enhanced if:
Question260: An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?
Question261: When performing a qualitative risk analysis, which of the following will BEST produce reliable results?
Question262: During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
Question263: What is the MOST cost-effective method of identifying new vendor vulnerabilities?
Question264: Which of the following is the MOST significant security risk in IT asset management?
Question265: What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?
Question266: An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?
Question267: Which of the following is responsible for legal and regulatory liability?
Question268: Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
Question269: Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?
Question270: Which of the following situations would be the MOST concern to a security manager?
Question271: When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:
Question272: An organization plans to allow employees to use their own devices on the organization's network. Which of the following is the information security manager's BEST course of action?
Question273: Segregation of duties is a security control PRIMARILY used to:
Question274: The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:
Question275: In the course of examining a computer system for forensic evidence, data on the suspect media were inadvertently altered. Which of the following should have been the FIRST course of action in the investigative process?
Question276: The MOST important success factor to design an effective IT security awareness program is to:
Question277: For risk management purposes, the value of an asset should be based on:
Question278: Which of the following should be determined while defining risk management strategies?
Question279: A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?
Question280: As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:
Question281: Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?
Question282: Which of the following represents the MAJOR focus of privacy regulations?
Question283: Detailed business continuity plans should be based PRIMARILY on:
Question284: All risk management activities are PRIMARILY designed to reduce impacts to:
Question285: Which of the following measures would be MOST effective against insider threats to confidential information?
Question286: An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
Question287: Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
Question288: Which of the following BEST ensures timely and reliable access to services?
Question289: Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?
Question290: An organization is considering moving one of its critical business applications to a cloud hosting service.
The cloud provider may not provide the same level of security for this application as the organization.
Which of the following will provide the BEST information to help maintain the security posture?
Question291: Which of the following is the MOST important information to include in a strategic plan for information security?
Question292: When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
Question293: The PRIMARY benefit of performing an information asset classification is to:
Question294: Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?
Question295: Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
Question296: Several business units reported problems with their systems after multiple security patches were deployed.
The FIRST step in handling this problem would be to:
Question297: To achieve effective strategic alignment of security initiatives, it is important that:
Question298: When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
Question299: During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
Question300: Which if the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?
Question301: Which of the following BEST illustrates residual risk within an organization?
Question302: Which of the following would BEST assist an IS manager in gaining strategic support from executive management?
Question303: An information security manager that is utilizing a public cloud is performing a root cause investigation of an incident that took place in that environment. Which of the following should be the security manager's MAIN concern?
Question304: Which of the following is the MOST important to ensure a successful recovery?
Question305: The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?
Question306: Which of the following analyses will BEST identify the external influences to an organization's information security?
Question307: What is the BEST way to ensure that contract programmers comply with organizational security policies?
Question308: A core business unit relies on an effective legacy system that does not meet the current security standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?
Question309: Which of the following is an advantage of a centralized information security organizational structure?
Question310: Risk management programs are designed to reduce risk to:
Question311: An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
Question312: Identification and prioritization of business risk enables project managers to:
Question313: What is the PRIMARY objective of a post-event review in incident response?
Question314: Isolation and containment measures for a compromised computer has been taken and information security management is now investigating. What is the MOST appropriate next step?
Question315: Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?
Question316: The FIRST step to create an internal culture that focuses on information security is to:
Question317: A risk profile support effective security decisions PRIMARILY because it:
Question318: Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
Question319: Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
Question320: For virtual private network (VPN) access to the corporate network, the information security manager is requiring strong authentication. Which of the following is the strongest method to ensure that logging onto the network is secure?
Question321: The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
Question322: A business unit uses an e-commerce application with a strong password policy. Many customers complain that they cannot remember their passwords because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST:
Question323: When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?
Question324: In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
Question325: Which of the following are the MOST important individuals to include as members of an information security steering committee?
Question326: Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?
Question327: When performing a risk assessment, the MOST important consideration is that:
Question328: Data owners are normally responsible for which of the following?
Question329: The business advantage of implementing authentication tokens is that they:
Question330: The decision as to whether a risk has been reduced to an acceptable level should be determined by:
Question331: Who should be responsible for enforcing access rights to application data?
Question332: Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?
Question333: If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
Question334: On which of the following should a firewall be placed?
Question335: What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:
Question336: Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
Question337: The MAIN reason for continuous monitoring of a security strategy is to:
Question338: Which of the following should be in place before a black box penetration test begins?
Question339: When security policies are strictly enforced, the initial impact is that:
Question340: Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:
Question341: The configuration management plan should PRIMARILY be based upon input from:
Question342: When a significant security breach occurs, what should be reported FIRST to senior management?
Question343: When an emergency security patch is received via electronic mail, the patch should FIRST be:
Question344: When messages are encrypted and digitally signed to protect documents transferred between trading partners, the GREATEST concern is that:
Question345: Security audit reviews should PRIMARILY:
Question346: Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?
Question347: In an organization that has undergone an expansion through an acquisition which of the following would BEST secure the enterprise network?
Question348: Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?
Question349: An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:
Question350: Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?
Question351: What is the MOST important success factor in launching a corporate information security awareness program?
Question352: In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
Question353: What is the BEST way to ensure data protection upon termination of employment?
Question354: The PRIMARY objective of an Internet usage policy is to prevent:
Question355: What is the BEST defense against a Structured Query Language (SQL) injection attack?
Question356: The MOST complete business case for security solutions is one that.
Question357: Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?
Question358: The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
Question359: Which of the following guarantees that data in a file have not changed?
Question360: Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
Question361: The MOST important factor in ensuring the success of an information security program is effective:
Question362: Which of the following is MOST important in determining whether a disaster recovery test is successful?
Question363: What does a network vulnerability assessment intend to identify?
Question364: Which of the following groups would be in the BEST position to perform a risk analysis for a business?
Question365: The BEST strategy for risk management is to:
Question366: Which of the following metrics would provide management with the MOST useful information about the progress of a security awareness program?
Question367: Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
Question368: A multinational organization's information security manager has been advised that the city in which a contracted regional data center is located is experiencing civil unrest. The information security manager should FIRST:
Question369: Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
Question370: Good information security standards should:
Question371: Which of the following would BEST help to identify vulnerabilities introduced by changes to an organization's technical infrastructure?
Question372: Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
Question373: Which of the following would help management determine the resources needed to mitigate a risk to the organization?
Question374: Which of the following should be determined FIRST when establishing a business continuity program?
Question375: When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
Question376: Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?
Question377: Recovery point objectives (RPOs) can be used to determine which of the following?
Question378: To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
Question379: Of the following, which is the MOST important aspect of forensic investigations?
Question380: Which of the following will BEST help to proactively prevent the exploitation of vulnerabilities in operating system software?
Question381: Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?
Question382: Which of the following would generally have the GREATEST negative impact on an organization?
Question383: Which of the following is a benefit of information security governance?
Question384: Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?
Question385: Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?
Question386: Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?
Question387: Security monitoring mechanisms should PRIMARILY:
Question388: Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?
Question389: A desktop computer that was involved in a computer security incident should be secured as evidence by:
Question390: The MOST basic requirement for an information security governance program is to:
Question391: Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?
Question392: Which of the following is the BEST method to provide a new user with their initial password for e-mail system access?
Question393: Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?
Question394: An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
Question395: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?
Question396: A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:
Question397: An organization has decided to implement additional security controls to treat the risks of a new process.
This is an example of:
Question398: Which of the following approaches is BEST for selecting controls to minimize information security risks?
Question399: Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
Question400: An intrusion detection system should be placed:
Question401: Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?
Question402: Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
Question403: Which of the following threats is prevented by using token-based authentication?
Question404: Which of the following is the MOST appropriate method to protect a password that opens a confidential file?
Question405: The MOST important component of a privacy policy is:
Question406: The PRIMARY objective of performing a post-incident review is to:
Question407: Which of the following BEST describes the scope of risk analysis?
Question408: The PRIMARY focus of the change control process is to ensure that changes are:
Question409: Which of the following is the MOST important driver when developing an effective information security strategy?
Question410: Investments in information security technologies should be based on:
Question411: The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
Question412: Which of the following would be the BEST defense against sniffing?
Question413: An organization shares customer information across its globally dispersed branches. Which of the following should be the GREATEST concern to information security management?
Question414: Which of the following is MOST important for measuring the effectiveness of a security awareness program?
Question415: When considering whether to adopt a new information security framework, an organization's information security manager should FIRST:
Question416: Attacks using multiple methods to spread should be classified:
Question417: Which of the following mechanisms is the MOST secure way to implement a secure wireless network?
Question418: Which of the following would raise security awareness among an organization's employees?
Question419: Which of the following techniques would be the BEST test of security effectiveness?
Question420: Phishing is BEST mitigated by which of the following?
Question421: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?
Question422: Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
Question423: What is the FIRST action an information security manager should take when a company laptop is reported stolen?
Question424: The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
Question425: Information security projects should be prioritized on the basis of:
Question426: What is the MOST important item to be included in an information security policy?
Question427: The BEST time to perform a penetration test is after:
Question428: Successful implementation of information security governance will FIRST require:
Question429: An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?
Question430: To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:
Question431: What will have the HIGHEST impact on standard information security governance models?
Question432: A good privacy statement should include:
Question433: In business-critical applications, user access should be approved by the:
Question434: Which of the following is the PRIMARY reason for implementing a risk management program?
Question435: When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?
Question436: An information security manager has completed a risk assessment and has determined the residual risk.
Which of the following should be the NEXT step?
Question437: How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
Question438: Which of the following requirements would have the lowest level of priority in information security?
Question439: Which of the following would be the MOST important goal of an information security governance program?
Question440: Which of the following devices should be placed within a DMZ?
Question441: Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
Question442: The recovery time objective (RTO) is reached at which of the following milestones?
Question443: An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resource to support clients. The BEST approach to obtain the support of business unit management would be to:
Question444: Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?
Question445: The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:
Question446: When a security standard conflicts with a business objective, the situation should be resolved by:
Question447: To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?
Question448: Information security policy enforcement is the responsibility of the:
Question449: Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
Question450: An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?
Question451: Which of the following roles would represent a conflict of interest for an information security manager?
Question452: Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?
Question453: When developing an information security program, what is the MOST useful source of information for determining available resources?