EMT Practice Test

1. Question Content...


Question List

Question1: The PRIMARY role of an information security steering group is to ensure that:

Question2: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?

Question3: An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:

Question4: A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?

Question5: Which of the following is the BEST indication of an effective information security program?

Question6: Which of the following is MOST important to consider when developing a disaster recovery plan?

Question7: Which of the following is the PRIMARY role of a data custodian?

Question8: The BEST way to determine the current state of information security with regard to defined security objectives is by performing a:

Question9: Which of the following is MOST critical for an effective information security governance framework?

Question10: When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

Question11: An organization's operations have been significantly impacted by a cyber attack resulting in data loss. Once the attack has been contained, what should the security team.

Question12: Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?

Question13: After undertaking a security assessment of a production system, the information security manager is MOST likely to:

Question14: A threat intelligence report indicates there has been a significant rise in the number of attacks targeting the industry. What should the information security manager do NEXT?

Question15: Which of the following will BEST enable an effective information asset classification process?

Question16: Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

Question17: A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:

Question18: During an emergency security incident, which of the following would MOST likely predict the worst-case scenario?

Question19: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

Question20: A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:

Question21: Which of the following is the MOST significant benefit of effective change management?

Question22: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

Question23: Which of the following techniques is MOST useful when an incident response team needs to respond to external attacks on multiple corporate network devices?

Question24: Threat and vulnerability assessments are important PRIMARILY because they are:

Question25: An organization is considering a self-service solution for the deployment of virtualized development servers.

Question26: Which of the following should be the MOST important consideration when implementing an information security framework?

Question27: Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?

Question28: The success of a computer forensic investigation depends on the concept of:

Question29: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Question30: Which of the following is MOST likely to be included in an enterprise information security policy?

Question31: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:

Question32: An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?

Question33: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?

Question34: Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?

Question35: When establishing the trigger levels for an organization's key risk indicators (KRIs), the thresholds should be based PRIMARILY on the organization's:

Question36: Which of the following is the GREATEST risk associated with the head of information security reporting to the chief information officer (CIO)?

Question37: Shortly after installation, an intrusion detection system (IDS) reports a violation. Which of the following is the MOST likely explanation?

Question38: Which is MOST important to enable a timely response to a security breach?

Question39: Which of the following should be the PRIMARY consideration for an information security manager when designing security center for a newly acquired business application?

Question40: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

Question41: In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:

Question42: An information security manager has researched several options for handling ongoing security concerns and will be presenting these solutions to business managers. Which of the following with BEST enable business managers to make an informed decision?

Question43: Which of the following would be MOST important to consider when implementing security settings for a new system'

Question44: Which of the following is MOST helpful in protecting against hacking attempts on the production network?

Question45: After an information security business case has been approved by senior management, it should be:

Question46: A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization's information?

Question47: Which of the following is the BEST way to facilitate the alignment between an organization's information security program and business objectives?

Question48: What should the information security manager recommend to support the development of a new web application that will allow retail customers to view inventory and order products?

Question49: Which of the following is the BEST way to rigorously test a disaster recovery plan for a mission-critical system without disrupting business operations?

Question50: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question51: Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?

Question52: Which of the following metrics would be considered an accurate measure of an information security program's performance?

Question53: An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager s FIRST course of action?

Question54: To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that security.

Question55: Which of the following is the PRIMARY product of a business impact analysis (BIA)?

Question56: An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:

Question57: After adopting an information security framework, an information security manager is working with senior management to change the organization-wide perception that information security is solely the responsibility of the information security department. To achieve this objective, what should be the information security manager's FIRST initiative?

Question58: Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?

Question59: The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:

Question60: An organization has determined that one of its web servers has been compromised. Which of the following actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?

Question61: Which of the following is a MAIN security challenge when conducting a post-incident review related to bring your own device (BYOD) in a mature, diverse organization?

Question62: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?

Question63: The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?

Question64: Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Question65: The PRIMARY benefit of integrating information security activities into change management processes is to:

Question66: Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

Question67: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?

Question68: An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to:

Question69: To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:

Question70: An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients. The BEST approach to obtain the support of business management would be to:

Question71: The PRIMARY goal of a security infrastructure design is the:

Question72: An organization is developing a disaster recover/ plan for a data center that hosts multiple applications. The application recovery sequence would BEST be determined through an analysis of:

Question73: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

Question74: For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?

Question75: Information security governance is PRIMARILY driven by which of the following?

Question76: Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?

Question77: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

Question78: After a security incident has been contained, which of the following should be done FIRST?

Question79: Senior management learns of several web application security incidents and wants to know the exposure risk to the organization. What is the information security manager's BEST course of action?

Question80: As the security program matures, which of the following reports presented to senior management provides the MOST insight on the importance of the security program7

Question81: Which of the following should be of MOST influence to an information security manager when developing IT security policies?

Question82: Which of the following BEST demonstrates effective information security management within an organization?

Question83: An organization establishes an internal document collaboration site. To ensure data confidently of each project group, it is MOST important to:

Question84: The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

Question85: What is the BEST way for an information security manager to maintain continuous insight into the effectiveness of the organization's information security program?

Question86: What should the information security manager do FIRST when end users express that new security controls are too restrictive?

Question87: A risk profile supports effective security decisions PRIMARILY because it:

Question88: An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:

Question89: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?

Question90: An information security manager has implemented an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

Question91: A recent phishing attack investigation showed that several employees had used their work email addresses to create personal accounts on a shopping site that had been breached. What is the BEST way to prevent this

Question92: An organization's security was compromised by outside attackers. The organization believed that the incident was resolved. After a few days, the IT staff is still noticing unusual network traffic. Which of the following is the BEST course of action to address this situation?

Question93: To ensure IT equipment meets organizational security standards, the MOST efficient approach is to:

Question94: Which of the following is the MAIN concern when securing emerging technologies?

Question95: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

Question96: Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization's information security risk position?

Question97: To gain a clear understanding of the impact that a new regulatory will have on an organization's security control, an information manager should FIRST.

Question98: The PRIMARY objective of periodically testing an incident response plan should be to:

Question99: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Question100: The BEST way to minimize errors in the response to an incident is to:

Question101: Which of the following is BEST determined by using technical metrics?

Question102: Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?

Question103: Which of the following is the MOST effective way to detect social engineering attacks?

Question104: Which of the following is MOST important for an information security manager to ensure is included in a business case for a new security system?

Question105: Deciding the level of protection a particular asset should be given is BEST determined by:

Question106: The effectiveness of security awareness programs in fostering positive security cultures is MOST dependent upon employee:

Question107: An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?

Question108: Which of the following practices BEST supports the achievement of information security program objectives in the IT function?

Question109: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:

Question110: Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

Question111: A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:

Question112: The MOST important reason for an information security manager to be involved in a new software purchase initiative is to:

Question113: An outsourced vendor handles an organization's business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor's security practices?

Question114: Which of the following BIST validates that security controls are implemented in a new business process?

Question115: Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

Question116: Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?

Question117: An organization has detected potential risk emerging from noncompliance with new regulations in its industry.
Which of the following is the MOST important reason to report this situation to senior management?

Question118: When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:

Question119: Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?

Question120: Which of the following is MOST important to include in an information security strategy?

Question121: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?

Question122: It is MOST important tot an information security manager to ensure that security risk assessments are performed:

Question123: Which of the following is the MOST effective way to identify changes in an information security environment?

Question124: Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?

Question125: Which of the following is the FIRST task when determining an organization's information security profile?

Question126: An information security program should be established PRIMARILY on the basis of:

Question127: An organization is the victim of a targeted attack, and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?

Question128: The risk of mishandling alerts identified by an intrusion detection system (lDS) would be the GREATEST when:

Question129: The MOST important factors in determining the scope and timing for testing a business continuity plan are:

Question130: Which of the following is an example of a vulnerability?

Question131: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Question132: Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?

Question133: Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?

Question134: Labeling information according to its security classification:

Question135: Which of the following is the BEST strategy to implement an effective operational security posture?

Question136: An organization's marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?

Question137: Which of the following is a PRIMARY responsibility of an information security governance committee'

Question138: Which of the following is the MOST important reason for performing a risk analysis?

Question139: Which of the following is the MOST important outcome of testing incident response plans?

Question140: Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen laptop?

Question141: Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?

Question142: Which of the following BEST helps to identify vulnerabilities introduced by changes to an organization's technical infrastructure?

Question143: An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?

Question144: Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?

Question145: Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?

Question146: Which of the following is the PRIMARY goal of an incident response team during a security incident?

Question147: When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?

Question148: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?

Question149: Which of the following should be define* I FIRST when creating an organization's information security strategy?

Question150: An organization with a strict need-to-know information access policy is about to launch a knowledge management intranet. Which of the following is the MOST important activity to ensure compliance with existing security policies?

Question151: What should be an organization'e. MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?

Question152: What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?

Question153: A security incident has resulted in a failure of the enterprise resource planning (ERP) system. While the incident is handled by the incident response team, the help desk is overrun by queries from department managers on the state of the ERP system. What is the MOST likely reason for this situation?

Question154: Which of the following should an incident response team do NEXT after validating an event is an incident?

Question155: When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?

Question156: In a large organization, which of the following is the BEST source for identifying ownership of a PC?

Question157: Which of the following should be reviewed to obtain a structured overview of relevant information about an information security investment?

Question158: The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present

Question159: A new version of an information security regulation is published that requires an organization's compliance.
The information security manager should FIRST

Question160: During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

Question161: Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?

Question162: Which of the following is the BEST reason for delaying the application of a critical security patch?

Question163: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?

Question164: An organization wants to integrate information security into its human resource management processes. Which of the following should be the FWST step?

Question165: Which of the following metrics is the BEST measure of the effectiveness of an information security program?

Question166: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

Question167: Which of the following is the GREATEST risk of single sign-on?

Question168: Which of the following is the FIRST step required to achieve effective performance measurement?

Question169: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?

Question170: A multinational organization has developed a bring your own device (BYOD) policy that requires the installation of mobile device management (MDM) software on personally owned devices. Which of the following poses the GREATEST challenge for implementing the policy?

Question171: Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:

Question172: An organization is considering a self-service solution for the deployment of virtualized development servers.
Which of the following should be information security manager's PRIMARY concern?

Question173: When developing a classification method for incidents, the categories MUST be:

Question174: Which of the following is the MOST important outcome of senior management's analysis of information security metrics?

Question175: Utilizing external resources for highly technical information security tasks allows an information security manager to:

Question176: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

Question177: An information security manager has identified multiple areas of compliance risk that could subject the organization to significant penalties regarding the handling of personal data. Which of the following is the manager s BEST course of action?

Question178: Which of the following defines the triggers within a business continuity plan (BCP)?

Question179: Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?

Question180: After assessing risk, the decision to treat the risk should be based PRIMARILY on:

Question181: An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

Question182: The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:

Question183: Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?

Question184: An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?

Question185: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question186: An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?

Question187: Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?

Question188: In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

Question189: Reviewing which of the following would provide the GREATEST Input to the asset classification process?

Question190: When developing an incident response plan, the information security manager should:

Question191: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Question192: An organization will be outsourcing mission-critical processes. Which of the following is MOST important to verify before signing the service level agreement (SLA)?

Question193: An organization s senior management wants to allow employees to access an internal application using their personal mobile devices. Which of the following should be the information security managers FIRST course of action?

Question194: Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?

Question195: A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:

Question196: Which of the following is MOST important to building an effective information security program?

Question197: Which of the following will BEST ensure that risk is evaluated on system level changes?

Question198: Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?

Question199: In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?

Question200: Which of the following threats is prevented by using token-based authentication?

Question201: Which of the following is the PRIMARY benefit of using agentless endpoint security solutions?

Question202: A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

Question203: An information security manager has developed a strategy to address new information security risks resulting from recent change the business. Which of the following would be MOST important to include when presenting the strategy to senior management?

Question204: Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?

Question205: Which of the following is the MOST important element of a response plan for IT security incidents?

Question206: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?

Question207: In a risk assessment after the identification of threats to organizational assets, the information security manager would:

Question208: An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:

Question209: A system administrator failed to report a security incident where the critical application server was not available to the business users. Which of the following is the BEST way to prevent a reoccurrence?

Question210: Which of the following would BEST help to ensure compliance with an organizations information security requirements by an IT service provider?

Question211: Which of the following is the- BEST method to determine whether an information security program meets an organization s business objectives?

Question212: Which of the following is the responsibility of a data owner?

Question213: The BEST way to encourage good security practices is to:

Question214: Which of the following is MOST important for an information security manager to include in a report to senior management following a post-incident review?

Question215: An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

Question216: In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security manager?

Question217: What is the PRIMARY purpose of communicating business impact to an incident response team?

Question218: An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?

Question219: Which of the following is the MOST important outcome of monitoring and reporting on information security processes?

Question220: Information classification is a fundamental step in determining:

Question221: What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Question222: Which of the following BEST measures the effectiveness of an organization's information security strategy?

Question223: Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:

Question224: Human resources is evaluating potential Software as a Service (SaaS) cloud services, Which of the following should the information security manager do FIRST to support..

Question225: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question226: To implement a security framework, an information security manager must FIRST develop:

Question227: Which of the following would contribute MOST to employees' understanding of data handling responsibilities?

Question228: A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager's FIRST course of action?

Question229: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?

Question230: Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?

Question231: An audit reveals that some of an organizations software is end-of-life and the vendor will no longer provide support or security patches. Which of the following is the BEST way for the information security manager to address this situation?

Question232: When developing a disaster recovery plan, which of the following would be MOST helpful in prioritizing the order in which systems should be recovered?

Question233: Which of the following is the MOST important consideration when establishing an information security governance framework?

Question234: Which of the following is MOST important when selecting an information security metric?

Question235: Which of the following defines the triggers within a business continuity plan (BCP)?

Question236: An organization's information security strategy for the coming year emphasizes reducing the risk of ransomware. Which of the following would be MOST helpful to support this strategy?

Question237: When introducing security measures into a software development life cycle, which of the following should be the FIRST step?

Question238: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours.
The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:

Question239: Which of the following is the MOST effective defense against spear phishing attacks?

Question240: Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?

Question241: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?

Question242: An organization is considering moving one its critical business application to a cloud hosting service. The cloud provider may not provider the same level of security for its application as the organization. Which of the following will provide the BEST information to help maintain the security posture?

Question243: The PRIMARY purpose of a security information and event management (SIEM) system is to:

Question244: The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

Question245: The PRIMARY benefit of integrating information security risk into enterprise risk management is to:

Question246: Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?

Question247: The PRIMARY focus of a training curriculum for members of an incident response team should be:

Question248: The selection of security controls is PRIMARILY linked to:

Question249: The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:

Question250: Which of the following is MOST helpful to review to gain an understanding of the effectiveness of an organization s information security program?

Question251: Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?

Question252: An organization planning to contract with a cloud service provider is concerned about the risk of account hijacking at login. What is MOST important for the organization in its security requirements to address this concern?

Question253: Which of the following would BEST help to ensure an organization s security program is aligned with business objectives?

Question254: Which of the following would BEST fulfill a board of directors' request for a concise

Question255: Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?