EMT Practice Test

1. Question Content...


Question List

Question1: An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

Question2: To gain a clear understanding of the impact that a new regulatory will have on an organization's security control, an information manager should FIRST.

Question3: To implement a security framework, an information security manager must FIRST develop:

Question4: Which of the following is the BEST type of access control for an organization with employees who move between departments?

Question5: When developing a classification method for incidents, the categories MUST be:

Question6: Which of the following is MOST effective against system intrusions?

Question7: An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:

Question8: When granting a vendor remote access to a system, which of the following is the MOST important consideration?

Question9: Which of the following is a PRIMARY responsibility of an information security governance committee'

Question10: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?

Question11: Which of the following is two MOST important step when establishing guidelines for the use of social networking sites in an organization?

Question12: It is suspected that key emails have been viewed by unauthorized parties. The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing.
Which of the following is the BEST recommended course of action to senior management?

Question13: Which of the following provides the BEST evidence that a recently established information security program is effective?

Question14: Which of the following should be the FIRST step of incident response procedures?

Question15: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?

Question16: Which of the following BEST helps to identify vulnerabilities introduced by changes to an organization's technical infrastructure?

Question17: What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?

Question18: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:

Question19: Which of the following is MOST effective in the strategic alignment of security initiatives?

Question20: There are concerns that security events are not reported to management in a timely manner. To address this situation which of the following is MOST important to review?

Question21: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

Question22: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

Question23: Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?

Question24: Which of the following BEST describes a buffer overflow?

Question25: Which of the following should be the PRIMARY factor in prioritizing responses to a security incident?

Question26: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Question27: After adopting an information security framework, an information security manager is working with senior management to change the organization-wide perception that information security is solely the responsibility of the information security department. To achieve this objective, what should be the information security manager's FIRST initiative?

Question28: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?

Question29: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?

Question30: Which of the following is the MOST important outcome of monitoring and reporting on information security processes?

Question31: Which of the following is the BEST reason to develop comprehensive information security policies?

Question32: Which of the following should be the MOST important consideration when implementing an information security framework?

Question33: An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?

Question34: An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?

Question35: When developing a new system, detailed information security functionality should FIRST be addressed:

Question36: An organization is considering moving one its critical business application to a cloud hosting service. The cloud provider may not provider the same level of security for its application as the organization. Which of the following will provide the BEST information to help maintain the security posture?

Question37: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?

Question38: Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?

Question39: Which is MOST important when contracting an external party to perform a penetration test?

Question40: Which of the following is a PRIMARY objective of incident classification?

Question41: Which of the following is the- BEST method to determine whether an information security program meets an organization s business objectives?

Question42: The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

Question43: Which of the following would contribute MOST to employees' understanding of data handling responsibilities?

Question44: An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:

Question45: Which of the following should be an information security manager s MOST important consideration when conducting a physical security review of a potential outsourced data center?

Question46: Which of the following statements indicates that a previously failing security program is becoming successful?

Question47: Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

Question48: Which of the following is an information security manager's BEST course of action to address a significant materialized risk that was not prevented by organizational controls?

Question49: An audit reveals that some of an organizations software is end-of-life and the vendor will no longer provide support or security patches. Which of the following is the BEST way for the information security manager to address this situation?

Question50: Which of the following is the BEST reason to reassess risk following an incident?

Question51: Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?

Question52: Reviewing which of the following would provide the GREATEST Input to the asset classification process?

Question53: Which of the following presents the GREATEST information security concern when deploying an identity and access management solution?

Question54: Which of the following would MOST likely require a business continuity plan to be invoked'

Question55: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

Question56: Which of the following is the MOST effective method for categorizing system and data criticality during the risk assessment process?

Question57: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

Question58: Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?

Question59: Which of the following is MOST important to building an effective information security program?

Question60: Which of the following is BEST performed by the security department?

Question61: Which of the following would BEST fulfill a board of directors' request for a concise

Question62: Which of the following is the BEST way to rigorously test a disaster recovery plan for a mission-critical system without disrupting business operations?

Question63: Which of the following is MOST likely to result from a properly conducted post-incident review?

Question64: Penetration testing is MOST appropriate when a:

Question65: The PRIMARY reason for classifying assets is to:

Question66: Which of the following is MOST important to consider when handling digital evidence during the forensics investigation of a cybercrime?

Question67: The MAIN reason for an information security manager to monitor industry level changes in the business and FT is to:

Question68: What should an information security team do FIRST when notified by the help desk that an employee's computer has been infected with ma I ware?

Question69: Which of the following is the MOST important factor when determining the frequency of information security risk reassessment?

Question70: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?

Question71: What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Question72: Which of the following is the MOST important reason for logging firewall activity?

Question73: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Question74: Which of the following is the MOST important consideration when establishing an information security governance framework?

Question75: Which of the following would provide nonrepudiation of electronic transactions?

Question76: The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

Question77: An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?

Question78: Which of the following threats is prevented by using token-based authentication?

Question79: Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Question80: When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Question81: Which of the following is the MOST important reason to develop an organizational threat profile?

Question82: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Question83: An information security manager is developing a new information security strategy. Which of the following functions would serve as the BEST resource to review the strategy and provide guidance for business alignment?

Question84: Which of the following is the BEST reason to initiate a reassessment of current risk?

Question85: Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?

Question86: An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

Question87: Which of the following techniques is MOST useful when an incident response team needs to respond to external attacks on multiple corporate network devices?

Question88: A potential security breach has been reported to an organization s help desk. Which of the following would be the PRIMARY role of the help desk in the incident response process?

Question89: In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

Question90: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

Question91: Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?

Question92: Deciding the level of protection a particular asset should be given is BEST determined by:

Question93: To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

Question94: Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:

Question95: The effectiveness of security awareness programs in fostering positive security cultures is MOST dependent upon employee:

Question96: Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?

Question97: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

Question98: Which of the following is the BEST evidence that proper security monitoring controls are in place?

Question99: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

Question100: Which of the following is MOST important when selecting an information security metric?

Question101: The selection of security controls is PRIMARILY linked to:

Question102: An information security manager terms that the root password of an external FTP server may be subject to brute force attacks. Which of the following would be the MOST appropriate way to reduce the likelihood of a successful attack?.

Question103: An organization is considering a self-service solution for the deployment of virtualized development servers.

Question104: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?

Question105: When supporting an organization's privacy officer, which of the following is the information security managers PRIMARY role regarding privacy requirements?

Question106: In which of the following situations is it MOST important to escalate an incident response to senior management?

Question107: A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:

Question108: The BEST defense against phishing attempts within an organization is:

Question109: Which of the following is MOST important to include in an information security strategy?

Question110: Management is questioning the need for several items in the information security budget proposal. Which of the following would have been MOST helpful prior to budget submission?

Question111: An organization us& a particular encryption protocol for externally facing web pages and key financial services. A security firm publicizes a critical security flaw in the encryp manager do FIRST?

Question112: Which of the following BEST reduces the likelihood of leakage of private information via email?

Question113: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

Question114: When developing an incident response plan, the information security manager should:

Question115: Exceptions to a security policy should be approved based PRIMARILY on:

Question116: When customer data has been compromised, an organization should contact law enforcement authorities:

Question117: An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?

Question118: An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager s FIRST course of action?

Question119: Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?

Question120: Which of the following is the FIRST task when determining an organization's information security profile?

Question121: Which of the following will BEST enable an effective information asset classification process?

Question122: Which of the following is the- PRIMARY objective of an incident communication plan?

Question123: Which of the following would be MOST important to include in a bring your own device (BYOD) policy with regard to lost or stolen devices? The need for employees to:

Question124: Which of the following is the MOST beneficial outcome of testing an incident response plan?

Question125: Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?

Question126: Which of the following is an example of a vulnerability?

Question127: An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?

Question128: Which of the following should be define* I FIRST when creating an organization's information security strategy?

Question129: Which of the following is the MOST effective way to detect security incidents?

Question130: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question131: Which of the following should be done FIRST when implementing policies to address an upcoming new data privacy regulation?

Question132: Which of the following is MOST important to the successful development of an information security strategy?

Question133: Which of the following is MOST important to enable after completing action plan?

Question134: When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:

Question135: Calculation of the recovery time objective (RTO) is necessary to determine the:

Question136: The MOST important outcome of information security governance is:

Question137: Which of the following processes would BEST aid an information security manager in resolving systemic security issues?

Question138: Which of the following is the BEST approach for encouraging business units to assume their roles and responsibilities in an information security program?

Question139: Planning for the implementation of an information security program is MOST effective when it:

Question140: Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?

Question141: A financial institution's privacy department has requested the implementation of multi-factor authentication to comply with regulations for providing services over the Internet. Which of the following authentication schemes would BEST meet this compliance requirement?

Question142: The GREATEST benefit of choosing a private cloud over a public cloud would be:

Question143: The PRIMARY role of an information security steering group is to ensure that:

Question144: Which of the following would BEST help an information security manager prioritize remediation activities to meet regulatory requirements?

Question145: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?

Question146: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Question147: Which of the following is the MOST important step in risk ranking?

Question148: Which of the following is a MAIN security challenge when conducting a post-incident review related to bring your own device (BYOD) in a mature, diverse organization?

Question149: Which of the following provides the MOST relevant evidence of incident response maturity?

Question150: When implementing security architecture, an information security manager MUST ensure that security controls:

Question151: The FIRST step in establishing an information security program is to:

Question152: Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?

Question153: Which of the following BEST supports the risk assessment process to determine criticality of an asset?

Question154: Which of the following is MOST important to consider when determining asset valuation?

Question155: Which of the following is MOST likely to be included in an enterprise information security policy?

Question156: The BEST way to encourage good security practices is to:

Question157: Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?

Question158: Which of the following is the MOST significant security risk in IT asset management?

Question159: Authorization can BEST be accomplished by establishing:

Question160: An access rights review revealed that some former employees' access is still active. Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?

Question161: Which of the ager to regularly report to senior management?

Question162: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

Question163: The PRIMARY purpose of a risk assessment is to enable business leaders to:

Question164: Which of the following should be the FIRST course of action when it becomes apparent that the recovery time objective (RTO) will not be met during incident response

Question165: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Question166: Which of the following would BEST enhance firewall security?

Question167: Utilizing external resources for highly technical information security tasks allows an information security manager to:

Question168: Who should decide the extent to which an organization will comply with new cybersecurity regulatory requirements?

Question169: The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:

Question170: When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?

Question171: Which of the following is the MOST important prerequisite to performing an information security risk assessment?

Question172: Which of the following BEST indicates senior management support for an information security program?

Question173: The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:

Question174: Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

Question175: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?

Question176: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Question177: Which of the following is an indicator of improvement in the ability to identify security risks?

Question178: Which of the following defines the triggers within a business continuity plan (BCP)?

Question179: A policy has been established requiting users to install mobile device management (MDM) software on their personal devices Which of the following would BEST mitigate the risk created by noncompliance with this policy?

Question180: An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients. The BEST approach to obtain the support of business management would be to:

Question181: Which of the following is MOST critical for responding effectively to security breaches?

Question182: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?

Question183: Which of the following is the MOST effective control to reduce the impact of ransomware attacks?

Question184: An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?

Question185: Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?

Question186: The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Question187: Which of the following BEST determines an information asset's classification?

Question188: Which of the following elements of risk is MOST difficult to quantify?

Question189: Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?

Question190: Implementing a strong password policy is part of an organization s information security strategy for the year.
A business unit believes the strategy may adversely affect a client's adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following is the information security manager s BEST course of action?

Question191: Which of the following is the information security manager's PRIMARY role in the information assets classification process?

Question192: An information security manager has researched several options for handling ongoing security concerns and will be presenting these solutions to business managers. Which of the following with BEST enable business managers to make an informed decision?

Question193: Adding security requirements late in the software development life cycle (SDLC) would MOST likely result in:

Question194: Which of the following is the PRIMARY objective of the incident management process?

Question195: Which of the following is the PRIMARY purpose for establishing a bring your own device (BYOD) policy that only permits application downloads from designated online markets.

Question196: Which of the following is the PRIMARY benefit of using a tabletop method to conduct an incident response exercise?

Question197: Which of the following is the MAIN concern when securing emerging technologies?

Question198: Which of the following is the BEST mechanism to prevent data loss in the event personal computing equipment is stolen or lost?

Question199: An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?

Question200: A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:

Question201: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?

Question202: A risk management program will be MOST effective when:

Question203: An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?

Question204: An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Question205: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question206: After an information security business case has been approved by senior management, it should be:

Question207: During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?

Question208: An information security manager has implemented an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

Question209: What is the GREATEST benefit of classifying assets based on sensitivity?

Question210: Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Question211: Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?

Question212: Which of the following BEST measures the effectiveness of an organization's information security strategy?

Question213: Which of the following provides the BEST justification for an information security investment when creating a business case

Question214: Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?

Question215: A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization's information?

Question216: An organization enacted several information security policies to satisfy regulatory requirements. Which of the following situations would MOST likely increase the probability of noncompliance to these requirements?

Question217: Following a risk assessment new countermeasures have been approved by management. Which of the following should be performed NEXT?

Question218: Which of the following is MOST important when prioritizing an information security incident?

Question219: Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Question220: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Question221: Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?

Question222: Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?

Question223: In addition to cost what is the BEST criteria for selecting countermeasures following a risk assessment?

Question224: What would be an information security manager's BEST course of action when notified that the implementation of some security controls is being delayed due to budget constraints?

Question225: Mitigating technology risks to acceptable levels should be based PRIMARILY upon:

Question226: The PRIMARY objective of periodically testing an incident response plan should be to:

Question227: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question228: An information security manager discovers that the organization's new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?

Question229: Which of the following sites is MOST appropriate in the case of a very short recovery time objective (RTO)?

Question230: When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:

Question231: Which of the following BEST facilitates the development of a comprehensive information security policy?

Question232: A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:

Question233: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Question234: An information security manager has been asked to identify potential threats to the organization's information.
Which of the following should be done FIRST'

Question235: Which of the following is the MOST effective method to help ensure information security incidents are reported?

Question236: Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?

Question237: A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

Question238: Which of the following is the PRIMARY product of a business impact analysis (BIA)?

Question239: A core business unit relies on an effective legacy system that does not meet the current security standards and threatens that enterprise network. Which of the following is the BEST course of action to address the situation?

Question240: Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

Question241: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?

Question242: The MOST important reason for an information security manager to be involved in the change management process is to ensure that:

Question243: Which of the following is the GREATEST benefit of information asset classification to an organization?

Question244: An organization's IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information security manager?

Question245: In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?

Question246: An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?

Question247: In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOS important for the information security manager to ensure:

Question248: In information security governance, the PRIMARY role of the board of directors is to ensure:

Question249: Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

Question250: A new version of an information security regulation is published that requires an organization's compliance.
The information security manager should FIRST

Question251: Which of the following is the BKT approach for an information security manager when developing new information security policies?

Question252: Information security governance is PRIMARILY driven by which of the following?

Question253: A multinational organization has developed a bring your own device (BYOD) policy that requires the installation of mobile device management (MDM) software on personally owned devices. Which of the following poses the GREATEST challenge for implementing the policy?

Question254: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?

Question255: An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. The information security manager s MOST important course of action is to:

Question256: Which of the following is the MOST important element of an effective external information security communication plan?

Question257: When preparing a disaster recovery plan, which of the following would BEST help in prioritizing the restoration of business systems?

Question258: Which of the following should be the information security manager's NEXT step following senior management approval of the information security strategy?

Question259: What should be the information security manager s MOST important consideration when planning a disaster recovery test?

Question260: Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?

Question261: Risk management is MOST cost-effective;

Question262: Which of the following is BEST to include in a business case when the return on investment (RIO) for an information security initiative is difficult to calculate?

Question263: Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?

Question264: Which of the following is the MOST reliable source of information about emerging information security threats and vulnerabilities?

Question265: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

Question266: An organization's recent risk assessment has identified many areas of security risk, and senior management has asked for a five-minute overview of The assessment results. Which of the following is the information security manager's BEST option for presenting this information?

Question267: An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?

Question268: Which of the following should be of MOST influence to an information security manager when developing IT security policies?

Question269: Which of the following is the BEST option for addressing regulations that will adversely affect the allocation of information security program resources?

Question270: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

Question271: An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to:

Question272: Which of the following would BEST support a business case to implement a data leakage prevention (DLP) solution?

Question273: A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that

Question274: Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?

Question275: A recent phishing attack investigation showed that several employees had used their work email addresses to create personal accounts on a shopping site that had been breached. What is the BEST way to prevent this

Question276: When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:

Question277: The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

Question278: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?

Question279: An organization's marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?

Question280: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question281: An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization 5 FIRST action?

Question282: An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?

Question283: After assessing risk, the decision to treat the risk should be based PRIMARILY on:

Question284: Which of the following is the BEST method to defend against social engineering attacks?

Question285: Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?

Question286: During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

Question287: Which of the following is the BEST indication that an information security control is no longer relevant?

Question288: When establishing the trigger levels for an organization's key risk indicators (KRIs), the thresholds should be based PRIMARILY on the organization's:

Question289: Which of the following should be an information security managers FIRST course of action following a decision to implement a new technology?

Question290: Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

Question291: Which of the following is BEST determined by using technical metrics?

Question292: What should be an information security manager's FIRST course of action upon learning of a security threat that has occurred in the industry for the first time?

Question293: Which of the following is MOST relevant for an information security manager to communicate to IT operations?

Question294: Which of the following is the MOST effective mitigation strategy to protect confident information from inside threats?

Question295: Which of the following is MOST critical to the successful implementation of information security within an organization?

Question296: Which of the following would be MOST important to consider when implementing security settings for a new system'

Question297: Which of the following MUST be established before implementing a data loss prevention (DLP) system?

Question298: The MOST important reason to maintain key risk indicators (KRIs) is that: