Question1: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?
Question2: Which of the following BEST demonstrates the maturity of an information security monitoring program?
Question3: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Question4: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?
Question5: With limited resources in the information security department which of the following is the BEST approach for managing security risk?
Question6: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:
Question7: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?
Question8: Which is MOST important when contracting an external party to perform a penetration test?
Question9: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification foi granting an exception to the policy?
Question10: Which of the following is BEST performed by the security department?
Question11: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:
Question12: Which of the following is MOST important to the successful development of an information security strategy?
Question13: An organization is the victim of a targeted attack, and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?
Question14: Which of the following would be MOST helpful to an information security manager tasked with enforcing enhanced password standards?
Question15: Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?
Question16: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?
Question17: The risk of mishandling alerts identified by an intrusion detection system (lDS) would be the GREATEST when:
Question18: Which of the following would provide senior management with the BEST information to better understand the organization's information security risk profile?
Question19: The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:
Question20: Which of the following is the BEST way to ensure information security metrics are meaningful?
Question21: The MOST important reason for an information security manager to be involved in the change management process is to ensure that:
Question22: Which of the following is the MOST effective approach for integrating security into application development?
Question23: Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?
Question24: An information security manager has observed multiple exceptions for a number of different security controls.
Which of the following should be the information security manager's FIRST course of action?
Question25: Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following is the manager s BEST course of action?
Question26: Which type of test is MOST effective in communicating the roles of end users to support timely identification and response to information security incidents?
Question27: Which of the following is the- BEST method to determine whether an information security program meets an organization s business objectives?
Question28: An access rights review revealed that some former employees' access is still active. Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?
Question29: An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:
Question30: Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA). Which of the following is the information security manager's BEST course of action?
Question31: When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
Question32: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?
Question33: Which of the following will BEST enable an effective information asset classification process?
Question34: When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
Question35: An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. The information security manager s MOST important course of action is to:
Question36: Which of the following is the MOST beneficial outcome of testing an incident response plan?
Question37: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?
Question38: Which of the following is MOST important to building an effective information security program?
Question39: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
Question40: An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
Question41: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
Question42: What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
Question43: Which of the following tools BEST demonstrates the effectiveness of the information security program?
Question44: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?
Question45: Which of the following BEST indicates senior management support for an information security program?
Question46: Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?
Question47: A validated patch to address a new vulnerability that may affect a mission-critical server has been released.
What should be done immediately?
Question48: Implementing a strong password policy is part of an organization s information security strategy for the year.
A business unit believes the strategy may adversely affect a client's adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following is the information security manager s BEST course of action?
Question49: As the security program matures, which of the following reports presented to senior management provides the MOST insight on the importance of the security program7
Question50: Which of the following processes would BEST aid an information security manager in resolving systemic security issues?
Question51: A team developing an interface to a key financial system has identified a security flaw in one of the libraries.
Remediating the flaw would require major system redesign. What should the information security manager do NEXT?
Question52: Which of the following would provide the MOST comprehensive view of the effectiveness of the information security function within an organization?
Question53: It is MOST important tot an information security manager to ensure that security risk assessments are performed:
Question54: Which of the following would be MOST helpful in gaining support for a business case for an information security initiative?
Question55: The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:
Question56: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?
Question57: An organization has experienced a ransomware attack. Which of the following is the BEST course of action to prevent further attacks?
Question58: Which of the following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?
Question59: What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?
Question60: The effectiveness of security awareness programs in fostering positive security cultures is MOST dependent upon employee:
Question61: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..
Question62: The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:
Question63: Which of the following is the MOST effective mitigation strategy to protect confident information from inside threats?
Question64: An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior managements.
Question65: A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:
Question66: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?
Question67: Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization's information security risk position?
Question68: When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
Question69: Which of the following is the MOST important step in risk ranking?
Question70: When reporting to senior management on an information security vulnerability that could lead to a potential breach, what information is MOST likely to facilitate the decision-making process?
Question71: To gain a clear+ understanding of the impact that a new regulatory requirement will have on an organization s information security controls, an information security manager should FIRST:
Question72: Which of the following is the BEST evidence that proper security monitoring controls are in place?
Question73: Which of the following should an incident response team do NEXT after validating an event is an incident?
Question74: Which of the following is MOST critical for the successful implementation of an information security strategy?
Question75: Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
Question76: An organization is considering a self-service solution for the deployment of virtualized development servers.
Which of the following should be information security manager's PRIMARY concern?
Question77: A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?
Question78: An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager s FIRST course of action?
Question79: An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?
Question80: When responding to an incident, which of the following is required to ensure evidence remains legally admissible in court?
Question81: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:
Question82: Which of the following is MOST important for effective communication during incident response?
Question83: Which of the following is MOST relevant for an information security manager to communicate to IT operations?
Question84: Which of the following MOST effectively prevents internal users from modifying sensitive data?
Question85: What should be an information security manager's PRIMARY objective in the event of a security incident?
Question86: Following a risk assessment new countermeasures have been approved by management. Which of the following should be performed NEXT?
Question87: Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?
Question88: What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?
Question89: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?
Question90: Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?
Question91: Which of the following metrics would BEST determine the effectiveness of an application security testing program?
Question92: Which of the following defines the minimum security requirements that a specific system must meet?
Question93: Which of the following is the MOST reliable source of information about emerging information security threats and vulnerabilities?
Question94: Calculation of the recovery time objective (RTO) is necessary to determine the:
Question95: Which of the following is MOST helpful to review to gain an understanding of the effectiveness of an organization s information security program?
Question96: In addition to cost what is the BEST criteria for selecting countermeasures following a risk assessment?
Question97: Which of the following metrics is the BEST measure of the effectiveness of an information security program?
Question98: When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?
Question99: Which of the following is MOST helpful in integrating information security governance with corporate governance?
Question100: Shortly after installation, an intrusion detection system (IDS) reports a violation. Which of the following is the MOST likely explanation?
Question101: Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Question102: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?
Question103: The BEST way to obtain funding from senior management for a security awareness program is to:
Question104: To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that security.
Question105: Which of the following is the MOST important element of an effective external information security communication plan?
Question106: A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?
Question107: Which of the following is the PRIMARY reason for performing an analysis of the threat landscape on a regular basis?
Question108: During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?
Question109: Which of the following would BEST ensure that application security standards are in place?
Question110: Which of the following needs to be established between an IT service provider and its clients to BEST enable adequate continuity of service in preparation for an outage?
Question111: Which of the following is BEST determined by using technical metrics?
Question112: Application data integrity risk would be MOST directly addressed by a design that includes:
Question113: Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?
Question114: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?
Question115: The BEST way to minimize errors in the response to an incident is to:
Question116: Which of the following should be the PRIMARY consideration when developing a security governance framework for an enterprise?
Question117: An information security manager has been alerted to a possible incident involving a breach at one of the organization's vendors. Which of the following should be done FIRST?
Question118: Cold sites for disaster recovery events are MOST helpful in situations in which a company:
Question119: When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?
Question120: Which of the following is the MOST important part of an incident response plan?
Question121: When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:
Question122: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?
Question123: When integrating information security requirements into software development, which of the following practices should be FIRST in the development lifecycle?
Question124: An organization is MOST at risk from a new worm being introduced through the intranet when:
Question125: Which of the following would be MOST effective in preventing malware from being launched through an email attachment?
Question126: An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?
Question127: The PRIMARY objective for using threat modeling in web application development should be to:
Question128: Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?
Question129: A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:
Question130: A new privacy regulation is due to take effect in a region where an organization does business. Which of the following would be MOST helpful in understanding what .. needs to do to maintain compliance?
Question131: An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented The need to make this ransom payment?
Question132: An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
Question133: The BEST way to improve the effectiveness of responding to and communicating security incidents is to ensure:
Question134: When preparing a strategy for protection from SQL injection attacks, it is MOST important for the information security manager to involve:
Question135: Which of the following is MOST important when prioritizing an information security incident?
Question136: When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure that the:
Question137: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?
Question138: Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?
Question139: Which of the following would BEST fulfill a board of directors' request for a concise
Question140: A business unit has updated its long-term business plan to include a strategy of upgrading information management systems to increase productivity. To support this initiative, what should be the PRIMARY basis for updating the corresponding. information security strategy?
Question141: Which of the following is MOST helpful when justifying the funding required for a compensating control?
Question142: Which of the following is the MOST reliable source of information about emerging information security threats and vulnerabilities?
Question143: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:
Question144: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?
Question145: To minimize security exposure introduced by changes to the IT environment, which of the following is MOST important to implement as part of change management?
Question146: An online payment provider's computer security incident response team has confirmed that a customer credit card database was breached. Which of the following would be MOST important to include in a report to senior management?
Question147: Which of the following would BEST support a business case to implement a data leakage prevention (DLP) solution?
Question148: Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?
Question149: Which of the following is the PRIMARY reason an information security strategy should be deployed across an organization?
Question150: From a business perspective the MOST important function of information security is to support:
Question151: An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:
Question152: The GREATEST benefit of choosing a private cloud over a public cloud would be:
Question153: Which of the following is the BEST approach when using sensitive customer data during the testing phase of a systems development project?
Question154: The PRIMARY purpose of a security information and event management (SIEM) system is to:
Question155: Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?
Question156: Human resources is evaluating potential Software as a Service (SaaS) cloud services, Which of the following should the information security manager do FIRST to support..
Question157: An information security manager learns users of an application are frequently using emergency elevated access privileges to process transactions Which of the following should be done FIRST?
Question158: A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:
Question159: An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?
Question160: Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?
Question161: Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?
Question162: The selection of security controls is PRIMARILY linked to:
Question163: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?
Question164: An information security manager is reviewing the impact of a regulation on the organization's human resources system. The NEXT course of action should be to:
Question165: Which of the following is the BEST way to provide management with meaningful information regarding the performance of the information security program against strategic objectives?
Question166: Which of the following is the MOST important action when using a web application that has recognized vulnerabilities?
Question167: When developing an information security governance framework, which of the following should be the FIRST activity?
Question168: Which of the following contributes MOST to the effective implementation of an information security strategy?
Question169: Which of the following is the BEST course of action for an information security manager to align security and business goals?
Question170: In information security governance, the PRIMARY role of the board of directors is to ensure:
Question171: Which of the following is MOST effective in the strategic alignment of security initiatives?
Question172: Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?
Question173: Which of the following provides the BEST evidence that a recently established information security program is effective?
Question174: The use of a business case to obtain funding for an information security investment is MOST effective when the business case:
Question175: After an information security business case has been approved by senior management, it should be:
Question176: The MOST important reason to use a centralized mechanism to identify information security incidents is to:
Question177: A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization's information?
Question178: The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:
Question179: Utilizing external resources for highly technical information security tasks allows an information security manager to:
Question180: An information security manager is implementing controls to protect the organization's data. The FIRST step in this process should be to:
Question181: Which of the following is the MOST effective way to detect social engineering attacks?
Question182: Which of the following will BEST help to ensure security is addressed when developing a custom application?
Question183: The PRIMARY benefit of integrating information security activities into change management processes is to:
Question184: Which of the following is the MOST effective way to ensure the development of an application system will align with organizational security standards?
Question185: Which of the following would BEST justify spending for a compensating control?
Question186: Which of the following is the PRIMARY objective of the incident management process?
Question187: The BEST way to encourage good security practices is to:
Question188: A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?
Question189: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?
Question190: Which of the following is the MOST important consideration when developing an incident management program?
Question191: Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?
Question192: Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?
Question193: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?
Question194: Which of the following is MOST important to consider when developing a security awareness program in an organization?
Question195: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours.
The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:
Question196: Which of the following is MOST important when establishing a successful information security governance framework?
Question197: In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
Question198: Which of the following is the GREATEST risk associated with the head of information security reporting to the chief information officer (CIO)?
Question199: Which of the following metrics would be considered an accurate measure of an information security program's performance?
Question200: Which of the following measures BEST indicates an improvement in the information security program to stakeholders?
Question201: Which of the following is MOST critical for an effective information security governance framework?
Question202: Deciding the level of protection a particular asset should be given is BEST determined by:
Question203: Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?
Question204: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?
Question205: Which of the following should be an information security managers FIRST course of action following a decision to implement a new technology?
Question206: Which of the following is the MOST effective way to detect security incidents?
Question207: An organization has a policy in which all criminal activity is prosecuted. What is MOST important for the information security manager to ensure when an employee is suspected of using a company computer to commit fraud?
Question208: When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?
Question209: A core business unit relies on an effective legacy system that does not meet the current security standards and threatens that enterprise network. Which of the following is the BEST course of action to address the situation?
Question210: A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?
Question211: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?
Question212: When developing security standards, which of the following would be MOST appropriate to include?
Question213: An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST"
Question214: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.
Question215: The PRIMARY goal of a security infrastructure design is the:
Question216: Which of the following is the MOST important outcome of monitoring and reporting on information security processes?
Question217: When supporting a large corporation's board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?
Question218: Which of the following BEST ensures timely and reliable access to services?
Question219: Which of the following provides the MOST comprehensive understanding of an organization's information security posture?
Question220: An organization's recent risk assessment has identified many areas of security risk, and senior management has asked for a five-minute overview of The assessment results. Which of the following is the information security manager's BEST option for presenting this information?
Question221: After undertaking a security assessment of a production system, the information security manager is MOST likely to:
Question222: An organization has detected potential risk emerging from noncompliance with new regulations in its industry.
Which of the following is the MOST important reason to report this situation to senior management?
Question223: Which of the following is the MOST effective way to identify changes in an information security environment?
Question224: Which of the following would BEST assist an information security manager in gaining strategic support from executive management?
Question225: Who should decide the extent to which an organization will comply with new cybersecurity regulatory requirements?
Question226: What is the PRIMARY role of the information security program?
Question227: When developing a new system, detailed information security functionality should FIRST be addressed:
Question228: Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?
Question229: To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:
Question230: Which of the following is the MOST important driver when developing an effective information security strategy?
Question231: Which of the following sites is MOST appropriate in the case of a very short recovery time objective (RTO)?
Question232: Which of the following is an example of a change to the external threat landscape?
Question233: Which of the following is MOST likely to result from a properly conducted post-incident review?
Question234: Which of the following should be the MOST important criteria when defining data retention policies?
Question235: Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?
Question236: A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:
Question237: Which of the following practices BEST supports the achievement of information security program objectives in the IT function?
Question238: Which of the following is the MOST important reason for performing vulnerability assessments periodically?
Question239: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?
Question240: Which of the following would provide the MOST useful input when creating an information security program?
Question241: Which of the following is the MOST important requirement for the successful implementation of security governance?
Question242: Which of the following is the MOST significant security risk in IT asset management?
Question243: Which of the following is the PRIMARY goal of a risk management program?
Question244: Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Question245: Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen laptop?
Question246: Which of the following BEST reduces the likelihood of leakage of private information via email?
Question247: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?
Question248: Which of the following BEST enables a more efficient incident reporting process?
Question249: When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?
Question250: An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?
Question251: What is the BEST way to manage access to data and applications for large user bases?
Question252: Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information security manager s NEXT step should be to:
Question253: The MOST important reason that security risk assesements should be conducted frequently through an organization is because:
Question254: An application system stores customer confidential data and encryption is not practical. The BEST measure to protect against data disclosure is:
Question255: Which of the following is the MOST effective method for assessing the effectiveness of a security awareness program?
Question256: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?
Question257: Which of the following is MOST important to consider when prioritizing threats during the risk assessment process?
Question258: A third-party contract signed by a business unit manager failed to specify information security requirements Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?
Question259: What is the MOST important role of an organization's data custodian in support of the information security function?
Question260: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
Question261: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?
Question262: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:
Question263: After assessing risk, the decision to treat the risk should be based PRIMARILY on:
Question264: After a server has been attacked, which of the following is the BEST course of action?
Question265: A risk management program will be MOST effective when:
Question266: Which of the following would BEST enhance firewall security?
Question267: An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?
Question268: An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?
Question269: Which of the following is a MAIN security challenge when conducting a post-incident review related to bring your own device (BYOD) in a mature, diverse organization?
Question270: Which of the following is the PRIMARY goal of an incident response team during a security incident?
Question271: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?
Question272: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?
Question273: An information security manager suspects that the organization has suffered a ransomware attack. What should be done FIRST
Question274: Which of the following is the MOST important prerequisite to performing an information security risk assessment?
Question275: Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?
Question276: Which of the following should be the FIRST course of action when it becomes apparent that the recovery time objective (RTO) will not be met during incident response
Question277: Which of the following would be an information security manager's BEST course of action upon learning a third-party cloud provider is not meeting information security with regard to data encryption?
Question278: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
Question279: Which of the following is MOST important to consider when developing a disaster recovery plan?
Question280: In a risk assessment after the identification of threats to organizational assets, the information security manager would:
Question281: When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?
Question282: The PRIMARY goal of a post-incident review should be to
Question283: Which of the following is the BEST reason to reassess risk following an incident?
Question284: Which of the following is the BEST criterion to use when classifying assets?
Question285: Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
Question286: An organization establishes an internal document collaboration site. To ensure data confidently of each project group, it is MOST important to:
Question287: Which of the following would BEST detect malicious damage arising from an internal threat?
Question288: Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
Question289: What should be the PRIMARY basis for establishing a recovery time objective (RTO) for a critical business application?
Question290: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?
Question291: Risk reporting requirements should be PRIMARILY based on:
Question292: An information security manager terms that the root password of an external FTP server may be subject to brute force attacks. Which of the following would be the MOST appropriate way to reduce the likelihood of a successful attack?.
Question293: An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?
Question294: When an operating system is being hardened, it is MOST important for an information security manager to ensure that
Question295: Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?
Question296: Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
Question297: Which of the following would provide nonrepudiation of electronic transactions?
Question298: The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the: