EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is MOST important to consider when developing a security awareness program in an organization?

Question2: Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

Question3: Which of the following is the MOST effective way for an Information security manager to ensure that security is incorporated into an organization's project development processes?

Question4: After a server has been attacked, which of the following is the BEST course of action?

Question5: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?

Question6: Which of the following roles should be separated?

Question7: During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

Question8: Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?

Question9: An organization has experienced a ransomware attack. Which of the following is the BEST course of action to prevent further attacks?

Question10: Which of the following would be MOST effective in preventing malware from being launched through an email attachment?

Question11: Which of the following is the PRIMARY purpose of red team testing?

Question12: Which of the following BEST enables effective closure of noncompliance issues?

Question13: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

Question14: Which of the following BEST measures the effectiveness of an organization's information security strategy?

Question15: An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?

Question16: The MOST important reason that security risk assesements should be conducted frequently through an organization is because:

Question17: Which of the following is the PRIMARY reason for performing an analysis of the threat landscape on a regular basis?

Question18: To prevent computers on the corporate network from being used as part of a distributed denial of service (DDoS) attack, the information security manager should use:

Question19: Senior management wants to provide mobile devices to its sales force. Which of the following should the Information security manager do FIRST to support this objective?

Question20: In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?

Question21: When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?

Question22: In the development of an information security strategy, recovery time objectives (RTOs) will serve as indicators of:

Question23: The FIRST step in a risk assessment for a business application is to:

Question24: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Question25: When developing security standards, which of the following would be MOST appropriate to include?

Question26: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:

Question27: Which of the following would BEST enable an organization to effectively monitor the implementation of standardized configurations?

Question28: Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

Question29: Which of the following is the MAIN concern when securing emerging technologies?

Question30: When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?

Question31: Which of the following is MOST likely to increase end user security awareness in an organization?

Question32: What is a potential issue when emails are encrypted and digitally signed?

Question33: The GREATEST benefit of choosing a private cloud over a public cloud would be:

Question34: Which of the following is the MOST effective control to reduce the impact of ransomware attacks?

Question35: Key systems necessary for branch operations reside at corporate headquarters. Branch A is negotiating with a third party to provide disaster recovery facilities. Which of the following contract terms would be the MOST significant concern?

Question36: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?

Question37: Which of the following BIST validates that security controls are implemented in a new business process?

Question38: Which of the following is the MOST important function of information security?

Question39: Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?

Question40: Which of the following is the GREATEST benefit of information asset classification?

Question41: Which of the following is the MOST significant security risk in IT asset management?

Question42: Which of the following BEST indicates senior management support for an information security program?

Question43: Which of the following threats is prevented by using token-based authentication?

Question44: Which of the following is the GREATEST risk associated with the head of information security reporting to the chief information officer (CIO)?

Question45: Which of the following is the responsibility of a data owner?

Question46: Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?

Question47: The PRIMARY purpose of a risk assessment is to enable business leaders to:

Question48: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?

Question49: Labeling information according to its security classification:

Question50: Which of the following is the MOST effective approach of delivering security incident response training?

Question51: System logs and audit logs for sensitive systems should be stored

Question52: Which of the following is the PRIMARY purpose of establishing an information security governance framework?

Question53: Which of the following would BEST ensure thai security risk assessment is integrated into the life cycle of major IT projects

Question54: A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:

Question55: An organization is considering whether to allow employees to use personal computing devices for business purposes To BEST facilitate senior management's decision, the information security manager should:

Question56: Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

Question57: To meet operational business needs. IT staff bypassed the change process and applied an unauthorized update to a critical business system Which of the following is the information security manager's BEST course of action?

Question58: An organization establishes an internal document collaboration site. To ensure data confidently of each project group, it is MOST important to:

Question59: A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

Question60: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Question61: Senior management has allocated funding to each of the organization s divisions to address information security vulnerabilities The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

Question62: Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?

Question63: Which of the following is MOST effective against system intrusions?

Question64: Which of the following BEST demonstrates the effectiveness of the vulnerability management process?

Question65: Information security can BEST be enforced by making security:

Question66: Which of the following MOST effectively helps an organization to align information security governance with corporate governance?

Question67: Which of the following incident response team (IRT) models is ideal for an organization that is regionally managed'

Question68: An access rights review revealed that some former employees' access is still active. Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?

Question69: What should be information security manager's FIRST course of action when it is discovered a staff member has been posting corporate information on social media sites?

Question70: An organization us& a particular encryption protocol for externally facing web pages and key financial services. A security firm publicizes a critical security flaw in the encryp manager do FIRST?

Question71: An information security manager is reviewing the business case for a security project that is entering the development phase It is determined that the estimates cost of the controls is now greater than the risk being mitigated. What is the information security manager's BEST recommendation?

Question72: Which of the following is the MOST important reason to develop an organizational threat profile?

Question73: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question74: Which of the following is the BEST indicator to demonstrate whether information security investments are optimally supporting organizational objecti.....

Question75: An audit reveals that some of an organizations software is end-of-life and the vendor will no longer provide support or security patches. Which of the following is the BEST way for the information security manager to address this situation?

Question76: Who should decide the extent to which an organization will comply with new cybersecurity regulatory requirements?

Question77: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?

Question78: Which of the following metrics would be considered an accurate measure of an information security program's performance?

Question79: Which of the following is MOST important to include in contracts with key third-party providers?

Question80: Which of the following is the MOST appropriate board-level activity for information security governance?

Question81: An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?

Question82: Which is the BEST way for an organization to monitor security risk?

Question83: A hash algorithm is used to:

Question84: What should be the PRIMARY basis for defining the appropriate level of access control to information assets?

Question85: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question86: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?

Question87: Which of the following will BEST enable the identification of appropriate controls to prevent repeated occurrences of similar types of information...........

Question88: Which of the following would BEST demonstrate the maturity level of an organization's security incident response program?

Question89: What should be an information security manager's PRIMARY objective in the event of a security incident?

Question90: The BEST way to minimize errors in the response to an incident is to:

Question91: Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Question92: The PRIMARY reason for using information security metrics is to:

Question93: Which of the following is MOST important when carrying out a forensic examination of a laptop to determine an employee s involvement in a fraud?

Question94: Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?

Question95: Which of the following BEST demonstrates effective information security management within an organization?

Question96: What should be the information security manager s MOST important consideration when planning a disaster recovery test?

Question97: A recent phishing attack investigation showed that several employees had used their work email addresses to create personal accounts on a shopping site that had been breached. What is the BEST way to prevent this

Question98: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

Question99: Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?

Question100: An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?

Question101: Which of the following would BEST enable effective decision-making?

Question102: A newly appointed Information security manager finds mere is minimal interaction between departments in identifying ...risk due to the organization's current decentralized structure What is the managers BEST course of action?

Question103: Which of the following is a benefit of using key risk indicators (KRIs)?

Question104: An information security manager finds that corporate information has been stored on a public cloud storage site for business collaboration purposes. Which of the following should be the manager's FIRST action?

Question105: When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?

Question106: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

Question107: An information security manager determines the organizations critical systems may be vulnerable to a new zero-day attack. The FIRST course of action is to:

Question108: Which of the following is the GREATEST risk of single sign-on?

Question109: In a large organization, defining recovery time objectives (RTOs) is PRIMARILY the responsibility of;

Question110: Which of the following is the MOST important requirement for the successful implementation of security governance?

Question111: An online payment provider's computer security incident response team has confirmed that a customer credit card database was breached. Which of the following would be MOST important to include in a report to senior management?

Question112: Which of the following is the MOST effective approach for integrating security into application development?

Question113: An internal security audit has reported that authentication controls are not operating effectively. Which of the following is MOST important to c management?

Question114: An organization s senior management wants to allow employees to access an internal application using their personal mobile devices. Which of the following should be the information security managers FIRST course of action?

Question115: Which of the following is MOST critical for an effective information security governance framework?

Question116: Which of the following is the MOST effective way for an information security manager to protect the organization from misuse of social media?

Question117: Which of the following would be MOST helpful in gaining support for a business case for an information security initiative?

Question118: Exceptions to a security policy should be approved based PRIMARILY on:

Question119: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?

Question120: To gain a clear understanding of the impact that a new regulatory will have on an organization's security control, an information manager should FIRST.

Question121: To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:

Question122: A significant gap in an organization's breach containment process has been identified. Which of the following is MOST important for the information security manager to consider updating?

Question123: It is suspected that key emails have been viewed by unauthorized parties The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing. Which of the following is the BEST recommended course of action to senior management?

Question124: Which of the following will BEST facilitate the understanding of information security responsibilities by users across the organization?

Question125: A business unit has updated its long-term business plan to include a strategy of upgrading information management system to increase productivity. To support this initiative, with the information security strategy?

Question126: Which of the following is the BEST indicator that an organization is appropriately managing risk?

Question127: In a large organization, which of the following is the BEST source for identifying ownership of a PC?

Question128: An organization has decided to migrate a customer facing on-premise application to a cloud provider. Which of the following would be MOST helpful when assessing the proposed data backup requirements prior to the migration?

Question129: Which of the following is MOST important to consider when determining the effectiveness of the Information security governance program?

Question130: When designing security controls, it is MOST important to:

Question131: Which of the following will BEST enable an effective information asset classification process?

Question132: The MOST effective control to detect fraud inside an organization's network is to:

Question133: When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?

Question134: Which of the following is the BEST course of action for an information security manager to align security and business goals?

Question135: Which of the following BEST supports the alignment of information security with business functions?

Question136: The MOST important outcome of information security governance is:

Question137: When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:

Question138: Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?

Question139: Which of the following metrics provides the BEST indication of the effectiveness of a security awareness campaign?

Question140: Which of the following is the BEST method to defend against social engineering attacks?

Question141: Which of the following will provide the MOST accurate test results for a disaster recovery plan (DRP)?

Question142: Which of the following is the BEST approach when using sensitive customer data during the testing phase of a systems development project?

Question143: Which of the following is the MOST important delivery outcome of information security governance?

Question144: Which of the following would provide senior management with the BEST information to better understand the organization's information security risk profile?

Question145: Planning for the implementation of an information security program is MOST effective when it:

Question146: Which of the following is MOST helpful to developing a comprehensive Information security strategy?

Question147: Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen laptop?

Question148: Which of the following approaches is BEST for selecting controls to minimize information security risks?

Question149: Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

Question150: Which of the following should be done FIRST when considering a new security initiative?

Question151: The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

Question152: Which of the following provides the BEST justification for an information security investment when creating a business case

Question153: Which of the following is the MOST important consideration when updating procedures for managing security devices?

Question154: An organization is MOST at risk from a new worm being introduced through the intranet when:

Question155: In information security governance, the PRIMARY role of the board of directors is to ensure:

Question156: Which of the following should an information security manager do FIRST after learning about a new regulation that affects the organization?

Question157: An information security manager wants to implement a security Information and event management (SIEM) system that will aggregate log data from all systems that control perimeter access. Which of the following would BEST support the business case for this initiative to senior management?

Question158: The BEST way to determine the current state of information security with regard to defined security objectives is by performing a:

Question159: Which of the following is MOST helpful in protecting against hacking attempts on the production network?

Question160: What is the BEST way for a customer to authenticate an e-commerce vendor?

Question161: An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. The information security manager s MOST important course of action is to:

Question162: Which of the following factors is MOST likely to increase the chances of a successful social engineering attack?

Question163: An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?

Question164: Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

Question165: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

Question166: Which of the following tools BEST demonstrates the effectiveness of the information security program?

Question167: Which of the following would provide the MOST useful input when creating an information security program?

Question168: Which of the following is MOST important to consider when developing a disaster recovery plan?

Question169: Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?

Question170: Which of the following metrics would provide management with the MOST useful information about the effectiveness of a security awareness program?

Question171: An online trading company discovers that a network attack has penetrated the firewall What should be the information security manager's FIRST response?

Question172: An information security manager suspects that the organization has suffered a ransomware attack. What should be done FIRST

Question173: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Question174: For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?

Question175: A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?

Question176: Which of the following is BEST to include in a business case when the return on investment (RIO) for an information security initiative is difficult to calculate?

Question177: Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?

Question178: A policy has been established requiting users to install mobile device management (MDM) software on their personal devices Which of the following would BEST mitigate the risk created by noncompliance with this policy?

Question179: Which of the following is the BEST way to measure the effectiveness of a newly implemented social engineering training program?

Question180: Information security governance is PRIMARILY driven by which of the following?

Question181: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Question182: Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?

Question183: An information security program should be established PRIMARILY on the basis of:

Question184: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question185: In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security manager?

Question186: Which of the following should be the PRIMARY consideration when developing a security governance framework for an enterprise?

Question187: Which of the following is the MOST important consideration when designing information security architecture?

Question188: Which of the following is the MOST important consideration when developing an incident management program?

Question189: Which of the following BEST supports effective information security governance"*

Question190: An organization has announced new initiatives to establish a big data platform and develop mobile apps. What is the FIRST step when defining new human resource requirements?

Question191: The PRIMARY objective for using threat modeling in web application development should be to:

Question192: An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?

Question193: Which of the following would BEST ensure that application security standards are in place?

Question194: Which of the following is the MOST effective preventive control?

Question195: Which of the following BEST promotes stakeholder accountability in the management of information security risks?

Question196: In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

Question197: A security team is conducting its annual disaster recovery test. Post-restoration testing shows the system response time is significantly slower due to insufficient bandwidth for Internet connectivity at the recovery center. Which of the following is the security manager's BEST course of action?

Question198: Which of the following should be the FIRST course of action when it becomes apparent that the recovery time objective (RTO) will not be met during incident response

Question199: Which of the following is MOST helpful in integrating information security governance with corporate governance?

Question200: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

Question201: What should be an information security manager's BEST course of action if funding for a security-related initiative is denied by a steering committee?

Question202: Which of the following would BEST support a business case to implement a data leakage prevention (DLP) solution?

Question203: An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?

Question204: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

Question205: To ensure IT equipment meets organizational security standards, the MOST efficient approach is to:

Question206: Which of the following is the PRIMARY purpose for establishing a bring your own device (BYOD) policy that only permits application downloads from designated online markets.

Question207: An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented The need to make this ransom payment?

Question208: Which of the following is the BEST indication that an organization is able to comply with information security requirements?

Question209: In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOS important for the information security manager to ensure:

Question210: An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?

Question211: Which of the following is MOST important for an information security manager to highlight when presenting the organization s security posture to an executive audience?

Question212: Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?

Question213: Which of the following is an information security manager's BEST course of action upon learning of new cybersecurity regulatory requirements that apply to the organization?

Question214: What is the PRIMARY purpose of communicating business impact to an incident response team?

Question215: Inadvertent disclosure of internal business information on social media is BEST minimized by which of the following?

Question216: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?

Question217: When an operating system is being hardened, it is MOST important for an information security manager to ensure that

Question218: When supporting a large corporation's board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?

Question219: BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:

Question220: When preparing a strategy for protection from SQL injection attacks, it is MOST important for the information security manager to involve:

Question221: An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization 5 FIRST action?

Question222: An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?

Question223: Which of the following is MOST important when selecting an information security metric?

Question224: When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:

Question225: Application data integrity risk would be MOST directly addressed by a design that includes:

Question226: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?

Question227: Which of the following provides the GREATEST assurance that existing controls meet compliance requirements?

Question228: The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:

Question229: An organization is considering moving lo a cloud service provider for the storage of sensitive data Which of the following .... consideration FIRST?

Question230: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

Question231: Which of the following is MOST likely to occur following a security awareness campaign''

Question232: An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?

Question233: Which of the following is the MOST effective way to detect security incidents?

Question234: Which of the following should be the information security manager's NEXT step following senior management approval of the information security strategy?

Question235: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of activity----

Question236: Which of the following helps to ensure that the appropriate resources are applied in a timely manner after an incident has occurred?

Question237: After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

Question238: Which of the following approaches would MOST likely ensure that risk management is integrated into the business life cycle processes?

Question239: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

Question240: During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Question241: What should be an organization'.MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?

Question242: Which of the following is the PRIMARY reason an information security strategy should be deployed across an organization?

Question243: An organization planning to contract with a cloud service provider is concerned about the risk of account hijacking at login. What is MOST important for the organization in its security requirements to address this concern?

Question244: Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?

Question245: A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?

Question246: Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?

Question247: Which of the following is MOST critical when creating an incident response plan?

Question248: Penetration testing is MOST appropriate when a:

Question249: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Question250: Which of the following is the PRIMARY purpose of data classification?

Question251: The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:

Question252: A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization's information?

Question253: Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a publicly facing .....

Question254: An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:

Question255: Which of the following should be the MOST important criteria when defining data retention policies?

Question256: Which of the following is the PRIMARY purpose for defining key performance indicators (KPIs) for a security program?

Question257: Which is MOST important to enable a timely response to a security breach?

Question258: Which of the following would BEST enhance firewall security?

Question259: Which of the following metrics is the MOST appropriate for measuring how well information security is performing in dealing with outside attacks?

Question260: Which of the following should be communicated FIRST to senior management once an information security incident has been contained?

Question261: Which of the following should be reviewed to obtain a structured overview of relevant information about an information security investment?

Question262: Which of the following should be an information security manager's PRIMARY consideration when developing an incident response plan?

Question263: Which of the following measures BEST indicates an improvement in the information security program to stakeholders?

Question264: When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Question265: An information security manager learns users of an application are frequently using emergency elevated access privileges to process transactions Which of the following should be done FIRST?

Question266: An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Question267: After adopting an information security framework, an information security manager is working with senior management to change the organization-wide perception that information security is solely the responsibility of the information security department. To achieve this objective, what should be the information security manager's FIRST initiative?

Question268: Which of the following is the MOST important outcome from vulnerability scanning?

Question269: Which of the following is the MOST reliable source of information about emerging information security threats and vulnerabilities?

Question270: Which of the following would BEST help an information security manager prioritize remediation activities to meet regulatory requirements?

Question271: Which of the following should the information security manager do FIRST after a security incident has been reported?

Question272: Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Question273: An information security manager has been made aware that implementing a control would have an adverse impact to the business. The business manager has suggested accepting the risk. The BEST course of action by the information security manager would be to:

Question274: An organization rolled out information security awareness training and wants to perform an end-ot-year assessment to determine the program's success. Which of the following would be the BEST indicator of the program's effectiveness?

Question275: An organization's information security manager will find it MOST difficult to perform a post-incident review of a data leakage event when it is related to:

Question276: Which of the following would contribute MOST to employees' understanding of data handling responsibilities?

Question277: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?

Question278: Which of the following is the MAIN objective of classifying a security incident as soon as it is discovered?

Question279: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

Question280: Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?

Question281: What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Question282: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

Question283: What is the MOST important role of an organization's data custodian in support of the information security function?

Question284: Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?

Question285: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?

Question286: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?

Question287: Which of the following is the PRIMARY reason to invoke continuity and recovery plans?

Question288: The PRIMARY objective of a risk response strategy should be:

Question289: When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

Question290: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

Question291: Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?

Question292: The MOST important reason to maintain metrics for incident response activities is to

Question293: When training an incident response team, the advantage of using tabletop exercises is that they:

Question294: When responding to an incident, which of the following is required to ensure evidence remains legally admissible in court?

Question295: An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?

Question296: Which of the following should be an information security manager's MOST important consideration when determining if an information asset has been classified appropriate.

Question297: Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?

Question298: Which of the following is an indicator of improvement in the ability to identify security risks?

Question299: Which of the following BEST enables an effective escalation process within an incident response program?

Question300: Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?

Question301: Adding security requirements late in the software development life cycle (SDLC) would MOST likely result in:

Question302: The effectiveness of an information security governance framework will BEST be enhanced if:

Question303: Which of the following would provide nonrepudiation of electronic transactions?

Question304: When reporting on the effectiveness of the information security program, which of the following is the BEST way lo demonstrate improvement m security performance?

Question305: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Question306: The MOST important reason to have a well-documented and tested incident response plan in place is to:

Question307: Which of the following is MOST important when selecting a third-party security operations center?

Question308: An organization has established information security policies, but the information security the MOST likely reason for this situation?

Question309: Which of the following should be the MOST important consideration when reporting sensitive risk-related information to stakeholders?

Question310: Which of the following is MOST helpful to an information security manager when determining service level requirements for an outsourced application?

Question311: Which of the following is BEST performed by the security department?

Question312: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?

Question313: The MOST important objective of security awareness training for business staff is to:

Question314: Which of the following is MOST important to consider when defining control objectives?

Question315: Which of the following is the MOST important reason for an organization to develop an information security governance program?

Question316: A business previously accepted the risk associated with a zero-day vulnerability The same vulnerability was recently exploited in a high-profile attack on another organization m the same Industry Which of the following should be the information security manager's FIRST course of action?

Question317: Which of the following is the GREATEST risk associated with the installation of an intrusion prevention system (IPS)?

Question318: Which of the following is an organization's BEST approach for media communications when experiencing a disaster?

Question319: Which of the following is the MOST effective method of preventing deliberate internal security breaches?

Question320: Business applications should be selected for disaster recovery testing on the basis of:

Question321: Which of the following is the MOST effective method for categorizing system and data criticality during the risk assessment process?

Question322: Cold sites for disaster recovery events are MOST helpful in situations in which a company:

Question323: When is the BEST time to identify the potential regulatory risk a new service provider presents to the organization?

Question324: After a recent malware Incident an organization's IT steering committee has asked the information security manager for a presentation on the status of the information security program. Which of the following is MOST important to address in the presentation?

Question325: Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?

Question326: It is MOST important tot an information security manager to ensure that security risk assessments are performed:

Question327: Which of the following is the MOST effective way to identify changes in an information security environment?

Question328: Which of the following should be the PRIMARY input when defining the desired state of security within an organization?

Question329: Which of the following is the BEST way for an Information security manager to gain wider acceptance for an information security policy that is perceived as restrictive?

Question330: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question331: The success of a computer forensic investigation depends on the concept of:

Question332: Which of the following presents the GREATEST information security concern when deploying an identity and access management solution?

Question333: Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?

Question334: When reporting to senior management on an information security vulnerability that could lead to a potential breach, what information is MOST likely to facilitate the decision-making process?

Question335: Information classification is a fundamental step in determining:

Question336: Which of the following is the BEST mechanism to prevent data loss in the event personal computing equipment is stolen or lost?

Question337: Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?

Question338: Which of the following is an example of a change to the external threat landscape?

Question339: Authorization can BEST be accomplished by establishing:

Question340: Which of the following should be of GREATEST concern to a newly hired information security manager regarding security compliance?

Question341: Which of the following is the GREATEST benefit of a centralized approach to coordinating information security?

Question342: A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?

Question343: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Question344: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?

Question345: Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:

Question346: Which of the following is the information security manager's PRIMARY role in the information assets classification process?

Question347: An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?

Question348: The PRIMARY objective of periodically testing an incident response plan should be to:

Question349: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?

Question350: Which of the following is the PRIMARY objective of implementing an information security strategy?

Question351: Which of the following would BEST enable integration of information security governance into corporate governance?

Question352: A new key business application has gone to production. What is the Most important reason to classify and determine the sensitivity of the data used by this application?

Question353: Which of the following is the MOST significant security risk in IT asset management?

Question354: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

Question355: The PRIMARY purpose of a security information and event management (SIEM) system is to:

Question356: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Question357: Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

Question358: A new version of an information security regulation is published that requires an organization's compliance. The information security manager should FIRST

Question359: A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.

Question360: Which of the following provides the MOST relevant evidence of incident response maturity?

Question361: Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)*?

Question362: Which of the following is the BEST method for management to obtain assurance of compliance with its security policy?

Question363: An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organizations information security manager?

Question364: Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Question365: Which of the following provides the GREATEST assurance that information security is addressed in change management?

Question366: Which of the following BEST determines an information asset's classification?

Question367: An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would BEST enable the information security manager to address this concern?

Question368: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?

Question369: An organization is the victim of an attack generating multiple incident reports. Which of the following will BEST enable incident handling and contain exposure?

Question370: Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:

Question371: Which of the following is the BEST way to facilitate the alignment between an organization's information security program and business objectives?

Question372: Which of the following is the FlRST step to promoting acceptable behavior with regard to information security throughout an organization?

Question373: An attacker was able to gain access to an organizations perimeter firewall and made changes to allow wider external access and to steal dat a. Which of the following would have BEST provided timely identification of this incident?

Question374: Which of the following should provide the PRIMARY basis for formulating an information security strategy?

Question375: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

Question376: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

Question377: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Question378: Which of the following provides the BEST input to maintain an effective asset classification program?

Question379: Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?

Question380: Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?

Question381: Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information security manager s NEXT step should be to:

Question382: What should an information security manager do FIRST upon learning that the third-party provider responsible for a mission-critical process is subcontracting critical functions to other providers?

Question383: Which of the following should be of MOST influence to an information security manager when developing IT security policies?

Question384: Which of the following is MOST helpful in determining the prioritization of available incident response resources?

Question385: The PRIMARY benefit of integrating information security activities into change management processes is to:

Question386: Which of the following is the MOST important criterion for complete closure of a security incident?

Question387: The BEST way 10 establish a security baseline is by documenting

Question388: An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST"

Question389: Which of the following is MOST likely to drive an update to the information security strategy?

Question390: Which of the following would BEST enable management to be aware of an electronic breach to an externally hosted database?

Question391: The selection of security controls is PRIMARILY linked to:

Question392: Which of the following should be an information security manager's PRIMARY role when an organization initiates a data classification process?

Question393: An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?

Question394: The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

Question395: A business unit manager wants to adopt an emerging technology that may affect the organization. Which of the following would be the information security manager's BEST course of action?

Question396: A system administrator failed to report a security incident where the critical application server was not available to the business users. Which of the following is the BEST way to prevent a reoccurrence?

Question397: Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?

Question398: An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective To include in this presentation?

Question399: Which of the following is the GREATEST benefit of information asset classification to an organization?