Question1: Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?
Question2: The use of digital signatures ensures that a message:
Question3: An organization has established information security policies, but the information security the MOST likely reason for this situation?
Question4: When two different controls are available to mitigate a risk, an information security manager's recommendation should be based on the results of a:
Question5: The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:
Question6: Which of the following is MOST important when selecting a third-party security operations center?
Question7: Which of the following provides the BEST justification for an information security investment when creating a business case
Question8: Which of the following is the BKT approach for an information security manager when developing new information security policies?
Question9: There are concerns that security events are not reported to management in a timely manner. To address this situation which of the following is MOST important to review?
Question10: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question11: Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?
Question12: Which of the following is MOST important to enable after completing action plan?
Question13: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
Question14: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question15: The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?
Question16: Which of the following metrics would be considered an accurate measure of an information security program's performance?
Question17: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question18: Which of the following would provide the BEST evidence to senior management that security control performance has improved?
Question19: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?
Question20: Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?
Question21: Which of the following is the BEST approach for encouraging business units to assume their roles and responsibilities in an information security program?
Question22: Which of the following would be MOST helpful to an information security manager tasked with enforcing enhanced password standards?
Question23: The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:
Question24: Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?
Question25: An organization recently implemented a data loss prevention (DLP) system. A senior business executive has complained that the system seriously impedes departmental effectiveness. What is the information security manager's BEST course of action?
Question26: What is the BEST way for a customer to authenticate an e-commerce vendor?
Question27: An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?
Question28: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question29: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:
Question30: During the establishment of a service level agreement (SLA) with a cloud service provider, it is MOST important for the information security manager to:
Question31: Which of the following elements of risk is MOST difficult to quantify?
Question32: An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization 5 FIRST action?
Question33: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:
Question34: Which of the following should be an information security manager's PRIMARY role when an organization initiates a data classification process?
Question35: An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?
Question36: The PRIMARY role of an information security steering group is to ensure that:
Question37: Which of the following is MOST important for an information security manager to regularly report to senior management?
Question38: Which of the following is the KST way to align security and business strategies?
Question39: Which of the following is the MOST challenging aspect of securing Internet of Things (loT) devices?
Question40: Which of the following BEST promotes stakeholder accountability in the management of information security risks?
Question41:
Question42: Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
Question43: When integrating information security requirements into software development, which of the following practices should be FIRST in the development lifecycle?
Question44: Which of the following would MOST likely require a business continuity plan to be invoked'
Question45: After logging in to a web application, additional authentication is required at various application points. Which of the following is the PRIMARY reason for such an approach?
Question46: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?
Question47: Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an outsourced cloud provider contract?
Question48: Which of the following is MOST critical to the successful implementation of information security within an organization?
Question49: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?
Question50: Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
Question51: Which of the following circumstances would MOST likely require a review and update to an organization's information security incident response plan?
Question52: Which of the following defines the minimum security requirements that a specific system must meet?
Question53: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question54: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question55: An organization us& a particular encryption protocol for externally facing web pages and key financial services. A security firm publicizes a critical security flaw in the encryp manager do FIRST?
Question56: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question57: Which of the following is MOST relevant for an information security manager to communicate to business units?
Question58: Which of the following is the BEST mechanism to prevent data loss in the event personal computing equipment is stolen or lost?
Question59: Which of the following is the MOST important reason to have documented security procedures and guidelines?
Question60: Which of the following will BEST ensure that risk is evaluated on system level changes?
Question61: What should the information security manager recommend to support the development of a new web application that will allow retail customers to view inventory and order products?
Question62: Which of the following is a PRIMARY responsibility of an information security steering committee?
Question63: To ensure IT equipment meets organizational security standards, the MOST efficient approach is to:
Question64: An organization's information security strategy for the coming year emphasizes reducing the risk of ransomware. Which of the following would be MOST helpful to support this strategy?
Question65: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question66: Which of the following is an information security manager's BEST course of action upon learning of new cybersecurity regulatory requirements that apply to the organization?
Question67: The BEST way to establish a security baseline is by documenting:
Question68: Which of the following is the BEST way to increase the visibility of information security within an organization's culture?
Question69: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:
Question70: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question71: Which of the following is the BKT approach for an information security manager when developing new information security policies?
Question72: Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
Question73: What should be the PRIMARY basis for defining the appropriate level of access control to information assets?
Question74: Which activity is MOST important when identifying the appropriate security controls for a new business application?
Question75: Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?
Question76: An information security manager is concerned about the risk of fire at its data processing center To address this concern, an automatic fire suppression system has been installed Which of the following risk treatments has been applied?
Question77: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?
Question78: Which of the following is the BEST indication that an information security control is no longer relevant?
Question79: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question80: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question81: Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?
Question82: What is the BEST course of action when an Information security manager finds an external service provider has not implemented adequate controls for safeguarding the organization's critical data?
Question83: Which of the following is the MOST important element of an effective external information security communication plan?
Question84: Which of the following would provide the MOST comprehensive view of the effectiveness of the information security function within an organization?
Question85: An information security manager terms that the root password of an external FTP server may be subject to brute force attacks. Which of the following would be the MOST appropriate way to reduce the likelihood of a successful attack?.
Question86: Which of the following factors are the MAIN reasons why large networks are vulnerable?
Question87: An information security manager has discovered an external break-in to the corporate network Which of the following actions should be taken FIRST?
Question88: Which of the following BEST demonstrates the performance of the information security program to Key stakeholders?
Question89: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question90: Labeling information according to its security classification:
Question91: A team developing an interface to a key financial system has identified a security flaw in one of the libraries.
Remediating the flaw would require major system redesign. What should the information security manager do NEXT?
Question92: Which of the following is MOST important when developing a security strategy?
Question93: The FIRST step in a risk assessment for a business application is to:
Question94: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
Question95: Information security awareness programs are MOST effective when they are:
Question96: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question97: Which of the following is the PRIMARY purpose of data classification?
Question98: Which of the following should be the PRIMARY consideration when selecting a recovery site?
Question99: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
Question100: Which of the following is the GREATEST risk of single sign-on?
Question101: Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?
Question102: Which of the following BEST enables an information security manager to communicate the capability of security program functions?
Question103: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question104: Which of the following is the BEST method to defend against social engineering attacks?
Question105: When supporting a large corporation's board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?
Question106: The BEST way to obtain funding from senior management for a security awareness program is to:
Question107: A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:
Question108: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?
Question109: A business impact analysis (BIA) should be periodically executed PRIMARILY to:
Question110: Which of the following is MOST helpful in determining the prioritization of available incident response resources?
Question111: Which of the following BEST demonstrates the effectiveness of the vulnerability management process?
Question112: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question113: The PRIMARY reason for implementing scenario-based training for incident response is to:
Question114: Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?
Question115: Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Question116: An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?
Question117: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
Question118: Which of the following is MOST important when allowing employees to work at home using personally owned devices?
Question119: A security incident has resulted in a failure of the enterprise resource planning (ERP) system. While the incident is handled by the incident response team, the help desk is overrun by queries from department managers on the state of the ERP system. What is the MOST likely reason for this situation?
Question120: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?
Question121: Which of the following tools BEST demonstrates the effectiveness of the information security program?
Question122: An attacker was able to gain access to an organizations perimeter firewall and made changes to allow wider external access and to steal dat a. Which of the following would have BEST provided timely identification of this incident?
Question123: Which of the following is the BEST way to prevent employees from making unauthorized comments to the media about security incidents in progress?
Question124: A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?
Question125: When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:
Question126: When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:
Question127: Which of the following outsourced services has the GREATEST need for security monitoring?
Question128: Which of the following is the MOST appropriate board-level activity for information security governance?
Question129: Which of the following would be an information security manager's BEST course of action upon learning a third-party cloud provider is not meeting information security with regard to data encryption?
Question130: Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
Question131: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
Question132: Which of the following is the MOST effective approach for integrating security into application development?
Question133: Which of the following BEST protects against phishing attacks?
Question134: Which of the following is BEST to include in a business case when the return on investment (RIO) for an information security initiative is difficult to calculate?
Question135: A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that
Question136: Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?
Question137: The risk of mishandling alerts identified by an intrusion detection system (lDS) would be the GREATEST when:
Question138: For an organization with operations in different parts of the world, the BEST approach for ensuring that security policies do not conflict with local laws and regulations is to:
Question139: Which of the following is MOST likely to increase end user security awareness in an organization?
Question140: Which of the following would be MOST important to include in a business case to help obtain senior management's commitment for an information security investment?
Question141: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question142: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question143: An information security program should be established PRIMARILY on the basis of:
Question144: Which of the following is MOST important for an information security manager to highlight when presenting the organization s security posture to an executive audience?
Question145: Which of the following is the BEST way to measure the effectiveness of a newly implemented social engineering training program?
Question146: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:
Question147: Which of the following is the MOST important characteristic of an effective security policy?
Question148: An organization has purchased a security Information and event management (SIEM) tool. Which of the following is MOST important lo consider before implementation?
Question149: What is the PRIMARY purpose of communicating business impact to an incident response team?
Question150: Exceptions to a security policy should be approved based PRIMARILY on:
Question151: An information security manager wants to justify the Investment required to integrate information security into business processes. What should be the FIRST course of action?
Question152: Which of the following BEST demonstrates alignment between information security governance and corporate governance?
Question153: The PRIMARY benefit of integrating information security activities into change management processes is to:
Question154: What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?
Question155: Which of the following is an example of a vulnerability?
Question156: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its
Question157: An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?
Question158: Which of the following is the GREATEST security threat when an organization allows remote access through a virtual private network (VPN)?
Question159: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question160: Which aspect of an incident response plan will MOST effectively help to limit reputational damage when multiple media services are seeking a response following a major security breach?
Question161: Which of the following would present the GREATEST challenge to integrating information security governance into corporate governance?
Question162: The PRIMARY purpose of implementing information security governance metrics is to:
Question163: An organization s senior management is encouraging employees to use social media for promotional purposes.
Which of t following should be the information security manager's FIRST step to support this strategy?
Question164: What is the BEST way to manage access to data and applications for large user bases?
Question165: Which of the following statements indicates that a previously failing security program is becoming successful?
Question166: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question167: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
Question168: An information security manager has been asked to identify potential threats to the organization's information.
Which of the following should be done FIRST'
Question169: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?
Question170: Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
Question171: Which of the following will BEST facilitate the development of appropriate incident response procedures?
Question172: In addition to cost what is the BEST criteria for selecting countermeasures following a risk assessment?
Question173: Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?
Question174: Which of the following is MOST likely to be included in an enterprise information security policy?
Question175: When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?
Question176: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
Question177: What should the information security manager do FIRST when end users express that new security controls are too restrictive?
Question178: Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when information security management is:
Question179: What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
Question180: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question181: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:
Question182: A risk assessment report shows that phishing attacks are an emerging threat for an organization that supports online financial services. Which of the following is the information security manager's BEST course of action?
Question183: An organization is developing a disaster recover/ plan for a data center that hosts multiple applications. The application recovery sequence would BEST be determined through an analysis of:
Question184: Conducting a cost-benefit analysis for a security investment is important because it
Question185: An organization's IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information security manager?
Question186: To meet operational business needs. IT staff bypassed the change process and applied an unauthorized update to a critical business system Which of the following is the information security manager's BEST course of action?
Question187: An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented The need to make this ransom payment?
Question188: Which of the following should provide the PRIMARY basis for formulating an information security strategy?
Question189: Which of the following provides the BEST preparation for handling the breach of a corporate web site?
Question190: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question191: Which of the following is the MOST significant benefit of effective change management?
Question192: Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
Question193: Business units within an organization are resistant to proposed changes to the information security program.
Which of the following is the BEST way to address this issue?
Question194: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question195: An information security manager learns users of an application are frequently using emergency elevated access privileges to process transactions Which of the following should be done FIRST?
Question196: Which of the following provides the MOST comprehensive understanding of an organization's information security posture?
Question197: When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?
Question198: A significant gap in an organization's breach containment process has been identified. Which of the following is MOST important for the information security manager to consider updating?
Question199: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question200: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?
Question201: An organization plans to leverage popular social network platforms to promote its products and services.
Which of the following is the BEST course of action for the information security manager to support this initiative?
Question202: Which of the following provides the GREATEST assurance that information security is addressed in change management?
Question203: Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?
Question204: An information security manager has been asked to integrate security into the software development life cycle (SDLC) after requirements have already been gathered. In this situation during which phase would integration be MOST effectrve?
Question205: An information security manager is implementing controls to protect the organization's data. The FIRST step in this process should be to:
Question206: Recovery time objectives (RTOs) are an output of which of the following?
Question207: Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?
Question208: A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager's FIRST course of action?
Question209: Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?
Question210: An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:
Question211: Which of the following is the BEST way to prevent segregation of duties violations?
Question212: Which of the following is the GREATEST benefit of integrating a security information and event management (SIEM) solution with traditional security tools such as IDS, anti-malware. and email screening solutions?
Question213: Which of the following is the BEST method to obtain senior management buy-in for an information security investment?
Question214: What is the PRIMARY purpose of communicating business impact to an incident response team?
Question215: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
Question216: Which of the following is the GREATEST benefit of information asset classification?
Question217: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question218: A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager's FIRST course of action?
Question219: Which of the following is MOST helpful to review to gain an understanding of the effectiveness of an organization s information security program?
Question220: An organization has experienced a ransomware attack. Which of the following is the BEST course of action to prevent further attacks?
Question221: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
Question222: An organization is developing a disaster recover/ plan for a data center that hosts multiple applications. The application recovery sequence would BEST be determined through an analysis of:
Question223: When implementing security architecture, an information security manager MUST ensure that security controls:
Question224: Which of the following BEST contributes to the successful management of security incidents?
Question225: Which type of test is MOST effective in communicating the roles of end users to support timely identification and response to information security incidents?
Question226: Which of the following should be of GREATEST concern to a newly hired information security manager regarding security compliance?
Question227: Which of the following is the BEST evidence that proper security monitoring controls are in place?
Question228: Which of the following is the NEXT course of action for an incident response team if an Incident cannot be investigated in the allocated time?
Question229: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?
Question230: Which of the following is the GREATEST benefit of a centralized approach to coordinating information security?
Question231: Which of the following should an information security manager do FIRST when a recent internal audit reveals a security risk is more severe than previously assessed?
Question232: When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?
Question233: Several identified risks have been mitigated to an acceptable level with appropriate controls Which of the following activities would BEST help to maintain acceptable risk levels?
Question234: What is the MOST important role of an organization's data custodian in support of the information security function?
Question235: Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?
Question236: Reviewing which of the following would provide the GREATEST Input to the asset classification process?
Question237: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
Question238: A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?
Question239: Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?
Question240: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?
Question241: The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:
Question242: Which is MOST important to enable a timely response to a security breach?
Question243: Which of the following is the MOST important reason for performing a risk analysis?
Question244: Which of the following would be MOST important to include in a bring your own device (BYOD) policy with regard to lost or stolen devices? The need for employees to:
Question245: What is the role of the information security manager in finalizing contract negotiations with service providers?
Question246: Which of the following is a MAIN security challenge when conducting a post-incident review related to bring your own device (BYOD) in a mature, diverse organization?
Question247: Which of the following is the BEST way to ensure information security metrics are meaningful?
Question248: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Question249: The selection of security controls is PRIMARILY linked to:
Question250: An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST"
Question251: An organization s senior management wants to allow employees to access an internal application using their personal mobile devices. Which of the following should be the information security managers FIRST course of action?
Question252: The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:
Question253: Which is the MOST important driver for effectively communicating the progress of a new information security program's implementation to key stakeholders?
Question254: Which of the following is the PRIMARY reason social media has become a popular target for attack?
Question255: Which of the following BEST supports information security management in the event of organizational changes in security personnel?
Question256: Which of the following is MOST important for an information security manager to ensure is included in a business case for a new security system?
Question257: When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
Question258: To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:
Question259: An organization with a strict need-to-know information access policy is about to launch a knowledge management intranet. Which of the following is the MOST important activity to ensure compliance with existing security policies?
Question260: When reporting on the effectiveness of the information security program, which of the following is the BEST way lo demonstrate improvement m security performance?
Question261: Shortly after installation, an intrusion detection system (IDS) reports a violation. Which of the following is the MOST likely explanation?
Question262: Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
Question263: Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?
Question264: Which of the following provides a sound basis for effective security change management?
Question265: Which of the following would provide the MOST useful input when creating an information security program?
Question266: When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:
Question267: Which of the following is MOST likely to result from a properly conducted post-incident review?
Question268: When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organizations security steering committee?
Question269: Which of the following is the BEST course of action for an information security manager to align security and business goals?
Question270: Which of the following would BEST fulfill a board of directors' request for a concise
Question271: An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?
Question272: Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?
Question273: The MOST important reason to maintain key risk indicators (KRIs) is that:
Question274: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:
Question275: Which of the following is MOST important when carrying out a forensic examination of a laptop to determine an employee s involvement in a fraud?
Question276: After a security incident has been contained, which of the following should be done FIRST?
Question277: In which of the following situations is it MOST important to escalate an incident response to senior management?
Question278: An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective To include in this presentation?
Question279: Which of the following is MOST important to consider when developing a business case to support the investment In an information security program?
Question280: The PRIMARY objective of periodically testing an incident response plan should be to:
Question281: Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?
Question282: What should be the PRIMARY basis for prioritizing incident containment?
Question283: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?
Question284: A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:
Question285: Which of the following is the PRIMARY reason for performing an analysis of the threat landscape on a regular basis?
Question286: Which of the following BEST supports the alignment of information security with business functions?
Question287: The PRIMARY responsibility to communicate with legal authorities regarding unauthorized disclosure of customer information should be defined in the:
Question288: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?
Question289: The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:
Question290: Which of the following would provide the BEST justification for a new information security investment?
Question291: During a review to approve a penetration test plan, which of the following should be an information security managers PRIMARY concern?
Question292: What should be an information security manager's BEST course of action if funding for a security-related initiative is denied by a steering committee?
Question293: Management decisions concerning information security investments will be MOST effective when they are based on:
Question294: It is suspected that key emails have been viewed by unauthorized parties. The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing.
Which of the following is the BEST recommended course of action to senior management?
Question295: When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:
Question296: Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?
Question297: In the development of an information security strategy, recovery time objectives (RTOs) will serve as indicators of:
Question298: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question299: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?
Question300: The MOST important outcome of information security governance is:
Question301: Which of the following should be an information security managers FIRST course of action following a decision to implement a new technology?
Question302: Which of the following will BEST ensure that possible security incidents are correctly distinguished from typical help desk requests?
Question303: Which of the following is BEST performed by the security department?
Question304: When developing an information security governance framework, which of the following should be the FIRST activity?
Question305: Which of the following is the BEST method for management to obtain assurance of compliance with its security policy?
Question306: Which of the following BEST enables an effective escalation process within an incident response program?
Question307: Which of the following is MOST important when selecting an information security metric?
Question308: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?
Question309: Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
Question310: Which of the following is the MOST effective way to help ensure information security programs are aligned with business objectives?
Question311: An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?
Question312: In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
Question313: The PRIMARY objective of a risk response strategy should be:
Question314: Which of the following needs to be established between an IT service provider and its clients to BEST enable adequate continuity of service in preparation for an outage?
Question315: Which of the following is the BEST option for addressing regulations that will adversely affect the allocation of information security program resources?
Question316: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question317: What is the PRIMARY benefit to executive management when audit risk, and security functions are aligned?
Question318: Which of the following is the MOST effective method for categorizing system and data criticality during the risk assessment process?
Question319: Which of the following provides the GREATEST assurance that existing controls meet compliance requirements?
Question320: An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organizations information security manager?
Question321: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?
Question322: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?
Question323: Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?
Question324: Which of the following is MOST important in the development of metrics for the effectiveness of information security?
Question325: Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration test?
Question326: Which of the following is the BEST strategy to implement an effective operational security posture?
Question327: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?
Question328: Which of the following should be the FIRST step when creating an organization's bring your own device (BYOD) program?
Question329: Information security governance is PRIMARILY driven by which of the following?
Question330: An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
Question331: What is the PRIMARY purpose of communicating business impact to an incident response team?
Question332: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..
Question333: Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
Question334: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question335: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question336: An information security manager recently received funding for a vulnerability scanning tool to replace manual assessment techniques and needs to justify the expense of the tool going forward. Which of the following metrics would BEST indicate the tool is effective?
Question337: An organization establishes an internal document collaboration site. To ensure data confidently of each project group, it is MOST important to:
Question338: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:
Question339: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question340: An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail Which of the following poses the GREATEST risk to the organization related to This event?
Question341: Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?
Question342: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?
Question343: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?
Question344: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question345: An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?
Question346: Which of the following should be the PRIMARY objective when developing an information security strategy?
Question347: What should be the information security manager s MOST important consideration when planning a disaster recovery test?
Question348: Which of the following is MOST important when prioritizing an information security incident?
Question349: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?
Question350: What should an information security manager do FIRST after a number of security gaps have been identified that need to be resolved?
Question351: Which of the following is MOST important for an information security manager to include in a report to senior management following a post-incident review?
Question352: Which of the following is the BEST way to reduce the risk of a ransomware attack?
Question353: Which of the following is a PRIMARY objective of incident classification?
Question354: Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
Question355: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?
Question356: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?
Question357: Calculation of the recovery time objective (RTO) is necessary to determine the:
Question358: Which of the following will provide the MOST accurate test results for a disaster recovery plan (DRP)?
Question359: Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?
Question360: Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
Question361: An information security manager wants to implement a security Information and event management (SIEM) system that will aggregate log data from all systems that control perimeter access. Which of the following would BEST support the business case for this initiative to senior management?
Question362: Which of the following is MOST helpful when justifying the funding required for a compensating control?
Question363: The MOST important reason for an information security manager to be involved in a new software purchase initiative is to:
Question364: Which of the following is MOST important to consider when developing a business continuity plan (BCP)?
Question365: An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?
Question366: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours.
The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:
Question367: A risk analysis for a new system is being performed. For which of the following is business knowledge MORE important than IT knowledge?
Question368: Risk scenarios simplify the risk assessment process by:
Question369: Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen laptop?
Question370: When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
Question371: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:
Question372: The PRIMARY benefit of integrating information security risk into enterprise risk management is to:
Question373: Which of the following is MOST important to have in place to help secure ongoing funding for the information security program?
Question374: An organization is considering moving one its critical business application to a cloud hosting service. The cloud provider may not provider the same level of security for its application as the organization. Which of the following will provide the BEST information to help maintain the security posture?
Question375: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question376: An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?
Question377: An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
Question378: When defining responsibilities with a cloud computing vendor, which of the following should be regarded as a shared responsibility between user and provider?
Question379: Which of the following is MOST important to consider when defining control objectives?
Question380: When developing security standards, which of the following would be MOST appropriate to include?
Question381: Which of the following threats is prevented by using token-based authentication?
Question382: What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?
Question383: The BEST way to avoid session hijacking is to use:
Question384: The MOST important reason to maintain metrics for incident response activities is to
Question385: Which of the following is the BKT approach for an information security manager when developing new information security policies?
Question386: Which of the following is the BEST reason to reassess risk following an incident?
Question387: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question388: A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization's information?
Question389: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?
Question390: For proper escalation of events, it is MOST important for the information security manager to ensure:
Question391: Which of the following is the PRIMARY reason to include message templates for communications with external parties in an incident response plan?
Question392: Which of the following is MOST important for effective communication during incident response?
Question393: Which of the following is the STRONGEST indicator of effective alignment between corporate governance and information security governance?
Question394: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?
Question395: Which of the following is the MOST beneficial outcome of testing an incident response plan?
Question396: Implementing a strong password policy is part of an organization s information security strategy for the year.
A business unit believes the strategy may adversely affect a client's adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following is the information security manager s BEST course of action?
Question397: Which of the following BEST describes a buffer overflow?
Question398: A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:
Question399: Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?
Question400: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?