EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST reason to initiate a reassessment of current risk?

Question2: With limited resources in the information security department which of the following is the BEST approach for managing security risk?

Question3: A new organization has been hit with a ransomware attack that is critically impacting its business operations.
The organization does not yet have a proper incident response plan, but it does have a backup procedure for restoration of data. Which of the following should be the FIRST course of action?

Question4: What is the role of the information security manager in finalizing contract negotiations with service providers?

Question5: An internal security audit has reported several control weaknesses. The information security manager's BEST course of action should be to:

Question6: Which of the following BEST determines an information asset's classification?

Question7: Which of the following is the BEST method to obtain senior management buy-in for an information security investment?

Question8: A risk management program will be MOST effective when:

Question9: Which of the following is the PRIMARY purpose for defining key performance indicators (KPIs) for a security program?

Question10: When aligning an organization's information security program with other risk and control activities, it is MOST important to:

Question11: Ensuring that activities performed by outsourcing providers comply with information security policies can BEST be accomplished through the use of:

Question12: A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

Question13: Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?

Question14: Which of the following is the MOST important criterion for complete closure of a security incident?

Question15: Which of the following is the MOST important outcome of a well-implemented awareness program?

Question16: Which of the following techniques is MOST useful when an incident response team needs to respond to external attacks on multiple corporate network devices?

Question17: Senior management learns of several web application security incidents and wants to know the exposure risk to the organization. What is the information security manager's BEST course of action?

Question18: Which of the following is the MOST important element of an effective external information security communication plan?

Question19: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Question20: Which of the following is MOST important to consider when defining control objectives?

Question21: Which of the following is MOST critical when creating an incident response plan?

Question22: Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?

Question23: Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)*?

Question24: Which of the following activities would BEST incorporate security into the software development life cycle
{SOLO7

Question25: An organization is planning to create a website that will collect site-visitor details from around the world and use them as marketing lists for operations in several countries. Which of the following should be of MOST concern to the information security manager?

Question26: Which of the following is a PRIMARY responsibility of a data owner?

Question27: Which of the following is the BEST mechanism to prevent data loss in the event personal computing equipment is stolen or lost?

Question28: Which of the following is the BEST way to provide management with meaningful information regarding the performance of the information security program against strategic objectives?

Question29: An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

Question30: Which of the following is MOST likely to drive an update to the information security strategy?

Question31: Which of the following is the NEXT course of action for an incident response team if an Incident cannot be investigated in the allocated time?

Question32: Senior management has allocated funding to each of the organization s divisions to address information security vulnerabilities The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

Question33: Which of the following is MOST critical for an effective information security governance framework?

Question34: What should an Information security manager do FIRST to ensure an organization's security policies remain relevant for a cloud adoption?

Question35: Which of the following is the MOST important influence to the continued success of an organization's information security strategy?

Question36: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

Question37: Senior management is concerned a security solution may not adequately protect its multiple global data centers following recent industry breaches. What should be done NEXT?

Question38: A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

Question39: The MOST likely reason to use qualitative security risk assessments instead of quantitative methods is when:

Question40: Which of the following will BEST help to ensure security is addressed when developing a custom application?

Question41: Which of the following should be reviewed to obtain a structured overview of relevant information about an information security investment?

Question42: Which of the following is MOST important when prioritizing an information security incident?

Question43: An information security manager has been asked to identify potential threats to the organization's information.
Which of the following should be done FIRST'

Question44: Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data toss?

Question45: Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?

Question46: Human resources is evaluating potential Software as a Service (SaaS) cloud services, Which of the following should the information security manager do FIRST to support..

Question47: Which of the following will BEST facilitate the understanding of information security responsibilities by users across the organization?

Question48: In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?

Question49: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

Question50: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?

Question51: Which of the following is MOST relevant for an information security manager to communicate to business units?

Question52: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:

Question53: Which of the following should an information security manager do FIRST after learning about a new regulation that affects the organization?

Question54: Which of the following should be done FIRST when establishing security measures for personal data stored and processed on a human resources....system?

Question55: Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:

Question56: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?

Question57: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

Question58: Which of the following would be MOST important to include in a business case to help obtain senior management's commitment for an information security investment?

Question59: Which of the following is the MOST important reason for performing vulnerability assessments periodically?

Question60: A system administrator failed to report a security incident where the critical application server was not available to the business users. Which of the following is the BEST way to prevent a reoccurrence?

Question61: The FIRST step in a risk assessment for a business application is to:

Question62: The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present

Question63: An organization plans to acquire and implement a new web-based solution to enhance service functionality.
Which of the following is the BEST way to ensure that information handled by the solution is secure?

Question64: A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:

Question65: What should be the FIRST step when developing an asset management program?

Question66: Which of the following would provide the BEST justification for a new information security investment?

Question67: An investigation of a recent security incident determined that the root cause was negligent handling of incident alerts by system administrators. What is the BEST way for the information security manager to address this issue?

Question68: Which of the following is the BEST way to determine if an organization's current risk level is within the risk appetite?

Question69: Which of the following is the BEST approach for determining the maturity level of an information security program?

Question70: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?

Question71: During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Question72: Which of the following is MOST likely to occur following a security awareness campaign''

Question73: Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?

Question74: Which of the following BEST demonstrates effective information security management within an organization?

Question75: When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

Question76: Which of the following is the BEST approach when using sensitive customer data during the testing phase of a systems development project?

Question77: An IT department has given a vendor remote access to the internal network for troubleshooting network performance problems. After discovering the remote activity during a firewall log review, which of the following is the FIRST course of action for an information security manager?

Question78: Which of the following is the BEST indicator that an organization is appropriately managing risk?

Question79: An organization is adopting a standardized corporate chat messaging technology to help facilitate communication among business units. Which of the following is an ESSENTIAL task associated with this initiative?

Question80: A business previously accepted the risk associated with a zero-day vulnerability The same vulnerability was recently exploited in a high-profile attack on another organization m the same Industry Which of the following should be the information security manager's FIRST course of action?

Question81: What is the MAIN reason for an organization to develop an incident response plan?
Identify training requirements for the incident response team.
Priorities treatment based on incident critically.
What is the MAIN reason for an organization to develop an incident response plan'

Question82: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?

Question83: The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:

Question84: Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?

Question85: When developing a classification method for incidents, the categories MUST be:

Question86: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

Question87: To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that security.

Question88: Which of the following would BEST enable management to be aware of an electronic breach to an externally hosted database?

Question89: Which of the following should be the FIRST step to ensure an information security program meets the requirements of new regulations?

Question90: Which of the following BEST indicates the value a purchased information security solution brings to an organization?

Question91: Which of the following is the MOST important security consideration when using Infrastructure as a Service (laaS)?

Question92: For computer forensics evidence to be admissible in a court of law, the evidence MUST:

Question93: Which of the following is the MOST important consideration m a bring your own device (BYOD) program to protect company data in the event of a loss?

Question94: Business units within an organization are resistant to proposed changes to the information security program.
Which of the following is the BEST way to address this issue?

Question95: Which of the following would provide senior management with the BEST information to better understand the organization's information security risk profile?

Question96: Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?

Question97: Which of the following is the BIST course of action for the information security manager when residual risk is above the acceptable level of risk?

Question98: Which of the following is MOST critical for the successful implementation of an information security strategy?

Question99: Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?

Question100: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

Question101: Which of the following is the BKT approach for an information security manager when developing new information security policies?

Question102: An organization recently implemented a data loss prevention (DLP) system. A senior business executive has complained that the system seriously impedes departmental effectiveness. What is the information security manager's BEST course of action?

Question103: The BEST way to establish a security baseline is by documenting:

Question104: An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

Question105: Which of the following is MOST important to present to stakeholders to help obtain support for implementing a new information

Question106: Which of the following is the MOST critical security risk to consider for a start-up company in an emerging field?

Question107: Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following is the manager s BEST course of action?

Question108: Which of the following is the FIRST task when determining an organization's information security profile?

Question109: An online payment provider's computer security incident response team has confirmed that a customer credit card database was breached. Which of the following would be MOST important to include in a report to senior management?

Question110: Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?

Question111: When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:

Question112: When supporting an organization's privacy officer, which of the following is the information security managers PRIMARY role regarding privacy requirements?

Question113: An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Question114: Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?

Question115: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question116: Which of the following should the information security manager do FIRST after a security incident has been reported?

Question117: When determining an acceptable risk level, which of the following is the MOST important consideration?

Question118: Which of the following is MOST important for effective communication during incident response?

Question119: Which of the following BEST reduces the likelihood of leakage of private information via email?

Question120: Which of the following is BEST performed by the security department?

Question121: Which of the following is the MOST important step in risk ranking?

Question122: Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?

Question123: Which of the following is MOST important to building an effective information security program?

Question124: Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?

Question125: Which of the following is MOST important for an information security manager to present to senior management on a regular basis?

Question126: When establishing the trigger levels for an organization's key risk indicators (KRIs), the thresholds should be based PRIMARILY on the organization's:

Question127: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Question128: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?

Question129: An organization has detected potential risk emerging from noncompliance with new regulations in its industry.
Which of the following is the MOST important reason to report this situation to senior management?

Question130: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification foi granting an exception to the policy?

Question131: After assessing risk, the decision to treat the risk should be based PRIMARILY on:

Question132: Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?

Question133: The MOST important reason to have a well-documented and tested incident response plan in place is to:

Question134: The MOST important reason to maintain key risk indicators (KRIs) is that:

Question135: When is the BEST time to identify the potential regulatory risk a new service provider presents to the organization?

Question136: The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:

Question137: A regulatory organization sends an email to an information security manager warning of an Impending cyber attack. What should the information security manager do FIRST?

Question138: The PRIMARY focus of a training curriculum for members of an incident response team should be:

Question139: Which of the following should be the MOST important consideration when reporting sensitive risk-related information to stakeholders?

Question140: Which of the following is the MOST effective way for an Information security manager to ensure that security is incorporated into an organization's project development processes?

Question141: An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:

Question142: Which of the following would be MOST effective in preventing malware from being launched through an email attachment?

Question143: A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager should FIRST.

Question144: For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?

Question145: Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?

Question146: Which of the following is the BEST evidence that information security governance works as a business enabler?

Question147: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?

Question148: Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?

Question149: Which of the following is MOST important to include in contracts with key third-party providers?

Question150: A risk assessment report shows that phishing attacks are an emerging threat for an organization that supports online financial services. Which of the following is the information security manager's BEST course of action?

Question151: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?

Question152: The MOST important factors in determining the scope and timing for testing a business continuity plan are:

Question153: When outsourcing sensitive data to a cloud service provider, which of the following should be the information security manager's MOST important.....

Question154: Which of the following activities BEST enables executive management to ensure value delivery within an information security program?

Question155: An information security manager has implemented an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

Question156: The PRIMARY purpose of aligning information security with corporate governance objectives is to:

Question157: What is the PRIMARY purpose of communicating business impact to an incident response team?

Question158: The MOST effective way to determine the resources required by internal Incident response teams is to

Question159: Which of the following BEST promotes stakeholder accountability in the management of information security risks?

Question160: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.

Question161: Which of the following is MOST important to consider when handling digital evidence during the forensics investigation of a cybercrime?

Question162: Which of the following is the MOST important reason for performing a risk analysis?

Question163: Which of the following would BEST enhance firewall security?

Question164: Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?

Question165: Which of the following is the BEST indication that an information security control is no longer relevant?

Question166: The PRIMARY goal of a post-incident review should be to

Question167: Which of the following is the MOST important outcome of testing incident response plans?

Question168: To prevent computers on the corporate network from being used as part of a distributed denial of service (DDoS) attack, the information security manager should use:

Question169: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Question170: Which of the following should be the GREATEST concern when considering launching a counterattack in response to a network attack?

Question171: Cold sites for disaster recovery events are MOST helpful in situations in which a company:

Question172: An organization's information security strategy for the coming year emphasizes reducing the risk of ransomware. Which of the following would be MOST helpful to support this strategy?

Question173: What is the PRIMARY benefit to executive management when audit risk, and security functions are aligned?

Question174: When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

Question175: Which of the following is the BEST way to prevent segregation of duties violations?

Question176: Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

Question177: An organization's security was compromised by outside attackers. The organization believed that the incident was resolved. After a few days, the IT staff is still noticing unusual network traffic. Which of the following is the BEST course of action to address this situation?

Question178: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?

Question179: Which of the following would BEST support a business case to implement a data leakage prevention (DLP) solution?

Question180: Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

Question181: Which of the following is the BEST way to improve the timely reporting of information security incidents?

Question182: What is the MOST important role of an organization's data custodian in support of the information security function?

Question183: Which of the following is MOST important to the successful development of an information security strategy?

Question184: The risk of mishandling alerts identified by an intrusion detection system (lDS) would be the GREATEST when:

Question185: Which of the following should be the PRIMARY consideration when selecting a recovery site?

Question186: The MAIN consideration when designing an incident escalation plan should be ensuring that:

Question187: Which of the following is the BEST evidence that proper security monitoring controls are in place?

Question188: Which of the following would be MOST helpful in gaming support for a business case for an Information security initiative9

Question189: An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?

Question190: Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?

Question191: An organization's recent risk assessment has identified many areas of security risk, and senior management has asked for a five-minute overview of The assessment results. Which of the following is the information security manager's BEST option for presenting this information?

Question192: What is the BEST approach for the information security manager to reduce the impact on a security program due to turnover within the security staff?

Question193: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Question194: The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:

Question195: An information security manager is developing a new information security strategy. Which of the following functions would serve as the BEST resource to review the strategy and provide guidance for business alignment?

Question196: An information security manager is reviewing the business case for a security project that is entering the development phase It is determined that the estimates cost of the controls is now greater than the risk being mitigated. What is the information security manager's BEST recommendation?

Question197: Which of the following statements indicates that a previously failing security program is becoming successful?

Question198: Which of the following is the MOST effective method of preventing deliberate internal security breaches?

Question199: When developing an information security governance framework, which of the following should be the FIRST activity?

Question200: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?

Question201: After logging in to a web application, additional authentication is required at various application points. Which of the following is the PRIMARY reason for such an approach?

Question202: An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:

Question203: Which of the following processes is the FIRST step in establishing an information security policy?

Question204: An information security manager is implementing controls to protect the organization's data. The FIRST step in this process should be to:

Question205: When creating a bring your own device (BYOD) program, it is MOST important to:

Question206: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours.
The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:

Question207: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

Question208: The selection of security controls is PRIMARILY linked to:

Question209: Which of the ager to regularly report to senior management?

Question210: Which of the following approaches is BEST for selecting controls to minimize information security risks?

Question211: Which of the following metrics would be considered an accurate measure of an information security program's performance?

Question212: Which of the following is MOST important to have in place to help secure ongoing funding for the information security program?

Question213: Which of the following should be an information security managers FIRST course of action following a decision to implement a new technology?

Question214: What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?

Question215: Which of the following is an indicator of improvement in the ability to identify security risks?

Question216: The Information security manager and senior management of a global financial institution have been notified of a potential breach to its database containing a large volume of sensitive information Which of the following should be done FIRST?

Question217: Information security policies should be designed PRIMARILY on the basis of:

Question218: Which of the following would BEST enable effective decision-making?

Question219: Which of the following is MOST helpful to management in determining whether risks are within an organization's tolerance level?

Question220: An organization plans to leverage popular social network platforms to promote its products and services.
Which of the following is the BEST course of action for the information security manager to support this initiative?

Question221: In the development of an information security strategy, recovery time objectives (RTOs) will serve as indicators of:

Question222: Which of the following would present the GREATEST need to revise information security poll'

Question223: The PRIMARY reason for classifying assets is to:

Question224: When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Question225: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

Question226: An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet, following stakeholders should be contacted FIRST?

Question227: Which of the following should be of MOST influence to an information security manager when developing IT security policies?

Question228: An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?

Question229: Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:

Question230: The MOST important reason for an information security manager to be involved in a new software purchase initiative is to:

Question231: Which of the following needs to be established between an IT service provider and its clients to BEST enable adequate continuity of service in preparation for an outage?

Question232: A business impact analysis (BIA) should be periodically executed PRIMARILY to:

Question233: Which of the following is the BEST way to monitor for advanced persistent threats (APT) in an organization?

Question234: An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization 5 FIRST action?

Question235: Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

Question236: Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?

Question237: An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?

Question238: Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?

Question239: To gain a clear+ understanding of the impact that a new regulatory requirement will have on an organization s information security controls, an information security manager should FIRST:

Question240: An organization wants to implement an emerging technology to support operations. What should the information security manager do FIRST when .............. recommendation?

Question241: Which of the following is the GREATEST benefit of information asset classification to an organization?

Question242: Which of the following is the BEST criterion to use when classifying assets?

Question243: Information classification is a fundamental step in determining:

Question244: Which is MOST important when aligning security priorities with business unit strategies?

Question245: Reviewing which of the following would provide the GREATEST Input to the asset classification process?

Question246: To implement a security framework, an information security manager must FIRST develop:

Question247: Which of the following is MOST effective in the strategic alignment of security initiatives?

Question248: An information security manager has been asked to integrate security into the software development life cycle (SDLC) after requirements have already been gathered. In this situation during which phase would integration be MOST effectrve?

Question249: In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security manager?

Question250: Which of the following is BEST determined by using technical metrics?

Question251: Which of the following should be the PRIMARY goal of an Information security manager when designing Information security policies?

Question252: What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?

Question253: What is the BEST way to determine the level of risk associated with information assets processed by an IT application?

Question254: When preparing a strategy for protection from SQL injection attacks, it is MOST important for the information security manager to involve:

Question255: The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:

Question256: Which of the following is the MOST important requirement for the successful implementation of security governance?

Question257: An organization s senior management wants to allow employees to access an internal application using their personal mobile devices. Which of the following should be the information security managers FIRST course of action?

Question258: Which of the following provides the GREATEST assurance that an organization allocates appropriate resources to respond to information security events?

Question259: It is suspected that key emails have been viewed by unauthorized parties. The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing.
Which of the following is the BEST recommended course of action to senior management?

Question260: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?

Question261: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?

Question262: Which of the following BEST describes a buffer overflow?

Question263: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Question264: The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:

Question265: An organization planning to contract with a cloud service provider is concerned about the risk of account hijacking at login. What is MOST important for the organization in its security requirements to address this concern?

Question266: To gain a clear understanding of the impact that a new regulatory will have on an organization's security control, an information manager should FIRST.

Question267: Which of the following BEST enables new third-party suppliers to support an organization's information security objectives?

Question268: An awareness program is implemented to mitigate the risk of infections introduced through the use of social media Which of the following will BEST determine the effectiveness of the awareness program''

Question269: Which of the following is an information security manager's BEST course of action upon learning of new cybersecurity regulatory requirements that apply to the organization?

Question270: What should an information security team do FIRST when notified by the help desk that an employee's computer has been infected with ma I ware?

Question271: Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?

Question272: The MOST important reason that security risk assesements should be conducted frequently through an organization is because:

Question273: Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

Question274: When drafting the corporate privacy statement for a public web site, which of the following MUST be included?

Question275: Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?

Question276: Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration test?

Question277: Which of the following is the PRIMARY objective of implementing an information security strategy?

Question278: Which of the following is the MOST important consideration when updating procedures for managing security devices?

Question279: The BEST way to avoid session hijacking is to use:

Question280: Which of the following is the PRIMARY purpose of establishing an information security governance framework?

Question281: In which of the following situations is it MOST important to escalate an incident response to senior management?

Question282: Which of the following is the information security manager's PRIMARY role in the information assets classification process?

Question283: Which of the following will BEST enable an effective information asset classification process?

Question284: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Question285: An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?

Question286: Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?

Question287: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question288: Mitigating technology risks to acceptable levels should be based PRIMARILY upon:

Question289: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

Question290: Which of the following measures BEST indicates an improvement in the information security program to stakeholders?

Question291: Which of the following will BEST facilitate the development of appropriate incident response procedures?

Question292: Which of the following BIST validates that security controls are implemented in a new business process?

Question293: The GREATEST benefit of choosing a private cloud over a public cloud would be:

Question294: Which of the following is the MOST important function of information security?

Question295: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

Question296: Which of the following is MOST relevant for an information security manager to communicate to IT operations?

Question297: Which of the following is MOST likely to be included in an enterprise information security policy?

Question298: Which of the following is the GREATEST benefit of integrating a security information and event management (SIEM) solution with traditional security tools such as IDS, anti-malware. and email screening solutions?

Question299: An organization is considering whether to allow employees to use personal computing devices for business purposes To BEST facilitate senior management's decision, the information security manager should:

Question300: Which of the following is MOST important to consider when developing a security awareness program in an organization?

Question301: For an organization with operations in different parts of the world, the BEST approach for ensuring that security policies do not conflict with local laws and regulations is to:

Question302: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?

Question303: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:

Question304: Which of the following is the MOST reliable way to ensure network security incidents are Identified as soon as possible'

Question305: An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?

Question306: Which of the following is MOST important to include in an information security strategy?

Question307: The MAIN reason for internal certification of web-based business applications is to ensure:

Question308: Which of the following is the MOST important consideration for designing an effective information security governance framework?

Question309: When creating an information security governance program, which of the following will BEST enable the organization to address regulatory compliance requirements?

Question310: An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?

Question311: Which of the following should be the PRIMARY consideration when developing a security governance framework for an enterprise?

Question312: Which of the following would MOST effectively help to restrict sensitive data from being transmitted outside the organization?

Question313: Which of the following is the BEST way to sustain employee interest in information security awareness in an organization?

Question314: An organization is the victim of a targeted attack, and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?

Question315: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

Question316: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?

Question317: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

Question318: Which of the following is the BEST advantage of a centralized information security organizational structure?

Question319: To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

Question320: An information security manager has been made aware that implementing a control would have an adverse impact to the business. The business manager has suggested accepting the risk. The BEST course of action by the information security manager would be to:

Question321: In an organization with effective IT risk management, the PRIMARY reason to establish key risk indicators (KRIs) is to:

Question322: Which of the following is a PRIMARY goal of an information security program?

Question323: An information security manager terms that the root password of an external FTP server may be subject to brute force attacks. Which of the following would be the MOST appropriate way to reduce the likelihood of a successful attack?.

Question324: An organization has determined that one of its web servers has been compromised. Which of the following actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?

Question325: When implementing security architecture, an information security manager MUST ensure that security controls:

Question326: Which of the following is the MOST useful metric for determining how well firewall logs are being monitored?

Question327: Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

Question328: Which of the following would BEST protect against web-based cross-domain attacks?

Question329: Who within an organization is accountable for ensuring incident notification and escalation processes are in place?

Question330: After undertaking a security assessment of a production system, the information security manager is MOST likely to:

Question331: Which of the following is the MOST effective way to communicate information security risk to senior management?

Question332: Which of the following is the MOST effective method for categorizing system and data criticality during the risk assessment process?

Question333: What should be the PRIMARY basis for prioritizing incident containment?

Question334: A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager's FIRST course of action?

Question335: After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

Question336: Which of the following should be the FIRST step of incident response procedures?

Question337: During the establishment of a service level agreement (SLA) with a cloud service provider, it is MOST important for the information security manager to:

Question338: Segregation of duties is a security control PRIMARILY used to:

Question339: Information security governance is PRIMARILY driven by which of the following?

Question340: A third-party contract signed by a business unit manager failed to specify information security requirements Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?

Question341: When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure that the:

Question342: It is MOST important tot an information security manager to ensure that security risk assessments are performed:

Question343: An information security manager has identified and implemented mitigating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?

Question344: Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Question345: Which of the following is the BEST way to measure the effectiveness of a newly implemented social engineering training program?

Question346: Which of the following has the MOST influence on an organization's adoption of information security policies?

Question347: When an operating system is being hardened, it is MOST important for an information security manager to ensure that

Question348: The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:

Question349: A validated patch to address a new vulnerability that may affect a mission-critical server has been released.
What should be done immediately?

Question350: Which of the following is the MOST important reason to have documented security procedures and guidelines?

Question351: Which of the following is the MOST effective preventive control?

Question352: The PRIMARY purpose of a security information and event management (SIEM) system is to:

Question353: In information security governance, the PRIMARY role of the board of directors is to ensure:

Question354: Which of the following is the MOST effective method to help ensure information security incidents are reported?

Question355: Which of the following is the PRIMARY reason to include message templates for communications with external parties in an incident response plan?

Question356: After a recent malware Incident an organization's IT steering committee has asked the information security manager for a presentation on the status of the information security program. Which of the following is MOST important to address in the presentation?

Question357: Which of the following is the KEY outcome of conducting a post-incident review?

Question358: The use of digital signatures ensures that a message:

Question359: Which of the following is MOST helpful in protecting against hacking attempts on the production network?

Question360: Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:

Question361: An information security manager finds that corporate information has been stored on a public cloud storage site for business collaboration purposes. Which of the following should be the manager's FIRST action?

Question362: Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?

Question363: During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?

Question364: Which of the following is the PRIMARY goal of a risk management program?

Question365: Which of the following is the MOST important reason for logging firewall activity?

Question366: The PRIMARY purpose of vulnerability assessments is to:

Question367: Which of the following is the MOST important consideration when establishing an information security governance framework?

Question368: Which of the following BEST enables an effective escalation process within an incident response program?

Question369: After a server has been attacked, which of the following is the BEST course of action?

Question370: A business unit has updated its long-term business plan to include a strategy of upgrading information management systems to increase productivity. To support this initiative, what should be the PRIMARY basis for updating the corresponding. information security strategy?

Question371: The value of information assets relative to the organization is BEST determined by:

Question372: Which of the following should be an information security manager's MOST important consideration when determining if an information asset has been classified appropriate.

Question373: Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

Question374: Senior management wants to provide mobile devices to its sales force. Which of the following should the Information security manager do FIRST to support this objective?

Question375: The PRIMARY goal of a security infrastructure design is the:

Question376: Which of the following processes would BEST aid an information security manager in resolving systemic security issues?

Question377: Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?

Question378: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Question379: The BEST way to improve the effectiveness of responding to and communicating security incidents is to ensure:

Question380: Which of the following is the FIRST step when defining and prioritizing security controls to be implemented under an information security program?

Question381: Which of the following is MOST helpful in integrating information security governance with corporate governance?

Question382: Which of the following defines the minimum security requirements that a specific system must meet?

Question383: Which is MOST important when contracting an external party to perform a penetration test?

Question384: Which of the following should be done FIRST when implementing policies to address an upcoming new data privacy regulation?

Question385: Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

Question386: Which of the following is the- BEST method to determine whether an information security program meets an organization s business objectives?

Question387: An organization us& a particular encryption protocol for externally facing web pages and key financial services. A security firm publicizes a critical security flaw in the encryp manager do FIRST?

Question388: The success of a computer forensic investigation depends on the concept of:

Question389: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of activity----

Question390: Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

Question391: Which of the following is the BEST way to reduce the risk of a ransomware attack?

Question392: A risk profile supports effective security decisions PRIMARILY because it:

Question393: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Question394: Which of the following is the MOST effective way to facilitate the implementation of IT security program objectives?

Question395: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?

Question396: If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST

Question397: What is the PRIMARY role of the information security program?

Question398: Which of the following BEST indicates that information security will be considered when new IT technologies are implemented across an organization?

Question399: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question400: An information security manager recently received funding for a vulnerability scanning tool to replace manual assessment techniques and needs to justify the expense of the tool going forward. Which of the following metrics would BEST indicate the tool is effective?