EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?

Question2: Which of the following BIST validates that security controls are implemented in a new business process?

Question3: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

Question4: An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager s FIRST course of action?

Question5: Which of the following is the MOST significant security risk in IT asset management?

Question6: Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?

Question7: Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a publicly facing .....

Question8: Which of the following is an information security manager's BEST course of action to address a significant materialized risk that was not prevented by organizational controls?

Question9: The BEST way to establish a security baseline is by documenting:

Question10: Which of the following is the BEST approach for determining the maturity level of an information security program?

Question11: In a large organization, which of the following is the BEST source for identifying ownership of a PC?

Question12: An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients. The BEST approach to obtain the support of business management would be to:

Question13: The GREATEST advantage of defining multiple types of system administrator accounts with different privileges is that it helps to ensure:

Question14: Which of the following is the MOST important element of a response plan for IT security incidents?

Question15: The FIRST step in a risk assessment for a business application is to:

Question16: Which of the following is the MOST important factor to be considered when reviewing an information security strategy?

Question17: Which of the following is the BEST indication that an organization is able to comply with information security requirements?

Question18: Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?

Question19: Which of the following should be the FIRST step when creating an organization's bring your own device (BYOD) program?

Question20: Which of the following elements of risk is MOST difficult to quantify?

Question21: An information security steering group should:

Question22: In a risk assessment after the identification of threats to organizational assets, the information security manager would:

Question23: Which of the following should be an information security manager s MOST important consideration when conducting a physical security review of a potential outsourced data center?

Question24: An information security program should be established PRIMARILY on the basis of:

Question25: What is the PRIMARY objective of triage within the incident response process?

Question26: An organization is considering whether to allow employees to use personal computing devices for business purposes To BEST facilitate senior management's decision, the information security manager should:

Question27: System logs and audit logs for sensitive systems should be stored

Question28: A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager should FIRST.

Question29: The responsibility for approving access to data according to the organization's data classification policy belongs to the:

Question30: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question31: Utilizing external resources for highly technical information security tasks allows an information security manager to:

Question32: An organization has decided to migrate a customer facing on-premise application to a cloud provider. Which of the following would be MOST helpful when assessing the proposed data backup requirements prior to the migration?

Question33: Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?

Question34: Which of the following is the MOST effective defense against spear phishing attacks?

Question35: Which of the following is the BEST approach for encouraging business units to assume their roles and responsibilities in an information security program?

Question36: A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?

Question37: When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

Question38: Which of the following BEST contributes to the successful management of security incidents?

Question39: Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?

Question40: Which of the following is the STRONGEST indicator of effective alignment between corporate governance and information security governance?

Question41: Which of the following is the PRIMARY benefit of using agentless endpoint security solutions?

Question42: Which of the following BEST supports the risk assessment process to determine criticality of an asset?

Question43: Which of the following BEST supports the alignment of information security with business functions?

Question44: In information security governance, the PRIMARY role of the board of directors is to ensure:

Question45: An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?

Question46: When two different controls are available to mitigate a risk, an information security manager's recommendation should be based on the results of a:

Question47: Embedding security responsibilities into jab descriptions is important PRIMARILY because it

Question48: Risk management is MOST cost-effective;

Question49: When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?

Question50: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Question51: Which of the following is the GREATEST benefit of a centralized approach to coordinating information security?

Question52: Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?

Question53: Which of the following is the MOST reliable source of information about emerging information security threats and vulnerabilities?

Question54: Which of the following is a PRIMARY security responsibility of an information owner?

Question55: Which of the following is the MOST significant advantage of developing a well-defined information security strategy?

Question56: Which of the following is the MOST important action when using a web application that has recognized vulnerabilities?

Question57: Which of the following outsourced services has the GREATEST need for security monitoring?

Question58: The BEST way to improve the effectiveness of responding to and communicating security incidents is to ensure:

Question59: An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?

Question60: The PRIMARY purpose of a risk assessment is to enable business leaders to:

Question61: Which of the following provides the BEST preparation for handling the breach of a corporate web site?

Question62: An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

Question63: Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA). Which of the following is the information security manager's BEST course of action?

Question64: A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.

Question65: Which of the following is MOST important when prioritizing an information security incident?

Question66: For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?

Question67: Which of the following is MOST helpful for prioritizing the recovery of IT assets during a disaster?

Question68: In a call center, the BEST reason to conduct a social-engineering exercise is to:

Question69: Which of the following is the MOST critical security risk to consider for a start-up company in an emerging field?

Question70: Which of the following is the- BEST method to determine whether an information security program meets an organization s business objectives?

Question71: When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:

Question72: Which of the following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

Question73: Which of the following devices, when placed in a demilitarized zone (DMZ). would be considered a significant exposure?

Question74: A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

Question75: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?

Question76: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?

Question77: In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security manager?

Question78: The decision to escalate an incident should be based PRIMARILY on:

Question79: Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

Question80: Which of the following BEST indicates the value a purchased information security solution brings to an organization?

Question81: For an organization that encourages sales activities using mobile devices, which of the following should be the MOST important security requirement?

Question82: Deciding the level of protection a particular asset should be given is BEST determined by:

Question83: What should be an information security manager's PRIMARY objective in the event of a security incident?

Question84: Which of the following would BEST justify spending for a compensating control?

Question85: An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. The information security manager s MOST important course of action is to:

Question86: What should be an information security manager's NEXT activity following the remediation of a security incident?

Question87: Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?

Question88: A third-party contract signed by a business unit manager failed to specify information security requirements Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?

Question89: The PRIMARY objective of a risk response strategy should be:

Question90: Which of the following is MOST helpful in protecting against hacking attempts on the production network?

Question91: Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?

Question92: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?

Question93: Which of the following would be MOST helpful to identify security incidents in a timely manner?

Question94: Which of the following would be an information security manager's BEST course of action upon learning a third-party cloud provider is not meeting information security with regard to data encryption?

Question95: Which of the following is the MOST important outcome of senior management's analysis of information security metrics?

Question96: The PRIMARY purpose of asset valuation for the management of information security is to:

Question97: Which of the following trends BEST indicates that the maturity level of an information security program is improving?

Question98: For computer forensics evidence to be admissible in a court of law, the evidence MUST:

Question99: In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOS important for the information security manager to ensure:

Question100: Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?

Question101: The MAIN reason for an information security manager to monitor industry level changes in the business and IT is to:

Question102: Which of the following is the BEST evidence that an organization's information security governance framework is effective?

Question103: Which of the following is a PRIMARY goal of an information security program?

Question104: Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following is the manager s BEST course of action?

Question105: Which of the following metrics would BEST determine the effectiveness of an application security testing program?

Question106: Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Question107: Which of the following is MOST important for guiding the development and management of a comprehensive information security program?

Question108: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Question109: Which of the following is the MOST effective way to incorporate risk management practices into a new business process?

Question110: Which of the following is the PRIMARY reason to invoke continuity and recovery plans?

Question111: What should the information security manager do FIRST when end users express that new security controls are too restrictive?

Question112: Which of the following is a PRIMARY responsibility of an information security governance committee'

Question113: Which of the following should be an information security manager's PRIMARY role when an organization initiates a data classification process?

Question114: The MOST likely reason to use qualitative security risk assessments instead of quantitative methods is when:

Question115: An information security team has been tasked with identifying confidential data within the organization to formalize its asset classification scheme. The MOST relevant input would be provided by:

Question116: An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

Question117: Which of the following is MOST important for an information security manager to regularly report to senior management?

Question118: A security team is conducting its annual disaster recovery test. Post-restoration testing shows the system response time is significantly slower due to insufficient bandwidth for Internet connectivity at the recovery center. Which of the following is the security manager's BEST course of action?

Question119: Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?

Question120: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours. The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:

Question121: Which of the following is BEST performed by the security department?

Question122: Which of the following is the MOST effective mitigation strategy to protect confident information from inside threats?

Question123: A impacting its business operations. The organization does not yet have a proper incident response plan, but it does have a backup procedure for restoration of dat a. Which of the following should be the FIRST course of action?

Question124: Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?

Question125: A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that

Question126: Which of the following BEST enables senior management to monitor the organization's risk exposure?

Question127: A new key business application has gone to production. What is the Most important reason to classify and determine the sensitivity of the data used by this application?

Question128: Which of the following should be the FIRST step to ensure an information security program meets the requirements of new regulations?

Question129: Which of the following should be PRIMARILY included in a security training program for business process owners?

Question130: During an emergency security incident, which of the following would MOST likely predict the worst-case scenario?

Question131: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?

Question132: Which of the following BEST prepares an organization for disaster recovery?

Question133: Which of the following metrics is the BEST measure of the effectiveness of an information security program?

Question134: Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration test?

Question135: The MOST important reason for an information security manager to be involved in a new software purchase initiative is to:

Question136: Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?

Question137: A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:

Question138: The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:

Question139: An organization is MOST at risk from a new worm being introduced through the intranet when:

Question140: Which of the following is MOST relevant for an information security manager to communicate to business units?

Question141: Which of the following is MOST important to have in place to help secure ongoing funding for the information security program?

Question142: Which of the following is MOST important to consider when developing a business continuity plan (BCP)?

Question143: The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

Question144: Which of the following is the MOST important consideration when establishing an information security governance framework?

Question145: Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?

Question146: An organization is planning to create a website that will collect site-visitor details from around the world and use them as marketing lists for operations in several countries. Which of the following should be of MOST concern to the information security manager?

Question147: A corporate laptop containing confidential data is compromised The incident has been contained and the laptop is in the possession of the incident response team The NEXT step should be to

Question148: Which of the following is the MOST effective way to communicate information security risk to senior management?

Question149: An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?

Question150: What should be the PRIMARY basis for developing an organization's information security program?

Question151: An organization will be outsourcing mission-critical processes. Which of the following is MOST important to verify before signing the service level agreement (SLA)?

Question152: Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:

Question153: Which of the following processes is the FIRST step in establishing an information security policy?

Question154: A new privacy regulation is due to take effect in a region where an organization does business. Which of the following would be MOST helpful in understanding what .. needs to do to maintain compliance?

Question155: Which aspect of an incident response plan will MOST effectively help to limit reputational damage when multiple media services are seeking a response following a major security breach?

Question156: When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Question157: Which of the following provides a sound basis for effective security change management?

Question158: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

Question159: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?

Question160: Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?

Question161: Which of the following provides the GREATEST assurance that existing controls meet compliance requirements?

Question162: Which of the following is an example of a change to the external threat landscape?

Question163: An organization's information security manager has learned that similar organizations have become increasingly susceptible to spear phishing attacks. What is the BEST way to address this concern?

Question164: An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

Question165: An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?

Question166: Which of the following is MOST important to the successful implementation of an information security program?

Question167: When training an incident response team, the advantage of using tabletop exercises is that they:

Question168: An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tables contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

Question169: The BEST way to encourage good security practices is to:

Question170: Which of the following would BEST enable an organization to effectively monitor the implementation of standardized configurations?

Question171: A risk analysis for a new system is being performed. For which of the following is business knowledge MORE important than IT knowledge?

Question172: Which of the following is the MOST important issue in a penetration test?

Question173: Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?

Question174: Information security can BEST be enforced by making security:

Question175: The MOST important objective of security awareness training for business staff is to:

Question176: An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:

Question177: Which of the following is MOST important when developing a security strategy?

Question178: An organization recently experienced a ransomware attack. What is the BEST course of action to reduce the likelihood of successful future attacks?

Question179: An organization is developing a disaster recovery plan (DRP) for a data center that hosts multiple applications The application recovery sequence would BEST be determined through an analysis of:

Question180: Which of the following is the PRIMARY role of the information security manager in application development?
To ensure:

Question181: Which of the following would BEST enable effective decision-making?

Question182: An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organizations information security manager?

Question183: Which of the following is a PRIMARY function of an incident response team?

Question184: Which of the following is the MOST effective approach for integrating security into application development?

Question185: Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?

Question186: In an organization with effective IT risk management, the PRIMARY reason to establish key risk indicators (KRIs) is to:

Question187: Information security policies should be designed PRIMARILY on the basis of:

Question188: Which of the following would BEST enable management to be aware of an electronic breach to an externally hosted database?

Question189: An organization engages 4 third-party vendor to monitor and support a financial application under scrutiny by regulators. Maintaining strict data integrity and confidentiality for this application is critical to the business. Which of the following controls would MOST effectively manage risk to the organization?

Question190: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

Question191: When scoping a risk assessment, assets need to be classified by:

Question192: Which of the following is the MOST important part of an incident response plan?

Question193: A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:

Question194: Which of the following is the MOST important consideration when designing information security architecture?

Question195: What is the role of the information security manager in finalizing contract negotiations with service providers?

Question196: To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that security.

Question197: Which of the following processes BEST supports the evaluation of incident response effectiveness?

Question198: When developing an incident response plan, which of the following is the MOST -effective way to ensure incidents common to the organization are handled properly?

Question199: An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:

Question200: Which of the following factors are the MAIN reasons why large networks are vulnerable?

Question201: Which of the following should cause the GREATEST concern for an information security manager reviewing the effectiveness of an intrusion prevention system (IDS)?

Question202: What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Question203: An awareness program is implemented to mitigate the risk of infections introduced through the use of social media Which of the following will BEST determine the effectiveness of the awareness program''

Question204: Which of the following is the KEY outcome of conducting a post-incident review?

Question205: As the security program matures, which of the following reports presented to senior management provides the MOST insight on the importance of the security program7

Question206: A third-party service provider is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security management.

Question207: After a recent malware Incident an organization's IT steering committee has asked the information security manager for a presentation on the status of the information security program. Which of the following is MOST important to address in the presentation?

Question208: What is the BEST way to determine the level of risk associated with information assets processed by an IT application?

Question209: Which of the following is the MOST efficient tool for identifying advanced persistent threats (APTs)?

Question210: A regulatory compliance issue has been identified in a critical business application, but remediating the issue would significantly impact business operations. What information would BEST enable senior management to make an informed decision?

Question211: What is the BEST reason to keep information security policies separate from procedures?

Question212: An information security manager should begin a business continuity planning (BCP) process by:

Question213: Which of the following is the MOST effective way for an information security manager to protect the organization from misuse of social media?

Question214: Which of the following would be MOST important to include in a bring your own device (BYOD) policy with regard to lost or stolen devices? The need for employees to:

Question215: What is the BEST approach for the information security manager to reduce the impact on a security program due to turnover within the security staff?

Question216: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

Question217: What should be an organization's. MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?

Question218: The MAIN consideration when designing an incident escalation plan should be ensuring that:

Question219: Which of the following is MOST important to consider when defining control objectives?

Question220: Which of the following would BEST help to ensure an organization s security program is aligned with business objectives?

Question221: An information security manager is reviewing the impact of a regulation on the organization's human resources system. The NEXT course of action should be to:

Question222: Which of the following is the MOST important consideration when selecting members for an information security steering committee?

Question223: An internal security audit has reported several control weaknesses. The information security manager's BEST course of action should be to:

Question224: Which of the following is the BEST way to sustain employee interest in information security awareness in an organization?

Question225: Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?

Question226: Which of the following is MOST appropriate to include in an information security policy?

Question227: Which of the ager to regularly report to senior management?

Question228: Planning for the implementation of an information security program is MOST effective when it:

Question229: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

Question230: A corporate web site has become compromised as a result of a malicious attack. Which of the following should the information security manager do FIRST?

Question231: Which of the following is the MOST effective way to protect the authenticity of data in transit?

Question232: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?

Question233: Which of the following is the BEST criterion to use when classifying assets?

Question234: What is the GREATEST benefit of classifying assets based on sensitivity?

Question235: Which of the following should be the PRIMARY consideration for an information security manager when designing security center for a newly acquired business application?

Question236: Which of the following should be reviewed to obtain a structured overview of relevant information about an information security investment?

Question237: What should be the PRIMARY basis for prioritizing incident containment?

Question238: In which of the following situations is it MOST important to escalate an incident response to senior management?

Question239: Which of the following is the MOST important consideration when updating procedures for managing security devices?

Question240: Calculation of the recovery time objective (RTO) is necessary to determine the:

Question241: To minimize security exposure introduced by changes to the IT environment, which of the following is MOST important to implement as part of change management?

Question242: Which of the following will provide the MOST accurate test results for a disaster recovery plan (DRP)?

Question243: Which of the following is MOST relevant for an information security manager to communicate to IT operations?

Question244: Which of the following should be the PRIMARY input when defining the desired state of security within an organization?

Question245: When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure that the:

Question246: A hash algorithm is used to:

Question247: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?

Question248: Which of the following BEST indicates senior management support for an information security program?

Question249: Which of the following is the MOST important security consideration when using Infrastructure as a Service (laaS)?

Question250: Which of the following will BEST enhance the privacy of data in transit for an online transaction system?

Question251: Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

Question252: A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?

Question253: When evaluating cloud storage solutions, the FIRST consideration should be

Question254: Which of the following would BEST demonstrate the maturity level of an organization's security incident response program?

Question255: The GREATEST benefit of choosing a private cloud over a public cloud would be:

Question256: Which of the following provides the MOST relevant evidence of incident response maturity?

Question257: When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

Question258: With limited resources in the information security department which of the following is the BEST approach for managing security risk?

Question259: When establishing escalation processes for an organization's computer security incident response team, the organization's procedures should:

Question260: The MOST effective way to determine the resources required by internal Incident response teams is to

Question261: Presenting which of the following to senior management will be MOST helpful in securing ongoing support for the information security strategy?

Question262: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?

Question263: Which of the following is the NEXT course of action for an incident response team if an Incident cannot be investigated in the allocated time?

Question264: Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework?

Question265: The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

Question266: When two different controls are available to mitigate a risk, an information security manager's recommendation should be based on the results of a:

Question267: Which of the following is the MOST effective method to help ensure information security incidents are reported?

Question268: Several identified risks have been mitigated to an acceptable level with appropriate controls Which of the following activities would BEST help to maintain acceptable risk levels?

Question269: Mitigating technology risks to acceptable levels should be based PRIMARILY upon:

Question270: Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Question271: Which of the following BEST enables an information security manager to assess the effectiveness of the information security program?

Question272: The PRIMARY reason to classify information assets should be to ensure

Question273: When establishing an information security strategy, which of the following activities Is MOST helpful in Identifying critical areas to be protected?

Question274: Which of the following is MOST helpful in integrating information security governance with corporate governance?

Question275: Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)*?

Question276: Which of the following is a benefit of using key risk indicators (KRIs)?

Question277: A business unit has updated its long-term business plan to include a strategy of upgrading information management systems to increase productivity. To support this initiative, what should be the PRIMARY basis for updating the corresponding. information security strategy?

Question278: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?

Question279: Senior management has allocated funding to each of the organization s divisions to address information security vulnerabilities The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

Question280: Information security policies should PRIMARILY reflect:

Question281: An employee used network logon credentials on a personal shopping site. The site was breached, resulting in an unauthorized person logging onto the network with the employee's credentials via remote access. What is the BEST recommendation to prevent recurrence of similar unauthorized logins?

Question282: A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:

Question283: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question284: Which of the following is the information security manager's PRIMARY role in the information assets classification process?

Question285: An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager's FIRST course of action?

Question286: An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior managements.

Question287: Which of the following is the BEST indication that information security is integrated into corporate governance?

Question288: An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?

Question289: The MOST important reason to maintain key risk indicators (KRIs) is that:

Question290: Application data integrity risk would be MOST directly addressed by a design that includes:

Question291: The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:

Question292: Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?

Question293: An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

Question294: What is the MAIN reason for an organization to develop an incident response plan?
Identify training requirements for the incident response team.
Priorities treatment based on incident critically.
What is the MAIN reason for an organization to develop an incident response plan'

Question295: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Question296: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of activity----

Question297: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question298: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?

Question299: An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

Question300: Cold sites for disaster recovery events are MOST helpful in situations in which a company:

Question301: Which of the following is the PRIMARY advantage of using an incident severity rating system'?

Question302: Which of the following is the MOST effective method for categorizing system and data criticality during the risk assessment process?

Question303: Which of the following BEST demonstrates the effectiveness of the vulnerability management process?

Question304: What is the MOST important factor for determining prioritization of incident response?

Question305: Which of the following is the BEST indicator of an organization's information security status?

Question306: An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Question307: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.

Question308: Which of the following is the BEST method to protect consumer private information for an online public website?

Question309: The MOST useful technique for maintaining management support for the information security program is:

Question310: An organization recently implemented a data loss prevention (DLP) system. A senior business executive has complained that the system seriously impedes departmental effectiveness. What is the information security manager's BEST course of action?

Question311: Which of the following is the MOST important delivery outcome of information security governance?

Question312: Which of the following is the PRIMARY goal of a risk management program?

Question313: The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?

Question314: To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:

Question315: Which of the following should be the PRIMARY outcome of an information security program'?

Question316: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?

Question317: Which of the following is MOST important to implement when using a service account for infrastructure administration?

Question318: When developing an information security strategy, the MOST important requirement is that:

Question319: Authorization can BEST be accomplished by establishing:

Question320: Fingerprint biometrics are BEST used for:

Question321: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Question322: Which of the following would BEST help to ensure the alignment between information security and business functions?

Question323: An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager s FIRST course of action?

Question324: Which of the following is the MOST significant benefit of effective change management?

Question325: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Question326: Which of the following is the BEST way to prevent recurrence of a security incident?

Question327: Which of the following should be of GREATEST concern to an information security manager when establishing a set of key risk indicators (KRIs)?

Question328: An IT department has given a vendor remote access to the internal network for troubleshooting network performance problems. After discovering the remote activity during a firewall log review, which of the following is the FIRST course of action for an information security manager?

Question329: Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?

Question330: Which of the following is the BEST way to integrate information security into corporate governance?

Question331: A business unit has updated its long-term business plan to include a strategy of upgrading information management system to increase productivity. To support this initiative, with the information security strategy?

Question332: Which of the following is MOST important to the success of an incident response team?

Question333: Which of the following is a PRIMARY responsibility of a data owner?

Question334: Which of the following is the PRIMARY reason for conducting post-incident reviews?

Question335: An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?

Question336: An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the BEST way to address this situation?

Question337: An organization rolled out information security awareness training and wants to perform an end-ot-year assessment to determine the program's success. Which of the following would be the BEST indicator of the program's effectiveness?

Question338: When reporting to senior management on an information security vulnerability that could lead to a potential breach, what information is MOST likely to facilitate the decision-making process?

Question339: Which of the following is the BEST approach for governing noncompliance with security requirements?

Question340: Which of the following is a PRIMARY objective of incident classification?

Question341: Which of the following is MOST helpful to an information security manager when determining service level requirements for an outsourced application?

Question342: An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would BEST enable the information security manager to address this concern?

Question343: To meet operational business needs. IT staff bypassed the change process and applied an unauthorized update to a critical business system Which of the following is the information security manager's BEST course of action?

Question344: Which of the following tools BEST demonstrates the effectiveness of the information security program?

Question345: An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?

Question346: Which of the following helps to ensure that the appropriate resources are applied in a timely manner after an incident has occurred?

Question347: The BEST time to ensure that a corporation acquires secure software products when outsourcing software development is during:

Question348: Which of the following measures BEST indicates an improvement in the information security program to stakeholders?

Question349: Which of the following approaches is BEST for selecting controls to minimize information security risks?

Question350: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:

Question351: An organization has established information security policies, but the information security the MOST likely reason for this situation?

Question352: When implementing information security in system development projects, which of the following is the MOST effective approach for an information security manager with limited resources?

Question353: An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST"

Question354: An information security manager is reviewing a contract with a third-party service provider. Which of the following issues should be of MOST concerm?

Question355: Which of the following is the MOST important consideration m a bring your own device (BYOD) program to protect company data in the event of a loss?

Question356: Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

Question357: Which of the following is MOST critical when creating an incident response plan?

Question358: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?

Question359: Which of the following is MOST effective in reducing the financial impact following a security breach leading to data disclosure9?

Question360: An organization has experienced a ransomware attack. Which of the following is the BEST course of action to prevent further attacks?

Question361: Which of the following would present the GREATEST challenge to integrating information security governance into corporate governance?

Question362: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Question363: Which of the following is MOST important to enable after completing action plan?

Question364: Which of the following is the PRIMARY role of a data custodian?

Question365: Which of the following is the MOST important reason for performing a risk analysis?

Question366: What is the BEST way for a customer to authenticate an e-commerce vendor?

Question367: Which of the following is the PRIMARY benefit of using a tabletop method to conduct an incident response exercise?

Question368: When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Question369: Which of the following is MOST helpful when justifying the funding required for a compensating control?

Question370: A business impact analysis (BIA) should be periodically executed PRIMARILY to:

Question371: Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

Question372: Who should be PRIMARILY responsible for defining a security asset classification scheme?

Question373: In a large organization, defining recovery time objectives (RTOs) is PRIMARILY the responsibility of;

Question374: Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Question375: An information security manager wants to implement a security Information and event management (SIEM) system that will aggregate log data from all systems that control perimeter access. Which of the following would BEST support the business case for this initiative to senior management?

Question376: When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?

Question377: Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Question378: Which of the following should provide the PRIMARY justification to approve the implementation of a disaster recovery (DR) site on the recommendation of an external audit report?

Question379: An organization is considering moving one its critical business application to a cloud hosting service. The cloud provider may not provider the same level of security for its application as the organization. Which of the following will provide the BEST information to help maintain the security posture?

Question380: Which of the following should be an information security manager's PRIMARY consideration when developing an incident response plan?

Question381: Which of the following BEST demonstrates the performance of the information security program to Key stakeholders?

Question382: Which of the following would MOST likely require a business continuity plan to be invoked'

Question383: Which of the following is the BEST way to determine if an organization's current risk level is within the risk appetite?

Question384: A hacking group has posted an organization's employee data on social media. What should the information security manager do FIRST?

Question385: A business manager has decided not to implement a control based on the risk assessment of a mission-critical business application because of its impact on performance. What is the information security manager's BEST course of action'?

Question386: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

Question387: An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective To include in this presentation?

Question388: Which of the following is the GREATEST risk associated with the head of information security reporting to the chief information officer (CIO)?

Question389: An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?

Question390: The criticality of an information asset is derived from its:

Question391: Which of the following is MOST important to consider when developing a security awareness program in an organization?

Question392: To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:

Question393: Which of the following should be the FIRST step of incident response procedures?

Question394: An information security manager is asked to provide evidence that the organization is fulfilling its legal obligation to protect personal identifiable information (Pll). Which of the f<

Question395: In the development of an information security strategy, recovery time objectives (RTOs) will serve as indicators of:

Question396: During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Question397: Which of the following is the BEST reason for delaying the application of a critical security patch?

Question398: Which of the following is MOST important to building an effective information security program?

Question399: Which of the following is MOST important to the successful development of an information security strategy?

Question400: An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?

Question401: Which of the following is the FIRST step required to achieve effective performance measurement?

Question402: A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?

Question403: An IT department is having difficulty controlling the installation and use of unauthorized software that is in breach of organizational policy. Which of the following is the MOST effective solution?

Question404: Which of the following is the MOST important driver when developing an effective information security strategy?

Question405: What is the PRIMARY objective of assigning classifications to information assets?

Question406: Which of the following is the MOST effective way to motivate staff members to fulfill their information security responsibilities?

Question407: Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?

Question408: The BEST way to obtain funding from senior management for a security awareness program is to:

Question409: Which of the following is the MOST effective way to detect security incidents?

Question410: Which of the following is MOST important for an information security manager to present to senior management on a regular basis?

Question411: Which of the following would MOST effectively help to restrict sensitive data from being transmitted outside the organization?

Question412: The effectiveness of security awareness programs in fostering positive security cultures is MOST dependent upon employee:

Question413: Which of the following is the MOST important consideration when designing a disaster recovery test?

Question414: An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?

Question415: A system administrator failed to report a security incident where the critical application server was not available to the business users. Which of the following is the BEST way to prevent a reoccurrence?

Question416: Which of the following types of controls would be MOST important to implement when digitizing human resource (HR) records?

Question417: Which of the following is the FlRST step to promoting acceptable behavior with regard to information security throughout an organization?

Question418: Which of the following circumstances would MOST likely require a review and update to an organization's information security incident response plan?

Question419: Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?

Question420: Web-server security can BEST be enhanced by:

Question421: Which is MOST important to enable a timely response to a security breach?

Question422: Which of the following is the BEST method to obtain senior management buy-in for an information security investment?

Question423: Which of the following is MOST important for the effectiveness of an incident response function?

Question424: Which of the following is the BEST way to define responsibility for information security throughout an organization?

Question425: What should an information security team do FIRST when notified by the help desk that an employee's computer has been infected with ma I ware?

Question426: Which of the following is the PRIMARY objective of the incident management process?

Question427: Which of the following is MOST important for effective communication during incident response?

Question428: An organization is considering a self-service solution for the deployment of virtualized development servers. Which of the following should be information security manager's PRIMARY concern?

Question429: What should an information security manager do FIRST upon learning that the third-party provider responsible for a mission-critical process is subcontracting critical functions to other providers?

Question430: Which of the following is the PRIMARY reason to include message templates for communications with external parties in an incident response plan?

Question431: An information security manager has implemented an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

Question432: Which of the following should be the PRIMARY consideration when selecting a recovery site?

Question433: Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?

Question434: Which of the following is the MAIN reason for integrating an organization's incident response plan with its business continuity process?

Question435: An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:

Question436: Which of the following should be the MOST important criteria when defining data retention policies?

Question437: Which of the following is the BEST methodology to manage access nghts?

Question438: Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

Question439: An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail Which of the following poses the GREATEST risk to the organization related to This event?

Question440: Which of the following BEST supports effective information security governance"*

Question441: Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?

Question442: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:

Question443: When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:

Question444: An organization plans to acquire and implement a new web-based solution to enhance service functionality. Which of the following is the BEST way to ensure that information handled by the solution is secure?

Question445: Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

Question446: Which of the following is the PRIMARY reason an information security strategy should be deployed across an organization?

Question447: Which of the following is the MOST effective preventive control?

Question448: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question449: Which of the following is MOST important to consider when developing a business case to support the investment In an information security program?

Question450: An organization has launched a new function on its company website to enable customers to purchase products online using credit cards Which of the following will BEST help to ensure credit card information is secure? The credit card information is

Question451: Which of the following would contribute MOST to employees' understanding of data handling responsibilities?

Question452: Which of the following factors is MOST likely to increase the chances of a successful social engineering attack?

Question453: It is MOST important tot an information security manager to ensure that security risk assessments are performed:

Question454: Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?

Question455: Which of the following incident response team (IRT) models is ideal for an organization that is regionally managed'

Question456: Which of the following is MOST important to determine before developing information security program metrics?

Question457: Which of the following BEST indicates that information security will be considered when new IT technologies are implemented across an organization?

Question458: The MOST effective control to detect fraud inside an organization's network is to:

Question459: Which of the following is the FIRST step in developing a business continuity plan (BCPY}?

Question460: What is the BEST way to reduce the impact of a successful ransomware attack?

Question461: The PRIMARY role of an information security steering group is to ensure that:

Question462: Which of the following is MOST helpful in securing funding for a commercial vulnerability assessment tool?

Question463: The likelihood of a successful intrusion is a function of

Question464: A core business function has created a significant risk. Budget constraints do not allow for effective remediation. Who should be accountable for selecting the appropriate risk treatment?

Question465: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?

Question466: Which of the following is the BEST method for management to obtain assurance of compliance with its security policy?

Question467: Which of the following presents the GREATEST information security concern when deploying an identity and access management solution?

Question468: Which of the following is the BEST way to improve the timely reporting of information security incidents?

Question469: The information security team has determined an additional security solution is needed to enhance the organization's security posture What should the information security manager do NEXT to move forward with this initiative?

Question470: A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?