Question1: Which of the following should be an information security manager's PRIMARY role when an organization initiates a data classification process?
Question2: Which of the following would contribute MOST to employees' understanding of data handling responsibilities?
Question3: It is suspected that key emails have been viewed by unauthorized parties. The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing.
Which of the following is the BEST recommended course of action to senior management?
Question4: There are concerns that security events are not reported to management in a timely manner. To address this situation which of the following is MOST important to review?
Question5: Which of the following is the MOST effective way to identify changes in an information security environment?
Question6: Which of the following is MOST important for an information security manager to include in a report to senior management following a post-incident review?
Question7: Which of the following architectures for e-business BEST ensures high availability?
Question8: Senior management learns of several web application security incidents and wants to know the exposure risk to the organization. What is the information security manager's BEST course of action?
Question9: Which of the following is BEST performed by the security department?
Question10: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?
Question11: Which of the following is the FIRST step when defining and prioritizing security controls to be implemented under an information security program?
Question12: After logging in to a web application, additional authentication is required at various application points. Which of the following is the PRIMARY reason for such an approach?
Question13: Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a publicly facing .....
Question14: A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?
Question15: Which of the following should be the FIRST step to ensure an information security program meets the requirements of new regulations?
Question16: When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?
Question17: Which of the following would be MOST effective in preventing malware from being launched through an email attachment?
Question18: Which of the following is MOST helpful to management in determining whether risks are within an organization's tolerance level?
Question19: An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?
Question20: Which of the following is the MOST important outcome of testing incident response plans?
Question21: Which of the following is the PRIMARY reason social media has become a popular target for attack?
Question22: Which of the following is MOST important to the effectiveness of an information security steering committee?
Question23: An organization us& a particular encryption protocol for externally facing web pages and key financial services. A security firm publicizes a critical security flaw in the encryp manager do FIRST?
Question24: An IT department is having difficulty controlling the installation and use of unauthorized software that is in breach of organizational policy. Which of the following is the MOST effective solution?
Question25: Which of the following would provide the BEST justification for a new information security investment?
Question26: Which of the following should be of MOST influence to an information security manager when developing IT security policies?
Question27: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
Question28: Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?
Question29: An information security steering group should:
Question30: Which of the following is the MOST important objective of testing a security incident response plan?
Question31: Which of the following is MOST helpful in integrating information security governance with corporate governance?
Question32: An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?
Question33: When outsourcing application development to a third party, which of the following is the BEST way to ensure the organization's security requirements are met?
Question34: An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
Question35: Which of the following is MOST relevant for an information security manager to communicate to IT operations?
Question36: An internal security audit has reported that authentication controls are not operating effectively. Which of the following is MOST important to c management?
Question37: Risk management is MOST cost-effective;
Question38: The FIRST step in establishing an information security program is to:
Question39: Which of the following is MOST helpful for prioritizing the recovery of IT assets during a disaster?
Question40: When integrating information security requirements into software development, which of the following practices should be FIRST in the development lifecycle?
Question41: After a server has been attacked, which of the following is the BEST course of action?
Question42: Which of the following is MOST important to consider when determining the effectiveness of the Information security governance program?
Question43: When developing an incident response plan, the information security manager should:
Question44: Segregation of duties is a security control PRIMARILY used to:
Question45: The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:
Question46: Which of the following BEST facilitates the development of a comprehensive information security policy?
Question47: Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?
Question48: Which of the following BEST determines an information asset's classification?
Question49: The MOST important reason to use a centralized mechanism to identify information security incidents is to:
Question50: Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?
Question51: Which of the following is the information security manager's PRIMARY role in the information assets classification process?
Question52: Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
Question53: Which of the following is MOST likely to increase end user security awareness in an organization?
Question54: An organization has announced company-wide budget cuts due to poor financial performance, impacting delivery of the information security program. What should the information security manager do FIRST?
Question55: An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?
Question56: The PRIMARY reason for using information security metrics is to:
Question57: Which of the following is the MOST important reason to have documented security procedures and guidelines?
Question58: To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:
Question59: An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization 5 FIRST action?
Question60: An organization's information security manager has learned that similar organizations have become increasingly susceptible to spear phishing attacks. What is the BEST way to address this concern?
Question61: The success of a computer forensic investigation depends on the concept of:
Question62: An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
Question63: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?
Question64: Which of the following is the BEST reason to develop comprehensive information security policies?
Question65: An information security manager has observed multiple exceptions for a number of different security controls.
Which of the following should be the information security manager's FIRST course of action?
Question66: Which of the following is MOST important to consider when handling digital evidence during the forensics investigation of a cybercrime?
Question67: Which of the following is the BEST way to provide management with meaningful information regarding the performance of the information security program against strategic objectives?
Question68: Which of the following should be the MOST important consideration when reporting sensitive risk-related information to stakeholders?
Question69: Which of the following would BEST ensure thai security risk assessment is integrated into the life cycle of major IT projects
Question70: Which of the following is the MOST effective way to protect the authenticity of data in transit?
Question71: An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?
Question72: Human resources is evaluating potential Software as a Service (SaaS) cloud services, Which of the following should the information security manager do FIRST to support..
Question73: Which of the following should be the PRIMARY outcome of an information security program'?
Question74: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:
Question75: Which of the following should be done FIRST when considering a new security initiative?
Question76: Which of the following is the MOST important outcome of monitoring and reporting on information security processes?
Question77: Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?
Question78: Which of the following should be PRIMARILY included in a security training program for business process owners?
Question79: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?
Question80: A corporate web site has become compromised as a result of a malicious attack. Which of the following should the information security manager do FIRST?
Question81: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?
Question82: During the establishment of a service level agreement (SLA) with a cloud service provider, it is MOST important for the information security manager to:
Question83: Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?
Question84: What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?
Question85: The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present
Question86: The PRIMARY reason to classify information assets should be to ensure
Question87: When an operating system is being hardened, it is MOST important for an information security manager to ensure that
Question88: An information security manager finds that corporate information has been stored on a public cloud storage site for business collaboration purposes. Which of the following should be the manager's FIRST action?
Question89: Which of the following is the MOST important consideration when developing an incident management program?
Question90: An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?
Question91: Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?
Question92: Which of the following BEST supports the alignment of information security with business functions?
Question93: A new organization has been hit with a ransomware attack that is critically impacting its business operations.
The organization does not yet have a proper incident response plan, but it does have a backup procedure for restoration of data. Which of the following should be the FIRST course of action?
Question94: An organization plans to acquire and implement a new web-based solution to enhance service functionality.
Which of the following is the BEST way to ensure that information handled by the solution is secure?
Question95: Which of the following is the MOST beneficial outcome of testing an incident response plan?
Question96: An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet, following stakeholders should be contacted FIRST?
Question97: What is the BEST way to manage access to data and applications for large user bases?
Question98: A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?
Question99: Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Question100: Which of the following is MOST critical for responding effectively to security breaches?
Question101: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?
Question102: The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:
Question103: The MOST important reason to maintain metrics for incident response activities is to
Question104: Which of the following BIST validates that security controls are implemented in a new business process?
Question105: An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:
Question106: Which of the following is the MOST effective approach for integrating security into application development?
Question107: Which of the following is the MOST effective way to ensure the development of an application system will align with organizational security standards?
Question108: Which of the following is the MOST important delivery outcome of information security governance?
Question109: An organization is planning to create a website that will collect site-visitor details from around the world and use them as marketing lists for operations in several countries. Which of the following should be of MOST concern to the information security manager?
Question110: Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?
Question111: Which of the following factors is MOST likely to increase the chances of a successful social engineering attack?
Question112: The BEST way to improve the effectiveness of responding to and communicating security incidents is to ensure:
Question113: Which of the following practices BEST supports the achievement of information security program objectives in the IT function?
Question114: An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?
Question115: Which of the following is the GREATEST benefit of information asset classification to an organization?
Question116: Key systems necessary for branch operations reside at corporate headquarters. Branch A is negotiating with a third party to provide disaster recovery facilities. Which of the following contract terms would be the MOST significant concern?
Question117: Which of the following should be established FIRST when implementing an information security governance framework?
Question118: The PRIMARY objective of periodically testing an incident response plan should be to:
Question119: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:
Question120: When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?
Question121: Which of the following is the FIRST step required to achieve effective performance measurement?
Question122: Which of the following is MOST useful to help hold vendors accountable for security practices?
Question123: When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure that the:
Question124: What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?
Question125: Which of the following is MOST important lo track for determining the effectiveness of an information security program?
Question126: Which of the following is the FIRST step in developing a disaster recovery plan (DRP)?
Question127: An information security manager is reviewing the impact of a regulation on the organization's human resources system. The NEXT course of action should be to:
Question128: Which of the following is MOST important for effective communication during incident response?
Question129: The risk of mishandling alerts identified by an intrusion detection system (lDS) would be the GREATEST when:
Question130: The MOST important factors in determining the scope and timing for testing a business continuity plan are:
Question131: Which of the following is the BEST method to protect consumer private information for an online public website?
Question132: Which of the following information security metrics would be MOST meaningful to executive management in assessing the effectiveness of the information security strategy?
Question133: Which of the following would be the MOST effective incident response team structure for an organization with a large headquarters and worldwide branch offices?
Question134: Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
Question135: An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tables contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?
Question136: When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:
Question137: For workstations used to facilitate a forensic investigation it is MOST important to ensure
Question138: Which of the following provides the BEST evidence that a control is being applied effectively?
Question139: A team developing an interface to a key financial system has identified a security flaw in one of the libraries.
Remediating the flaw would require major system redesign. What should the information security manager do NEXT?
Question140: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours.
The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:
Question141: Management is questioning the need for several items in the information security budget proposal. Which of the following would have been MOST helpful prior to budget submission?
Question142: Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Question143: Which of the following is the MOST important influence to the continued success of an organization's information security strategy?
Question144: Which of the following is MOST important when carrying out a forensic examination of a laptop to determine an employee s involvement in a fraud?
Question145: Which of the following is the MOST important factor of a successful information security program?
Question146: Which of the following provides the BEST opportunity to evaluate the capabilities of incident response team members?
Question147: Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?
Question148: Which of the following is a PRIMARY responsibility of an information security governance committee'
Question149: Which of the following is MOST helpful in identifying external and internal factors that could influence the organization's future information security posture?
Question150: An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior managements.
Question151: To minimize security exposure introduced by changes to the IT environment, which of the following is MOST important to implement as part of change management?
Question152: The chief information security officer (ClSO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy Which of the following is the MOST likely reason?
Question153: To implement a security framework, an information security manager must FIRST develop:
Question154: An investigation of a recent security incident determined that the root cause was negligent handling of incident alerts by system administrators. What is the BEST way for the information security manager to address this issue?
Question155: Which of the following is the BEST reason for delaying the application of a critical security patch?
Question156: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?
Question157: When scoping a risk assessment, assets need to be classified by:
Question158: An intrusion prevention system (IPS) has reported a significant increase in the number of hacking attempts over the past month, though no systems have actually been compromised. Which of the following should the information security manager do FIRST?
Question159: Which of the following is MOST effective against system intrusions?
Question160: When training an incident response team, the advantage of using tabletop exercises is that they:
Question161: When granting a vendor remote access to a system, which of the following is the MOST important consideration?
Question162: Which of the following BEST enables effective information security governance9
Question163: A policy has been established requiting users to install mobile device management (MDM) software on their personal devices Which of the following would BEST mitigate the risk created by noncompliance with this policy?
Question164: Which of the following is the MOST effective method for categorizing system and data criticality during the risk assessment process?
Question165: Which aspect of an incident response plan will MOST effectively help to limit reputational damage when multiple media services are seeking a response following a major security breach?
Question166: An organization is considering the deployment of encryption software and systems organization-wide.
The MOST important consideration should be whether:
Question167: After undertaking a security assessment of a production system, the information security manager is MOST likely to:
Question168: An information security manager has researched several options for handling ongoing security concerns and will be presenting these solutions to business managers. Which of the following with BEST enable business managers to make an informed decision?
Question169: Who should be responsible for determining the classification of data within a database used in conjunction with an enterprise application?
Question170: Which of the following is the MOST important requirement for the successful implementation of security governance?
Question171: Which of the following BEST supports the incident management process for attacks on an organization' s supply chain?
Question172: Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?
Question173: Reviewing which of the following would provide the GREATEST Input to the asset classification process?
Question174: \Which of the following is MOST important to emphasize when presenting cyber attack information to gain Senior management support for control enhancements?
Question175: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?
Question176: The PRIMARY reason for implementing scenario-based training for incident response is to:
Question177: Business units within an organization are resistant to proposed changes to the information security program.
Which of the following is the BEST way to address this issue?
Question178: An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:
Question179: Which of the following BEST measures the effectiveness of an organization's information security strategy?
Question180: In a large organization, which of the following is the BEST source for identifying ownership of a PC?
Question181: For which of the following is it MOST important that system administrators be restricted to read-only access?
Question182: Which of the following is the MOST important consideration when selecting members for an information security steering committee?
Question183: When developing metrics related to an organization's information security program, what information will provide the MOST value to enable strategic decision-making?
Question184: Which of the following BEST indicates senior management support for an information security program?
Question185: Which of the following activities should be performed by someone other than the system administrator to ensure a secure audit trail?
Question186: What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?
Question187: Which of the following is the BEST methodology to manage access rights?
Question188: When developing security standards, which of the following would be MOST appropriate to include?
Question189: When a security weakness is detected at facilities provided by an IT service provider, which of the following tasks must the information security manager perform FIRST?
Question190: Which of the following would provide the MOST comprehensive view of the effectiveness of the information security function within an organization?
Question191: Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?
Question192: What is the BEST way to reduce the impact of a successful ransomware attack?
Question193: The MOST important reason for an information security manager to be involved in the change management process is to ensure that:
Question194: Which of the following outsourced services has the GREATEST need for security monitoring?
Question195: Which of the following is MOST helpful for aligning security operations with the IT governance framework?
Question196: Vulnerability scanning has detected a critical risk in a vital business application. Which of the following should the information security manager do FIRST?
Question197: An information security manager suspects that the organization has suffered a ransomware attack. What should be done FIRST
Question198: Which of the following would BEST ensure that application security standards are in place?
Question199: An organization has selected an internationally recognized information security framework. Which of the following should be the PRIMARY basis for prioritizing the creation of related policies?
Question200: A regulatory compliance issue has been identified in a critical business application, but remediating the issue would significantly impact business operations. What information would BEST enable senior management to make an informed decision?
Question201: The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?
Question202: An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?
Question203: Which of the following processes is the FIRST step in establishing an information security policy?
Question204: What should be information security manager's FIRST course of action when it is discovered a staff member has been posting corporate information on social media sites?
Question205: Which of the following is the MOST effective way to ensure the information security risk associated with third-party services is addressed?
Question206: Which of the following is MOST effective in reducing the financial impact following a security breach leading to data disclosure9?
Question207: Who should have PRIMARY responsibility for authorizing access to data residing in an enterprise resource application?
Question208: An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
Question209: The likelihood of a successful intrusion is a function of
Question210: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?
Question211: Which of the following is the MOST important reason for logging firewall activity?
Question212: Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?
Question213: A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization's information?
Question214: Which of the following BEST enables an effective escalation process within an incident response program?
Question215: An organization has remediated a security flaw in a system Which of the following should be done NEXT?
Question216: Which of the following BEST demonstrates the effectiveness of the vulnerability management process?
Question217: Which of the following is the MOST important consideration when establishing an information security governance framework?
Question218: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?
Question219: For a business operating in a competitive and evolving online market, it is MOST important for a security policy to focus on:
Question220: The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:
Question221: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?
Question222: Which of the following is the MOST significant benefit of effective change management?
Question223: Threat and vulnerability assessments are important PRIMARILY because they are:
Question224: Which of the following is the GREATEST risk of single sign-on?
Question225: Which of the following is the PRIMARY reason for conducting post-incident reviews?
Question226: Which of the following is the PRIMARY role of the information security manager in application development?
To ensure:
Question227: The MOST effective way to determine the resources required by internal Incident response teams is to
Question228: Which of the following is MOST important to implement when using a service account for infrastructure administration?
Question229: Which of the following should an information security manager do FIRST upon learning that a data loss prevention (DLP) scanner has identified payment card information (PCI) stored in cleartext within accounting file shares?
Question230: Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
Question231: Which of the following is the MOST effective way to communicate information security risk to senior management?
Question232: Which of the following is MOST relevant for an information security manager to communicate to business units?
Question233: Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?
Question234: When is the BEST time to identify the potential regulatory risk a new service provider presents to the organization?
Question235: Which of the following is the MOST important reason for an organization to develop an information security governance program?
Question236: Which of the following should be communicated FIRST to senior management once an information security incident has been contained?
Question237: Which of the following is the PRIMARY benefit of using a tabletop method to conduct an incident response exercise?
Question238: An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager s FIRST course of action?
Question239: Which of the following should be the PRIMARY consideration when selecting a recovery site?
Question240: Which of the following is the BEST way for senior leadership to demonstrate commitment for an effective Information security strategy?
Question241: The BEST way to avoid session hijacking is to use:
Question242: When establishing an information security strategy, which of the following activities Is MOST helpful in Identifying critical areas to be protected?
Question243: An organization's information security manager will find it MOST difficult to perform a post-incident review of a data leakage event when it is related to:
Question244: Which of the following would provide nonrepudiation of electronic transactions?
Question245: An online trading company discovers that a network attack has penetrated the firewall What should be the information security manager's FIRST response?
Question246: An information security manager s PRIMARY objective for presenting key risks to the board of directors is to:
Question247: When developing an information security strategy, the MOST important requirement is that:
Question248: Which of the following should be the PRIMARY consideration when developing a security governance framework for an enterprise?
Question249: Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?
Question250: Which of the following processes BEST supports the evaluation of incident response effectiveness?
Question251: Which of the following is the MOST important part of an incident response plan?
Question252: Who should be PRIMARILY responsible for defining a security asset classification scheme?
Question253: Which of the following is MOST important to consider when developing a business continuity plan (BCP)?
Question254: Which of the following is MOST important to building an effective information security program?
Question255: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?
Question256: Which of the following has the PRIMARY responsibility of ensuring an organizations information security strategy supports business goals?
Question257: Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?
Question258: Which of the following is the BEST indication that information security is integrated into corporate governance?
Question259: An organization must meet rigorous breach reporting standards in order to comply with regulatory requirements. Which of the following is the BEST way to minimize the organization's financial exposure if a service provider experiences a breach?
Question260: An information security team has identified traffic from a device to a known malicious IP. Which of the following should be the team's FIRST course of action to address this issue?
Question261: Which of the following is the MOST effective mechanism for communicating risk status and trends to senior management?
Question262: Which of the following should be an information security manager's FIRST course of action if notified by a third party that the organization's client data is being sold online?
Question263: An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?
Question264: Which of the following is the MOST important outcome of senior management's analysis of information security metrics?
Question265: A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:
Question266: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
Question267: The MOST important reason to have a well-documented and tested incident response plan in place is to:
Question268: Which of the following BEST ensures timely and reliable access to services?
Question269: An awareness program is implemented to mitigate the risk of infections introduced through the use of social media Which of the following will BEST determine the effectiveness of the awareness program''
Question270: What is the MOST important factor for determining prioritization of incident response?
Question271: Which of the following would provide the BEST evidence to senior management that security control performance has improved?
Question272: Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?
Question273: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:
Question274: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?
Question275: Which of the following is the KST way to align security and business strategies?
Question276: When creating security baselines, it is MOST important to:
Question277: Which of the following is the MOST important characteristic of an effective security policy?
Question278: Adding security requirements late in the software development life cycle (SDLC) would MOST likely result in:
Question279: An organization has a policy in which all criminal activity is prosecuted. What is MOST important for the information security manager to ensure when an employee is suspected of using a company computer to commit fraud?
Question280: Which of the following metrics provides the BEST indication of the effectiveness of a security awareness campaign?
Question281: The PRIMARY focus of a training curriculum for members of an incident response team should be:
Question282: The PRIMARY purpose of implementing information security governance metrics is to:
Question283: An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to:
Question284: After a security incident has been contained, which of the following should be done FIRST?
Question285: Which of the following defines the minimum security requirements that a specific system must meet?
Question286: Which of the following is the MOST relevant risk factor to an organization when employees use social media?
Question287: A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?
Question288: Application data integrity risk would be MOST directly addressed by a design that includes:
Question289: When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organizations security steering committee?
Question290: Which of the following would be MOST helpful to identify security incidents in a timely manner?
Question291: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?
Question292: Which of the following is the GREATEST benefit of a comprehensive set of security program metrics?
Question293: What is the PRIMARY benefit to executive management when audit risk, and security functions are aligned?
Question294: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?
Question295: The business advantage of implementing authentication tokens is that they:
Question296: In an organization with effective IT risk management, the PRIMARY reason to establish key risk indicators (KRIs) is to:
Question297: Which of the following is the BEST reason to reassess risk following an incident?
Question298: Which of the following BEST enables an information security manager to communicate the capability of security program functions?
Question299: The BEST way for an information security manager to understand the critically of an online application is to perform a
Question300: A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:
Question301: What is the PRIMARY purpose of an unannounced disaster recovery exercise?
Question302: Which of the following is MOST important to help ensure an intrusion prevention system (IPS) can view all traffic in a demilitarized zone (DMZ)?
Question303: Which of the following BEST protects against phishing attacks?
Question304: Which of the following is the MOST effective way to detect social engineering attacks?
Question305: When considering whether to adopt bring your own device (BYOD). it is MOST important for the information security manager to ensure that
Question306: What should an information security manager do FIRST upon learning that the third-party provider responsible for a mission-critical process is subcontracting critical functions to other providers?
Question307: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
Question308: When developing a new system, detailed information security functionality should FIRST be addressed:
Question309: Which of the following approaches is BEST for selecting controls to minimize information security risks?
Question310: The MAIN reason for an information security manager to monitor industry level changes in the business and IT is to:
Question311: The MOST important reason that security risk assesements should be conducted frequently through an organization is because:
Question312: To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that security.
Question313: Which of the following should be the PRIMARY factor in prioritizing responses to a security incident?
Question314: Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
Question315: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
Question316: Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?
Question317: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?
Question318: A core business function has created a significant risk. Budget constraints do not allow for effective remediation. Who should be accountable for selecting the appropriate risk treatment?
Question319: A third-party service provider is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security management.
Question320: Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?
Question321: An organization has purchased a security Information and event management (SIEM) tool. Which of the following is MOST important lo consider before implementation?
Question322: Which of the following would provide nonrepudiation of electronic transactions?
Question323: Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?
Question324: Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?
Question325: In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?
Question326: Which activity is MOST important when identifying the appropriate security controls for a new business application?
Question327: Which of the following is MOST important to ensuring an incident response team has the necessary authorization to perform its role?
Question328: In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:
Question329: Due to recent cyber-attacks on industry peers, an organization has decided to create a separate Internal network to reduce the risk of similar attacks. Which of the following should the Information security manager do FIRST?
Question330: For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?
Question331: Which of the following is the MOST significant security risk in IT asset management?
Question332: The PRIMARY goal of a post-incident review should be to
Question333: The MOST important reason to maintain key risk indicators (KRIs) is that:
Question334: Which of the following BEST supports effective information security governance"*
Question335: An information security manager has been made aware that implementing a control would have an adverse impact to the business. The business manager has suggested accepting the risk. The BEST course of action by the information security manager would be to:
Question336: An organization which uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:
Question337: The MOST important objective of security awareness training for business staff is to:
Question338: Which of the following is the MOST effective method for assessing the effectiveness of a security awareness program?
Question339: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?
Question340: Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?
Question341: Which of the following would BEST enable an information security manager to provide monthly status on the health of the information security environment to senior management?
Question342: An information security manager is concerned about the risk of fire at its data processing center To address this concern, an automatic fire suppression system has been installed Which of the following risk treatments has been applied?
Question343: While auditing a data center's IT architecture, an information security manager discovers that required encryption for data communications has not been implemented. Which of the following should be done NEXT?
Question344: An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the BEST way to address this situation?
Question345: Which of the following provides the MOST relevant evidence of incident response maturity?
Question346: Mitigating technology risks to acceptable levels should be based PRIMARILY upon:
Question347: Which of the following is MOST relevant for an information security manager to communicate to the board of directors?
Question348: Which of the following should be the PRIMARY goal of an Information security manager when designing Information security policies?
Question349: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Question350: The BEST way to identify the risk associated with a social engineering attack is to
Question351: Which of the following is the BEST way to ensure that Incidents are Identified and reported?
Question352: An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?
Question353: Which of the following is the MOST effective way to help ensure information security programs are aligned with business objectives?
Question354: Which of the following is the BEST way to rigorously test a disaster recovery plan for a mission-critical system without disrupting business operations?
Question355: Which of the following is the BEST approach for determining the maturity level of an information security program?
Question356: Which of the following should be the FIRST step when creating an organization's bring your own device (BYOD) program?
Question357: An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:
Question358: An organization has decided to migrate a customer facing on-premise application to a cloud provider. Which of the following would be MOST helpful when assessing the proposed data backup requirements prior to the migration?
Question359: Which of the following provides the GREATEST assurance that information security is addressed in change management?
Question360: An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?
Question361: An email digital signature will:
Question362: An audit reveals that some of an organizations software is end-of-life and the vendor will no longer provide support or security patches. Which of the following is the BEST way for the information security manager to address this situation?
Question363: Which of the following would BEST enable integration of information security governance into corporate governance?
Question364: What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?
Question365: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
Question366: Which of the following devices, when placed in a demilitarized zone (DMZ). would be considered a significant exposure?
Question367: Which of the following is the BEST mechanism to prevent data loss in the event personal computing equipment is stolen or lost?
Question368: An organization engages 4 third-party vendor to monitor and support a financial application under scrutiny by regulators. Maintaining strict data integrity and confidentiality for this application is critical to the business. Which of the following controls would MOST effectively manage risk to the organization?
Question369: Which of the following should be the MOST important consideration when implementing an information security framework?
Question370: Which of the following is MOST important for an information security manager to highlight when presenting the organization s security posture to an executive audience?
Question371: An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?
Question372: From a business perspective the MOST important function of information security is to support:
Question373: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?
Question374: What is the MOST important role of an organization's data custodian in support of the information security function?
Question375: An organization has decided to implement a security information and event management (SIEM) system. It is MOST important for the organization to consider:
Question376: Which of the following would BEST help an information security manager justify the implementation ofa security information and event management (SIEM) system?
Question377: Which of the following BEST enables a more efficient incident reporting process?
Question378: Which of the following is the BEST method to ensure compliance with password standards?
Question379: Which of the following is the BEST way to prevent employees from making unauthorized comments to the media about security incidents in progress?
Question380: The BEST way to obtain funding from senior management for a security awareness program is to:
Question381: Which of the following will BEST ensure that risk is evaluated on system level changes?
Question382: For an organization with operations in different parts of the world, the BEST approach for ensuring that security policies do not conflict with local laws and regulations is to:
Question383: Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?
Question384: Penetration testing is MOST appropriate when a:
Question385: Which of the following is the BEST way for an Information security manager to gain wider acceptance for an information security policy that is perceived as restrictive?
Question386: When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:
Question387: Which of the following is the PRIMARY responsibility of the information security manager when an organization implements the use of personally-owned devices on the corporate network?
Question388: A business unit manager wants to adopt an emerging technology that may affect the organization. Which of the following would be the information security manager's BEST course of action?
Question389: What is the PRIMARY objective of triage within the incident response process?
Question390: An organization's operations have been significantly impacted by a cyber attack resulting in data loss. Once the attack has been contained, what should the security team.
Question391: Which of the following should be the PRIMARY basis for determining risk appetite?
Question392: Which of the following provides the GREATEST assurance that an organization allocates appropriate resources to respond to information security events?
Question393: Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:
Question394: Which of the following is an organization's BEST approach for media communications when experiencing a disaster?
Question395: An information security program should be established PRIMARILY on the basis of:
Question396: The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?
Question397: In addition to cost what is the BEST criteria for selecting countermeasures following a risk assessment?
Question398: Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?
Question399: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
Question400: An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
Question401: Which of the following is the BEST evidence of an effectively designed key risk indicator (KRI)?
Question402: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?
Question403: Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
Question404: During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?
Question405: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?
Question406: Which of the following would BEST enhance firewall security?
Question407: An information security manager is reviewing a contract with a third-party service provider. Which of the following issues should be of MOST concerm?
Question408: Which of the following is the FlRST step to promoting acceptable behavior with regard to information security throughout an organization?
Question409: The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process Is to:
Question410: Authorization can BEST be accomplished by establishing:
Question411: In which of the following situations is it MOST important to escalate an incident response to senior management?
Question412: Which of the following activities MUST be performed by an information security manager for change requests?
Question413: Which of the following is MOST important when prioritizing an information security incident?
Question414: Which of the following provides the BEST evidence that a recently established information security program is effective?
Question415: Which of the following is the FIRST task when determining an organization's information security profile?
Question416: Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?
Question417: An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders^ it is MOST important to establish:
Question418: An information security manager that is utilizing a public cloud is performing a root cause investigation of an incident that took place in that environment. Which of the following should be the security manager's MAIN concern?
Question419: Which of the following is MOST important to the successful development of an information security strategy?
Question420: Which of the following is MOST important to include when developing a business case for information security resources?
Question421: Which of the following is the BEST way to prevent segregation of duties violations?
Question422: Which of the following techniques is MOST useful when an incident response team needs to respond to external attacks on multiple corporate network devices?
Question423: Which of the following would BEST protect against web-based cross-domain attacks?
Question424: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?
Question425: Which of the following is the BEST method to obtain senior management buy-in for an information security investment?
Question426: Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?
Question427: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.
Question428: An information security manager has identified multiple areas of compliance risk that could subject the organization to significant penalties regarding the handling of personal data. Which of the following is the manager s BEST course of action?
Question429: An organization has established information security policies, but the information security the MOST likely reason for this situation?
Question430: The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:
Question431: Presenting which of the following to senior management will be MOST helpful in securing ongoing support for the information security strategy?
Question432: An organization is developing a disaster recovery plan (DRP) for a data center that hosts multiple applications The application recovery sequence would BEST be determined through an analysis of:
Question433: Which of the following metrics would be considered an accurate measure of an information security program's performance?
Question434: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?
Question435: While conducting a test of a business continuity plan (BCP). which of the following is the MOST important consideration?
Question436: Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?
Question437: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:
Question438: What is the BEST way for a customer to authenticate an e-commerce vendor?
Question439: Which of the following is the MOST likely outcome from the implementation of a security governance framework?
Question440: Which of the following is the PRIMARY purpose for defining key performance indicators (KPIs) for a security program?
Question441: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:
Question442: Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?
Question443: Cold sites for disaster recovery events are MOST helpful in situations in which a company:
Question444: An organizations ability to prevent a security incident In a Software as a Service (SaaS) cloud-com puling environment is MOST dependent on the:
Question445: Which of the following is the GREATEST risk associated with the head of information security reporting to the chief information officer (CIO)?
Question446: Which of the following will BEST enhance the privacy of data in transit for an online transaction system?
Question447: Which of the following would be MOST important to include in a business case to help obtain senior management's commitment for an information security investment?
Question448: Which of the following is MOST important to include in contracts with key third-party providers?
Question449: When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:
Question450: When creating an information security governance program, which of the following will BEST enable the organization to address regulatory compliance requirements?
Question451: When designing security controls, it is MOST important to:
Question452: Which of the following is the MOST important function of information security?
Question453: The MAIN objective of identifying and evaluating risk at each software development life cycle (SDLC) stage is to reduce the:
Question454: An information security manager has noticed a large number of security policy exceptions have been approved by business unit leaders. Which of the following would be the BEST course of action to address this situation?
Question455: Labeling information according to its security classification:
Question456: Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?
Question457: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification foi granting an exception to the policy?
Question458: Which of the following is the BEST criterion to use when classifying assets?
Question459: A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?
Question460: The MAIN reason for internal certification of web-based business applications is to ensure:
Question461: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?
Question462: Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?
Question463: An information security manager has identified and implemented mitigating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?
Question464: Which of the following is MOST important to consider when developing a disaster recovery plan?
Question465: Which of the following should be an information security managers FIRST course of action following a decision to implement a new technology?
Question466: A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:
Question467: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?
Question468: Which of the following is the BEST indication that an organization is able to comply with information security requirements?