Question1: Which of the following will BEST help to ensure security is addressed when developing a custom application?
Question2: Which of the following MOST effectively allows for disaster recovery testing without interrupting business operations?
Question3: Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?
Question4: The BEST way of establish a security baseline is by documenting
Question5: When training an incident response team, the advantage of using tabletop exercises is that they:
Question6: The selection of security controls is PRIMARILY linked to:
Question7: Which of the following is MOST helpful when justifying the funding required for a compensating control?
Question8: Which of the following metrics is the MOST appropriate for measuring how well information security is performing in dealing with outside attacks?
Question9: What is the PRIMARY purpose of an unannounced disaster recovery exercise?
Question10: Which of the following is the PRIMARY objective of defining a severity hierarchy for security incidents?
Question11: Which of the following is a PRIMARY responsibility of an information security governance committee?
Question12: When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:
Question13: Which of the following is the MOST effective way to detect security incidents?
Question14: Which of the following is the BEST way to integrate information security into corporate governance?
Question15: Which of the following is the BEST way to reduce the risk of a ransomware attack?
Question16: Exceptions to a security policy should be approved based PRIMARILY on:
Question17: An organization has announced company-wide budget cuts due to poor financial performance, impacting delivery of the information security program. What should the information security manager do FIRST?
Question18: An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organizations information security manager?
Question19: Which of the following is the GREATEST benefit of integrating a security information and event management (SIEM) solution with traditional security tools such as IDS, anti-malware. and email screening solutions?
Question20: To implement a security framework, an information security manager must FIRST develop:
Question21: Which of the following BEST indicates that an information security strategy is aligned to the business strategy?
Question22: Fingerprint biometrics are BEST used for:
Question23: During an emergency security incident, which of the following would MOST likely predict the worst-case scenario?
Question24: Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information security manager s NEXT step should be to:
Question25: Which of the following BEST enables an information security manager to assess the effectiveness of the information security program?
Question26: Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:
Question27: Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:
Question28: Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?
Question29: An information security manager terms that the root password of an external FTP server may be subject to brute force attacks. Which of the following would be the MOST appropriate way to reduce the likelihood of a successful attack?.
Question30: What is a potential issue when emails are encrypted and digitally signed?
Question31: Which of the following is the MOST likely outcome from the implementation of a security governance framework?
Question32: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Question33: Which of the following provides the BEST evidence that a control is being applied effectively?
Question34: Which of the following techniques is MOST useful when an incident response team needs to respond to external attacks on multiple corporate network devices?
Question35: What should an information security team do FIRST when notified by the help desk that an employee's computer has been infected with ma I ware?
Question36: A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?
Question37: Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?
Question38: The PRIMARY goal of a security infrastructure design is the:
Question39: An audit reveals that some of an organizations software is end-of-life and the vendor will no longer provide support or security patches. Which of the following is the BEST way for the information security manager to address this situation?
Question40: A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?
Question41: An information security manager is reviewing the business case for a security project that is entering the development phase It is determined that the estimates cost of the controls is now greater than the risk being mitigated. What is the information security manager's BEST recommendation?
Question42: An organization is concerned with the potential for exploitation of vulnerabilities in its server systerns. Which of the following is the BEST control to mitigate the associated risk?
Question43: Which of the following BEST enables effective information security governance?
Question44: In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOS important for the information security manager to ensure:
Question45: Which of the following is the MOST important reason to develop an organizational threat profile?
Question46: The PRIMARY objective of a risk response strategy should be:
Question47: The PRIMARY benefit of a centralized time server ts that it
Question48: Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?
Question49: Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?
Question50: Which of the following is the PRIMARY role of a data custodian?
Question51: Which of the following would MOST effectively communicate the benefits of an information security program to executive management?
Question52: A company is considering a new automated system that requires implementation of wireless devices for data capture. Even though wireless is not an approved technology, senior management has accepted the risk and approved a Proof-of-Concept (POC) to evaluate the technology and proposed solution. Which of the following is the information security manager's BEST course of action?
Question53: A business unit manager wants to adopt an emerging technology that may affect the organization. Which of the following would be the information security manager's BEST course of action?
Question54: What is the PRIMARY role of the information security program?
Question55: Which of the following is the PRIMARY objective of the incident management process?
Question56: A CEO requires that information security risk management is practiced at the organizational level through a central risk register. Which of the following is the MOST important reason to report a summary of this risk register to the board?
Question57: Which of the following incident response team (IRT) models is ideal for an organization that is regionally managed'
Question58: Which of the following is the FIRST step when defining and prioritizing security controls to be implemented under an information security program?
Question59: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:
Question60: What is the BEST way to determine the level of risk associated with information assets processed by an IT application?
Question61: Which of the following is MOST effective against system intrusions?
Question62: The MOST important objective of security awareness training for business staff is to:
Question63: Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?
Question64: Senior management has launched an enterprise-wide initiative to streamline internal processes to reduce costs, including security processes. What should the information security manager rely on MOST to allocate resources efficiently?
Question65: Which of the following processes would BEST aid an information security manager in resolving systemic security issues?
Question66: What should the information security manager do FIRST when end users express that new security controls are too restrictive?
Question67: Which of the following is MOST important to include in contracts with key third-party providers?
Question68: An organization is developing a disaster recover/ plan for a data center that hosts multiple applications. The application recovery sequence would BEST be determined through an analysis of:
Question69: Which of the following would BEST assist an information security manager in gaining strategic support from executive management?
Question70: Which of the following is the BEST way to increase the visibility of information security within an organization's culture?
Question71: Which of the following is MOST important for the effectiveness of an incident response function?
Question72: In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
Question73: A threat intelligence report indicates there has been a significant rise in the number of attacks targeting the industry. What should the information security manager do NEXT?
Question74: Which of the following is the MOST important factor of a successful information security program?
Question75: While conducting a test of a business continuity plan (BCP). which of the following is the MOST important consideration?
Question76: An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?
Question77: A senior executive asks the information security manager to bypass the organization's Internet traffic filters due to a business need.
Which of the following should be the information security manager's NEXT course of action?
Question78: Which of the following is MOST important to consider when determining the effectiveness of the Information security governance program?
Question79: An information security manager finds that corporate information has been stored on a public cloud storage site for business collaboration purposes. Which of the following should be the manager's FIRST action?
Question80: Which of the following is the BEST reason to reassess risk following an incident?
Question81: The BEST way to report to the board on the effectiveness of the Information security program is to present:
Question82: Which of the following is the BEST method to protect against data exposure when a mobile device is stolen?
Question83: Which of the following defines the triggers within a business continuity plan (BCP)?
Question84: An information security manager notes that security incidents are not
being appropriately escalated by the help desk after tickets are logged.
Which of the following is the BEST automated control to resolve this
issue?
Question85: In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:
Question86: An organization is considering whether to allow employees to use personal computing devices for business purposes To BEST facilitate senior management's decision, the information security manager should:
Question87: When establishing metrics for an information security program, the BEST approach is to identify indicators that:
Question88: Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?
Question89: Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
Question90: Which of the following should be the MOST important consideration when implementing an information security framework?
Question91: Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Question92: An organization is considering moving lo a cloud service provider for the storage of sensitive data Which of the following .... consideration FIRST?
Question93: Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?
Question94: When integrating information security requirements into software development, which of the following practices should be FIRST in the development lifecycle?
Question95: The BEST way to identify the risk associated with a social engineering attack is to An organization has acquired a company that manufactures Internet of Things (loT) devices What should the information security manager do NEXT?
Question96: From an Information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often related to
Question97: Senior management is concerned a security solution may not adequately protect its multiple global data centers following recent industry breaches. What should be done NEXT?
Question98: Which of the following is the MOST important factor to be considered when reviewing an information security strategy?
Question99: Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?
Question100: Which of the following provides the BEST opportunity to evaluate the capabilities of incident response team members?
Question101: Which of the following should be the MOST important criteria when defining data retention policies?
Question102: An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior managements.
Question103: What should an information security manager do FIRST after a number of security gaps have been identified that need to be resolved?
Question104: Which of the following would provide the BEST evidence to senior management that security control performance has improved?
Question105: An organization's operations have been significantly impacted by a cyber attack resulting in data loss Once the attack has been contained, what should the security team do NEXT?
Question106: What should be the PRIMARY basis for defining the appropriate level of access control to information assets?
Question107: The MAIN objective of identifying and evaluating risk at each software development life cycle (SDLC) stage is to reduce the:
Question108: What is the BEST course of action when an Information security manager finds an external service provider has not implemented adequate controls for safeguarding the organization's critical data?
Question109: Which of the following will BEST protect an organization against spear phishing?
Question110: During a new user provisioning process, who should have PRIMARY responsibility for determining appropriate access levels?
Question111: Which of the following BEST demonstrates that the objectives of an information security governance framework are being met?
Question112: Which of the following should an information security manager do FIRST after learning about a new regulation that affects the organization?
Question113: Application data integrity risk is MOST directly addressed by a design that includes:
Question114: Which of the following metrics would provide management with the MOST useful information about the effectiveness of a security awareness program?
Question115: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?
Question116: Which of the following is the MOST effective way to motivate staff members to fulfill their information security responsibilities?
Question117: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?
Question118: Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?
Question119: Which of the following is the MOST effective defense against spear phishing attacks?
Question120: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?
Question121: When reporting on the effectiveness of the information security program, which of the following is the BEST way lo demonstrate improvement m security performance?
Question122: Which of the following BEST supports the risk assessment process to determine criticality of an asset?
Question123: A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
Question124: Which of the following is the BEST evidence that an organization's information security governance framework is effective?
Question125: Which of the following is the MOST important outcome of a well-implemented awareness program?
Question126: The PRIMARY purpose of aligning information security with corporate governance objectives is to:
Question127: Which of the following would BEST ensure that application security standards are in place?
Question128: Which of the following is the BEST reason to initiate a reassessment of current risk?
Question129: To gain a clear understanding of the impact that a new regulatory will have on an organization's security control, an information manager should FIRST.
Question130: Which of the following should provide the PRIMARY justification to approve the implementation of a disaster recovery (DR) site on the recommendation of an external audit report?
Question131: Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
Question132: When developing an incident response plan, the information security manager should:
Question133: The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:
Question134: An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?
Question135: During a review to approve a penetration test plan, which of the following should be an information security managers PRIMARY concern?
Question136: Which of the following is MOST important to ensure when considering exceptions to an information security policy?
Question137: An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?
Question138: Who should have PRIMARY responsibility for authorizing access to data residing in an enterprise resource application?
Question139: Which of the following is the MOST effective way to protect the authenticity of data in transit?
Question140: When is the BEST time to identify the potential regulatory risk a new service provider presents to the organization?
Question141: With limited resources in the information security department which of the following is the BEST approach for managing security risk?
Question142: Planning for the implementation of an information security program is MOST effective when it:
Question143: Which of the following should be the PRIMARY consideration when implementing a data loss prevention (DLP) solution?
Question144: Which of the following is the MOST challenging aspect of securing Internet of Things (loT) devices?
Question145: What should be the PRIMARY basis for establishing a recovery time objective (RTO) for a critical business application?
Question146: Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?
Question147: Business applications should be selected for disaster recovery testing on the basis of:
Question148: A team developing an interface to a key financial system has identified a security flaw in one of the libraries. Remediating the flaw would require major system redesign. What should the information security manager do NEXT?
Question149: Which of the following should be the PRIMARY consideration when developing a security governance framework for an enterprise?
Question150: Which of the following should be the PRIMARY consideration when selecting a recovery site?
Question151: The MOST important factors in determining the scope and timing for testing a business continuity plan are:
Question152: Which of the following is the MOST effective method to help ensure information security incidents are reported?
Question153: An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
Question154: Which is MOST important when contracting an external party to perform a penetration test?
Question155: Which of the following metrics is the BEST measure of the effectiveness of an information security program?
Question156: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
Question157: The PRIMARY advantage of challenge-response authentication over password authentication is that:
Question158: Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?
Question159: An organization is concerned with the potential for exploitation of vulnerabilities in its server systerns. Which of the following is the BEST control to mitigate the associated risk?
Question160: Which of the following is MOST helpful in determining the prioritization of available incident response resources?
Question161: An online payment provider's computer security incident response team has confirmed that a customer credit card database was breached. Which of the following would be MOST important to include in a report to senior management?
Question162: In a risk assessment after the identification of threats to organizational assets, the information security manager would:
Question163: Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?
Question164: What is the BEST way for an information security manager to maintain continuous insight into the effectiveness of the organization's information security program?
Question165: Which of the following is the BEST course of action for an information security manager to align security and business goals?
Question166: Which of the following is the BEST advantage of a centralized information security organizational structure?
Question167: The PRIMARY role of an information security steering group is to ensure that:
Question168: From a business perspective the MOST important function of information security is to support:
Question169: The PRIMARY objective of periodically testing an incident response plan should be to:
Question170: The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:
Question171: Which of the following provides the MOST relevant evidence of incident response maturity?
Question172: In information security governance, the PRIMARY role of the board of directors is to ensure:
Question173: An information security manager has noticed a large number of security policy exceptions have been approved by business unit leaders. Which of the following would be the BEST course of action to address this situation?
Question174: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?
Question175: Which of the following is the MOST important outcome from vulnerability scanning?
Question176: Which of the following is the MOST significant security risk in IT asset management?
Question177: Which of the following devices, when placed in a demilitarized zone (DMZ). would be considered a significant exposure?
Question178: An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail Which of the following poses the GREATEST risk to the organization related to This event?
Question179: Which of the following is a PRIMARY security responsibility of an information owner?
Question180: Which of the following is the BEST way to evaluate the impact of threat events on an organization's IT operations?
Question181: For a business operating in a competitive and evolving online market, it is MOST important for a security policy to focus on:
Question182: Which of the following would be MOST helpful when determining appropriate access controls for an application?
Question183: A third-party service provider is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security management.
Question184: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:
Question185: The PRIMARY reason for using information security metrics is to:
Question186: The PRIMARY goal of a post-incident review should be to
Question187: Inadvertent disclosure of internal business information on social media is BEST minimized by which of the following?
Question188: For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?
Question189: System logs and audit logs for sensitive systems should be stored
Question190: An information security manager is implementing controls to protect the organization's data. The FIRST step in this process should be to:
Question191: Which of the following BEST demonstrates return on investment (ROI) for an information security initiative?
Question192: Which of the following is an information security manager's BEST course of action to address a significant materialized risk that was not prevented by organizational controls?
Question193: Which of the following is the MOST effective mitigation strategy to protect confident information from inside threats?
Question194: Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?
Question195: For an organization that encourages sales activities using mobile devices, which of the following should be the MOST important security requirement?
Question196: Which of the following is MOST critical for an effective information security governance framework?
Question197: Which of the following is MOST helpful in securing funding for a commercial vulnerability assessment tool?
Question198: Which of the following provides a sound basis for effective security change management?
Question199: What is the PRIMARY benefit to executive management when audit risk, and security functions are aligned?
Question200: An organization is concerned with the potential for exploitation of vulnerabilities in its server systerns. Which of the following is the BEST control to mitigate the associated risk?
Question201: Which of the following is the MOST effective approach for determining whether an organization's information security program supports the information security strategy?
Question202: Which of the following is MOST important to implement when using a service account for infrastructure administration?
Question203: Which of the following is the BEST indicator to demonstrate whether information security investments are optimally supporting organizational objecti.....
Question204: For which of the following is it MOST important that system administrators be restricted to read-only access?
Question205: Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way (or the information security manager to respond to this situation?
Question206: A third-party contract signed by a business unit manager failed to specify information security requirements Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?
Question207: Which of the following is the MOST important reason to identify and classify the sensitivity of assets?
Question208: Which of the following is MOST important for guiding the development and management of a comprehensive information security program?
Question209: An organization has remediated a security flaw in a system Which of the following should be done NEXT?
Question210: The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:
Question211: Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:
Question212: Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?
Question213: An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?
Question214: When supporting an organization's privacy officer, which of the following is the information security managers PRIMARY role regarding privacy requirements?
Question215: Which of the following is the PRIMARY responsibility of the information security steering committee?
Question216: The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:
Question217: Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?
Question218: When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:
Question219: Which of the following is MOST important to consider when determining the criticality and sensitivity of an information asset?
Question220: Which of the following is the PRIMARY reason to include message templates for communications with external parties in an incident response plan?
Question221: The GREATEST benefit resulting from well-documented information security procedures is that they:
Question222: A corporate web site has become compromised as a result of a malicious attack. Which of the following should the information security manager do FIRST?
Question223: Which of the following would BEST demonstrate the maturity level of an organization's security incident response program?
Question224: Which of the following is a PRIMARY function of an incident response team?
Question225: Which of the following BEST ensures timely and reliable access to services?
Question226: Which of the following is MOST important to consider when defining control objectives?
Question227: Which of the following BEST demonstrates alignment between information security governance and corporate governance?
Question228: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?
Question229: Which of the following is MOST relevant for an information security manager to communicate to the board of directors?
Question230: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?
Question231: The PRIMARY purpose of establishing an information security governance framework should be to:
Question232: Who within an organization is accountable for ensuring incident notification and escalation processes are in place?
Question233: Priore implementing a bring your own device (BYOD) program, it is MOST important to:
Question234: Which of the following is the PRIMARY goal of an incident response team during a security incident?
Question235: Which of the following is the BEST way to address risk associated with using an outsourced technology service provider?
Question236: Which of the following is the BEST evidence that proper security monitoring controls are in place?
Question237: An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?
Question238: Which of the following has the MOST direct impact on the usability of an organization's asset classification program?
Question239: When two different controls are available to mitigate a risk, an information security manager's recommendation should be based on the results of a:
Question240: Which of the following is the BEST strategy to implement an effective operational security posture?
Question241: Which of the following is MOST important to consider when developing a security awareness program in an organization?
Question242: An information security team has identified traffic from a device to a known malicious IP. Which of the following should be the team's FIRST course of action to address this issue?
Question243: Which of the following is the BEST way to measure the effectiveness of a newly implemented social engineering training program?
Question244: Which of the following would BEST enable an organization to effectively monitor the implementation of standardized configurations?
Question245: Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
Question246: The BEST way for an information security manager to understand the critically of an online application is to perform a
Question247: Which of the following is the BEST evidence that information security governance works as a business enabler?
Question248: Human resources is evaluating potential Software as a Service (SaaS) cloud services, Which of the following should the information security manager do FIRST to support..
Question249: Which of the following is the MOST critical security risk to consider for a start-up company in an emerging field?
Question250: An organization is automating data protection by implementing a data loss prevention (DLP) solution. Which of the following should the Information security manager do FIRST?
Question251: Which of the following would BEST enable an information security manager to provide monthly status on the health of the information security environment to senior management?
Question252: Which of the following is the MOST useful metric for determining how well firewall logs are being monitored?
Question253: An organization plans to acquire and implement a new web-based solution to enhance service functionality. Which of the following is the BEST way to ensure that information handled by the solution is secure?
Question254: Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?
Question255: An organization engages 4 third-party vendor to monitor and support a financial application under scrutiny by regulators. Maintaining strict data integrity and confidentiality for this application is critical to the business. Which of the following controls would MOST effectively manage risk to the organization?
Question256: The criticality of an information asset is derived from its:
Question257: An organization has experienced multiple instances of privileged users misusing their access Which of the following processes would be MOST helpful in identifying such violations?
Question258: The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:
Question259: An organization plans to implement a document collaboration solution to allow employees to share company information. Which of the following is the MOST important control to mitigate the risk associated with the new solution?
Question260: Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?
Question261: A risk assessment report shows that phishing attacks are an emerging threat for an organization that supports online financial services. Which of the following is the information security manager's BEST course of action?
Question262: Segregation of duties is a security control PRIMARILY used to:
Question263: After adopting an information security framework, an information security manager is working with senior management to change the organization-wide perception that information security is solely the responsibility of the information security department. To achieve this objective, what should be the information security manager's FIRST initiative?
Question264: Which of the following BEST demonstrates the performance of the information security program to Key stakeholders?
Question265: An information security manager is asked to provide evidence that the organization is fulfilling its legal obligation to protect personal identifiable information (Pll). Which of the f<
Question266: Which type of test is MOST effective in communicating the roles of end users to support timely identification and response to information security incidents?
Question267: Which of the following is the BKT approach for an information security manager when developing new information security policies?
Question268: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?
Question269: An information security program should be established PRIMARILY on the basis of:
Question270: Which of the following is the MOST reliable source of information about emerging information security threats and vulnerabilities?
Question271: Which of the following should provide the PRIMARY basis for formulating an information security strategy?
Question272: There are concerns that security events are not reported to management in a timely manner. To address this situation which of the following is MOST important to review?
Question273: Which of the following will provide the MOST accurate test results for a disaster recovery plan (DRP)?
Question274: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?
Question275: In a large organization, defining recovery time objectives (RTOs) is PRIMARILY the responsibility of;
Question276: Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Question277: The MAIN consideration when designing an incident escalation plan should be ensuring that:
Question278: An organization has acquired a company in a foreign country to gain an advantage in a new market Which of the following is the FIRST step the information security manager should take?
Question279: An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:
Question280: Which of the following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?
Question281: Which is the MOST important driver for effectively communicating the progress of a new information security program's implementation to key stakeholders?
Question282: Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?
Question283: Which of the following is the BEST method to ensure compliance with password standards?
Question284: Which of the following activities BEST enables executive management to ensure value delivery within an information security program?
Question285: Which of the following security controls should be integrated FIRST into procurement processes to improve the security of the services provided by suppliers'?
Question286: Which of the following is the MOST appropriate board-level activity for information security governance?
Question287: Which of the following is an example of a deterrent control?
Question288: Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?
Question289: Which of the following approaches would MOST likely ensure that risk management is integrated into the business life cycle processes?
Question290: Which of the following BEST enables a more efficient incident reporting process?
Question291: Management has announced the acquisition of a new company. The information security manager of parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies.
To BEST address this concern, the information security manager should:
Question292: Which of the following should the information security manager do FIRST after a security incident has been reported?
Question293: Which of the following should an incident response team do NEXT after validating an event is an incident?
Question294: What should be an information security manager's NEXT activity following the remediation of a security incident?
Question295: Which of the following should be the PRIMARY objective when establishing a new information security program?
Question296: Which of the following should be the PRIMARY factor in prioritizing responses to a security incident?
Question297: Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?
Question298: An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?
Question299: Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?
Question300: An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:
Question301: Which of the following is the FIRST task when determining an organization's information security profile?
Question302: An organization s senior management wants to allow employees to access an internal application using their personal mobile devices. Which of the following should be the information security managers FIRST course of action?
Question303: Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?
Question304: A business unit has updated its long-term business plan to include a strategy of upgrading information management system to increase productivity. To support this initiative, with the information security strategy?
Question305: Which of the following would be MOST helpful to identify security incidents in a timely manner?
Question306: An organization is considering moving to a cloud service provider for the storage of sensitive dat a. Which of the following should be considered FIRST?
Question307: Which of the following is the BEST way to ensure that Incidents are Identified and reported?
Question308: An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization 5 FIRST action?
Question309: An information security manager has developed a strategy to address new information security risks resulting from recent change the business. Which of the following would be MOST important to include when presenting the strategy to senior management?
Question310: When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
Question311: Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
Question312: An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?
Question313: Which of the following is the MAIN concern when securing emerging technologies?
Question314: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?
Question315: The BEST way to avoid session hijacking is to use:
Question316: An organization manages payroll and accounting systems for multiple client companies Which of the following contract terms would indicate a potential weakness for a disaster recovery hot site?
Question317: In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?
Question318: In the development of an information security strategy, recovery time objectives (RTOs) will serve as indicators of:
Question319: Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:
Question320: Which of the following is MOST important to ensuring an incident response team has the necessary authorization to perform its role?
Question321: Adding security requirements late in the software development life cycle (SDLC) would MOST likely result in:
Question322: Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
Question323: Which of the following is the MOST important reason for an organization to develop an information security governance program?
Question324: Which of the following is the responsibility of a data owner?
Question325: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?
Question326: Which of the following is the MOST effective approach for integrating security into application development?
Question327: An organization Is storing accounting data in an external cloud environment. Which of the following is the MOST important riskrelated consideration?
Question328: Which of the following should be an information security manager's MOST important cntenon for determining when to review the incident response plan?
Question329: Which of the following would BEST enable effective decision-making?
Question330: What should be an information security manager's MOST important consideration when reviewing a proposed upgrade to a business unit's production database?
Question331: Which of the following MUST be established before implementing a data loss prevention (DLP) system?
Question332: Which of the following BEST describes an intrusion detection system (IDS) that learns the system behaviors prior to detecting potential intrusions?
Question333: The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to:
Question334: Which of the following will BEST ensure that possible security incidents are correctly distinguished from typical help desk requests?
Question335: Which of the following should an information security manager do FIRST upon learning that a data loss prevention (DLP) scanner has identified payment card information (PCI) stored in cleartext within accounting file shares?
Question336: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?
Question337: Which of the following provides the MOST useful information for identifying security control gaps on an application server?
Question338: Which of the following is the MOST effective way to ensure the development of an application system will align with organizational security standards?
Question339: After assessing risk, the decision to treat the risk should be based PRIMARILY on:
Question340: What should be an organization's. MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?
Question341: The PRIMARY responsibility to communicate with legal authorities regarding unauthorized disclosure of customer information should be defined in the:
Question342: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?
Question343: Which of the following should be the information security manager's NEXT step following senior management approval of the information security strategy?
Question344: Web-server security can BEST be enhanced by:
Question345: An organization involved in e-commerce activities operating from its home country opened a new office in another country wit! stringent security laws. In this scenario, the overall security strategy should be based on:
Question346: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
Question347: When developing an incident response plan, which of the following is the MOST -effective way to ensure incidents common to the organization are handled properly?
Question348: Which type of control is an incident response team?
Question349: Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?
Question350: Which of the following would be the MOST effective incident response team structure for an organization with a large headquarters and worldwide branch offices?
Question351: Which of the following is the MOST effective control to reduce the impact of ransomware attacks?
Question352: What should the information security manager recommend to support the development of a new web application that will allow retail customers to view inventory and order products?
Question353: An email digital signature will:
Question354: An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager s FIRST course of action?
Question355: Which of the following BEST protects against phishing attacks?
Question356: Which of the following is the PRIMARY purpose of establishing an information security governance framework?
Question357: Which of the following is a MAIN security challenge when conducting a post-incident review related to bring your own device (BYOD) in a mature, diverse organization?
Question358: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
Question359: Which of the following should be the GREATEST concern when considering launching a counterattack in response to a network attack?
Question360: The decision to escalate an incident should be based PRIMARILY on:
Question361: An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?
Question362: What should be information security manager's FIRST course of action when it is discovered a staff member has been posting corporate information on social media sites?
Question363: Which of the following processes can be used to remediate identified technical vulnerabilities?
Question364: A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?
Question365: Which of the following is MOST helpful for prioritizing the recovery of IT assets during a disaster?
Question366: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?
Question367: Which of the following BEST supports the incident management process for attacks on an organization' s supply chain?
Question368: Which of the following is MOST important to the successful implementation of an information security program?
Question369: The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process Is to:
Question370: An organization has decided to implement a security information and event management (SIEM) system. It is MOST important for the organization to consider:
Question371: A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?
Question372: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?
Question373: Which is the BEST way for an organization to monitor security risk?
Question374: Risk scenarios simplify the risk assessment process by:
Question375: Which of the following is the BEST method for determining whether new risks exist in legacy systems?
Question376: When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:
Question377: Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when information security management is:
Question378: Which of the following is MOST important for the alignment of an information security program with the information security strategy?
Question379: Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?
Question380: A hash algorithm is used to:
Question381: To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:
Question382: An employee used network logon credentials on a personal shopping site. The site was breached, resulting in an unauthorized person logging onto the network with the employee's credentials via remote access. What is the BEST recommendation to prevent recurrence of similar unauthorized logins?
Question383: An organization has implemented a bring your own device (BYOD)} program. Which of the following is the GREATEST risk to the organization?
Question384: Which of the following is MOST effective in reducing the financial impact following a security breach leading to data disclosure9?
Question385: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?
Question386: An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?
Question387: Which of the following is the BEST way for an Information security manager to gain wider acceptance for an information security policy that is perceived as restrictive?
Question388: Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
Question389: Which of the following is the BEST way to prevent recurrence of a security incident?
Question390: Which of the following should be part of the final phase of an incident response plan?
Question391: Senior management is concerned several security incidents were not reported in a timely manner. Which of the following should the information security manager do FIRST to address this situation?
Question392: Which of the following is the MOST important reason for an organization to communicate to affected parties that a security has occurred?
Question393: Which of the following is the BEST option for addressing regulations that will adversely affect the allocation of information security program resources?
Question394: Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Question395: Which of the following provides the GREATEST assurance that existing controls meet compliance requirements?
Question396: Which of the following outsourced services has the GREATEST need for security monitoring?
Question397: For computer forensics evidence to be admissible in a court of law, the evidence MUST:
Question398: Which of the following is MOST likely to be included in an enterprise information security policy?
Question399: To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?
Question400: Which of the following is the FIRST step in developing a business continuity plan (BCPY}?
Question401: Which of the following is the STRONGEST indicator of effective alignment between corporate governance and information security governance?
Question402: Which of the following is MOST important for effective communication during incident response?
Question403: Which of the ager to regularly report to senior management?
Question404: Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?
Question405: Which of the following threats is prevented by using token-based authentication?
Question406: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?
Question407: Which of the following is the MOST important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?
Question408: Which of the following is the BEST way for an organization to determine the maturity level of its information security program?
Question409: Which of the following is MOST important to help ensure an intrusion prevention system (IPS) can view all traffic in a demilitarized zone (DMZ)?
Question410: An organization's marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?
Question411: When considering whether to adopt bring your own device (BYOD). it is MOST important for the information security manager to ensure that
Question412: An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. The information security manager s MOST important course of action is to:
Question413: Which of the following is BEST performed by the security department?
Question414: What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
Question415: Which aspect of an incident response plan will MOST effectively help to limit reputational damage when multiple media services are seeking a response following a major security breach?
Question416: To address the issue that performance pressures on IT may conflict with information security controls, itis MOST important that:
Question417: Which of the following is MOST important for an information security manager to regularly report to senior management?
Question418: Which of the following is MOST important to the effectiveness of an information security steering committee?
Question419: The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:
Question420: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?
Question421: Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?
Question422: An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented The need to make this ransom payment?
Question423: Which of the following would BEST help to ensure an organization s security program is aligned with business objectives?
Question424: Which of the following is the MOST significant benefit of effective change management?
Question425: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?
Question426: An organization must meet rigorous breach reporting standards in order to comply with regulatory requirements. Which of the following is the BEST way to minimize the organization's financial exposure if a service provider experiences a breach?
Question427: Which of the following is MOST likely to increase end user security awareness in an organization?
Question428: Which of the following is MOST important to present to stakeholders to help obtain support for implementing a new information
Question429: Senior management has allocated funding to each of the organization s divisions to address information security vulnerabilities The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
Question430: An attacker was able to gain access to an organizations perimeter firewall and made changes to allow wider external access and to steal dat a. Which of the following would have BEST provided timely identification of this incident?
Question431: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?
Question432: Which of the following is the MOST significant advantage of developing a well-defined information security strategy?
Question433: A business manager has decided not to implement a control based on the risk assessment of a mission-critical business application because of its impact on performance. What is the information security manager's BEST course of action'?
Question434: Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
Question435: Which of the following will BEST facilitate the understanding of information security responsibilities by users across the organization?
Question436: Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?
Question437: Which of the following would BEST help to ensure the alignment between information security and business functions?
Question438: The fundamental purpose of establishing security metrics is to:
Question439: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:
Question440: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?
Question441: When establishing the trigger levels for an organization's key risk indicators (KRIs), the thresholds should be based PRIMARILY on the organization's:
Question442: Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?
Question443: Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization's information security risk position?
Question444: Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?
Question445: Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?
Question446: Which of the following is the FIRST step when assessing risk?
Question447: An organization has contracted with an outsourcing company to address a security gap. Which of the following is the BEST way to determine if the security gap has been addressed?
Question448: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?
Question449: Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?
Question450: Which of the following provides the BEST preparation for handling the breach of a corporate web site?
Question451: An organization s senior management is encouraging employees to use social media for promotional purposes. Which of t following should be the information security manager's FIRST step to support this strategy?
Question452: When implementing security architecture, an information security manager MUST ensure that security controls:
Question453: Which of the following BEST reduces the likelihood of leakage of private information via email?
Question454: Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?
Question455: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?
Question456: When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?
Question457: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?
Question458: Which of the following BEST supports information security management in the event of organizational changes in security personnel?
Question459: An organization has detected potential risk emerging from noncompliance with new regulations in its industry. Which of the following is the MOST important reason to report this situation to senior management?
Question460: Which of the following is the MOST important consideration when updating procedures for managing security devices?
Question461: An organization is considering the adoption of cloud service providers for its expanding global business operations. Which of the following is MOST important for the information security manager to review with regard to data protection?
Question462: Which of the following is a benefit of using key risk indicators (KRIs)?
Question463: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?
Question464: Which of the following is the PRIMARY purpose of red team testing?
Question465: Which of the following will BEST enhance the privacy of data in transit for an online transaction system?
Question466: Which of the following is MOST critical for responding effectively to security breaches?
Question467: The MOST important reason for an information security manager to be involved in the change management process is to ensure that:
Question468: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?
Question469: An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?
Question470: An organization planning to contract with a cloud service provider is concerned about the risk of account hijacking at login. What is MOST important for the organization in its security requirements to address this concern?
Question471: In information security manager MUST have an understanding of the organization's business goals to:
Question472: Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?
Question473: An internal security audit has reported that authentication controls are not operating effectively. Which of the following is MOST important to c management?
Question474: In a multinational organization, local security regulations should be implemented over global security policy because:
Question475: Which of the following is an information security manager's BEST approach when selecting cost-effective controls needed to meet business objectives?
Question476: Which of the following metrics would be considered an accurate measure of an information security program's performance?
Question477: Which of the following is the BEST reason for delaying the application of a critical security patch?
Question478: Which of the following is the MOST effective way for an Information security manager to ensure that security is incorporated into an organization's project development processes?
Question479: When defining and communicating roles and responsibilities between an organization and cloud service provider, which of the following situations would present the GREATEST risk to the organization's ability to ensure information risk is managed appropriately?
Question480: Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?
Question481: An information security manager has been tasked with implementing a security awareness training program Which of this ..... have the MOST influence on the effectiveness of this program?
Question482: When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?
Question483: Which of the following BEST indicates the value a purchased information security solution brings to an organization?
Question484: Which of the following should be established FIRST when implementing an information security governance framework?
Question485: When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:
Question486: Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?
Question487: What is the PRIMARY benefit of effective configuration management?
Question488: Management decisions concerning information security investments will be MOST effective when they are based on:
Question489: Which of the following is the MOST effective approach of delivering security incident response training?
Question490: Which of the following is the MOST important reason for performing a risk analysis?
Question491: Risk reporting requirements should be PRIMARILY based on:
Question492: An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager's FIRST step?
Question493: Which of the following is the MOST important outcome of monitoring and reporting on information security processes?
Question494: A risk management program will be MOST effective when:
Question495: A business unit has updated its long-term business plan to include a strategy of upgrading information management systems to increase productivity. To support this initiative, what should be the PRIMARY basis for updating the corresponding. information security strategy?
Question496: Which of the following components of an information security risk assessment is MOST valuable to senior management?
Question497: To minimize the business impact from information security incidents it is MOST important to
Question498: An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager's FIRST course of action?
Question499: A core business function has created a significant risk. Budget constraints do not allow for effective remediation. Who should be accountable for selecting the appropriate risk treatment?
Question500: When selecting metrics to monitor the risks associated with an information security program, it is MOST important for an information security manager to:
Question501: Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data toss?
Question502: When scoping a risk assessment, assets need to be classified by:
Question503: Which of the following BEST enables new third-party suppliers to support an organization's information security objectives?
Question504: What should be the information security manager s MOST important consideration when planning a disaster recovery test?
Question505: What is the MOST important role of an organization's data custodian in support of the information security function?
Question506: What is the PRIMARY purpose of communicating business impact to an incident response team?
Question507: Which of the following is the MOST effective method for assessing the effectiveness of a security awareness program?
Question508: A recent phishing attack investigation showed that several employees had used their work email addresses to create personal accounts on a shopping site that had been breached. What is the BEST way to prevent this
Question509: Which of the following BEST supports effective information security governance"*
Question510: Which of the following is the MOST important factor to ensure information security is meeting the organization's objectives?
Question511: Which of the following would MOST effectively help to restrict sensitive data from being transmitted outside the organization?
Question512: Which of the following BEST demonstrates that an organization supports information security governance?
Question513: Which of the following is the BEST indication of an effective information security program?
Question514: Which of the following is MOST useful to an information security manager when conducting a post-incident review of an attack?
Question515: An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?
Question516: Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
Question517: The GREATEST advantage of defining multiple types of system administrator accounts with different privileges is that it helps to ensure:
Question518: An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?
Question519: When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
Question520: Which of the following activities MUST be performed by an information security manager for change requests?
Question521: Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?
Question522: A core business unit relies on an effective legacy system that does not meet the current security standards and threatens that enterprise network. Which of the following is the BEST course of action to address the situation?
Question523: The PRIMARY purpose for defining key risk indicators (KRIs) for a security program is to:
Question524: To gain a clear+ understanding of the impact that a new regulatory requirement will have on an organization s information security controls, an information security manager should FIRST:
Question525: Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
Question526: Which of the following will BEST facilitate the development of appropriate incident response procedures?
Question527: Which of the following is the MOST important consideration m a bring your own device (BYOD) program to protect company data in the event of a loss?
Question528: For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?
Question529: An application system stores customer confidential data and encryption is not practical. The BEST measure to protect against data disclosure is:
Question530: A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked and there is no assurance that compliance requirements are being met What should be done FIRST to reverse this bottom-up approach to security?
Question531: During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?
Question532: Which of the following is an information security manager's BEST course of action upon learning of new cybersecurity regulatory requirements that apply to the organization?
Question533: Which of the following would BEST protect against web-based cross-domain attacks?
Question534: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
Question535: Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration test?
Question536: Which of the following is the MOST important step in risk ranking?
Question537: What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
Question538: What should be the FIRST step when developing an asset management program?
Question539: An information security manager has discovered that a business unit is planning on implementing a new application and has not engaged anyone from the information security department. Which of the following is the BEST course of action?
Question540: What is the role of the information security manager in finalizing contract negotiations with service providers?
Question541: Which of the following is the BEST way to determine if an organization's current risk level is within the risk appetite?
Question542: Which of the following is MOST effective in the strategic alignment of security initiatives?
Question543: Which of the following is MOST relevant for an information security manager to communicate to IT operations?
Question544: For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices?
Question545: Which of the following would provide senior management with the BEST information to better understand the organization's information security risk profile?
Question546: Which of the following is the GREATEST benefit of a comprehensive set of security program metrics?
Question547: An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager s FIRST course of action?
Question548: Which of the following is the PRIMARY responsibility of an information security steering committee?
Question549: A significant gap in an organization's breach containment process has been identified. Which of the following is MOST important for the information security manager to consider updating?
Question550: The PRIMARY objective for using threat modeling in web application development should be to:
Question551: What is the PRIMARY objective of triage within the incident response process?
Question552: Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management's understanding of impact to the organization?
Question553: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?
Question554: Which of the following is the MOST effective method of preventing deliberate internal security breaches?
Question555: When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?
Question556: An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:
Question557: Which of the following is the PRIMARY driver of information security compliance?
Question558: An information security manager has researched several options for handling ongoing security concerns and will be presenting these solutions to business managers. Which of the following with BEST enable business managers to make an informed decision?
Question559: Key systems necessary for branch operations reside at corporate headquarters. Branch A is negotiating with a third party to provide disaster recovery facilities. Which of the following contract terms would be the MOST significant concern?
Question560: The MOST useful technique for maintaining management support for the information security program is:
Question561: Which of the following is the BEST indication that the information security strategy is delivering business value?
Question562: Which of the following is the MOST important delivery outcome of information security governance?
Question563: When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
Question564: The MAIN reason for an information security manager to monitor industry level changes in the business and IT is to:
Question565: A newly appointed information security manager has been asked to update all security-related policies and procedures that have been Static for five years or more. What is the BEST next step?