Question1: Which of the following should be the MOST important consideration when establishing information security policies for an organization?
Question2: The MOST appropriate time to conduct a disaster recovery test would be after:
Question3: Which of the following is the BEST course of action when an online company discovers a network attack in progress?
Question4: Which of the following is the MOST effective way to convey information security responsibilities across an organization?
Question5: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Question6: Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
Question7: Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
Question8: Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?
Question9: Which of the following is the PRIMARY objective of information asset classification?
Question10: When deciding to move to a cloud-based model, the FIRST consideration should be:
Question11: Which of the following BEST enables the integration of information security governance into corporate governance?
Question12: Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?
Question13: An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRST step to ensure the security policy framework encompasses the new business model is to:
Question14: To help ensure that an information security training program is MOST effective its contents should be
Question15: Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
Question16: Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
Question17: An email digital signature will:
Question18: When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?
Question19: Management decisions concerning information security investments will be MOST effective when they are based on:
Question20: When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:
Question21: A security incident has been reported within an organization When should an information security manager contact the information owner?
Question22: Of the following, who is in the BEST position to evaluate business impacts?
Question23: In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or
Question24: Which of the following has the GREATEST influence on the successful integration of information security within the business?
Question25: Which of the following should be the FIRST step when performing triage of a malware incident?
Question26: Which of the following BEST indicates that information security governance and corporate governance are integrated?
Question27: An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
Question28: A KEY consideration in the use of quantitative risk analysis is that it:
Question29: Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?
Question30: An organization's main product is a customer-facing application delivered using Software as a Service (SaaS).
The lead security engineer has just identified a major security vulnerability at the primary cloud provider.
Within the organization, who is PRIMARILY accountable for the associated task?
Question31: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?
Question32: The MOST important element in achieving executive commitment to an information security governance program is:
Question33: Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?
Question34: A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?
Question35: Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Question36: An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?
Question37: Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9
Question38: A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
Question39: An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:
Question40: The PRIMARY reason for creating a business case when proposing an information security project is to:
Question41: Which of the following is the BEST approach for governing noncompliance with security requirements?
Question42: Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Question43: When drafting the corporate privacy statement for a public website, which of the following MUST be included?
Question44: Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?
Question45: Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?
Question46: A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
Question47: When determining an acceptable risk level which of the following is the MOST important consideration?
Question48: A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?
Question49: Before approving the implementation of a new security solution, senior management requires a business case.
Which of the following would BEST support the justification for investment?
Question50: Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?
Question51: A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?
Question52: When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Question53: An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?
Question54: Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
Question55: During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?
Question56: An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?
Question57: The PRIMARY consideration when responding to a ransomware attack should be to ensure:
Question58: Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?
Question59: Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?
Question60: The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:
Question61: Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Question62: Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?
Question63: An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
Question64: The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Question65: The PRIMARY advantage of single sign-on (SSO) is that it will:
Question66: Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?
Question67: An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail Which of the following could have been prevented by conducting regular incident response testing?
Question68: Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?
Question69: A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?
Question70: Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?
Question71: An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?
Question72: Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?
Question73: An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?
Question74: Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
Question75: Spoofing should be prevented because it may be used to:
Question76: Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?
Question77: After a ransomware incident an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?
Question78: An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
Question79: Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?
Question80: Which of the following defines the triggers within a business continuity plan (BCP)? @
Question81: Which of the following is the MOST essential element of an information security program?
Question82: Which of the following is the PRIMARY benefit of implementing an information security governance framework?
Question83: An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
Question84: Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Question85: An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?
Question86: Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?
Question87: Which of the following is the MOST effective way to detect security incidents?
Question88: Who is BEST suited to determine how the information in a database should be classified?
Question89: When establishing an information security governance framework, it is MOST important for an information security manager to understand:
Question90: The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:
Question91: When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
Question92: When developing an asset classification program, which of the following steps should be completed FIRST?
Question93: Which is following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?
Question94: Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?
Question95: When developing a categorization method for security incidents, the categories MUST:
Question96: Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Question97: A PRIMARY purpose of creating security policies is to:
Question98: An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
Question99: Which of the following is the BEST way to determine the effectiveness of an incident response plan?
Question100: The MOST important reason for having an information security manager serve on the change management committee is to:
Question101: Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?
Question102: Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
Question103: Which of the following has the MOST influence on the inherent risk of an information asset?
Question104: Which of the following components of an information security risk assessment is MOST valuable to senior management?
Question105: Prior to implementing a bring your own device (BYOD) program, it is MOST important to:
Question106: Which of the following is the PRIMARY role of the information security manager in application development?
Question107: Which of the following should be done FIRST when implementing a security program?
Question108: A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?
Question109: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?
Question110: Which of the following is MOST appropriate to communicate to senior management regarding information risk?
Question111: Which of the following BEST enables an organization to effectively manage emerging cyber risk?
Question112: Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?
Question113: Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?
Question114: Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?
Question115: Relationships between critical systems are BEST understood by
Question116: Which of the following is the PRIMARY reason to assign a risk owner in an organization?
Question117: A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?
Question118: When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
Question119: Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
Question120: The PRIMARY advantage of involving end users in continuity planning is that they:
Question121: An organization's information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?
Question122: Which of the following is the PRIMARY purpose of an acceptable use policy?
Question123: Which of the following is the MOST important consideration when updating procedures for managing security devices?
Question124: Which of the following is MOST important when developing an information security strategy?
Question125: Which of the following metrics is MOST appropriate for evaluating the incident notification process?
Question126: Which of the following should be done FIRST when a SIEM flags a potential event?
Question127: In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?
Question128: Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?
Question129: Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
Question130: An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?
Question131: Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?
Question132: An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:
Question133: Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?
Question134: An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
Question135: An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
Question136: Which of the following BEST enables an organization to maintain legally admissible evidence7
Question137: Which of the following is MOST important to consider when defining control objectives?
Question138: To ensure that a new application complies with information security policy, the BEST approach is to:
Question139: Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?
Question140: An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?
Question141: An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
Question142: Which of the following is a PRIMARY responsibility of the information security goxernance function?
Question143: What type of control is being implemented when a security information and event management (SIEM) system is installed?
Question144: Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?
Question145: Which of the following is MOST important to consider when determining asset valuation?
Question146: An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?
Question147: An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes?
Question148: Which of the following should be the MOST important consideration of business continuity management?
Question149: When integrating security risk management into an organization it is MOST important to ensure:
Question150: Which of the following would BEST guide the development and maintenance of an information security program?
Question151: An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
Question152: Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?
Question153: An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
Question154: In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:
Question155: Which of the following should be the PRIMARY objective of the information security incident response process?
Question156: Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?
Question157: Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Question158: Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?
Question159: Which of the following BEST demonstrates the added value of an information security program?
Question160: Which of the following is MOST important for the effective implementation of an information security governance program?
Question161: After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?
Question162: Which of the following is MOST effective in monitoring an organization's existing risk?
Question163: Following an employee security awareness training program, what should be the expected outcome?
Question164: Which of the following is MOST important when defining how an information security budget should be allocated?
Question165: Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?
Question166: Which of the following is the MOST important consideration when establishing an organization's information security governance committee?
Question167: An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
Question168: Which of the following is the BEST course of action for an information security manager to align security and business goals?
Question169: Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
Question170: Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?
Question171: The fundamental purpose of establishing security metrics is to:
Question172: Which of the following is the BEST way to determine if an information security profile is aligned with business requirements?
Question173: Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
Question174: An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:
Question175: When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:
Question176: Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Question177: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
Question178: A recovery point objective (RPO) is required in which of the following?
Question179: An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?
Question180: Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy. What should the information security manager do NEXT?
Question181: Which of the following is the MOST important requirement for a successful security program?
Question182: Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?
Question183: Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?
Question184: Which of the following would be MOST useful to help senior management understand the status of information security compliance?
Question185: Which of the following is the BEST option to lower the cost to implement application security controls?
Question186: Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
Question187: Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?
Question188: Which of the following is an example of risk mitigation?
Question189: Which of the following is the MOST important issue in a penetration test?
Question190: An enterprise has decided to procure security services from a third-party vendor to support its information security program. Which of the following is MOST important to include in the vendor selection criteria?
Question191: Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?
Question192: Which of the following is MOST helpful for aligning security operations with the IT governance framework?
Question193: An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
Question194: Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
Question195: Which of the following would provide the MOST effective security outcome in an organizations contract management process?
Question196: Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?
Question197: Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?
Question198: Of the following, whose input is of GREATEST importance in the development of an information security strategy?
Question199: Which of the following events is MOST likely to require an organization to revisit its information security framework?
Question200: If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
Question201: An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:
Question202: Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?
Question203: Which of the following is MOST important to include in an information security status report to senior management?
Question204: Which of the following BEST describes a buffer overflow?
Question205: Which of the following is the BEST course of action when confidential information is inadvertently disseminated outside the organization?
Question206: To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
Question207: The business value of an information asset is derived from:
Question208: Which of the following will BEST enable an effective information asset classification process?
Question209: Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?
Question210: Recommendations for enterprise investment in security technology should be PRIMARILY based on:
Question211: Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Question212: Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?
Question213: When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:
Question214: A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?
Question215: Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?
Question216: Penetration testing is MOST appropriate when a:
Question217: Which of the following parties should be responsible for determining access levels to an application that processes client information?
Question218: Which of the following is the BEST way to obtain support for a new organization-wide information security program?
Question219: What should be an information security manager's MOST important consideration when developing a multi-year plan?
Question220: A balanced scorecard MOST effectively enables information security:
Question221: Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
Question222: Security administration efforts will be greatly reduced following the deployment of which of the following techniques?
Question223: Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?
Question224: Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
Question225: Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?
Question226: An information security manager developing an incident response plan MUST ensure it includes:
Question227: An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?
Question228: Which of the following provides the BEST evidence that a recently established infofmation security program is effective?
Question229: During which phase of an incident response plan is the root cause determined?
Question230: Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?
Question231: A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?
Question232: Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?
Question233: Which of the following is the MOST important consideration when determining which type of failover site to employ?
Question234: What is the BEST way to reduce the impact of a successful ransomware attack?
Question235: Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?
Question236: Which of the following MUST be established to maintain an effective information security governance framework?
Question237: An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?
Question238: To support effective risk decision making, which of the following is MOST important to have in place?
Question239: Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
Question240: Which of the following BEST supports information security management in the event of organizational changes in security personnel?
Question241: Embedding security responsibilities into job descriptions is important PRIMARILY because it:
Question242: Which of the following is the GREATEST benefit of information asset classification?
Question243: The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?
Question244: Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?
Question245: A business impact analysis (BIA) should be periodically executed PRIMARILY to:
Question246: Recovery time objectives (RTOs) are an output of which of the following?
Question247: Which of the following processes BEST supports the evaluation of incident response effectiveness?
Question248: Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?
Question249: When assigning a risk owner, the MOST important consideration is to ensure the owner has:
Question250: Which of the following should be the PRIMARY basis for determining the value of assets?
Question251: Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
Question252: Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?
Question253: When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?
Question254: An organization's quality process can BEST support security management by providing:
Question255: What is the role of the information security manager in finalizing contract negotiations with service providers?
Question256: A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?
Question257: An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
Question258: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?
Question259: Which of the following should be established FIRST when implementing an information security governance framework?
Question260: Which of the following is the BEST justification for making a revision to a password policy?
Question261: Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?
Question262: An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?
Question263: Which of the following is the BEST indication ofa successful information security culture?
Question264: An organization has identified a large volume of old data that appears to be unused. Which of the following should the information security manager do NEXT?
Question265: The categorization of incidents is MOST important for evaluating which of the following?
Question266: During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?
Question267: Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?
Question268: Which of the following BEST enables an organization to maintain an appropriate security control environment?
Question269: Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?
Question270: Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
Question271: When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
Question272: During which of the following development phases is it MOST challenging to implement security controls?
Question273: Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
Question274: Which of the following is MOST important to include in monthly information security reports to the board?
Question275: Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?
Question276: The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Question277: Which of the following is the BEST justification for making a revision to a password policy?
Question278: Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
Question279: Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
Question280: An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?
Question281: To improve the efficiency of the development of a new software application, security requirements should be defined:
Question282: Which of the following should have the MOST influence on an organization's response to a new industry regulation?
Question283: Which of the following would be MOST helpful when creating information security policies?
Question284: An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:
Question285: Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?
Question286: Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?
Question287: The PRIMARY goal of the eradication phase in an incident response process is to:
Question288: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
Question289: The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
Question290: A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?
Question291: Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
Question292: Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?
Question293: Which of the following is MOST critical when creating an incident response plan?
Question294: The PRIMARY objective of performing a post-incident review is to:
Question295: Which of the following BEST enables an organization to transform its culture to support information security?
Question296: An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?
Question297: Which of the following is the BEST method to ensure compliance with password standards?
Question298: Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?
Question299: Which of the following is MOST important when developing an information security strategy?
Question300: A balanced scorecard MOST effectively enables information security:
Question301: Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?
Question302: An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
Question303: Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?
Question304: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of confidentiality?
Question305: The effectiveness of an information security governance framework will BEST be enhanced if:
Question306: An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
Question307: Which of the following is BEST used to determine the maturity of an information security program?
Question308: Which of the following is ESSENTIAL to ensuring effective incident response?
Question309: An information security program is BEST positioned for success when it is closely aligned with:
Question310: Which of the following is the BEST tool to monitor the effectiveness of information security governance?
Question311: Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.
Which of the following should be the PRIMARY focus of Company A's information security manager?
Question312: Which of the following is MOST important to convey to employees in building a security risk-aware culture?
Question313: A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
Question314: Which of the following is MOST important to include in an information security status report management?
Question315: Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
Question316: An organization has remediated a security flaw in a system. Which of the following should be done NEXT?
Question317: Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?
Question318: Which of the following BEST enables the assignment of risk and control ownership?
Question319: Which of the following is the BEST indication of a mature information security program?
Question320: Which of the following should include contact information for representatives of equipment and software vendors?
Question321: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Question322: A security incident has been reported within an organization. When should an information security manager contact the information owner?
Question323: A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager's PRIMARY focus in this situation?
Question324: Which of the following should be the PRIMARY basis for an information security strategy?
Question325: Which of the following should an information security manager do FIRST when creating an organization's disaster recovery plan (DRP)?
Question326: An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?
Question327: What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
Question328: Which of the following has the GREATEST influence on an organization's information security strategy?
Question329: While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?