EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following should be done FIRST when implementing a security program?

Question2: Which of the following is the BEST control to protect customer personal information that is stored in the cloud?

Question3: An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

Question4: Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Question5: A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?

Question6: Which of the following BEST helps to ensure the effective execution of an organization's disaster recovery plan (DRP)?

Question7: The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Question8: Which of the following BEST illustrates residual risk within an organization?

Question9: Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.
Which of the following should be the PRIMARY focus of Company A's information security manager?

Question10: Which or the following is MOST important to consider when determining backup frequency?

Question11: Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Question12: An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Question13: A user reports a stolen personal mobile device that stores sensitive corporate dat a. Which of the following will BEST minimize the risk of data exposure?

Question14: Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Question15: Which of the following is MOST important to consider when defining control objectives?

Question16: Which of the following MUST happen immediately following the identification of a malware incident?

Question17: An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Question18: Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Question19: Which of the following is the MOST important detail to capture in an organization's risk register?

Question20: Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

Question21: When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Question22: Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Question23: Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Question24: Which of the following should be established FIRST when implementing an information security governance framework?

Question25: An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Question26: Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

Question27: The PRIMARY objective of timely declaration of a disaster is to:

Question28: Which of the following is the MOST important issue in a penetration test?

Question29: Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?

Question30: When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided:

Question31: An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Question32: Which is MOST important to identify when developing an effective information security strategy?

Question33: Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Question34: Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Question35: Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?

Question36: An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Question37: Which of the following BEST facilitates the effective execution of an incident response plan?

Question38: Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Question39: When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?

Question40: When building support for an information security program, which of the following elements is MOST important?

Question41: Which of the following is the PRIMARY objective of a cyber resilience strategy?

Question42: Which of the following would BEST guide the development and maintenance of an information security program?

Question43: Which of the following is MOST important when developing an information security strategy?

Question44: Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?

Question45: An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Question46: Which of the following is the GREATEST benefit of information asset classification?

Question47: Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

Question48: Which of the following is MOST important to the effectiveness of an information security steering committee?

Question49: What should be an information security manager's MOST important consideration when developing a multi-year plan?

Question50: Which of the following is the MOST important consideration when updating procedures for managing security devices?

Question51: Which of the following is MOST important to ensuring that incident management plans are executed effectively?

Question52: Who is accountable for approving an information security governance framework?

Question53: The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Question54: Which of the following is the BEST justification for making a revision to a password policy?

Question55: Which is following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

Question56: Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

Question57: Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

Question58: An organization uses a security standard that has undergone a major revision by the certifying authority. The old version of the standard will no longer be used for organizations wishing to maintain their certifications. Which of the following should be the FIRST course of action?

Question59: An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Question60: Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?

Question61: An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Question62: Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Question63: An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Question64: Which of the following is necessary to ensure consistent protection for an organization's information assets?

Question65: Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Question66: Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Question67: Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

Question68: Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Question69: The PRIMARY advantage of involving end users in continuity planning is that they:

Question70: To help ensure that an information security training program is MOST effective its contents should be

Question71: Which of the following is MOST critical when creating an incident response plan?

Question72: Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Question73: Which of the following is the BEST source of information to support an organization's information security vision and strategy?

Question74: Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Question75: The MOST useful technique for maintaining management support for the information security program is:

Question76: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Question77: Which of the following is the BEST approach for data owners to use when defining access privileges for users?

Question78: Application data integrity risk is MOST directly addressed by a design that includes:

Question79: Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Question80: Which of the following is MOST important to the effectiveness of an information security program?

Question81: Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Question82: Which of the following MUST be established to maintain an effective information security governance framework?

Question83: When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

Question84: An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRST step to ensure the security policy framework encompasses the new business model is to:

Question85: An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

Question86: Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

Question87: Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

Question88: An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Question89: An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?

Question90: Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Question91: Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Question92: Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Question93: Which of the following is the BEST indication of effective information security governance?

Question94: Which of the following BEST indicates that information security governance and corporate governance are integrated?

Question95: An organization's automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

Question96: Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Question97: Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Question98: The MOST appropriate time to conduct a disaster recovery test would be after:

Question99: The PRIMARY reason for creating a business case when proposing an information security project is to:

Question100: When developing a categorization method for security incidents, the categories MUST:

Question101: An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

Question102: An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Question103: When analyzing the emerging risk and threat landscape, an information security manager should FIRST:

Question104: An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Question105: Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Question106: An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?

Question107: An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?

Question108: Which of the following is the MOST important objective when planning an incident response program?

Question109: What is the PRIMARY objective of implementing standard security configurations?

Question110: Which of the following is the BEST indication of an effective information security awareness training program?

Question111: A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?

Question112: A technical vulnerability assessment on a personnel information management server should be performed when:

Question113: The PRIMARY reason to properly classify information assets is to determine:

Question114: Which of the following should include contact information for representatives of equipment and software vendors?

Question115: Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Question116: An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Question117: Which of the following should be the PRIMARY basis for an information security strategy?

Question118: A finance department director has decided to outsource the organization's budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?

Question119: Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Question120: Which of the following would provide the MOST effective security outcome in an organizations contract management process?

Question121: Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Question122: A common drawback of email software packages that provide native encryption of messages is that the encryption:

Question123: A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Question124: Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

Question125: A balanced scorecard MOST effectively enables information security:

Question126: Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?

Question127: A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Question128: Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

Question129: The PRIMARY objective of performing a post-incident review is to:

Question130: Which of the following should have the MOST influence on an organization's response to a new industry regulation?

Question131: Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

Question132: Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question133: Which of the following events is MOST likely to require an organization to revisit its information security framework?

Question134: Which of the following is an example of risk mitigation?

Question135: Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Question136: An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Question137: Which of the following is MOST important when defining how an information security budget should be allocated?

Question138: To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?

Question139: When deciding to move to a cloud-based model, the FIRST consideration should be:

Question140: Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Question141: Which of the following is the BEST indicator of an organization's information security status?

Question142: The MOST important element in achieving executive commitment to an information security governance program is:

Question143: Which of the following BEST enables an organization to effectively manage emerging cyber risk?

Question144: A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Question145: Of the following, who is BEST suited to own the risk discovered in an application?

Question146: The fundamental purpose of establishing security metrics is to:

Question147: Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?

Question148: Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Question149: Which of the following parties should be responsible for determining access levels to an application that processes client information?

Question150: Which of the following BEST indicates the organizational benefit of an information security solution?

Question151: An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Question152: Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization's information security program?

Question153: IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Question154: Which of the following BEST determines an information asset's classification?

Question155: During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?

Question156: During which of the following development phases is it MOST challenging to implement security controls?

Question157: An information security program is BEST positioned for success when it is closely aligned with:

Question158: Which of the following is the MOST effective way to detect information security incidents?

Question159: To help ensure that an information security training program is MOST effective, its contents should be:

Question160: Which of the following is the MOST important outcome of a post-incident review?

Question161: An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?

Question162: Recovery time objectives (RTOs) are an output of which of the following?

Question163: Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Question164: Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Question165: An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?

Question166: An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Question167: Which of the following BEST facilitates effective strategic alignment of security initiatives?

Question168: Which of the following is the BEST indication ofa successful information security culture?

Question169: Which of the following will BEST enable an effective information asset classification process?

Question170: Which of the following would BEST support the business case for an increase in the information security budget?

Question171: Which of the following should be the PRIMARY objective when establishing a new information security program?

Question172: An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Question173: Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Question174: Which of the following roles is BEST able to influence the security culture within an organization?

Question175: A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

Question176: A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?

Question177: During which phase of an incident response plan is the root cause determined?

Question178: Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?

Question179: Which of the following would MOST effectively ensure that a new server is appropriately secured?

Question180: Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Question181: When developing an asset classification program, which of the following steps should be completed FIRST?

Question182: Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

Question183: Which of the following is the MOST important consideration when determining which type of failover site to employ?

Question184: An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Question185: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of confidentiality?

Question186: How does an organization PRIMARILY benefit from the creation of an information security steering committee?

Question187: Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

Question188: Which of the following should be the PRIMARY consideration when developing an incident response plan?

Question189: An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?

Question190: Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Question191: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

Question192: Which of the following should be implemented to BEST reduce the likelihood of a security breach?

Question193: To effectively manage an organization's information security risk, it is MOST important to:

Question194: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

Question195: When establishing metrics for an information security program, the BEST approach is to identify indicators that:

Question196: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Question197: An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Question198: Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

Question199: The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

Question200: A security incident has been reported within an organization. When should an information security manager contact the information owner?

Question201: Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Question202: An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?

Question203: Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?

Question204: When integrating security risk management into an organization it is MOST important to ensure:

Question205: Which of the following is the PRIMARY reason to assign a risk owner in an organization?

Question206: While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?

Question207: Which of the following components of an information security risk assessment is MOST valuable to senior management?

Question208: Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Question209: Which of the following is MOST important when conducting a forensic investigation?

Question210: The MOST important reason for having an information security manager serve on the change management committee is to:

Question211: Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Question212: Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

Question213: Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?

Question214: Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

Question215: When establishing an information security governance framework, it is MOST important for an information security manager to understand:

Question216: A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

Question217: Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Question218: Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

Question219: Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

Question220: An organization has identified a large volume of old data that appears to be unused. Which of the following should the information security manager do NEXT?

Question221: Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

Question222: Which of the following is MOST important for guiding the development and management of a comprehensive information security program?

Question223: Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Question224: Which of the following is the BEST way to enhance training for incident response teams?

Question225: What should be the FIRST step when implementing data loss prevention (DLP) technology?

Question226: Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question227: Which of the following processes BEST supports the evaluation of incident response effectiveness?

Question228: Reevaluation of risk is MOST critical when there is:

Question229: Which of the following is the BEST indication that an organization has a mature information security culture?

Question230: Which of the following should an information security manager do FIRST when creating an organization's disaster recovery plan (DRP)?

Question231: Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Question232: Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Question233: During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Question234: Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Question235: Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Question236: Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Question237: Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?

Question238: A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager's BEST course of action?

Question239: After a ransomware incident an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?

Question240: The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

Question241: Management decisions concerning information security investments will be MOST effective when they are based on:

Question242: Which of the following should be the PRIMARY outcome of an information security program?

Question243: Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?

Question244: Which of the following is a desired outcome of information security governance?

Question245: An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Question246: When assigning a risk owner, the MOST important consideration is to ensure the owner has:

Question247: Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Question248: When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Question249: Which of the following factors would have the MOST significant impact on an organization's information security governance mode?

Question250: Which of the following is MOST important to have in place for an organization's information security program to be effective?

Question251: In which cloud model does the cloud service buyer assume the MOST security responsibility?

Question252: An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?

Question253: Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Question254: When properly implemented, secure transmission protocols protect transactions:

Question255: Which of the following BEST enables an organization to transform its culture to support information security?

Question256: Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

Question257: Which of the following is the MOST important reason for logging firewall activity?

Question258: A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

Question259: Information security controls should be designed PRIMARILY based on:

Question260: An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

Question261: Which of the following is MOST important to include in an information security policy?

Question262: Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Question263: A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Question264: Which of the following metrics would provide an accurate measure of an information security program's performance?

Question265: Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Question266: What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Question267: In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

Question268: A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

Question269: An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Question270: Business objectives and organizational risk appetite are MOST useful inputs to the development of information security:

Question271: Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

Question272: Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Question273: How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Question274: An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Question275: Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Question276: Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Question277: An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Question278: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Question279: Which of the following is the MOST effective way to prevent information security incidents?

Question280: The PRIMARY goal to a post-incident review should be to:

Question281: To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?

Question282: Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

Question283: Which of the following will result in the MOST accurate controls assessment?

Question284: Which of the following is the MOST important outcome of effective risk treatment?

Question285: An organization is considering using a third party to host sensitive archived dat a. Which of the following is MOST important to verify before entering into the relationship?

Question286: Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Question287: Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Question288: A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

Question289: Which of the following would BEST enable the timely execution of an incident response plan?

Question290: Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

Question291: The PRIMARY objective of timely declaration of a disaster is to:

Question292: Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Question293: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Question294: Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

Question295: An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Question296: Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

Question297: Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Question298: Which of the following is MOST effective in monitoring an organization's existing risk?

Question299: Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

Question300: Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

Question301: Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Question302: Which of the following is the MOST effective way to increase security awareness in an organization?

Question303: Which of the following would BEST mitigate accidental data loss events?

Question304: Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

Question305: Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question306: Which of the following is the BEST course of action when an online company discovers a network attack in progress?

Question307: A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Question308: Recovery time objectives (RTOs) are BEST determined by:

Question309: Which type of recovery site is MOST reliable and can support stringent recovery requirements?

Question310: The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Question311: An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Question312: Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Question313: Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

Question314: Which of the following is the MOST important benefit of using a cloud access security broker when migrating to a cloud environment?

Question315: A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

Question316: Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Question317: Which of the following is MOST important to consider when determining asset valuation?

Question318: After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager's FIRST course of action should be to:

Question319: When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Question320: Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

Question321: The PRIMARY advantage of single sign-on (SSO) is that it will:

Question322: Which of the following activities MUST be performed by an information security manager for change requests?

Question323: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Question324: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

Question325: Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?

Question326: To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

Question327: An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

Question328: Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Question329: Which of the following is a function of the information security steering committee?

Question330: ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

Question331: Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?

Question332: Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Question333: For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

Question334: Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Question335: Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?

Question336: Which of the following is a PRIMARY benefit of managed security solutions?

Question337: Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

Question338: Which of the following provides the BEST evidence that a recently established infofmation security program is effective?

Question339: In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

Question340: While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Question341: Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Question342: Which of the following is a PRIMARY function of an incident response team?

Question343: Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

Question344: A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to:

Question345: Which of the following is MOST important to the successful implementation of an information security program?

Question346: Which of the following analyses will BEST identify the external influences to an organization's information security?

Question347: Which of the following is the BEST method to ensure compliance with password standards?

Question348: Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

Question349: Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Question350: Which of the following is the BEST indication of information security strategy alignment with the "&

Question351: Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

Question352: Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

Question353: Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Question354: Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

Question355: Which of the following is MOST important to include in an information security status report to senior management?

Question356: Which of the following is the BEST approach for governing noncompliance with security requirements?

Question357: Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

Question358: Which of the following is the MOST critical factor for information security program success?

Question359: Which of the following BEST enables an organization to maintain an appropriate security control environment?