Question1: Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
Question2: When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:
Question3: Which of the following BEST enables an organization to maintain legally admissible evidence7
Question4: During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?
Question5: Which of the following is the PRIMARY reason to assign a risk owner in an organization?
Question6: Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?
Question7: What type of control is being implemented when a security information and event management (SIEM) system is installed?
Question8: An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
Question9: Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
Question10: Which of the following is the MOST important consideration when updating procedures for managing security devices?
Question11: An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:
Question12: During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?
Question13: Which of the following BEST minimizes information security risk in deploying applications to the production environment?
Question14: Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?
Question15: Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Question16: An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?
Question17: Labeling information according to its security classification:
Question18: Which of the following is the GREATEST benefit of using AI tools in security operations?
Question19: Detailed business continuity plans (BCPs) should be PRIMARILY based on:
Question20: Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Question21: Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization's business continuity plan (BCP) has not been reviewed or updated in more than a year?
Question22: Which of the following provides the MOST useful information for identifying security control gaps on an application server?
Question23: Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization's security program?
Question24: Which of the following is PRIMARILY determined by asset classification?
Question25: Which of the following should be the MOST important consideration when establishing information security policies for an organization?
Question26: When assigning a risk owner, the MOST important consideration is to ensure the owner has:
Question27: Which of the following would BEST guide the development and maintenance of an information security program?
Question28: An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?
Question29: Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?
Question30: Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
Question31: Which of the following is the BEST indication of an effective information security program?
Question32: Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?
Question33: Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
Question34: Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?
Question35: Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?
Question36: The PRIMARY advantage of single sign-on (SSO) is that it will:
Question37: Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?
Question38: Which of the following is MOST helpful for aligning security operations with the IT governance framework?
Question39: Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
Question40: Which of the following provides the BEST input to determine the level of protection needed for an IT system?
Question41: Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?
Question42: Which of the following events is MOST likely to require an organization to revisit its information security framework?
Question43: Which of the following is MOST important to include in an information security policy?
Question44: A global organization has outsourced security processes to a service provider by means of a global agreement.
What is the MOST efficient approach to meet country-specific regulatory requirements?
Question45: When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided:
Question46: Which of the following should be done FIRST when implementing a security program?
Question47: An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?
Question48: Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?
Question49: IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?
Question50: When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?
Question51: Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
Question52: Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?
Question53: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
Question54: An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
Question55: In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?
Question56: An organization has remediated a security flaw in a system. Which of the following should be done NEXT?
Question57: Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?
Question58: Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?
Question59: Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?
Question60: Which of the following should be done FIRST to prioritize response to incidents?
Question61: Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy. What should the information security manager do NEXT?
Question62: Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
Question63: Which of the following provides the MOST effective response against ransomware attacks?
Question64: Which of the following is a PRIMARY function of an incident response team?
Question65: Which of the following should be done FIRST when a SIEM flags a potential event?
Question66: Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?
Question67: Which of the following is the MOST important factor of a successful information security program?
Question68: The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
Question69: Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?
Question70: Which of the following BEST illustrates residual risk within an organization?
Question71: Which of the following is MOST important to consider when determining asset valuation?
Question72: Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Question73: Reevaluation of risk is MOST critical when there is:
Question74: An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
Question75: Which of the following is the BEST course of action when an information security manager identifies that systems are vulnerable to emerging threats?
Question76: The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:
Question77: Which of the following is MOST important to the successful implementation of an information security program?
Question78: An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?
Question79: When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:
Question80: Which of the following should be done FIRST when developing a business continuity plan (BCP)?
Question81: Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
Question82: When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Question83: An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
Question84: Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
Question85: Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?
Question86: Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?
Question87: Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Question88: An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?
Question89: What should an information security manager verify FIRST when reviewing an information asset management program?
Question90: A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?
Question91: A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?
Question92: In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?
Question93: A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?
Question94: An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
Question95: Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?
Question96: Which of the following is the BEST approach for data owners to use when defining access privileges for users?
Question97: Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?
Question98: A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission.
Which of the following should the information security manager do FIRST?
Question99: What should be an information security manager's MOST important consideration when developing a multi- year plan?
Question100: Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?
Question101: Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?
Question102: An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:
Question103: Which of the following is MOST important for building 4 robust information security culture within an organization?
Question104: Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?
Question105: Which of the following should be an information security manager's PRIMARY concern when an organization is expanding business to a new country?
Question106: Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?
Question107: Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?
Question108: An organization would like to invest in a new emerging technology. Which of the following is MOST important for the information security manager to consider when evaluating its impact?
Question109: How would the information security program BEST support the adoption of emerging technologies?
Question110: Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?
Question111: A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?
Question112: Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?
Question113: Which of the following should an information security manager do FIRST after a new cybersecunty regulation has been introduced?
Question114: Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?
Question115: When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
Question116: Which of the following BEST describes a buffer overflow?
Question117: Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?
Question118: The PRIMARY goal of the eradication phase in an incident response process is to:
Question119: Which of the following sources is MOST useful when planning a business-aligned information security program?
Question120: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?
Question121: Which of the following is the MOST important characteristic of an effective information security metric?
Question122: Which of the following would BEST help to ensure appropriate security controls are built into software?
Question123: Which of the following should be the PRIMARY basis for an information security strategy?
Question124: Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?
Question125: Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
Question126: Recovery time objectives (RTOs) are an output of which of the following?
Question127: An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
Question128: Which of the following would BEST enable the timely execution of an incident response plan?
Question129: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
Question130: Which of the following will result in the MOST accurate controls assessment?
Question131: Which of the following processes BEST supports the evaluation of incident response effectiveness?
Question132: Which of the following BEST ensures timely and reliable access to services?
Question133: The fundamental purpose of establishing security metrics is to:
Question134: Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?
Question135: Which of the following is the BEST way to determine if an information security profile is aligned with business requirements?
Question136: A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?
Question137: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Question138: When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
Question139: Before approving the implementation of a new security solution, senior management requires a business case.
Which of the following would BEST support the justification for investment?
Question140: The use of a business case to obtain funding for an information security investment is MOST effective when the business case:
Question141: A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?
Question142: Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?
Question143: Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?
Question144: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
Question145: A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
Question146: Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?
Question147: The MOST appropriate time to conduct a disaster recovery test would be after:
Question148: When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:
Question149: An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?
Question150: Which of the following should be the PRIMARY goal of information security?
Question151: Which of the following parties should be responsible for determining access levels to an application that processes client information?
Question152: A business impact analysis (BIA) BEST enables an organization to establish:
Question153: An organization's quality process can BEST support security management by providing:
Question154: An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRST step to ensure the security policy framework encompasses the new business model is to:
Question155: Who is BEST suited to determine how the information in a database should be classified?
Question156: An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?
Question157: Which of the following should be implemented to BEST reduce the likelihood of a security breach?
Question158: An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
Question159: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?
Question160: The categorization of incidents is MOST important for evaluating which of the following?
Question161: Which of the following would be MOST helpful to identify worst-case disruption scenarios?
Question162: When analyzing the emerging risk and threat landscape, an information security manager should FIRST:
Question163: Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?
Question164: Which of the following is the BEST indicator of the maturity level of a vendor risk management process?
Question165: Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
Question166: Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
Question167: Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?
Question168: Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?
Question169: An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done FIRST?
Question170: Which of the following is the BEST indicator of an organization's information security status?
Question171: After a server has been attacked, which of the following is the BEST course of action?
Question172: Which of the following BEST helps to enable the desired information security culture within an organization?
Question173: Which of the following would MOST effectively ensure that a new server is appropriately secured?
Question174: An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?
Question175: Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?
Question176: Which of the following is the MOST effective way to increase security awareness in an organization?
Question177: Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?
Question178: Which of the following is MOST important to consider when defining control objectives?
Question179: Senior management recently approved a mobile access policy that conflicts with industry best practices.
Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?
Question180: Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?
Question181: Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?
Question182: Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?
Question183: What is the PRIMARY objective of implementing standard security configurations?
Question184: Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?
Question185: The BEST way to report to the board on the effectiveness of the information security program is to present:
Question186: Which of the following is the BEST indication ofa successful information security culture?
Question187: Which of the following is MOST important to the effectiveness of an information security steering committee?
Question188: Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?
Question189: Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?
Question190: What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Question191: Which of the following is MOST important to include in an information security status report to senior management?
Question192: A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?
Question193: Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?
Question194: Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?
Question195: Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?
Question196: Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?
Question197: Which of the following is the BEST reason to implement an information security architecture?
Question198: The PRIMARY purpose for deploying information security metrics is to:
Question199: Which of the following is the MOST important requirement for a successful security program?
Question200: Which of the following is the MOST effective way to detect security incidents?
Question201: Of the following, who is in the BEST position to evaluate business impacts?
Question202: To help ensure that an information security training program is MOST effective its contents should be
Question203: Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?
Question204: Which of the following BEST ensures information security governance is aligned with corporate governance?
Question205: Which of the following is the PRIMARY objective of a cyber resilience strategy?
Question206: Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?
Question207: Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
Question208: A recovery point objective (RPO) is required in which of the following?
Question209: In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or
Question210: Which of the following is MOST important for guiding the development and management of a comprehensive information security program?
Question211: A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:
Question212: Which of the following should be the PRIMARY objective of the information security incident response process?
Question213: An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?
Question214: During which phase of an incident response plan is the root cause determined?
Question215: An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?
Question216: Spoofing should be prevented because it may be used to:
Question217: An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?
Question218: Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
Question219: In a call center, the BEST reason to conduct a social engineering is to:
Question220: Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?
Question221: What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?
Question222: A finance department director has decided to outsource the organization's budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?
Question223: Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?
Question224: Which of the following is MOST important to include in security incident escalation procedures?
Question225: Which of the following is MOST important when designing security controls for new cloud-based services?
Question226: Which of the following is the PRIMARY benefit of implementing an information security governance framework?
Question227: An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:
Question228: An information security manager has recently been notified of potential security risks associated with a third- party service provider. What should be done NEXT to address this concern?
Question229: Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?
Question230: When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:
Question231: Which of the following is the BEST control to protect customer personal information that is stored in the cloud?
Question232: Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?
Question233: Which of the following is the PRIMARY role of the information security manager in application development?
Question234: An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?
Question235: Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?
Question236: Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?
Question237: Which of the following should be the FIRST consideration when developing a strategy for protecting an organization's data?
Question238: Which of the following is MOST important to convey to employees in building a security risk-aware culture?
Question239: Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
Question240: Of the following, who is accountable for data loss in the event of an information security incident at a third- party provider?
Question241: The PRIMARY reason for creating a business case when proposing an information security project is to:
Question242: Which of the following is the BEST way to obtain support for a new organization-wide information security program?
Question243: During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
Question244: An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?
Question245: Which of the following is the MOST important outcome of a post-incident review?
Question246: An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
Question247: What is the BEST way to reduce the impact of a successful ransomware attack?
Question248: Which of the following is necessary to ensure consistent protection for an organization's information assets?
Question249: Which of the following should be the KEY consideration when creating an information security communication plan with industry peers?
Question250: When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?
Question251: Which of the following has the GREATEST impact on the effectiveness of an organization's security posture?
Question252: An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:
Question253: Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
Question254: Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?
Question255: Which type of control is an incident response team?
Question256: Which of the following is the PRIMARY role of an information security manager in a software development project?
Question257: Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
Question258: Which of the following is the BEST approach to incident response for an organization migrating to a cloud- based solution?
Question259: Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?
Question260: Which of the following BEST supports effective communication during information security incidents7
Question261: Which of the following is the MOST effective way to prevent information security incidents?
Question262: Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?
Question263: Implementing the principle of least privilege PRIMARILY requires the identification of:
Question264: Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?
Question265: Which of the following BEST demonstrates the added value of an information security program?
Question266: Which of the following BEST facilitates the effectiveness of cybersecurity incident response?
Question267: Which of the following analyses will BEST identify the external influences to an organization's information security?
Question268: From an information security perspective, legal issues associated with a transborder flow of technology- related items are MOST often
Question269: Which of the following tools would be MOST helpful to an incident response team?
Question270: In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?
Question271: Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?
Question272: To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
Question273: An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?
Question274: The PRIMARY consideration when responding to a ransomware attack should be to ensure:
Question275: A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
Question276: Which of the following processes is MOST important for the success of a business continuity plan (BCP)?
Question277: Which of the following provides the BEST evidence that a recently established infofmation security program is effective?
Question278: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?
Question279: When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?
Question280: Which or the following is MOST important to consider when determining backup frequency?
Question281: Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?
Question282: An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:
Question283: Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?
Question284: A startup company deployed several new applications with vulnerabilities into production because security reviews were not conducted. What will BEST help to ensure effective application risk management going forward?
Question285: Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
Question286: Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?
Question287: Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?
Question288: Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
Question289: Which of the following is MOST critical when creating an incident response plan?
Question290: Which of the following documents should contain the INITIAL prioritization of recovery of services?
Question291: Which of the following is an example of risk mitigation?
Question292: Which of the following BEST enables staff acceptance of information security policies?
Question293: Which of the following is the BEST indication of an effective information security awareness training program?
Question294: An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?
Question295: Which of the following should be the PRIMARY basis for establishing metrics that measure the effectiveness of an information security program?
Question296: An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.
Which of the following should be given immediate focus?
Question297: Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?
Question298: When developing a categorization method for security incidents, the categories MUST:
Question299: Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Question300: Which of the following is MOST important when conducting a forensic investigation?
Question301: Which of the following has the GREATEST influence on an organization's information security strategy?
Question302: Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
Question303: Which of the following is MOST important when designing an information security governance framework?
Question304: Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?
Question305: Which of the following is MOST important when responding to a major security incident?
Question306: Which of the following BEST facilitates effective strategic alignment of security initiatives?
Question307: Which of the following is an information security manager's BEST recommendation to senior management following a breach at the organization's Software as a Service (SaaS) vendor?
Question308: Reverse lookups can be used to prevent successful:
Question309: Which of the following should be done FIRST once a cybersecurity attack has been confirmed?
Question310: The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?
Question311: During a post-incident review, it was determined that a known vulnerability was exploited in order to gain access to a system. The vulnerability was patched as part of the remediation on the offending system. Which of the following should be done NEXT?
Question312: An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:
Question313: Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?
Question314: Which of the following is MOST important to have in place for an organization's information security program to be effective?
Question315: Which of the following should be the MOST important consideration of business continuity management?
Question316: ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?
Question317: Which of the following is the BEST method for determining whether new risks exist in legacy systems?
Question318: An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes?
Question319: Which of the following is the MOST effective way to convey information security responsibilities across an organization?
Question320: When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:
Question321: When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:
Question322: Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
Question323: Recommendations for enterprise investment in security technology should be PRIMARILY based on:
Question324: The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
Question325: Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?
Question326: Which of the following control types should be considered FIRST for aligning employee behavior with an organization's information security objectives?
Question327: For which of the following is it MOST important that system administrators be restricted to read-only access?
Question328: Information security policies should PRIMARILY reflect alignment with:
Question329: When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:
Question330: To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
Question331: Which of the following BEST enables the assignment of risk and control ownership?
Question332: Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?
Question333: Which of the following is the MOST effective way to detect information security incidents?
Question334: Which of the following is the BEST indication of information security strategy alignment with the "&
Question335: Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?
Question336: Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?
Question337: Which of the following MUST be established to maintain an effective information security governance framework?
Question338: An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Which of the following controls would MOST effectively manage risk to the organization?
Question339: When establishing metrics for an information security program, the BEST approach is to identify indicators that:
Question340: A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
Question341: Which of the following is the BEST approach for governing noncompliance with security requirements?
Question342: Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?
Question343: Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
Question344: An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:
Question345: Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
Question346: Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?
Question347: Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?
Question348: Which of the following BEST supports information security management in the event of organizational changes in security personnel?
Question349: Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Question350: Which of the following is the BEST option to lower the cost to implement application security controls?
Question351: Which of the following is MOST important to the effectiveness of an information security program?
Question352: The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:
Question353: Which of the following is the PRIMARY objective of information asset classification?
Question354: Which of the following is the BEST course of action when an online company discovers a network attack in progress?
Question355: An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?
Question356: Which of the following is the MOST effective way to identify changes in an information security environment?
Question357: Which of the following should be done FIRST when establishing an information security governance framework?
Question358: An organization has identified a large volume of old data that appears to be unused. Which of the following should the information security manager do NEXT?
Question359: Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?
Question360: A business continuity plan (BCP) should contain:
Question361: Which of the following provides the MOST assurance that a third-party hosting provider will be able to meet availability requirements?
Question362: An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?
Question363: Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Question364: Which of the following is MOST important to have in place when conducting a security control assessment of a system?
Question365: Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?
Question366: Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?
Question367: When establishing an information security governance framework, it is MOST important for an information security manager to understand:
Question368: Which of the following is the MOST important consideration when establishing an organization's information security governance committee?
Question369: An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?
Question370: An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
Question371: An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?
Question372: Which of the following is the PRIMARY reason for granting a security exception?
Question373: Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
Question374: An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
Question375: Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?
Question376: To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?
Question377: Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?
Question378: Which of the following should be given the HIGHEST priority during an information security post-incident review?
Question379: Which of the following BEST indicates that an information security governance framework has been successfully implemented?
Question380: Which of the following should an information security manager do FIRST when noncompliance with security standards is identified?
Question381: Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?
Question382: An incident response policy should include:
Question383: Which of the following is a function of the information security steering committee?
Question384: Embedding security responsibilities into job descriptions is important PRIMARILY because it:
Question385: Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Question386: Which of the following is the MOST likely reason for a vulnerability scanner to return incomplete results?
Question387: Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?
Question388: Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?
Question389: Which of the following is the BEST approach to make strategic information security decisions?
Question390: Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Question391: Which of the following should be the FIRST step when performing triage of a malware incident?
Question392: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?
Question393: An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
Question394: A balanced scorecard MOST effectively enables information security:
Question395: What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
Question396: Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?
Question397: Which of the following is the MOST important function of an information security steering committee?
Question398: Which of the following is the PRIMARY benefit of an information security awareness training program?
Question399: A new risk has been identified in a high availability system. The BEST course of action is to:
Question400: Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
Question401: A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?
Question402: An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact.
Which of the following is the BEST risk treatment option in this situation?
Question403: Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
Question404: Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?
Question405: An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''
Question406: Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
Question407: The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?
Question408: Which of the following is the BEST evidence of alignment between corporate and information security governance?
Question409: Which of the following is the MOST important objective when planning an incident response program?
Question410: Which of the following is the BEST way to build a risk-aware culture?
Question411: Who is accountable for approving an information security governance framework?