In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:
Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
Which of the following is a symmetric encryption algorithm?
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
An anonymity network is a series of?
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
Which of the following is the MAIN security concern for public cloud computing?
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
The process of creating a system which divides documents based on their security level to manage access to private data is known as
Physical security measures typically include which of the following components?
Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?
When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?
In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?
Which of the following is a fundamental component of an audit record?
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?
During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:
An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?
With respect to the audit management process, management response serves what function?
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?
Which of the following is a benefit of a risk-based approach to audit planning?
Which of the following methodologies references the recommended industry standard that Information security project managers should follow?
Your incident response plan should include which of the following?
This occurs when the quantity or quality of project deliverables is expanded from the original project plan.
A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?
Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?
An example of professional unethical behavior is:
Risk appetite is typically determined by which of the following organizational functions?
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?
When managing the critical path of an IT security project, which of the following is MOST important?
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
Which business stakeholder is accountable for the integrity of a new information system?
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?
Which of the following are the triple constraints of project management?
A bastion host should be placed:
What is the primary difference between regulations and standards?
Many successful cyber-attacks currently include:
Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?
Which of the following strategies provides the BEST response to a ransomware attack?
When managing a project, the MOST important activity in managing the expectations of stakeholders is:
An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?
Which of the following statements below regarding Key Performance indicators (KPIs) are true?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.
The performance quality audit activity is done in what project management process group?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?
Involvement of senior management is MOST important in the development of:
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals
the increasing need to address security consistently at the enterprise level. This new CISO, while confident with
skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the
CISO’s approach to security?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?
A CISO has implemented a risk management capability within the security portfolio. Which of the following
terms best describes this functionality?
Using the Transport Layer Security (TLS) protocol enables a client in a network to be:
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?
The formal certification and accreditation process has four primary steps, what are they?
Which of the following is the MOST important for a CISO to understand when identifying threats?
Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?
The PRIMARY objective of security awareness is to:
Which of the following is a benefit of information security governance?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
A method to transfer risk is to:
Who is responsible for securing networks during a security incident?