Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?
A large number of accounts in a hardened system were suddenly compromised to an external party. Which of
the following is the MOST probable threat actor involved in this incident?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which of the following is the MOST important reason for performing assessments of the security portfolio?
A digital signature addresses which of the following concerns?
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?
Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?
When project costs continually increase throughout implementation due to large or rapid changes in customer
or user requirements, this is commonly known as:
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?
Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of
Which of the following is MOST useful when developing a business case for security initiatives?
Who is responsible for verifying that audit directives are implemented?
What does RACI stand for?
ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.
Which metric would meet the requirement?
XYZ is a publicly-traded software development company.
Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?
The main purpose of the SOC is:
When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?
When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?
When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?
An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?
A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).
In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?
Which of the following statements below regarding Key Performance indicators (KPIs) are true?
Which of the following activities results in change requests?
An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?
A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?
The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?
Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?
IT control objectives are useful to IT auditors as they provide the basis for understanding the:
To have accurate and effective information security policies how often should the CISO review the organization policies?
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
What type of attack requires the least amount of technical equipment and has the highest success rate?
Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
The process of identifying and classifying assets is typically included in the
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
Which of the following is the MAIN security concern for public cloud computing?
The process of creating a system which divides documents based on their security level to manage access to private data is known as
In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:
Physical security measures typically include which of the following components?
Which of the following is a symmetric encryption algorithm?
Which of the following backup sites takes the longest recovery time?
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for
The PRIMARY objective for information security program development should be:
A method to transfer risk is to:
A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?
Information security policies should be reviewed:
What is the relationship between information protection and regulatory compliance?
One of the MAIN goals of a Business Continuity Plan is to
Which of the following is a benefit of information security governance?
You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?
Who is responsible for securing networks during a security incident?
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):
Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)
In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?
Which of the following represents the BEST method of ensuring security program alignment to business needs?
Which of the following is the MOST important component of any change management process?