Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Isaca CISM Certified Information Security Manager Exam Practice Test

Demo: 200 questions
Total 1491 questions

Certified Information Security Manager Questions and Answers

Question 1

What should be the information security manager s MOST important consideration when planning a disaster recovery test?

Options:

A.

Organization-wide involvement

B.

Documented escalation processes

C.

Impact to production systems

D.

Stakeholder notification procedures

Question 2

An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Isolate the noncompliant system from the rest of the network.

B.

Conduct an impact analysis to quantify the associated risk

C.

Request risk acceptance from senior management.

D.

Submit the issue to the steering committee for escalation.

Question 3

Which of the following is the MOST important outcome of testing incident response plans?

Options:

A.

Areas requiring investment are identified.

B.

Staff is educated about current threats.

C.

An action plan is available for senior management.

D.

Internal procedures are improved.

Question 4

Which of the following is the BEST strategy to implement an effective operational security posture?

Options:

A.

Defense in depth

B.

Threat management

C.

Vulnerability management

D.

Increased security awareness

Question 5

Which of the following is MOST helpful when justifying the funding required for a compensating control?

Options:

A.

Business impact analysis (B1A)

B.

Risk analysis

C.

Business case

D.

Threat assessment

Question 6

A third-party service provider is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security management.

Options:

A.

Software escrow is not addressed in the contract

B.

The contract has no requirement for secure development practices

C.

The mobile app s programmers are all offshore contractors.

D.

SLAs after deployment are not clearly defined.

Question 7

A security team is conducting its annual disaster recovery test. Post-restoration testing shows the system response time is significantly slower due to insufficient bandwidth for Internet connectivity at the recovery center. Which of the following is the security manager's BEST course of action?

Options:

A.

Reduce the number of applications marked as critical.

B.

Halt the test until the network bandwidth is increased.

C.

Document the deficiency for review by business leadership.

D.

Pursue risk acceptance for the slower response time

Question 8

Which of the following BEST helps to identify vulnerabilities introduced by changes to an organization's technical infrastructure?

Options:

A.

Log aggregation and correlation

B.

Established security baselines

C.

An intrusion detection system (IDS)

D.

Penetration testing

Question 9

When developing a protection strategy for outsourcing applications, the information se

Options:

A.

the security requirements are included in the service level agreement (SLA).

B.

escrow agreements are in place.

C.

the responsibility for security is transferred in the service level agreement (SLA).

D.

nondisclosure clauses are in the contract.

Question 10

When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organizations security steering committee?

Options:

A.

Obtaining support for the integration from business owners

B.

Evaluating and reporting the degree of integration

C.

Obtaining approval for the information security budget

D.

Defining metrics to demonstrate alignment

Question 11

Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Options:

A.

End user acceptance

B.

Disparate device security

C.

Mobile application control

D.

Configuration management

Question 12

BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:

Options:

A.

a sandbox environment

B.

device encryption,

C.

two-factor authentication

D.

a strong password policy

Question 13

After undertaking a security assessment of a production system, the information security manager is MOST likely to:

Options:

A.

inform the system owner of any residual risks and propose measures to reduce them.

B.

establish an overall security program that minimizes the residual risks of that production system

C.

inform the IT manager of the residual risks and propose measures to reduce them.

D.

inform the development team of any residual risks and together formulate risk reduction measures.

Question 14

Which of the following stakeholders would provide the BEST guidance in aligning the information security strategy with organizational goals?

Options:

A.

Board of directors

B.

Chief information officer (CIO)

C.

Chief information security officer (CISO)

D.

information security steering committee

Question 15

An organization has established information security policies, but the information security the MOST likely reason for this situation?

Options:

A.

The information security policies are not communicated across the organization.

B.

The information security policies lack alignment with corporate goals.

C.

The information security program is not adequately funded.

D.

The organization is operating in a highly regulated industry.

Question 16

Which of the following is the MOST important reason for logging firewall activity?

Options:

A.

Auditing purposes

B.

Incident investigation

C.

Firewall tuning

D.

Intrusion detection

Question 17

Which of the following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

Options:

A.

Complying with regulatory requirement

B.

Ensuring the amount of residual risk is acceptable

C.

Avoiding identified system threats

D.

Reducing the number of vulnerabilities detected

Question 18

Which of the following is BEST to include in a business case when the return on investment (RIO) for an information security initiative is difficult to calculate?

Options:

A.

Projected increase in maturity level

B.

Estimated increase in efficiency

C.

Projected costs over time

D.

Estimated reduction in risk

Question 19

The PRIMARY purpose of a security information and event management (SIEM) system is to:

Options:

A.

provide status of incidents

B.

resolve incidents

C.

track ongoing incidents

D.

identify potential incidents.

Question 20

Which of the following is MOST important to building an effective information security program?

Options:

A.

logical access controls for information systems

B.

Information security architecture to increase monitoring activities

C.

Relevant and timely content included in awareness programs

D.

Management support for information security

Question 21

Management is questioning the need for several items in the information security budget proposal. Which of the following would have been MOST helpful prior to budget submission?

Options:

A.

Benchmarking information security efforts of industry competitors

B.

Obtaining better pricing from information security service vendors

C.

Presenting a report of current threats to the organization

D.

Educating management on information security best practices

Question 22

Which of the following BEST demonstrates alignment between information security governance and corporate governance?

Options:

A.

Average number of security incidents across business units

B.

Number of vulnerabilities identified for high-risk information assets

C.

Security project justifications provided in terms of business value

D.

Mean time to resolution for enterprise-wide security incidents

Question 23

An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?

Options:

A.

Implement a mobile device management solution.

B.

Implement a web application firewall.

C.

Educate users regarding the use of approved applications.

D.

Establish a mobile device acceptable use policy

Question 24

Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?

Options:

A.

Information security initiatives are directly correlated to business processes.

B.

The information security team is able to provide key performance indicators (KPIs) to senior management.

C.

Business senior management supports the information security policies.

D.

The information security program manages risk within the business1* risk tolerance.

Question 25

Which of the following is MOST important when prioritizing an information security incident?

Options:

A.

Organizational risk tolerance

B.

Cost to contain and remediate the incident

C.

Criticality of affected resources

D.

Short-term impact to shareholder value

Question 26

What is the PRIMARY benefit of effective configuration management?

Options:

A.

Improved vulnerability management

B.

Standardization of system support

C.

Decreased risk to the organization's systems

D.

Reduced frequency of incidents

Question 27

A CEO requires that information security risk management is practiced at the organizational level through a central risk register. Which of the following is the MOST important reason to report a summary of this risk register to the board?

Options:

A.

To ensure alignment with industry standards and trends

B.

To facilitate alignment between risk management and organizational objectives

C.

To comply with the organization’s regulatory and legal requirements

D.

To ensure adequate funding is available for risk management and mitigation

Question 28

Which of the following is MOST likely to be included in an enterprise security policy?

Options:

A.

Retention schedules

B.

Organizational risk

C.

System access specifications

D.

Definitions of responsibilities

Question 29

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

Options:

A.

Industry benchmarks

B.

Risk assessment results

C.

Business impact analysis (BIA) results

D.

Key performance indicators (KPIs)

Question 30

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?

Options:

A.

Escalation paths

B.

Right-to-audit clause

C.

Termination language

D.

Key performance indicators (KPIs)

Question 31

Which of the following is MOST important to the effectiveness of an information security steering committee?

Options:

A.

The committee has strong regulatory knowledge.

B.

The committee has cross-organizational representation.

C.

The committee has strong representation from IT.

D.

The committee is driven by industry best practices.

Question 32

Audit trails of changes to source code and object code are BEST tracked through:

Options:

A.

job control statements.

B.

code review.

C.

use of compilers.

D.

program library software.

Question 33

An organization is going through a digital transformation process, which places the IT organization in an

unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk

management process. Which of the following should be given the HIGHEST priority?

Options:

A.

Analysis of control gaps

B.

Identification of risk

C.

Design of key risk indicators (KRIs)

D.

Selection of risk treatment options

Question 34

Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?

Options:

A.

Identification of threats and vulnerabilities

B.

Prioritization of action plans

C.

Validation of current capabilities

D.

Benchmarking against industry peers

Question 35

Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?

Options:

A.

Information security governance

B.

Risk assessment program

C.

Information security metrics

D.

Information security awareness training

Question 36

Which of the following is MOST important to implement when using a service account for infrastructure administration?

Options:

A.

Audit trail

B.

Password control

C.

Account lockout

D.

Hash totals

Question 37

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Options:

A.

Performing integration testing with vendor systems

B.

Establishing communication paths with vendors

C.

Requiring security awareness training for vendor staff

D.

Including service level agreements (SLAs) in vendor contracts

Question 38

A senior executive asks the information security manager to bypass the organization's Internet traffic filters due to a business need.

Which of the following should be the information security manager's NEXT course of action?

Options:

A.

Deny the request as noncompliant with policy

B.

Accept the request immediately based on the business criticality.

C.

Notify the IT network manager and make an approval decision jointly.

D.

Document the risk and mark for future review.

Question 39

Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?

Options:

A.

SWOT analysis

B.

Balanced scorecard

C.

Cost-benefit analysis

D.

Industry benchmarks

Question 40

Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way (or the information security manager to respond to this situation?

Options:

A.

Update roles and responsibilities of the incident response team.

B.

Validate that the information security strategy maps to corporate objectives

C.

Train the incident response team on escalation procedures.

D.

Implement a monitoring solution for incident response activities.

Question 41

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a

critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the

following should be the information security manager's FIRST course of action?

Options:

A.

Determine mitigation options with IT management

B.

Communicate the potential impact to the application owner.

C.

Report the risk to the information security steering committee.

D.

Escalate the risk to senior management.

Question 42

Which of the following is the MOST important factor to be considered when reviewing an information security strategy?

Options:

A.

Frequency of security incidents

B.

Benchmarking to industry peers

C.

Evolving business goals

D.

Unmitigated risk

Question 43

Which of the following will BEST enhance the privacy of data in transit for an online transaction system?

Options:

A.

Masking sensitive data

B.

Requiring two-factor authentication

C.

Using a secure communications protocol

D.

Requiring a digital signature

Question 44

A security policy exception is leading to an unexpected increase in the number of alerts about suspicious Internet traffic on an organization's network Which of the following is the BEST course of action?

Options:

A.

Present a risk analysis with recommendations to senior management.

B.

Update the risk register so that senior management is kept informed

C.

Remove the rules that trigger the increased number of alerts

D.

Evaluate and update the enterprise network security architecture

Question 45

Senior management has just accepted the risk of noncompliance with a new regulation What should the information security manager do NEXT''

Options:

A.

Report the decision to the compliance officer.

B.

Update details within the risk register

C.

Reassess the organization's risk tolerance

D.

Assess the impact of the regulation

Question 46

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resalve the issue, it took a significant

amount of time to identify, What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Implement a SIEM solution.

B.

Perform a post-incident review.

C.

Perform a threat analysis.

D.

Establish performance metrics for the team.

Question 47

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the

information security manager do FIRST?

Options:

A.

Conduct a risk assessment.

B.

Initiate a device reset.

C.

Disable remote access,

D.

Initiate incident response.

Question 48

Which of the following is the BEST way to enhance training for incident response teams?

Options:

A.

Conduct interviews with organizational units

B.

Participate in emergency response activities

C.

Perform post-incident reviews

D.

Establish incident key performance indicators (KPIs).

Question 49

Which of the following is the PRIMARY objective of an incident response plan?

Options:

A.

To communicate escalation procedures

B.

To minimize business disruption

C.

To establish appropriate service level agreements (SLAs)

D.

To define roles and responsibilities

Question 50

What is the PRIMARY objective of triage within the incident response process?

Options:

A.

Timely reporting of incidents

B.

Containment of incidents

C.

Optimization of resources

D.

Determination of incident impact

Question 51

From a business perspective the MOST important function of information security is to support:

Options:

A.

predictable operations.

B.

international standards

C.

security awareness

D.

corporate policy

Question 52

An organization is considering whether to allow employees to use personal computing devices for business purposes To BEST facilitate senior management's decision, the information security manager should:

Options:

A.

conduct a risk assessment.

B.

develop a business case.

C.

map the strategy to business objectives.

D, perform a cost-benefit analysis.

Question 53

Which of the following provides the MOST comprehensive understanding of an organization's information security posture?

Options:

A.

The organization's security incident trends

B.

Risk management metrics

C.

Results of vulnerability assessments

D.

External audit findings

Question 54

Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?

Options:

A.

Existence of an industry-accepted framework

B.

Up-to-date policy and procedures documentation

C.

A report on the maturity of controls

D.

Results of an independent assessment

Question 55

Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data toss?

Options:

A.

An independent auditor for identification of control deficiencies

B.

A penetration tester to validate the attack

C.

A forensics expert for evidence management

D.

A damage assessment expert for calculating losses

Question 56

When defining responsibilities with a cloud computing vendor, which of the following should be regarded as a shared responsibility between user and provider?

Options:

A.

Data ownership

B.

Application logging

C.

Incident response

D.

Access log review

Question 57

When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?

Options:

A.

Include information security clauses in the vendor contract.

B.

Develop metrics for vendor performance.

C.

Include information security criteria as part of vendor selection.

D.

Review third-party reports of potential vendors.

Question 58

Which of the following is the BEST way for an organization that outsources many business processes to gain assurance that services provided are adequately secured?

Options:

A.

Perform regular audits on the service providers' applicable controls.

B.

Provide information security awareness training to service provider staff.

C.

Conduct regular vulnerability assessments on the service providers' IT systems.

D.

Review the service providers' information security policies and procedures.

Question 59

An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior managements.

Options:

A.

Control owner responses based on a root cause analysis

B.

An accountability risk to initiate remediation activities

C.

A plan for mitigating the risk due to noncompliance

D.

The impact of noncompliance on the organization's risk profile

Question 60

An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tables contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

Options:

A.

Conduct a mobile device risk assessment.

B.

Create an acceptable use policy.

C.

Deploy mobile device management (MDM).

D.

Implement remote wipe capability.

Question 61

Which of the following is the MOST important action when using a web application that has recognized vulnerabilities?

Options:

A.

Deploy host-based intrusion detection.

B.

Monitor application level logs.

C.

Install anti-spyware software.

D.

Deploy an application firewall.

Question 62

Which of the following metrics would BEST determine the effectiveness of an application security testing program?

Options:

A.

Number of detected security defects per thousand lines of code

B.

Average time to release code into production

C.

Average time to fix each discovered security defect

D.

Number of security defects discovered in development versus production

Question 63

Ensuring that activities performed by outsourcing providers comply with information security policies can BEST be accomplished through the use of:

Options:

A.

contractual obligations.

B.

Independent audits

C.

service level agreements (SLAs).

D.

industry standard alignment.

Question 64

Which of the following metrics is the BEST measure of the effectiveness of an information security program?

Options:

A.

Reduction in the number of threats to an organization

B.

Reduction In the cost of risk remediation for an organization

C.

Reduction in the amount of risk exposure in an organization

D.

Reduction In the number of vulnerabilities in an organization

Question 65

Which of the following has the PRIMARY responsibility of ensuring an organizations information security strategy supports business goals?

Options:

A.

Chief information security officer (CISO)

B.

Information security steering committee

C.

Audit committee

D.

Chief executive officer (CEO)

Question 66

Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?

Options:

A.

Conducting a business impact analysis (BIA)

B.

Conducting information security awareness training

C.

Integrating security requirements with processes

D.

Performing security assessments and gap analyses

Question 67

Which of the following is the PRIMARY purpose for establishing a bring your own device (BYOD) policy that only permits application downloads from designated online markets.

Options:

A.

Enhance IT application support for users.

B.

Protect against malware-based attacks.

C.

Conserve storage for approved applications.

D.

Allow IT to monitor application usage.

Question 68

Which of the following is the PRIMARY reason for performing an analysis of the threat landscape on a regular basis?

Options:

A.

To determine if existing business continuity plans are adequate

B.

To determine the basis for proposing an increase in security budgets

C.

To determine if existing vulnerabilities present a risk

D.

To determine critical information for executive management

Question 69

An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?

Options:

A.

Provide the estimated return on investment (ROI)

B.

Provide an analysis of current risk exposures.

C.

Include historical data of reported incidents.

D.

include industry benchmarking comparisons.

Question 70

Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?

Options:

A.

Rehearsing incident response procedures rote, and responsibilities

B.

Providing annual awareness training regarding incident response for team members

C.

Validating the incident response plan against industry best practices

D.

Defining modern seventy levels during a business impact analysis (BIA)

Question 71

An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?

Options:

A.

Ensure an audit of the provider is conducted to identify control gaps.

B.

Review the provider's information security policies and procedures.

C.

Obtain documentation of the encryption management practices.

D.

Verify the provider follows a cloud service framework standard.

Question 72

Which of the following MUST be established before implementing a data loss prevention (DLP) system?

Options:

A.

A data backup policy

B.

A data recovery policy

C.

Data classification

D.

Privacy impact assessment

Question 73

What should an information security team do FIRST when notified by the help desk that an employee's computer has been infected with ma I ware?

Options:

A.

Isolate the computer from the network.

B.

Take a forensic copy of the hard drive.

C.

Use anti-malware software to clean the infected computer.

D.

Restore the files from a secure backup.

Question 74

Which of the following sites is MOST appropriate in the case of a very short recovery time objective (RTO)?

Options:

A.

Redundant

B.

Mobile

C.

Warm

D.

Shared

Question 75

Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?

Options:

A.

Requesting senior management to periodically review security incidents

B.

Establishing a change control process for continued updating of security policies

C.

Implementing an automated solution for monitoring information security processes

D.

Establishing metrics to measure the effectiveness of the information security program

Question 76

Which of the following is the information security manager's PRIMARY role in the information assets classification process?

Options:

A.

Developing an asset classification model

B.

Assigning the asset classification level

C.

Securing assets in accordance with their classification

D.

Assigning asset ownership

Question 77

An organization establishes an internal document collaboration site. To ensure data confidently of each project group, it is MOST important to:

Options:

A.

Prohibit remote access to the site

B.

Periodically recertify access rights.

C.

Conduct vulnerability assessment

D.

Enforce document life cycle management

Question 78

Which of the following BEST protects against phishing attacks?

Options:

A.

Email filtering

B.

Security strategy training

C.

Application whitelisting

D.

Network encryption

Question 79

Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

Options:

A.

Ensuring that key controls are embedded in the processes

B.

Providing information security policy training to the process owners

C.

Allocating sufficient resources

D.

Identifying risks in the processes and managing those risks

Question 80

Which of the following is MOST important when developing a security strategy?

Options:

A.

Management direction on security

B.

A well-defined security organization

C.

Sufficient resource allocation by management

D.

A risk-aware security culture

Question 81

When establishing an information security strategy, which of the following activities Is MOST helpful in Identifying critical areas to be protected?

Options:

A.

Adopting an information security framework

B.

Establishing a baseline of network operations

C.

Conducting a risk assessment

D.

Performing vulnerability scans

Question 82

A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:

Options:

A.

data is encrypted in transit and at rest

B.

data sharing complies with local laws and regulations at both locations.

C.

a nondisclosure agreement is signed.

D.

risk coverage is split between the two locations sharing data.

Question 83

System logs and audit logs for sensitive systems should be stored

Options:

A.

on a shared Internal server

B.

on a dedicated encrypted storage server,

C.

In an encrypted folder on each server.

D.

on a cold site server.

Question 84

Which of the following is the MOST effective way for an information security manager to protect the organization from misuse of social media?

Options:

A.

Deliver regular social media awareness training to all employees.

B.

Hire a social media manager to control content delivered via social media.

C.

Restrict the use of social media on corporate networks and devices

D.

Scan social media platforms for company references

Question 85

Which of the following BEST supports effective information security governance"*

Options:

A.

A steering committee is established

B.

A baseline risk assessment is performed.

C.

Compliance with regulations is demonstrated.

D.

The information security manager develops the strategy

Question 86

Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?

Options:

A.

Ability to enforce contractual obligations

B.

Ability to meet service level agreements (SLAs)

C.

Ability to logically separate client data

D.

Ability to meet business resiliency requirements

Question 87

Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

Options:

A.

Establishing a steering committee

B.

Molding periodic meetings with business owners

C.

Creating communication channels

D.

Promoting security training

Question 88

An online trading company discovers that a network attack has penetrated the firewall What should be the information security manager's FIRST response?

Options:

A.

Implement mitigating controls

B.

Examine firewall logs to identity the attacker

C.

Notify the regulatory agency of the incident

D.

Evaluate the impact to the business.

Question 89

Which of the following is MOST effective in the strategic alignment of security initiatives?

Options:

A.

A security steering committee is set up within the IT deployment.

B.

Key information security policy are updated on a regular basis

C.

Policies are created with input from business unit managers.

D.

Business leaders participate in information security decision making

Question 90

Which of the following provides the MOST essential input for the development of an information security strategy?

Options:

A.

Availability of capable information security resources

B.

Measurement of security performance against IT goals

C.

Results of a technology risk assessment

D.

Results of an information security gap analysis

Question 91

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

Options:

A.

Inducting information security clauses within contracts

B.

Auditing the service delivery of third-party providers

C.

Requiring third parties to sign confidentiality agreements

D.

Providing information security training to third-party personnel

Question 92

An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?

Options:

A.

Data isolation

B.

Data classification

C.

Data transfer

D.

Data backup

Question 93

The BEST way to avoid session hijacking is to use:

Options:

A.

strong password controls.

B.

a reverse lookup.

C.

a secure protocol.

D.

a firewall

Question 94

The MOST important objective of security awareness training for business staff is to:

Options:

A.

modify behavior

B.

understand intrusion methods

C.

reduce negative audit findings

D.

increase compliance.

Question 95

Which of the following should be done FIRST when establishing security measures for personal data stored and processed on a human resources….system?

Options:

A.

Evaluate data encryption technologies.

B.

Conduct a vulnerability assessment.

C.

Move the system into a separate network.

D.

Conduct a privacy impact assessment (PIA).

Question 96

An organization is considering moving to a cloud service provider for the storage of sensitive data. Which of the following should be considered FIRST?

Options:

A.

Requirements for data encryption

B.

Results of the cloud provider's control report

C.

A destruction-of-data clause in the contract

D.

Right to terminate clauses in the contract

Question 97

Which of the following is the MOST effective method of preventing deliberate internal security breaches?

Options:

A.

Well-designed firewall system

B.

Biometric security access control

C.

Screening prospective employees

D.

Well-designed intrusion detection system (IDS)

Question 98

The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:

Options:

A.

document the disaster recovery process.

B.

obtain the support of executive management.

C.

map the business process to supporting IT and other corporate resources.

D.

identify critical processes and the degree of reliance on support services.

Question 99

The responsibility for approving access to data according to the organization's data classification policy belongs to the:

Options:

A.

data owner

B.

system administrator.

C.

data end user

D.

information security manager

Question 100

Which of the following is MOST effective against system intrusions?

Options:

A.

Continuous monitoring

B.

Two-factor authentication

C.

Layered protection

D.

Penetration testing

Question 101

An organization enacted several information security policies to satisfy regulatory requirements. Which of the following situations would MOST likely increase the probability of noncompliance to these requirements?

Options:

A.

Lack of training for end users on security policies

B.

Inadequate buy-in from system owners to support the policies

C.

Availability of security policy documents on a public website

D.

Lack of an information security governance framework

Question 102

An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Report the noncompliance to the board of directors.

B.

Prioritize the risk and implement treatment options.

C.

Inform respective risk owners of the impact of exceptions.

D.

Design mitigating controls for the exceptions.

Question 103

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?

Options:

A.

Conduct vulnerability assessments on social network platforms

B.

Develop security controls for the use of social networks

C.

Assess the security risk associated with the use of social networks

D.

Establish processes to publish content on social networks

Question 104

Which of the following is MOST important for an information security manager to ensure is included in a business case for a new security system?

Options:

A.

Risk reduction associated with the system

B.

Benchmarking results

C.

Effectiveness of controls

D.

Audit-logging capabilities

Question 105

Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?

Options:

A.

Critical audit findings

B.

Number of reported security incidents

C.

Compliance risk assessment

D.

Industry comparison analysis

Question 106

Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?

Options:

A.

Require staff to sign confidentiality agreements.

B.

Provide regular security awareness training.

C.

Develop a RAO matrix for the organization.

D.

Specify information security responsibilities in job descriptions.

Question 107

Which of the following is the MOST important outcome of a well-implemented awareness program?

Options:

A.

Help desk response time to resolve incidents is improved.

B.

The number of successful social engineering attacks is reduced.

C.

The board is held accountable for risk management.

D.

The number of reported security incidents steadily decreases.

Question 108

Which of the following is the MOST important component of a risk profile?

Options:

A.

Data classification results

B.

Risk management framework

C.

Risk assessment methodology

D.

Penetration test results

Question 109

The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Options:

A.

senior management approval of the information security budgets.

B.

improved efficiencies of security operations.

C.

information security controls that reduce enterprise risk.

D.

more effective security risk management processes.

Question 110

When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

Options:

A.

Encryption

B.

Retention

C.

Report distribution

D.

Tuning

Question 111

After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

Options:

A.

Risk heat map

B.

Recent audit results

C.

Balanced scorecard

D.

Gap analysis

Question 112

An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients. The BEST approach to obtain the support of business management would be to:

Options:

A.

Present an analysis of the cost and benefit of the changes

B.

Elaborate on the positive impact to information security

C.

Present industry benchmarking results to business units

D.

Discuss the risk and impact of security incidents if not implemented

Question 113

As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?

Options:

A.

Determine new factors that could influence the information security strategy.

B.

Implement the current information security program in the acquired company.

C.

Merge the two information security programs to establish continuity.

D.

Ensure information security s included in any change control efforts

Question 114

The PRIMARY purpose of asset valuation for the management of information security is to:

Options:

A.

prioritize risk management activities.

B.

provide a basis for asset classification.

C.

determine the value of each asset

D.

eliminate the least significant assets.

Question 115

A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

Options:

A.

remain unchanged to avoid variations across the organization

B.

be updated to address emerging threats and vulnerabilities.

C.

be changed for different subsets of the systems to minimize impact,

D.

not deviate from industry best practice baselines.

Question 116

Which of the following would BEST assist an information security manager in gaining strategic support from executive management?

Options:

A.

Risk analysis specific to the organization

B.

Research on trends in global information security breaches

C.

Rating of the organization s security, based on international standards

D.

Annual report of security incidents within the organization

Question 117

Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?

Options:

A.

Existence of an industry-accepted framework

B.

Up-to-date policy and procedures documentation

C.

A report on the maturity of controls

D.

Results of an independent assessment

Question 118

Which of the following BEST reduces the likelihood of leakage of private information via email?

Options:

A.

User awareness training

B.

Email encryption

C.

Strong user authentication protocols

D.

Prohibition on the personal use of email

Question 119

When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

Options:

A.

The security awareness programs

B.

Firewall logs

C.

The risk management processes

D.

Post-incident analysis results

Question 120

Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?

Options:

A.

Recovery time objectives (RTOs)

B.

Mission, goals and objectives

C.

Incident response maturity assessment

D.

Documentation from preparedness tests

Question 121

Which of the following BEST enables an effective escalation process within an incident response program?

Options:

A.

Dedicated funding for incident management

B.

Adequate incident response staffing

C.

Monitored program metrics

D.

Defined incident thresholds

Question 122

Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?

Options:

A.

Mature security policy

B.

Information security roles and responsibilities

C.

Organizational information security awareness

D.

Organizational culture

Question 123

The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:

Options:

A.

assign accountability for transactions made with the user's ID.

B.

maintain compliance with industry best practices.

C.

serve as evidence of security awareness training.

D.

maintain an accurate record of users access rights

Question 124

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification foi granting an exception to the policy?

Options:

A.

Access is restricted to read-only.

B.

USB storage devices are enabled based on user roles

C.

Users accept the risk of noncompliance.

D.

The benefit is greater than the potential risk

Question 125

The MOST important factors in determining the scope and timing for testing a business continuity plan are:

Options:

A.

the experience level of personnel and the function location.

B.

prior testing results and the degree of detail of the business continuity plan

C.

the importance of the function to be tested and the cost of testing,

D.

manual processing capabilities and the test location

Question 126

The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Options:

A.

key performance indicators (KPIs).

B.

compliance with industry regulations.

C.

timeliness m responding to attacks.

D.

level of support from senior management.

Question 127

Which of the following is the MOST important reason to develop an organizational threat profile?

Options:

A.

To support business cases for information security investments

B.

To support risk treatment decisions

C.

To develop threat briefings for senior management

D.

To implement a proactive approach for threat management

Question 128

Which of the following should be the FIRST course of action when it becomes apparent that the recovery time objective (RTO) will not be met during incident response

Options:

A.

Escalate the emergency status rating.

B.

Request additional financial recovery resources.

C.

Notify the risk management team.

D Modify the RTO as needed

Question 129

Which of the following BEST facilitates the development of a comprehensive information security policy?

Options:

A.

Key performance indicators (KPIs)

B.

References to known industry standards

C.

An established internal audit program

D.

An adequately funded information security budget

Question 130

An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?

Options:

A.

Report violations to senior management.

B.

Provide awareness training to end users.

C.

Require management approval for policy exceptions.

D.

Implement a mobile device management (MDM) solution.

Question 131

Which of the following would be an information security manager's BEST course of action upon learning a third-party cloud provider is not meeting information security with regard to data encryption?

Options:

A.

Report the risk to relevant stakeholders.

B.

Recommend compensating controls to mitigate the risk.

C.

Provide a date of remediation to the cloud provider.

D.

Discontinue engagement with the cloud provider.

Question 132

Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Options:

A.

Maintaining chain of custody

B.

Notifying the relevant stakeholders

C.

Identifying the relevant strain of malware

D.

Determining the classification of stored data

Question 133

Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?

Options:

A.

Establish a storing committee with representation from across the organization.

B.

Appoint a business manager as head of information security

C.

Promote organization-wide information security awareness campaigns.

D.

Develop the information security strategy based on the enterprise strategy

Question 134

Which of the following is the BEST evidence that proper security monitoring controls are in place?

Options:

A.

The intrusion detection system (IDS) generates potential alerts.

B.

Mature escalation procedures are in place for incidents

C.

Staff regularly report suspicious activity.

D.

Incidents are contained before they cause damage

Question 135

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Options:

A.

Providing ongoing training to the incident response team

B.

Implementing proactive systems monitoring

C.

Implementing a honeypot environment

D.

Updating information security awareness materials

Question 136

The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:

Options:

A.

threats to the organization may change.

B.

compliance with legal and regulatory standards should be reassessed.

C.

control effectiveness may weaken.

D.

controls should be regularly tested.

Question 137

After assessing risk, the decision to treat the risk should be based PRIMARILY on:

Options:

A.

whether the level of risk exceeds risk appetite.

B.

the criticality of the risk.

C.

whether the level of risk exceeds inherent risk.

D.

availability of financial resources.

Question 138

A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

Options:

A.

Implement security assessments throughout the systems development life cycle.

B.

Conduct regular security audits during system implementation stages.

C.

Require penetration tests before production implementation.

D.

Train and test system developers m secure coding practices.

Question 139

Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following is the manager s BEST course of action?

Options:

A.

Perform a vulnerability assessment of the acquired company s infrastructure.

B.

Add the outstanding risk to the acquiring organization's risk registry

C.

Re-assess the outstanding risk of the acquired company.

D.

Re-evaluate the risk treatment plan for the outstanding risk.

Question 140

Which of the following is the MOST important consideration when developing an incident management program?

Options:

A.

IT architecture

B.

Impact assessment

C.

Risk assessment

D.

Escalation procedures

Question 141

Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Create a security exception

B.

Perform a vulnerability assessment

C.

Assess the risk to business operations

D.

Perform a gap analysis to determine needed resources.

Question 142

In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

Options:

A.

Business or rote-based segmentation

B.

Log analysis of system access

C.

Using security groups

D.

Encryption of data traversing networks

Question 143

Which of the following is the MOST important element of a response plan for IT security incidents?

Options:

A.

Requirements for investigative evidence

B.

Appropriate team members

C.

Test plans for containment and recovery procedures

D.

Guidelines for preserving digital evidence

Question 144

Which of the following provides the BEST evidence that a recently established information security program is effective?

Options:

A.

The number of reported incidents has increased

B.

Senior management has reported fewer junk emails

C.

Regular IT balanced scorecards are communicated

D.

The number of tickets associated with IT incidents have stayed consistent

Question 145

An IT department has given a vendor remote access to the internal network for troubleshooting network performance problems. After discovering the remote activity during a firewall log review, which of the following is the FIRST course of action for an information security manager?

Options:

A.

Determine the level of access granted

B.

Review the related service level agreement (SLA).

C.

Revoke the access.

D.

Declare a security incident.

Question 146

Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?

Options:

A.

Results of a vulnerability scan

B.

Results of a security pokey review

C.

Results of a security risk assessment

D.

Results of a red team exercise

Question 147

An organization's operations have been significantly impacted by a cyber attack resulting in data loss. Once the attack has been contained, what should the security team.

Options:

A.

Perform a root cause analysis.

B.

Conduct a lessons learned exercise.

C.

Implement compensating controls.

D.

Update the incident response plan.

Question 148

Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:

Options:

A.

executive management

B.

chief information security officer (CISO).

C.

steering committee.

D.

board of directors.

Question 149

Human resources is evaluating potential Software as a Service (SaaS) cloud services, Which of the following should the information security manager do FIRST to support..

Options:

A.

Conduct a security audit on the cloud service providers.

B.

Review the cloud service providers" controls reports.

C.

Perform a cost-benefit analysis of using cloud services.

D.

Perform a risk assessment of adopting cloud services.

Question 150

Which of the following would BEST enable management to be aware of an electronic breach to an externally hosted database?

Options:

A.

Implement a dedicated firewall configured to block suspicious activity.

B.

Obligate the vendor to report suspicious activity and database breaches.

C.

Implement tog monitoring of the database environment for suspicious activity.

D.

Review independent audit reports of the vendors data center environment.

Question 151

Which of the following would provide nonrepudiation of electronic transactions?

Options:

A.

Two-factor authentication

B.

Periodic reaccredinations

C.

Third-party certificates

D.

Receipt acknowledgment

Question 152

Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Options:

A.

Statistical pattern recognition

B.

Attack signatures

C.

Heuristic analysis

D.

Traffic analysis

Question 153

Which of the following is the MOST important reason for performing vulnerability assessments periodically?

Options:

A.

The current threat levels are being assessed.

B.

Technology risks must be mitigated.

C.

The environment changes constantly.

D.

Management requires regular reports.

Question 154

It is suspected that key emails have been viewed by unauthorized parties. The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing. Which of the following is the BEST recommended course of action to senior management?

Options:

A.

Commence security training for staff at the organization.

B.

Rebuild the email application

C.

Arrange for an independent review.

D.

Restrict the distribution of confidential emails.

Question 155

Which of the following is the- PRIMARY objective of an incident communication plan?

Options:

A.

To convey information about the incident to those affected by it

B.

To prevent reputation damage to the organization

C.

To prevent unannounced visits from the media during crisis

D.

To fulfill regulatory requirements for incident response

Question 156

Which of the following is MOST important to enable after completing action plan?

Options:

A.

Threat profile

B.

Inherent risk

C.

Residual risk

D.

Vulnerability landscape

Question 157

Which of the following is the BKT approach for an information security manager when developing new information security policies?

Options:

A.

Create a stakeholder nap

B.

Reference an industry standard.

C.

Establish an information security governance committee

D.

Download a policy template

Question 158

In an organization with effective IT risk management, the PRIMARY reason to establish key risk indicators (KRIs) is to:

Options:

A.

provide information to remediate risk events.

B.

demonstrate the alignment of risk management efforts.

C.

map potential risk to key organizational strategic initiatives.

D.

identify triggers that exceed risk thresholds

Question 159

During an emergency security incident, which of the following would MOST likely predict the worst-case scenario?

Options:

A.

Cost-benefit analysis report

B.

Business impact analysis (B1A) report

C.

Risk assessment report

D.

Vulnerability assessment report

Question 160

Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:

Options:

A.

threat perspective.

B.

compliance perspective

C.

risk perspective.

D.

policy perspective.

Question 161

An organization is MOST at risk from a new worm being introduced through the intranet when:

Options:

A.

desktop virus definition files are not up to date

B.

system software does not undergo integrity checks.

C.

hosts have static IP addresses.

D.

executable code is run from inside the firewall

Question 162

Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:

Options:

A.

perform a cost-benefit analysis.

B.

perform a risk assessment.

C.

review firewall configuration.

D.

review the security policy.

Question 163

Which of the following will BEST help to ensure security is addressed when developing a custom application?

Options:

A.

Conducting security training for the development staff

B.

Integrating security requirements into the development process

C.

Requiring a security assessment before implementation

D.

Integrating a security audit throughout the development process

Question 164

Which of the following provides the MOST relevant evidence of incident response maturity?

Options:

A.

Red team testing results

B.

Average incident closure time

C.

Independent audit assessment

D.

Tabletop exercise results

Question 165

Which of the following BEST indicates senior management support for an information security program?

Options:

A.

Detailed information security policies are established and regularly reviewed.

B.

The information security manager meets regularly with the lines of business.

C.

Key performance indicators (KPIs) are defined for the information security program.

D.

Risk assessments are conducted frequently by the information security team.

Question 166

An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:

Options:

A.

perform a gap analysis of compliance requirements

B.

assess the penalties for noncompliance.

C.

review the organization s most recent audit report

D.

determine the cost of compliance

Question 167

Which of the following contributes MOST to the effective implementation of an information security strategy?

Options:

A.

Reporting of security metrics

B.

Regular security awareness training

C.

Endorsement by senior management

D.

Implementation of security standards

Question 168

Following a successful and well-publicized hacking incident, an organization alias plans to improve application security. Which of the following is a security project risk?

Options:

A.

Critical evidence may be lost.

B.

The reputation of the organization may be damaged

C.

A trapdoor may have been installed m the application.

D.

Resources may not be available to support the implementation.

Question 169

Which of the following is the BEST way to increase the visibility of information security within an organization's culture?

Options:

A.

Requiring cross-functional information security training

B.

Implementing user awareness campaigns for the entire company

C.

Publishing an acceptable use policy

D.

Establishing security policies based on industry standards

Question 170

Which of the following is MOST important when selecting a third-party security operations center?

Options:

A.

Indemnity clauses

B.

Independent controls assessment

C.

Incident response plans

D.

Business continuity plans

Question 171

The PRIMARY benefit of integrating information security risk into enterprise risk management is to:

Options:

A.

ensure timely risk mitigation.

B.

justify the information security budget

C.

obtain senior management’s commitment.

D.

provide a holistic view of risk

Question 172

Which of the following is MOST likely to drive an update to the information security strategy?

Options:

A.

A recent penetration test has uncovered a control weakness.

B.

A major business application has been upgraded.

C.

Management has decided to implement an emerging technology.

D.

A new chief technology officer has been hired

Question 173

Which of the following is the MOST effective method for assessing the effectiveness of a security awareness program?

Options:

A.

Post-incident review

B.

Social engineering test

C.

Vulnerability scan

D.

Tabletop test

Question 174

For a business operating in a competitive and evolving online market, it is MOST important for a security policy to focus on:

Options:

A.

defining policies for new technologies.

B.

enabling adoption of new Technologies.

C.

requiring accreditation for new technologies.

D.

managing risks of new technologies

Question 175

The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

Options:

A.

has not been updated with the latest patches

B.

is hosted by a cloud service provider

C.

has performance issues

D.

is not collecting logs from relevant devices.

Question 176

During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

Options:

A.

Report The situation to the data owner.

B.

Train the customer service team on properly controlling file permissions.

C.

Isolate the server from the network.

D.

Remove access privileges to the folder containing the data.

Question 177

Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

Options:

A.

Key risk indicators (KRIs)

B.

Capability maturity models

C.

Key performance indicators (KPls)

D.

Critical success factors (CSFs)

Question 178

Which of the following is an example of a deterrent control?

Options:

A.

Segregation of responsibilities

B.

Periodic data restoration

C.

An intrusion detection system (IDS)

D.

a warning banner

Question 179

Which of the following is the BEST way to provide management with meaningful information regarding the performance of the information security program against strategic objectives?

Options:

A.

Develop an information security heat map.

B.

Issue periodic reports to demonstrate compliance with security standards.

C.

Publish the information security strategy across the organization.

D.

Establish a balanced scorecard dashboard.

Question 180

In which of the following situations is it MOST important to escalate an incident response to senior management?

Options:

A.

The owner of the affected business function is not available.

B.

The time-related service levels for response are below risk threshold levels.

C.

The impact of the incident exceeds the organization's risk tolerance.

D.

The incident impacts a business-critical system.

Question 181

Which of the following is MOST important when establishing effective information security metrics?

Options:

A.

Receiving senior management approval

B.

Mapping each metric to a specific control

C.

Understanding the business objectives

D.

Mapping each metric to information security objectives

Question 182

Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?

Options:

A.

Identifying critical business processes

B.

Identifying key business risks

C.

Identifying risk mitigation options

D.

Identifying the threat environment

Question 183

An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST"

Options:

A.

Security operations team

B.

Application owners

C.

Data owners

D.

Communications department

Question 184

Which of the following is the BEST approach for determining the maturity level of an information security program?

Options:

A.

Engage a third-party review.

B.

Review internal audit results.

C.

Evaluate key performance indicators (KPls).

D.

Perform a self-assessment.

Question 185

Which of the following is MOST important for an information security manager to include in a report to senior management following a post-incident review?

Options:

A.

Lessons learned

B.

Snapshot of system logs

C.

The incident response plan

D.

Detailed metrics

Question 186

Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?

Options:

A.

Security management processes aligned with security objectives

B.

The existing organizational security culture

C.

Organizational security controls deployed in line with regulations

D.

Security policies that adhere to industry best practices

Question 187

Which of the following BEST supports the risk assessment process to determine criticality of an asset?

Options:

A.

Threat assessment

B.

Vulnerability assessment

C.

Business impact analysis (BIA)

D.

Residual risk analysis

Question 188

An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

Options:

A.

Ensure a security audit is performed of the service provider.

B.

Ensure the service provider has the appropriate certifications.

C.

Explain security issues associated with the solution to management.

D.

Determine how to securely implement the solution.

Question 189

Which of the following is MOST important to consider when developing a disaster recovery plan?

Options:

A.

Business continuity plan (BCP)

B.

Business impact analysis (BIA)

C.

Cost-benefit analysis

D.

Feasibility assessment

Question 190

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.

Define the issues to be addressed.

B.

Conduct a feasibility study.

C.

Calculate the total cost of ownership (TCO).

D.

Perform a cost-benefit analysis.

Question 191

Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?

Options:

A.

Demonstrate that implemented program controls are effective.

B.

Demonstrate that the program enables business activities.

C.

Demonstrate an increase in ransomware attacks targeting peer organizations.

D.

Demonstrate the readiness of business continuity plans.

Question 192

A recent phishing attack investigation showed that several employees had used their work email addresses to create personal accounts on a shopping site that had been breached. What is the BEST way to prevent this

Options:

A.

Update the incident response plan to address this situation.

B.

Send periodic fake phishing emails to employees and track responses.

C.

Conduct information security awareness training for employees.

D.

Block personal shopping sites using proxy filtering.

Question 193

The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

Options:

A.

assessed level of security risk at a particular point m time.

B.

current and target security state for the business.

C.

security program priorities to achieve an accepted risk level.

D.

level of compliance with internal policy.

Question 194

Which of the following is the MOST important part of an incident response plan?

Options:

A.

Recovery time objective (RTO)

B.

Business impact analysis (BIA)

C.

Recovery point objective (RPO)

D.

Mean time to report (MTR)

Question 195

Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?

Options:

A.

Assess the risk associated with the cloud services.

B.

Create an information security action plan.

C.

Determine information security requirements for the cloud.

D.

Develop key risk indicators (KRIs).

Question 196

Which of the following tools BEST demonstrates the effectiveness of the information security program?

Options:

A.

Key risk indicators (KRls)

B.

A security balanced scorecard

C.

Risk heat map

D.

Management satisfaction surveys

Question 197

What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?

Options:

A.

Remove the recommendations.

B.

Document the decision.

C.

Perform a reassessment.

D.

Implement the recommendations.

Question 198

Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?

Options:

A.

Roles and responsibilities matrix

B.

Job descriptions

C.

Skills inventory

D.

RACl chart

Question 199

An investigation of a recent security incident determined that the root cause was negligent handling of incident alerts by system administrators. What is the BEST way for the information security manager to address this issue?

Options:

A.

Provide incident response training to data custodians.

B.

Revise the incident response plan to align with business processes.

C.

Conduct a risk assessment and share the results with senior management.

D.

Provide incident response training to data owners.

Question 200

An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?

Options:

A.

The information security strategy

B.

The information security policy

C.

The organization's risk appetite

D.

The organization's cost of noncompliance

Demo: 200 questions
Total 1491 questions