Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Isaca CISM Certified Information Security Manager Exam Practice Test

Demo: 283 questions
Total 954 questions

Certified Information Security Manager Questions and Answers

Question 1

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Question 2

Which of the following devices, when placed in a demilitarized zone (DMZ), would be considered the MOST significant exposure?

Options:

A.

Mail relay server

B.

Proxy server

C.

Database server

D.

Application server

Question 3

The PRIMARY advantage of single sign-on (SSO) is that it will:

Options:

A.

increase efficiency of access management

B.

increase the security of related applications.

C.

strengthen user passwords.

D.

support multiple authentication mechanisms.

Question 4

A business continuity plan (BCP) should contain:

Options:

A.

Hardware and software inventories

B.

Data restoration procedures

C.

Information about eradication activities

D.

Criteria for activation

Question 5

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Question 6

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Options:

A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Question 7

Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?

Options:

A.

Including a situational forecast

B.

Using appropriate language for the target audience

C.

Including trend charts for metrics

D.

Using a rating system to demonstrate program effectiveness

Question 8

Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?

Options:

A.

Information security manager

B.

Chief risk officer (CRO)

C.

Information security steering committee

D.

Risk owner

Question 9

Which of the following has the GREATEST influence on the successful integration of information security within the business?

Options:

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Question 10

Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?

Options:

A.

Risk heat map.

B.

Security benchmark report.

C.

Security metrics dashboard.

D.

Key risk indicators (KRIs).

Question 11

Spoofing should be prevented because it may be used to:

Options:

A.

gain illegal entry to a secure system by faking the sender's address,

B.

predict which way a program will branch when an option is presented

C.

assemble information, track traffic, and identify network vulnerabilities.

D.

capture information such as passwords traveling through the network

Question 12

Which of the following is the BEST indication of a mature information security program?

Options:

A.

Security incidents are managed properly.

B.

Security spending is below budget.

C.

Security resources are optimized.

D.

Security audit findings are reduced.

Question 13

Which of the following is the PRIMARY reason to conduct a post-incident review?

Options:

A.

To aid in future risk assessments

B.

To improve the response process

C.

To determine whether digital evidence is admissible

D.

To notify regulatory authorities

Question 14

Of the following, who is in the BEST position to evaluate business impacts?

Options:

A.

Senior management

B.

Information security manager

C.

IT manager

D.

Process manager

Question 15

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents.

B.

identify vulnerabilities.

C.

identify control improvements.

D.

identify the root cause.

Question 16

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Options:

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Question 17

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization's data by the user

D.

Monitoring how often the smartphone is used

Question 18

Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?

Options:

A.

The risks are reported to the business unit’s senior management

B.

The risks are escalated to the IT department for remediation

C.

The risks are communicated to the central risk function

D.

The risks are entered in the organization's risk register

Question 19

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Options:

A.

Incorporating lessons learned

B.

Implementing an IT resilience solution

C.

Implementing management reviews

D.

Documenting critical business processes

Question 20

Which of the following is the MOST likely reason for a vulnerability scanner to return incomplete results?

Options:

A.

Unauthenticated vulnerability scans are being performed.

B.

Scan results are not ingested into a security information and event management (SIEM) tool.

C.

Host names have not been fully enumerated.

D.

Zero-day vulnerability signatures have not been ingested.

Question 21

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Options:

A.

Maturity of the security policy

B.

Clarity of security roles and responsibilities

C.

Corporate culture

D.

Corporate risk framework

Question 22

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Options:

A.

Responsible entities

B.

Key risk indicators (KRIS)

C.

Compensating controls

D.

Potential business impact

Question 23

Which of the following BEST enables an organization to determine the costs of downtime for a critical application?

Options:

A.

Fault tree analysis

B.

Cost-benefit analysis

C.

Return on investment (ROI) analysis

D.

Business impact analysis (BIA)

Question 24

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Question 25

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Question 26

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

Options:

A.

Centralized logging

B.

Time clock synchronization

C.

Available forensic tools

D.

Administrator log access

Question 27

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Question 28

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

Options:

A.

To ensure separation of duties is maintained

B.

To ensure system audit trails are not bypassed

C.

To prevent accountability issues

D.

To prevent unauthorized user access

Question 29

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?

Options:

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Question 30

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Question 31

Which of the following is MOST important to have in place when conducting a security control assessment of a system?

Options:

A.

Control specifications

B.

Assurance test plan

C.

Scanning tools

D.

Security documentation

Question 32

Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?

Options:

A.

Number of security incidents reported to the help desk

B.

Percentage of employees who regularly attend security training

C.

Percentage of employee computers and devices infected with malware

D.

Number of phishing emails viewed by end users

Question 33

An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?

Options:

A.

The vendor's data centers are in the same geographic region.

B.

The encryption keys are not provisled to the vendor.

C.

The vendor's controls are in line with the organization's security standards.

D.

Independent audits of the vendor's operations are regularly conducted.

Question 34

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?

Options:

A.

Local regulatory requirements

B.

Global framework standards

C.

Cross-border data mobility

D.

Training requirements of the framework

Question 35

An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Options:

A.

Wipe the affected system.

B.

Notify internal legal counsel.

C.

Notify senior management.

D.

Isolate the impacted endpoints.

Question 36

Which of the following BEST facilitates effective strategic alignment of security initiatives?

Options:

A.

The business strategy is periodically updated

B.

Procedures and standards are approved by department heads.

C.

Periodic security audits are conducted by a third-party.

D.

Organizational units contribute to and agree on priorities

Question 37

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

Options:

A.

Implement multi-factor authentication.

B.

Increase the frequency of log monitoring and analysis.

C.

Implement a security information and event management system (SIEM),

D.

Increase the sensitivity of intrusion detection systems (IDSs).

Question 38

Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?

Options:

A.

Mitigate

B.

Avoid

C.

Transfer

D.

Accept

Question 39

Which of the following is MOST important when defining how an information security budget should be allocated?

Options:

A.

Regulatory compliance standards

B.

Information security strategy

C.

Information security policy

D.

Business impact assessment

Question 40

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

Options:

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Question 41

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Question 42

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Options:

A.

IT strategy

B.

Recovery strategy

C.

Risk mitigation strategy

D.

Security strategy

Question 43

A PRIMARY purpose of creating security policies is to:

Options:

A.

define allowable security boundaries.

B.

communicate management's security expectations.

C.

establish the way security tasks should be executed.

D.

implement management's security governance strategy.

Question 44

Which of the following tools would be MOST helpful to an incident response team?

Options:

A.

Intrusion detection system (IDS)

B.

Endpoint detection and response (EDR) solution

C.

User and entity behavior analytics

D.

Vulnerability scanning tools

Question 45

Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

Options:

A.

Crisis management plan

B.

Disaster recovery plan (DRP)

C.

Incident response plan

D.

Business continuity plan (BCP)

Question 46

Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

Options:

A.

Incident response plan

B.

Disaster recovery plan (DRP)

C.

Business continuity plan (BCP)

D.

Vulnerability management plan

Question 47

A global organization is considering its geopolitical security risks. Which of the following is the information security manager's BEST approach?

Options:

A.

Seek advice from environmental and physical security experts

B.

Implement a third-party risk management framework

C.

Implement controls that deny access from specific jurisdictions

D.

Seek advice from enterprise risk and legal experts

Question 48

Which type of control is an incident response team?

Options:

A.

Preventive

B.

Detective

C.

Corrective

D.

Directive

Question 49

Which of the following BEST facilitates the effective execution of an incident response plan?

Options:

A.

The plan is based on risk assessment results.

B.

The response team is trained on the plan

C.

The plan is based on industry best practice.

D.

The incident response plan aligns with the IT disaster recovery plan (DRP).

Question 50

Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?

Options:

A.

Ensuring the continued resilience and security of IT services

B.

Decreasing the percentage of security deployments that cause failures in production

C.

Reducing the number of control assessments to optimize resources

D.

Identifying and addressing security team performance issues

Question 51

Which of the following BEST illustrates residual risk within an organization?

Options:

A.

Heat map

B.

Risk management framework

C.

Business impact analysis (BIA)

D.

Balanced scorecard

Question 52

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.

Increase the frequency of system backups.

B.

Review the mitigating security controls.

C.

Notify staff members of the threat.

D.

Assess the risk to the organization.

Question 53

Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?

Options:

A.

To prioritize security initiatives

B.

To avoid redundant controls

C.

To align with emerging risk

D.

To address end-user control complaints

Question 54

Which of the following is the PRIMARY objective of a cyber resilience strategy?

Options:

A.

Business continuity

B.

Regulatory compliance

C.

Employee awareness

D.

Executive support

Question 55

Which of the following is the MOST important characteristic of an effective information security metric?

Options:

A.

The metric expresses residual risk relative to risk tolerance.

B.

The metric is frequently reported to senior management.

C.

The metric directly maps to an industry risk management framework.

D.

The metric compares the organization's inherent risk against its risk appetite.

Question 56

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Question 57

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Question 58

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

Options:

A.

Perform a patch update.

B.

Conduct a risk assessment.

C.

Perform a penetration test.

D.

Conduct an impact assessment.

Question 59

When developing an incident escalation process, the BEST approach is to classify incidents based on:

Options:

A.

estimated time to recover.

B.

information assets affected.

C.

recovery point objectives (RPOs).

D.

their root causes.

Question 60

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Options:

A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Question 61

The effectiveness of an incident response team will be GREATEST when:

Options:

A.

the incident response team meets on a regular basis to review log files.

B.

the incident response team members are trained security personnel.

C.

the incident response process is updated based on lessons learned.

D.

incidents are identified using a security information and event monitoring {SIEM) system.

Question 62

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Perform a vulnerability assessment

B.

Perform a gap analysis to determine needed resources

C.

Create a security exception

D.

Assess the risk to business operations

Question 63

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Options:

A.

Industry benchmarks

B.

Security training test results

C.

Performance measures for existing controls

D.

Number of false positives

Question 64

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Question 65

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Question 66

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Options:

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Question 67

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:

Options:

A.

signature analysis.

B.

behavior analysis.

C.

penetration testing.

D.

data packet analysis.

Question 68

The PRIMARY purpose of vulnerability identification is to:

Options:

A.

Remediate vulnerabilities before they are exploited

B.

Discover control deficiencies

C.

Provide vulnerability identifiers for risk reporting

D.

Prioritize vulnerability remediation

Question 69

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Question 70

What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?

Options:

A.

Report the noncompliance to senior management.

B.

Assess the risk of noncompliance.

C.

Activate the incident response plan.

D.

Evaluate possible compensating controls.

Question 71

A security incident has been reported within an organization. When should an information security manager contact the information owner?

Options:

A.

After the incident has been contained

B.

After the incident has been mitigated

C.

After the incident has been confirmed

D.

After the potential incident has been logged

Question 72

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Options:

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Question 73

Which of the following is the BEST source of information to support an organization's information security vision and strategy?

Options:

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Question 74

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Options:

A.

Evaluate the security posture of the organization.

B.

Identify unmitigated risk.

C.

Prevent incident recurrence.

D.

Support business investments in security.

Question 75

A business impact analysis (BIA) should be periodically executed PRIMARILY to:

Options:

A.

validate vulnerabilities on environmental changes.

B.

analyze the importance of assets.

C.

check compliance with regulations.

D.

verify the effectiveness of controls.

Question 76

The categorization of incidents is MOST important for evaluating which of the following?

Options:

A.

Appropriate communication channels

B.

Allocation of needed resources

C.

Risk severity and incident priority

D.

Response and containment requirements

Question 77

Which of the following is the MOST essential element of an information security program?

Options:

A.

Benchmarking the program with global standards for relevance

B.

Prioritizing program deliverables based on available resources

C.

Involving functional managers in program development

D.

Applying project management practices used by the business

Question 78

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

Options:

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Question 79

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Options:

A.

Employees use smartphone tethering when accessing from remote locations.

B.

Employees physically lock PCs when leaving the immediate area.

C.

Employees are trained on the acceptable use policy.

D.

Employees use the VPN when accessing the organization's online resources.

Question 80

If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?

Options:

A.

Initiate the escalation process.

B.

Continue the investigation.

C.

Invoke the business continuity plan (BCP).

D.

Engage the crisis management team.

Question 81

A security incident has been reported within an organization When should an information security manager contact the information owner?

Options:

A.

After the incident has been mitigated

B.

After the incident has been confirmed.

C.

After the potential incident has been togged

D.

After the incident has been contained

Question 82

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

Options:

A.

Updated risk assessments

B.

Counts of information security incidents

C.

Audit reports

D.

Monthly metrics

Question 83

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Question 84

Which of the following is the BEST indication ofa successful information security culture?

Options:

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Question 85

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

Options:

A.

Implementing automated vulnerability scanning in the help desk workflow

B.

Changing the default setting for all security incidents to the highest priority

C.

Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

D.

Integrating incident response workflow into the help desk ticketing system

Question 86

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

Options:

A.

security metrics are included in the service level agreement (SLA).

B.

contract clauses comply with the organization's information security policy.

C.

the information security policy of the third-party service provider is reviewed.

D.

right to audit is included in the service level agreement (SLA).

Question 87

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Question 88

Which of the following BEST enables the assignment of risk and control ownership?

Options:

A.

Aligning to an industry-recognized control framework

B.

Adopting a risk management framework

C.

Obtaining senior management buy-in

D.

Developing an information security strategy

Question 89

Which of the following is MOST important for guiding the development and management of a comprehensive information security program?

Options:

A.

Adopting information security program management best practices

B.

Implementing policies and procedures to address the information security strategy

C.

Aligning the organization's business objectives with IT objectives

D.

Establishing and maintaining an information security governance framework

Question 90

Which of the following provides the BEST indication of the return on information security investment?

Options:

A.

Increased annualized loss expectancy (ALE)

B.

Increased number of reported incidents

C.

Reduced annualized loss expectancy (ALE)

D.

Decreased number of reported incidents

Question 91

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Options:

A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Question 92

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

)the information security officer.

B.

the steering committee.

C.

the board of directors.

D.

the internal audit manager.

Question 93

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Question 94

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Options:

A.

Metrics to drive the information security program

B.

Information security policies

C.

A defined security organizational structure

D.

An information security strategy

Question 95

Relationships between critical systems are BEST understood by

Options:

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Question 96

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Options:

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Question 97

The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of

GREATEST concern?

Options:

A.

Varying threat environments

B.

Disparate reporting lines

C.

Conflicting legal requirements

D.

Differences in work culture

Question 98

What is the PRIMARY objective of implementing standard security configurations?

Options:

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Minimize the operational burden of managing and monitoring unsupported systems.

C.

Control vulnerabilities and reduce threats from changed configurations.

D.

Compare configurations between supported and unsupported systems.

Question 99

An organization's quality process can BEST support security management by providing:

Options:

A.

security configuration controls.

B.

assurance that security requirements are met.

C.

guidance for security strategy.

D.

a repository for security systems documentation.

Question 100

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?

Options:

A.

Schedule patching based on the criticality.

B.

Install the patch immediately to eliminate the vulnerability.

C.

Conduct comprehensive testing of the patch.

D.

Validate the authenticity of the patch.

Question 101

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Question 102

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Question 103

What should be an information security manager's MOST important consideration when developing a multi-year plan?

Options:

A.

Ensuring contingency plans are in place for potential information security risks

B.

Ensuring alignment with the plans of other business units

C.

Allowing the information security program to expand its capabilities

D.

Demonstrating projected budget increases year after year

Question 104

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

Options:

A.

Limited liability clause

B.

Explanation of information usage

C.

Information encryption requirements

D.

Access control requirements

Question 105

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Options:

A.

Block IP addresses used by the attacker

B.

Redirect the attacker's traffic

C.

Disable firewall ports exploited by the attacker.

D.

Power off affected servers

Question 106

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Options:

A.

Data owner

B.

Business owner

C.

Information security manager

D.

Compliance manager

Question 107

A new risk has been identified in a high availability system. The BEST course of action is to:

Options:

A.

Perform a cost-benefit analysis for mitigating controls

B.

Recommend risk acceptance to the business owner

C.

Develop and implement a plan to mitigate the identified risk

D.

Evaluate and prioritize the identified risk

Question 108

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?

Options:

A.

Protection of business value and assets

B.

Identification of core business strategiesC, Easier entrance into new businesses and technologies

C.

Improved regulatory compliance posture

Question 109

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Options:

A.

relates the investment to the organization's strategic plan.

B.

translates information security policies and standards into business requirements.

C.

articulates management's intent and information security directives in clear language.

D.

realigns information security objectives to organizational strategy.

Question 110

Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Options:

A.

Mobile application control

B.

Inconsistent device security

C.

Configuration management

D.

End user acceptance

Question 111

Which of the following should be the PRIMARY basis for determining the value of assets?

Options:

A.

Cost of replacing the assets

B.

Business cost when assets are not available

C.

Original cost of the assets minus depreciation

D.

Total cost of ownership (TCO)

Question 112

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

Options:

A.

Notify the regulatory agency of the incident.

B.

Implement mitigating controls.

C.

Evaluate the impact to the business.

D.

Examine firewall logs to identify the attacker.

Question 113

Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

Options:

A.

select mobile device management (MDM) software.

B.

survey employees for requested applications.

C.

develop an acceptable use policy.

D.

review currently utilized applications.

Question 114

Which of the following provides the MOST comprehensive understanding of an organization's information security posture?

Options:

A.

Security maturity assessment results

B.

Threat analysis of the organization's environment

C.

Results of vulnerability assessments

D.

External penetration test findings

Question 115

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)

B.

Infrastructure as a Service (laaS)

C.

Platform as a Service (PaaS)

D.

Software as a Service (SaaS)

Question 116

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Options:

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Question 117

Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Options:

A.

A patch management process

B.

Version control

C.

Change management controls

D.

Logical access controls

Question 118

When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?

Options:

A.

The information available about the vulnerability

B.

The sensitivity of the asset and the data it contains

C.

IT resource availability and constraints

D.

Whether patches have been developed and tested

Question 119

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

Options:

A.

Mapping risk scenarios according to sensitivity of data

B.

Reviewing mitigating and compensating controls for each risk scenario

C.

Mapping the risk scenarios by likelihood and impact on a chart

D.

Performing a risk assessment on the laaS provider

Question 120

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Options:

A.

It transfers the risk associated with recovery to a third party.

B.

It lowers the annual cost to the business.

C.

It eliminates the need to maintain offsite facilities.

D.

It eliminates the need for the business to perform testing.

Question 121

Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?

Options:

A.

A security information and event management (SIEM) system

B.

An intrusion prevention system (IPS)

C.

A virtual private network (VPN) with multi-factor authentication (MFA)

D.

An identity and access management (IAM) system

Question 122

An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done

FIRST?

Options:

A.

Install additional application controls.

B.

Notify senior management.

C.

Invoke the incident response plan.

D.

Prevent access to the application.

Question 123

Which of the following should be the MOST important consideration when reviewing an information security strategy?

Options:

A.

Recent security incidents

B.

New business initiatives

C.

Industry security standards

D.

Internal audit findings

Question 124

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Question 125

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Question 126

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

Options:

A.

Impact of service interruption

B.

Results of recovery testing

C.

Determination of recovery point objective (RPO)

D.

Direction from senior management

Question 127

Which of the following is the BEST indication of an effective disaster recovery planning process?

Options:

A.

Hot sites are required for any declared disaster.

B.

Chain of custody is maintained throughout the disaster recovery process.

C.

Post-incident reviews are conducted after each event.

D.

Recovery time objectives (RTOs) are shorter than recovery point objectives (RPOs).

Question 128

During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?

Options:

A.

Configuration management

B.

Password management

C.

Change management

D.

Version management

Question 129

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Options:

A.

Integrity

B.

Authenticity

C.

Confidentiality

D.

Nonrepudiation

Question 130

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Question 131

Which of the following is the PRIMARY responsibility of an information security governance committee?

Options:

A.

Discussing upcoming information security projects

B.

Reviewing the information security risk register

C.

Approving changes to the information security strategy

D.

Reviewing monthly information security metrics

Question 132

A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

Options:

A.

Provide end-user training.

B.

Escalate to senior management.

C.

Continue to enforce the policy.

D.

Conduct a business impact analysis (BIA).

Question 133

During which of the following development phases is it MOST challenging to implement security controls?

Options:

A.

Post-implementation phase

B.

Implementation phase

C.

Development phase

D.

Design phase

Question 134

Which or the following is MOST important to consider when determining backup frequency?

Options:

A.

Recovery point objective (RPO)

B.

Recovery time objective (RTO)

C.

Allowable interruption window

D.

Maximum tolerable outage (MTO)

Question 135

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

the internal audit manager.

B.

the information security officer.

C.

the steering committee.

D.

the board of directors.

Question 136

Which of the following is MOST important to consider when defining control objectives?

Options:

A.

Industry best practices

B.

An information security framework

C.

Control recommendations from a recent audit

D.

The organization's risk appetite

Question 137

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Options:

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Question 138

Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?

Options:

A.

Review the previous risk assessment and countermeasures.

B.

Perform a new risk assessment,

C.

Evaluate countermeasures to mitigate new risks.

D.

Transfer the new risk to a third party.

Question 139

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Question 140

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

Options:

A.

To define security roles and responsibilities

B.

To determine return on investment (ROI)

C.

To establish incident severity levels

D.

To determine the criticality of information assets

Question 141

Which of the following BEST enables an organization to continuously assess the information security risk posture?

Options:

A.

Key risk indicators (KRIs)

B.

Periodic review of the risk register

C.

Degree of senior management support

D.

Compliance with industry regulations

Question 142

Which of the following BEST indicates the organizational benefit of an information security solution?

Options:

A.

Cost savings the solution brings to the information security department

B.

Reduced security training requirements

C.

Alignment to security threats and risks

D.

Costs and benefits of the solution calculated over time

Question 143

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.

Define the issues to be addressed.

B.

Perform a cost-benefit analysis.

C.

Calculate the total cost of ownership (TCO).

D.

Conduct a feasibility study.

Question 144

An information security manager is assessing security risk associated with a cloud service provider. Which of the following is the MOST appropriate reference to consult when performing this assessment?

Options:

A.

Previous provider service level agreements (SLAs)

B.

Security control frameworks

C.

Threat intelligence reports

D.

Penetration test results from the provider

Question 145

Which of the following is the FIRST step when conducting a post-incident review?

Options:

A.

Identify mitigating controls.

B.

Assess the costs of the incident.

C.

Perform root cause analysis.

D.

Assign responsibility for corrective actions.

Question 146

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Question 147

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Options:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Question 148

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Question 149

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Options:

A.

Current resourcing levels

B.

Availability of potential resources

C.

Information security strategy

D.

Information security incidents

Question 150

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

Options:

A.

Review the risk monitoring plan.

B.

Formally document the decision.

C.

Review the regulations.

D.

Advise the risk management team.

Question 151

Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization's business continuity plan (BCP) has not been reviewed or updated in more than a year?

Options:

A.

An outdated BCP may result in less efficient recovery if an actual incident occurs.

B.

The organization may suffer reputational damage for not following industry best practices.

C.

The audit finding may impact the overall risk rating of the organization.

D.

The lack of updates to the BCP may result in noncompliance with internal policies.

Question 152

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Options:

A.

Process owners

B.

End users

C.

Security architects.

D.

Corporate auditors

Question 153

The PRIMARY benefit of integrating information security activities into change management processes is to:

Options:

A.

protect the organization from unauthorized changes.

B.

ensure required controls are included in changes.

C.

provide greater accountability for security-related changes in the business.

D.

protect the business from collusion and compliance threats.

Question 154

For an e-business that requires high availability, which of the following design principles is BEST?

Options:

A.

Manual failover to the website of another e-business that meets the user's needs

B.

A single point of entry allowing transactions to be received and processed quickly

C.

Intelligent middleware to direct transactions from a downed system to an alternative

D.

Availability of an adjacent cold site and a standby server with mirrored copies of critical data

Question 155

Threat and vulnerability assessments are important PRIMARILY because they are:

Options:

A.

used to establish security investments

B.

the basis for setting control objectives.

C.

elements of the organization's security posture.

D.

needed to estimate risk.

Question 156

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Question 157

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?

Options:

A.

Backups are maintained offline and regularly tested.

B.

Impacted networks can be detached at the network switch level.

C.

Production data is continuously replicated between primary and secondary sites.

D.

Backups are maintained on multiple sites and regularly reviewed.

Question 158

Which of the following BEST minimizes information security risk in deploying applications to the production environment?

Options:

A.

Integrating security controls in each phase of the life cycle

B.

Conducting penetration testing post implementation

C.

Having a well-defined change process

D.

Verifying security during the testing process

Question 159

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

Options:

A.

Ownership of security

B.

Compliance with policies

C.

Auditability of systems

D.

Allocation of training resources

Question 160

Which of the following should include contact information for representatives of equipment and software vendors?

Options:

A.

Information security program charter

B.

Business impact analysis (BIA)

C.

Service level agreements (SLAs)

D.

Business continuity plan (BCP)

Question 161

A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?

Options:

A.

Security manager

B.

Chief information security officer (CISO)

C.

System administrator

D.

Business owner

Question 162

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Question 163

Which of the following analyses will BEST identify the external influences to an organization's information security?

Options:

A.

Business impact analysis (BIA)

B.

Gap analysis

C.

Threat analysis

D.

Vulnerability analysis

Question 164

Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?

Options:

A.

Incident response plan can be activated in a timely manner.

B.

Incident metrics can be communicated.

C.

Risk response options can be identified quickly.

D.

Incident classification times can be improved.

Question 165

Which of the following is MOST important when designing security controls for new cloud-based services?

Options:

A.

Evaluating different types of deployment models according to the associated risks

B.

Understanding the business and IT strategy for moving resources to the cloud

C.

Defining an incident response policy to protect data moving between onsite and cloud applications

D.

Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies

Question 166

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Options:

A.

Providing ongoing training to the incident response team

B.

Implementing proactive systems monitoring

C.

Implementing a honeypot environment

D.

Updating information security awareness materials

Question 167

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

Options:

A.

Performing penetration testing

B.

Improving user awareness

C.

Installing new firewalls

D.

Updating security policies

Question 168

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.

enhance the organization's antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization's detective controls.

D.

reduce the need for a security awareness program.

Question 169

When properly implemented, secure transmission protocols protect transactions:

Options:

A.

from eavesdropping.

B.

from denial of service (DoS) attacks.

C.

on the client desktop.

D.

in the server's database.

Question 170

Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

Options:

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Question 171

An information security manager has confirmed the organization's cloud provider has unintentionally published some of the organization's business data. Which of the following should be done NEXT?

Options:

A.

Identify users associated with the exposed data.

B.

Initiate the organization's data loss prevention (DLP) processes.

C.

Review the cloud provider's service level agreement (SLA).

D.

Invoke the incident response plan.

Question 172

Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?

Options:

A.

Senior management

B.

Information owner

C.

Business manager

D.

Information security manager

Question 173

Which of the following is the MOST important objective of post-incident review activities?

Options:

A.

Evidence collection

B.

Continuous improvement

C.

Incident triage

D.

Incident documentation

Question 174

An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:

Options:

A.

the business users.

B.

the information owners.

C.

the system administrators.

D.

senior management.

Question 175

An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:

Options:

A.

Assign accountability for monitoring social media

B.

Identify security monitoring tools

C.

Evaluate risks to the organization

D.

Develop security awareness training

Question 176

What should be the FIRST step when implementing data loss prevention (DLP) technology?

Options:

A.

Perform due diligence with vendor candidates.

B.

Build a business case.

C.

Classify the organization's data.

D.

Perform a cost-benefit analysis.

Question 177

When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

Options:

A.

strong encryption

B.

regulatory compliance.

C.

data availability.

D.

security awareness training

Question 178

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

Options:

A.

Data masking

B.

Data retention strategy

C.

Data encryption standards

D.

Data loss prevention (DLP)

Question 179

Which of the following is MOST helpful in determining whether a phishing email is malicious?

Options:

A.

Security awareness training

B.

Reverse engineering

C.

Threat intelligence

D.

Sandboxing

Question 180

Which of the following is MOST important to include in security incident escalation procedures?

Options:

A.

Key objectives of the security program

B.

Recovery procedures

C.

Notification criteria

D.

Containment procedures

Question 181

Which of the following should be the PRIMARY consideration when developing an incident response plan?

Options:

A.

The definition of an incident

B.

Compliance with regulations

C.

Management support

D.

Previously reported incidents

Question 182

What should an information security manager do FIRST when an organization is planning to use a third-party cloud computing service for a critical business process?

Options:

A.

Identify the data to be hosted.

B.

Perform a gap analysis.

C.

Perform a risk assessment.

D.

Analyze the business requirements.

Question 183

Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?

Options:

A.

The plan has summarized IT costs for implementation.

B.

The plan resolves all potential threats to business processes.

C.

The plan focuses on meeting industry best practices and industry standards.

D.

The plan is based on a review of threats and vulnerabilities.

Question 184

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Question 185

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Question 186

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Question 187

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

Options:

A.

Availability of resources

B.

Root cause analysis results

C.

Adverse effects on the business

D.

Legal and regulatory requirements

Question 188

Which of the following is a desired outcome of information security governance?

Options:

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Question 189

Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?

Options:

A.

Threat analytics software

B.

Host intrusion detection system

C.

SIEM

D.

Network intrusion detection system

Question 190

Which of the following should be of GREATEST concern regarding an organization's security controls?

Options:

A.

Some controls are performing outside of an acceptable range.

B.

No key control indicators (KCIs) have been implemented.

C.

Control ownership has not been updated.

D.

Control gap analysis is outdated.

Question 191

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Options:

A.

organizational alignment

B.

IT strategy alignment

C.

threats to the organization

D.

existing control costs

Question 192

Which of the following is MOST important to include in an information security strategy?

Options:

A.

Stakeholder requirements

B.

Risk register

C.

Industry benchmarks

D.

Regulatory requirements

Question 193

The PRIMARY purpose for deploying information security metrics is to:

Options:

A.

compare program effectiveness to benchmarks.

B.

support ongoing security budget requirements.

C.

ensure that technical operations meet specifications.

D.

provide information needed to make decisions.

Question 194

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Options:

A.

Review independent security assessment reports for each vendor.

B.

Benchmark each vendor's services with industry best practices.

C.

Analyze the risks and propose mitigating controls.

D.

Define information security requirements and processes.

Question 195

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Options:

A.

Improved staff attendance in awareness sessions

B.

Decreased number of phishing emails received

C.

Improved feedback on the anti-phishing campaign

D.

Decreased number of incidents that have occurred

Question 196

Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?

Options:

A.

Security awareness plan

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Incident response plan

Question 197

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

Options:

A.

An increase in the number of identified security incidents

B.

A decrease in the number of security audit findings

C.

A decrease in the number of security policy exceptions

D.

An increase in the number of compliant business processes

Question 198

Detailed business continuity plans (BCPs) should be PRIMARILY based on:

Options:

A.

strategies validated by senior management.

B.

capabilities of available local vendors.

C.

strategies that cover all applications.

D.

cost and resources needed to execute.

Question 199

An online bank identifies a successful network attack in progress. The bank should FIRST:

Options:

A.

isolate the affected network segment.

B.

report the root cause to the board of directors.

C.

assess whether personally identifiable information (Pll) is compromised.

D.

shut down the entire network.

Question 200

The MOST useful technique for maintaining management support for the information security program is:

Options:

A.

informing management about the security of business operations.

B.

implementing a comprehensive security awareness and training program.

C.

identifying the risks and consequences of failure to comply with standards.

D.

benchmarking the security programs of comparable organizations.

Question 201

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

Options:

A.

Ensure a plan with milestones is developed.

B.

Implement a distributed denial of service (DDoS) control.

C.

Engage the incident response team.

D.

Define new key performance indicators (KPIs).

Question 202

Which of the following is the MOST important consideration when determining which type of failover site to employ?

Options:

A.

Reciprocal agreements

B.

Disaster recovery test results

C.

Recovery time objectives (RTOs)

D.

Data retention requirements

Question 203

Which of the following is MOST important when responding to a major security incident?

Options:

A.

Contacting forensic investigators

B.

Following the escalation process

C.

Notifying law enforcement

D.

Identifying the indicators of compromise

Question 204

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Options:

A.

Implement compensating controls.

B.

Communicate consequences for future instances.

C.

Enhance the data loss prevention (DLP) solution.

D.

Improve the security awareness training program.

Question 205

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents

B.

identify vulnerabilities

C.

identify control improvements.

D.

identify the root cause.

Question 206

Which of the following is the FIRST step in developing a business continuity plan (BCP)?

Options:

A.

Determine the business recovery strategy

B.

Determine available resources.

C.

Identify the applications with the shortest recovery time objectives (RTOs).

D.

Identify critical business processes.

Question 207

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.

Decrease in the number of security incidents

B.

Increase in the frequency of security incident escalations

C.

Reduction in the impact of security incidents

D.

Increase in the number of reported security incidents

Question 208

Of the following, who is BEST suited to own the risk discovered in an application?

Options:

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Question 209

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Options:

A.

Projected Increase in maturity level

B.

Estimated reduction in risk

C.

Projected costs over time

D.

Estimated increase in efficiency

Question 210

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Question 211

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Options:

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Question 212

To improve the efficiency of the development of a new software application, security requirements should be defined:

Options:

A.

based on code review.

B.

based on available security assessment tools.

C.

after functional requirements.

D.

concurrently with other requirements.

Question 213

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Question 214

Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?

Options:

A.

To validate the incident

B.

To review network configurations

C.

To validate the payload signature

D.

To devise the incident response strategy

Question 215

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Question 216

Which of the following is the BEST indication that an organization has integrated information security governance with corporate governance?

Options:

A.

Security performance metrics are measured against business objectives.

B.

Impact is measured according to business loss when assessing IT risk.

C.

Security policies are reviewed whenever business objectives are changed.

D.

Service levels for security vendors are defined according to business needs.

Question 217

Which of the following is the MOST important function of an information security steering committee?

Options:

A.

Assigning data classifications to organizational assets

B.

Developing organizational risk assessment processes

C.

Obtaining multiple perspectives from the business

D.

Defining security standards for logical access controls

Question 218

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?

Options:

A.

Impact on compliance risk.

B.

Inability to determine short-term impact.

C.

Impact on the risk culture.

D.

Deviation from risk management best practices

Question 219

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Options:

A.

a control self-assessment (CSA) process.

B.

automated reporting to stakeholders.

C.

a monitoring process for the security policy.

D.

metrics for each milestone.

Question 220

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

EradicationB Recovery

B.

Lessons learned review

C.

Incident declaration

Question 221

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

Options:

A.

Vendor service level agreements (SLAs)

B.

Independent review of the vendor

C.

Local laws and regulations

D.

Backup and restoration of data

Question 222

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:

A.

Right of the subscriber to conduct onsite audits of the vendor

B.

Escrow of software code with conditions for code release

C.

Authority of the subscriber to approve access to its data

D.

Commingling of subscribers' data on the same physical server

Question 223

Which of the following is the PRIMARY objective of incident triage?

Options:

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Question 224

Reverse lookups can be used to prevent successful:

Options:

A.

denial of service (DoS) attacks

B.

session hacking

C.

phishing attacks

D.

Internet protocol (IP) spoofing

Question 225

Which of the following should be done FIRST when a SIEM flags a potential event?

Options:

A.

Validate the event is not a false positive.

B.

Initiate the incident response plan.

C.

Escalate the event to the business owner.

D.

Implement compensating controls.

Question 226

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

Options:

A.

Vulnerability assessment

B.

Asset classification

C.

Threat analysis

D.

Internal audit findings

Question 227

When determining an acceptable risk level which of the following is the MOST important consideration?

Options:

A.

Threat profiles

B.

System criticalities

C.

Vulnerability scores

D.

Risk matrices

Question 228

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.

Downtime due to malware infections

B.

Number of security vulnerabilities uncovered with network scans

C.

Percentage of servers patched

D.

Annualized loss resulting from security incidents

Question 229

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?

Options:

A.

Establish processes to publish content on social networks.

B.

Assess the security risk associated with the use of social networks.

C.

Conduct vulnerability assessments on social network platforms.

D.

Develop security controls for the use of social networks.

Question 230

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

Options:

A.

Lack of a risk framework

B.

Ineffective security controls

C.

Presence of known vulnerabilities

D.

Incomplete identification of threats

Question 231

Which of the following defines the triggers within a business continuity plan (BCP)? @

Options:

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Question 232

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Options:

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Question 233

Recovery time objectives (RTOs) are BEST determined by:

Options:

A.

business managers

B.

business continuity officers

C.

executive management

D.

database administrators (DBAs).

Question 234

To support effective risk decision making, which of the following is MOST important to have in place?

Options:

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Question 235

Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?

Options:

A.

Establish an information security steering committee.

B.

Employ a process-based approach for information asset classification.

C.

Utilize an industry-recognized risk management framework.

D.

Provide security awareness training to board executives.

Question 236

A data discovery project uncovers an unclassified process document. Of the following, who is BEST suited to determine the classification?

Options:

A.

Information security manager

B.

Security policy author

C.

Creator of the document

D.

Data custodian

Question 237

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Options:

A.

Request the service provider comply with information security policy.

B.

Review a recent independent audit report of the service provider.

C.

Assess the level of security awareness of the service provider.

D.

Review samples of service level reports from the service provider.

Question 238

Which of the following would be MOST helpful when creating information security policies?

Options:

A.

The information security framework

B.

Business impact analysis (BIA)

C.

Information security metrics

D.

Risk assessment results

Question 239

The PRIMARY goal of a post-incident review should be to:

Options:

A.

establish the cost of the incident to the business.

B.

determine why the incident occurred.

C.

identify policy changes to prevent a recurrence.

D.

determine how to improve the incident handling process.

Question 240

An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:

Options:

A.

disable the user's access to corporate resources.

B.

terminate the device connectivity.

C.

remotely wipe the device

D.

escalate to the user's management

Question 241

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

Options:

A.

Control matrix

B.

Business impact analysis (BIA)

C.

Risk register

D.

Information security policy

Question 242

Which of the following is the BEST strategy when determining an organization’s approach to risk treatment?

Options:

A.

Advancing the maturity of existing controls based on risk tolerance

B.

Prioritizing controls that directly mitigate the organization's most critical risks

C.

Implementing risk mitigation controls that are considered quick wins

D.

Implementing a one-size-fits-all set of controls across all organizational units

Question 243

To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:

Options:

A.

isolate the infected systems.

B.

preserve the evidence.

C.

image the infected systems.

D.

clean the malware.

Question 244

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Perform a gap analysis based on the current state

B.

Create a roadmap to identify security baselines and controls.

C.

Identify key stakeholders to champion information security.

D.

Determine acceptable levels of information security risk.

Question 245

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Question 246

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Options:

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization's incident response process.

Question 247

An organization has identified IT failures in a call center application. Of the following, who should own this risk?

Options:

A.

Information security manager

B.

Head of the call center

C.

Chief executive officer (CEO)

D.

Head of the IT department

Question 248

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Options:

A.

the chief risk officer (CRO).

B.

business senior management.

C.

the information security manager.

D.

the compliance officer.

Question 249

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

Options:

A.

rely on senior management to enforce security.

B.

promote the relevance and contribution of security.

C.

focus on compliance.

D.

reiterate the necessity of security.

Question 250

An organization's automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

Options:

A.

Report only critical alerts.

B.

Change reporting thresholds.

C.

Reconfigure log recording.

D.

Monitor incidents in a specific time frame.

Question 251

Which of the following is the MOST important constraint to be considered when developing an information security strategy?

Options:

A.

Legal and regulatory requirements

B.

Established security policies and standards

C.

Compliance with an international security standard

D.

Information security architecture

Question 252

An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?

Options:

A.

Identified vulnerabilities are not published and communicated in awareness programs.

B.

Identified vulnerabilities are not logged and resolved in a timely manner.

C.

The number of vulnerabilities identified exceeds industry benchmarks. D. Vulnerabilities are identified by internal staff rather than by external consultants.

Question 253

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Options:

A.

Network address translation (NAT)

B.

Message hashing

C.

Transport Layer Security (TLS)

D.

Multi-factor authentication

Question 254

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Options:

A.

number of impacted users.

B.

capability of incident handlers.

C.

type of confirmed incident.

D.

predicted incident duration.

Question 255

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Options:

A.

Cost of replacing the asset

B.

Cost of additional mitigation

C.

Annual loss expectancy (ALE)

D.

Annual rate of occurrence

Question 256

Which of the following is the MOST important detail to capture in an organization's risk register?

Options:

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Question 257

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Options:

A.

Establish an organization-wide social media policy.

B.

Develop sanctions for misuse of social media sites.

C.

Monitor social media sites visited by employees.

D.

Restrict social media access on corporate devices.

Question 258

A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

Options:

A.

Perform a backup of the hard drive using backup utilities.

B.

Perform a bit-by-bit backup of the hard disk using a write-blocking device

C.

Perform a backup of the computer using the network

D.

Reboot the system using third-party forensic software in the CD-ROM drive

Question 259

Which of the following is the BEST way to improve an organization's ability to detect and respond to incidents?

Options:

A.

Conduct a business impact analysis (BIA).

B.

Conduct periodic awareness training.

C.

Perform a security gap analysis.

D.

Perform network penetration testing.

Question 260

Which of the following is the MOST important consideration during the design phase of a business impact analysis (BIA)?

Options:

A.

Selecting quality metrics to monitor business performance

B.

Estimating the likelihood that end-to-end processes will be disrupted

C.

Obtaining reserve funding to prepare for possible business failures

D.

Identifying critical functions for business operations

Question 261

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Options:

A.

Balanced scorecard

B.

Risk matrix

C.

Benchmarking

D.

Heat map

Question 262

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Options:

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Question 263

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor's independent control reports.

Question 264

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

Options:

A.

Forensics certification

B.

Disaster recovery drills

C.

Tabletop exercises

D.

Penetration tests

Question 265

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

Options:

A.

While responding to the incident

B.

During a tabletop exercise

C.

During post-incident review

D.

After a risk reassessment

Question 266

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Options:

A.

Including service level agreements (SLAs) in vendor contracts

B.

Establishing communication paths with vendors

C.

Requiring security awareness training for vendor staff

D.

Performing integration testing with vendor systems

Question 267

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

Options:

A.

packet filtering.

B.

web surfing controls.

C.

log monitoring.

D.

application awareness.

Question 268

Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?

Options:

A.

Benchmarking against industry peers

B.

Adoption of an industry recognized framework

C.

Approval from senior management

D.

Identification of business-specific risk factors

Question 269

Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?

Options:

A.

Restore affected systems for normal operations.

B.

Mitigate exploited vulnerabilities to stop future incidents.

C.

Estimate the amount of damage caused by the incident.

D.

Isolate affected systems to prevent further damage

Question 270

An organization is selecting security metrics to measure security performance, and a firewall specialist suggests tracking the number of external attacks blocked by the firewalls. Which of the following is the GREATEST concern with using this metric?

Options:

A.

The number of blocked external attacks is not representative of the true threat profile.

B.

The number of blocked external attacks will vary by month, causing inconsistent graphs.

C.

The number of blocked external attacks is an indicator of the organization's popularity.

D.

The number of blocked external attacks over time does not explain the attackers' motivations.

Question 271

An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

Options:

A.

The cloud provider can meet recovery point objectives (RPOs).

B.

The cloud provider adheres to applicable regulations.

C.

The cloud provider’s service level agreement (SLA) includes availability requirements.

D.

The hosting contract has a termination clause.

Question 272

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Options:

A.

results of exit interviews.

B.

previous training sessions.

C.

examples of help desk requests.

D.

responses to security questionnaires.

Question 273

What should an information security manager verify FIRST when reviewing an information asset management program?

Options:

A.

System owners have been identified.

B.

Key applications have been secured.

C.

Information assets have been classified.

D.

Information assets have been inventoried.

Question 274

Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

Options:

A.

Quantitative loss

B.

Industry benchmarks

C.

Threat analysis

D.

Root cause analysis

Question 275

Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Options:

A.

Increasing false negatives

B.

Decreasing false negatives

C.

Decreasing false positives

D.

Increasing false positives

Question 276

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Options:

A.

Documentation of control procedures

B.

Standardization of compliance requirements

C.

Automation of controls

D.

Integration of assurance efforts

Question 277

Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

Options:

A.

Stakeholder feedback analysis

B.

Business continuity risk analysis

C.

Incident root cause analysis

D.

Business impact analysis (BIA)

Question 278

Recovery time objectives (RTOs) are an output of which of the following?

Options:

A.

Business continuity plan (BCP)

B.

Disaster recovery plan (DRP)

C.

Service level agreement (SLA)

D.

Business impact analysis (BIA)

Question 279

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Options:

A.

Security requirements are included in the vendor contract

B.

External security audit results are reviewed.

C.

Service level agreements (SLAs) meet operational standards.

D.

Business continuity contingency planning is provided

Question 280

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Options:

A.

Perform a privacy impact assessment (PIA).

B.

Perform a vulnerability assessment.

C.

Perform a gap analysis.

D.

Perform a business impact analysis (BIA).

Question 281

Which of the following is the BEST indicator of a successful intrusion into an organization's systems?

Options:

A.

Decrease in internal network traffic

B.

Increase in the number of failed login attempts

C.

Increase in the number of irregular application requests

D.

Decrease in available storage space

Question 282

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Options:

A.

Eliminate privileged accounts.

B.

Perform periodic certification of access to privileged accounts.

C.

Frequently monitor activities on privileged accounts.

D.

Provide privileged account access only to users who need it.

Question 283

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Options:

A.

incident has been confirmed.

B.

incident has been contained.

C.

potential incident has been logged.

D.

incident has been mitigated.

Demo: 283 questions
Total 954 questions