When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
Which of the following devices, when placed in a demilitarized zone (DMZ), would be considered the MOST significant exposure?
The PRIMARY advantage of single sign-on (SSO) is that it will:
A business continuity plan (BCP) should contain:
An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?
Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?
Which of the following has the GREATEST influence on the successful integration of information security within the business?
Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?
Spoofing should be prevented because it may be used to:
Which of the following is the BEST indication of a mature information security program?
Which of the following is the PRIMARY reason to conduct a post-incident review?
Of the following, who is in the BEST position to evaluate business impacts?
The PRIMARY objective of performing a post-incident review is to:
Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
Following an information security risk assessment of a critical system, several significant issues have been identified. Which of the following is MOST important for the information security manager to confirm?
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Which of the following is the MOST likely reason for a vulnerability scanner to return incomplete results?
In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?
An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?
Which of the following BEST enables an organization to determine the costs of downtime for a critical application?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
The fundamental purpose of establishing security metrics is to:
For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?
Which of the following BEST indicates that information assets are classified accurately?
Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?
Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?
Which of the following is MOST important to include in a post-incident review following a data breach?
Which of the following is MOST important to have in place when conducting a security control assessment of a system?
Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?
An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?
A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?
An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?
Which of the following BEST facilitates effective strategic alignment of security initiatives?
An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?
Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?
Which of the following is MOST important when defining how an information security budget should be allocated?
A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
A PRIMARY purpose of creating security policies is to:
Which of the following tools would be MOST helpful to an incident response team?
Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?
Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?
A global organization is considering its geopolitical security risks. Which of the following is the information security manager's BEST approach?
Which type of control is an incident response team?
Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?
Which of the following BEST illustrates residual risk within an organization?
Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?
Which of the following is the PRIMARY objective of a cyber resilience strategy?
Which of the following is the MOST important characteristic of an effective information security metric?
An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
Which of the following MUST happen immediately following the identification of a malware incident?
Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?
When developing an incident escalation process, the BEST approach is to classify incidents based on:
Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?
The effectiveness of an incident response team will be GREATEST when:
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?
The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:
The PRIMARY purpose of vulnerability identification is to:
Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?
What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?
A security incident has been reported within an organization. When should an information security manager contact the information owner?
Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
Which of the following is the BEST source of information to support an organization's information security vision and strategy?
Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
A business impact analysis (BIA) should be periodically executed PRIMARILY to:
The categorization of incidents is MOST important for evaluating which of the following?
Which of the following is the MOST essential element of an information security program?
Which of the following BEST indicates that an information security governance framework has been successfully implemented?
An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?
If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?
A security incident has been reported within an organization When should an information security manager contact the information owner?
Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?
Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
Which of the following is the BEST indication ofa successful information security culture?
An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?
To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:
Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
Which of the following BEST enables the assignment of risk and control ownership?
Which of the following is MOST important for guiding the development and management of a comprehensive information security program?
Which of the following provides the BEST indication of the return on information security investment?
Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?
Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?
Relationships between critical systems are BEST understood by
Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?
The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of
GREATEST concern?
What is the PRIMARY objective of implementing standard security configurations?
An organization's quality process can BEST support security management by providing:
Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?
Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
Which of the following MUST be established to maintain an effective information security governance framework?
What should be an information security manager's MOST important consideration when developing a multi-year plan?
When drafting the corporate privacy statement for a public website, which of the following MUST be included?
Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?
A new risk has been identified in a high availability system. The BEST course of action is to:
Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?
The use of a business case to obtain funding for an information security investment is MOST effective when the business case:
Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Which of the following should be the PRIMARY basis for determining the value of assets?
An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?
Prior to implementing a bring your own device (BYOD) program, it is MOST important to:
Which of the following provides the MOST comprehensive understanding of an organization's information security posture?
In which cloud model does the cloud service buyer assume the MOST security responsibility?
Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?
When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?
Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?
Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done
FIRST?
Which of the following should be the MOST important consideration when reviewing an information security strategy?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?
Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?
Which of the following is the BEST indication of an effective disaster recovery planning process?
During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?
Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?
Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
Which of the following is the PRIMARY responsibility of an information security governance committee?
A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?
During which of the following development phases is it MOST challenging to implement security controls?
Which or the following is MOST important to consider when determining backup frequency?
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
Which of the following is MOST important to consider when defining control objectives?
Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?
Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?
Which of the following BEST enables an organization to continuously assess the information security risk posture?
Which of the following BEST indicates the organizational benefit of an information security solution?
What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
An information security manager is assessing security risk associated with a cloud service provider. Which of the following is the MOST appropriate reference to consult when performing this assessment?
Which of the following is the FIRST step when conducting a post-incident review?
An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?
During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
What will BEST facilitate the success of new security initiatives?
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?
Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization's business continuity plan (BCP) has not been reviewed or updated in more than a year?
Of the following, whose input is of GREATEST importance in the development of an information security strategy?
The PRIMARY benefit of integrating information security activities into change management processes is to:
For an e-business that requires high availability, which of the following design principles is BEST?
Threat and vulnerability assessments are important PRIMARILY because they are:
Which of the following is MOST important to include in monthly information security reports to the board?
Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?
Which of the following BEST minimizes information security risk in deploying applications to the production environment?
In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?
Which of the following should include contact information for representatives of equipment and software vendors?
A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Which of the following analyses will BEST identify the external influences to an organization's information security?
Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?
Which of the following is MOST important when designing security controls for new cloud-based services?
Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?
Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
When properly implemented, secure transmission protocols protect transactions:
Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?
An information security manager has confirmed the organization's cloud provider has unintentionally published some of the organization's business data. Which of the following should be done NEXT?
Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?
Which of the following is the MOST important objective of post-incident review activities?
An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:
An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:
What should be the FIRST step when implementing data loss prevention (DLP) technology?
When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:
An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
Which of the following is MOST helpful in determining whether a phishing email is malicious?
Which of the following is MOST important to include in security incident escalation procedures?
Which of the following should be the PRIMARY consideration when developing an incident response plan?
What should an information security manager do FIRST when an organization is planning to use a third-party cloud computing service for a critical business process?
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
Which of the following is the PRIMARY role of an information security manager in a software development project?
Which of the following is MOST important to consider when determining asset valuation?
Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
Which of the following is a desired outcome of information security governance?
Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?
Which of the following should be of GREATEST concern regarding an organization's security controls?
An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:
Which of the following is MOST important to include in an information security strategy?
The PRIMARY purpose for deploying information security metrics is to:
An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?
Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?
Detailed business continuity plans (BCPs) should be PRIMARILY based on:
An online bank identifies a successful network attack in progress. The bank should FIRST:
The MOST useful technique for maintaining management support for the information security program is:
Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?
Which of the following is the MOST important consideration when determining which type of failover site to employ?
Which of the following is MOST important when responding to a major security incident?
Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?
The PRIMARY objective of performing a post-incident review is to:
Which of the following is the FIRST step in developing a business continuity plan (BCP)?
Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Of the following, who is BEST suited to own the risk discovered in an application?
Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
To improve the efficiency of the development of a new software application, security requirements should be defined:
An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?
Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?
Which of the following is the BEST method to ensure compliance with password standards?
Which of the following is the BEST indication that an organization has integrated information security governance with corporate governance?
Which of the following is the MOST important function of an information security steering committee?
Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?
An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?
What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?
A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?
Which of the following is the PRIMARY objective of incident triage?
Reverse lookups can be used to prevent successful:
Which of the following should be done FIRST when a SIEM flags a potential event?
Which of the following provides the BEST input to determine the level of protection needed for an IT system?
When determining an acceptable risk level which of the following is the MOST important consideration?
Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?
Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
Which of the following defines the triggers within a business continuity plan (BCP)? @
An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?
Recovery time objectives (RTOs) are BEST determined by:
To support effective risk decision making, which of the following is MOST important to have in place?
Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?
A data discovery project uncovers an unclassified process document. Of the following, who is BEST suited to determine the classification?
To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
Which of the following would be MOST helpful when creating information security policies?
The PRIMARY goal of a post-incident review should be to:
An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:
Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?
Which of the following is the BEST strategy when determining an organization’s approach to risk treatment?
To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following is the BEST indicator of an organization's information security status?
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?
An organization has identified IT failures in a call center application. Of the following, who should own this risk?
An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
An organization's automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?
Which of the following is the MOST important constraint to be considered when developing an information security strategy?
An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?
Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?
Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
Which of the following is the MOST important detail to capture in an organization's risk register?
An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?
A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?
Which of the following is the BEST way to improve an organization's ability to detect and respond to incidents?
Which of the following is the MOST important consideration during the design phase of a business impact analysis (BIA)?
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?
Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?
Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?
Which of the following BEST supports the incident management process for attacks on an organization's supply chain?
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?
Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?
An organization is selecting security metrics to measure security performance, and a firewall specialist suggests tracking the number of external attacks blocked by the firewalls. Which of the following is the GREATEST concern with using this metric?
An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?
The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:
What should an information security manager verify FIRST when reviewing an information asset management program?
Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?
Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?
Recovery time objectives (RTOs) are an output of which of the following?
An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following is the BEST indicator of a successful intrusion into an organization's systems?
Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the: