Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISM > Deck 4 > Flashcards

Deck 4 Flashcards

1
Q

Which of the following would be an information security manager ‘s primary challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
A. Configuration management
B. mobile application control
C. inconsistent device security
D. end user acceptance

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is most important to ensure when an organization is moving portions of its sensitive database to the cloud?
A. The conversion has been approved by the information security team
B. a right to audit clause is included in the contract
C. input from data owners is included in the requirements definition
D. data encryption is used in the cloud hosting solution

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the best way to manage the risk of noncompliance?
A. Perform a gap analysis
B. consult with senior management on the best course of action
C. implement a program of work to comply with the new legislation
D. understand the cost of noncompliance

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is the most important function of an information security steering committee?
A. Evaluating the effectiveness of information security controls on a periodic basis
B. defining the objectives of the information security framework
C. conducting regular independent reviews of the state of security in the business
D. approving security awareness content prior to publication

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of System Administrator, security administrator, database administrator, and application administrator. What is the manager’s best course of action?
A. Formally document IT administrator activities
B. automate user provisioning activities
C. maintain strict control over user provisioning activities
D. implement monitoring of IT administrator activities

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. The most likely reason for this decision is:
A. the cost of implementing controls exceeds the potential financial losses
B. the risk assessment has not defined the likelihood of occurrence
C. executive management is not aware of the impact potential
D. the reported vulnerability has not been validated

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is the primary responsibility of an information security steering committee composed of management representation from business units?
A. Oversee the execution of the information security strategy
B. perform business impact analyses (BIAs)
C. manage the implementation of the information security plan
D. monitor the treatment of information security risk

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When implementing a security policy for an organization handling personally identifiable information (PII), the most important objective should be:
A. strong encryption
B. regulatory compliance
C. security awareness training
D. data availability

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When drafting the corporate privacy statement for a public website, which of the following must be included?
A. Limited liability clause
B. access control requirements
C. explanation of information usage
D. information encryption requirements

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

After a server has been attacked, which of the following is the best course of action?
A. Isolate the system
B. initiate incident response
C. conduct a security audit
D. review vulnerability assessment

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following will provide the most guidance when deciding the level of protection for an information asset?
A. Impact on information security program
B. cost of controls
C. impact to business function
D. cost to replace

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
A. Access control management
B. change management
C. configuration management
D. risk management

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is most likely to be impacted when emerging technologies are introduced to an organization?
A. Risk profile
B. security policies
C. control effectiveness
D. risk assessment approach

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company has a remote office located in a different country. The company’s chief information security officer (CISO) has just learned of a new regulatory requirement mandated by the country of the remote office. Which of the following should be the next step?
A. Integrate new requirements into the corporate policies
B. evaluate whether the new regulation impacts information security
C. create separate security policies and procedures for the new regulation
D. implement the requirement at the remote office location

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following metrics is the best measure of the effectiveness of an information security program?
A. Reduction in the amount of risk exposure in an organization
B. reduction in the number of threats to an organization
C. reduction in the cost of risk remediation for an organization
D. reduction in the number of vulnerabilities in an organization

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following provides the most useful information for identifying security control gaps on an application server?
A. Risk assessments
B. penetration testing
C. threat models
D. internal audit report

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The most important attribute of a security control is that it is:
A. auditable
B. measurable
C. scalable
D. reliable

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An event occurred that resulted in the activation of the business continuity plan (BCP). All employees were notified during the event, and they followed the plan. However, two major suppliers missed deadlines because they were not aware of the disruption. What is the best way to prevent a similar situation in the future?
A. Ensure service level agreement (SLAs) with suppliers are enforced
B. conduct A vulnerability assessment
C. perform testing of the BCP communication plan
D. Provide suppliers with access to the BCP document

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is most appropriate to add to a dashboard for the purpose of illustrating an organization’s risk level to senior management?
A. Results of risk and control testing
B. number of reported incidents
C. budget variance for information security
D. risk heat map

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

To confirm that a third party provider complies with an organization’s information security requirements, it is most important to ensure:
A. contract clauses comply with the organization’s information security policy
B. security metrics are included in the service level agreement (SLA)
C. the information security policy of the third-party service provider is reviewed
D. right to audit is included in the service level agreement (SLA)

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The primary reason to create and externally store the disc hash value when performing forensic data acquisition from a hard disk is to:
A. validate the integrity during analysis
B. provide backup in case of media failure
C. reinstate original data when accidental changes occur
D. validate the confidentiality during analysis

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following should be determined first when preparing a risk communication plan?
A. Reporting content
B. communication channel
C. target audience
D. reporting frequency

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is the major advantage of conducting a post-incident review? The review:
A. helps develop business cases for security monitoring tools
B. provides continuous process improvement
C. facilitates reporting on actions taken during the incident process
D. helps identify current and desired level of risk

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the greatest concern to an information security manager if omitted from the contract?
A. Escrow of software code with conditions for code release
B. right of the subscriber to conduct on-site audits of the vendor
C. authority of the subscriber to approve access to its data
D. commingling of subscribers’ data on the same physical server

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is the best method to protect consumer private information for an online public website?
A. Apply strong authentication to online accounts
B. encrypt consumer data in transit and at rest
C. use secure encrypted transport layer
D. apply a masking policy to the consumer data

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is the most important for an information security manager to verify when selecting a third party forensics provider?
A. Existence of a right to clause audit
B. technical capabilities of the provider
C. results of the provider’s business continuity test
D. existence of the provider’s incident response plan

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do first to support this initiative?
A. Review independent security assessment reports for each vendor
B. benchmark each vendor’s services with industry best practices
C. define information security requirements and processes
D. analyze the risks and proposed mitigating controls

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following would best help an organization’s ability to manage advanced persistent threats (APT)?
A. Having a skilled information security team
B. increasing the information security budget
C. using multiple security vendors
D. having network detection tools in place

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Key risk indicators (KRIs) are most effective when they:
A. are mapped to core strategic initiatives
B. allow for comparison with industry peers
C. are redefined on a regular basis
D. assess the progress toward declared goals

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following is the best strategy to implement an effective operational security posture?
A. Increased security awareness
B. defense in depth
C. threat management
D. vulnerability management

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with organization A, which of the following would be the best for a client to verify?
A. The URL of the e-commerce server
B. the certificate of the e-commerce server
C. the IP address of the e-commerce server
D. the browser’s indication of SSL use

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Following a successful attack, an information security manager should be confident the malware has not continued to spread at the completion of which incident response phase?
A. Recovery
B. Eradication
C. Identification
D. Containment

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is the best way to rigorously test a disaster recovery plan (DRP) for a mission-critical system without disrupting business operations?
A. Parallel testing
B. simulation testing
C. checklist review
D. structured walk-through

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following information security activities is most helpful to support compliance with information security policy?
A. Conducting information security awareness programs
B. creating monthly trend metrics
C. performing periodic IT reviews on new system acquisitions
D. obtaining management commitment

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following should be the most important consideration when establishing information security policies for an organization?
A. Job descriptions include requirements to read security policies
B. senior management supports the policies
C. the policies are aligned to industry best practices
D. the policies are updated annually

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following best enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?
A. Engaging external experts to provide guidance on changes in compliance requirements
B. assigning the operations manager accountability for meeting compliance requirements
C. embedding compliance requirements within operational processes
D. performing periodic audits for compliance with legal and regulatory requirements

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Senior management has launched an enterprise-wide initiative to streamline internal processes to reduce costs, including security processes. What should the information security manager rely on most to allocate resources efficiently?
A. Capability maturity assessment
B. risk classification
C. return on investment (ROI)
D. internal audit reports

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following is the best way to ensure that organizational security policies comply with data security regulatory requirements?
A. Obtain annual sign-off from executive management
B. align the policies to the most stringent global regulations
C. send the policies to stakeholders for review
D. outsource compliance activities

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the best course of action?
A. Isolate the affected systems
B. conduct an impact assessment
C. initiate incident response
D. rebuild the affected systems

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager’s FIRST course of action?
A. Design and document a new process
B. perform a risk assessment
C. report the issue to senior management
D. update the security policy

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following is most important to consider when aligning a security awareness program with the organization’s business strategy?
A. Processes and technology
B. people and culture
C. regulations and standards
D. executive and board directives

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

An online bank identifies a successful network attack in progress. The bank should first:
A. report the root cause to the board of directors
B. isolate the affected network segment
C. shut down the entire network
D. assess whether personally identifiable information (PII) is compromised

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Human resources (HR) is evaluating potential Software as a Service (SaaS) cloud services. Which of the following should the information security manager do first to support this effort?
A. Perform a cost-benefit analysis of using cloud services
B. conduct a security audit on the cloud service providers
C. review the cloud service providers control reports
D. perform a risk assessment of adopting cloud services

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which of the following security initiatives should be the first step in helping an organization maintain compliance with privacy regulations?
A. Implementing a data classification framework
B. implementing security information and event management (SIEM)
C. installing a data loss prevention (DLP) solution
D. developing security awareness training

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which of the following would provide the best evidence to senior management that security control performance was improved?
A. Demonstrated return on security investment
B. review of security metrics trends
C. results of an emerging threat analysis
D. reduction in inherent risk

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the best way to proceed?
A. Postpone the implementation until the vulnerability has been fixed
B. Commission further penetration tests to validate initial test results
C. assess whether the vulnerability is within the organization’s risk tolerance levels
D. implement the application and request the cloud service provider to fix the vulnerability

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A strict new regulation is being finalized to address global concerns regarding cybersecurity. Which of the following should the information security manager do first?
A. Monitor industry response to the regulation
B. seek legal counsel on the new regulation
C. validate the applicability of the regulation
D. escalate compliance risk to senior management

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the best way to test for the existence of back doors?
A. Perform security code reviews on the entire application
B. scan the entire application using a vulnerability scanning tool
C. monitor Internet traffic for sensitive information leakage
D. run the application from a high-privileged account on a test system

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which of the following best enables the detection of advanced persistent threats (APTs)?
A. Vulnerability scanning
B. security information and event management system (SIEM)
C. Internet gateway filtering
D. periodic reviews of intrusion prevention systems (IPS)

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A high-risk issue is discovered during an information security risk assessment of a legal application. The business is unwilling to allocate the resources to remediate the issue. Which of the following would be the information security manager’s best course of action?
A. Document risk acceptance from the business
B. recommend discontinuing the use of the legal application
C. design alternative compensating controls to reduce the risk
D. present the worst-case scenario related to the risk

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following provides the most essential input for the development of an information security strategy?
A. Results of an information security gap analysis
B. measurement of security performance against IT goals
C. results of a technology risk assessment
D. availability of capable information security resources

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be most appropriate for this purpose?
A. Policies
B. Standards
C. Procedures
D. Guidelines

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

An information security team plans to increase password complexity requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager’s best course of action?
A. Evaluate business compensating controls
B. quantify the security risk to the business
C. assess business impact against security risk
D. conduct industry benchmarking

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following is most important to ensuring that incident management plans are executed effectively?
A. Management support and approval has been obtained
B. an incident response maturity assessment has been conducted
C. a reputable managed security services provider has been engaged
D. the incident response team has the appropriate training

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What should be the greatest concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?
A. Local laws and regulations
B. backup and restoration of data
C. vendor service level agreements (SLAs)
D. independent review of the vendor

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which of the following is the best technical defense against unauthorized access to a corporate network through social engineering?
A. Requiring multi factor authentication
B. requiring challenge/response information
C. enforcing frequent password changes
D. enforcing complex password formats

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

An information security manager wants to improve the ability to identify changes in risk levels affecting the organization’s systems. Which of the following is the best method to achieve this objective?
A. Performing business impact analyses (BIA)
B. monitoring key goal indicators (KGIs)
C. monitoring key risk indicators (KRIs)
D. updating the risk register

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following is the best way to determine if a recent investment in access control software was successful?
A. Senior management acceptance of the access control software
B. a comparison of security incidents before and after software installation
C. a business impact analysis (BIA) of the systems protected by the software
D. a review of the number of key risk indicators (KRIs) implemented for the software

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of the following roles is best suited to validate user access requirements during an annual user access review?
A. Access manager
B. System Administrator
C. business owner
D. IT director

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which of the following is the greatest benefit of using a network-based intrusion prevention system (IPS)?
A. The ability to review and monitor streams by network segment
B. the ability to shut down or block suspicious connections
C. increased visibility into user web surfing
D. centralized controls for incident handling

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

During a post-incident review, the sequence and correlation of actions must be analyzed primarily based on:
A. a consolidated event timeline
B. logs from systems involved
C. interviews with personnel
D. documents created during the incident

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which of the following would be the most effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator’s account?
A. Set up an agent to run a virus-scanning program across platforms
B. ensure that proper controls exist for code review and release management
C. implement controls for continuous monitoring of middleware transactions
D. apply the latest patch programs to the production operating systems

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which of the following is the best approach to identify new security issues associated with IT systems and applications in a timely manner?
A. Requiring periodic security audits of IT systems and applications
B. comparing current state to established industry benchmarks
C. performing a vulnerability assessment for each change to IT systems
D. integrating risk assessments into the change management process

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which of the following would best help to ensure compliance with an organization’s information security requirements by an IT service provider?
A. Requiring an external security audit of the IT service provider
B. defining the business recovery plan with the IT service provider
C. defining information security requirements with internal IT
D. requiring regular reporting from the IT service provider

A

A

65
Q

Which of the following information best supports risk management decision making?
A. Results of a vulnerability assessment
B. estimated savings resulting from reduced risk exposure
C. average cost of risk events
D. quantification of events through threat modeling

A

B

66
Q

For an organization that provides web-based services, which of the following security events would most likely initiate an incident response plan and be escalated to management?
A. Anti-malware alerts on several employees’ workstations
B. several port scans of the web server
C. multiple failed login attempts on an employee’s workstation
D. suspicious network traffic originating from the Demilitarized Zone

A

A

67
Q

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager’s first response?
A. Evaluate the impact to the business
B. examine firewall logs to identify the attacker
C. notify the Regulatory agency of the incident
D. implement mitigating controls

A

A

68
Q

Penetration testing is most appropriate when a:
A. new system is about to go live
B. security incident has occurred
C. security policy is being developed
D. new system is being designed

A

A

69
Q

An organization has purchased an Internet sales company to extend the sales department. The information security manager ‘s first step to ensure the security policy framework encompasses the new business model is to:
A. perform a gap analysis
B. implement both companies policies separately
C. merge both companies policies
D. perform a vulnerability assessment

A

A

70
Q

An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. Which of the following should the information security manager do first?
A. Implement mitigating controls
B. perform a business impact analysis (BIA)
C. perform a risk assessment
D. notify senior management

A

A

71
Q

Which of the following should be an information security managers most important consideration when determining if an information asset has been classified appropriately?
A. Value of the business
B. security policy requirements
C. ownership of information
D. level of protection

A

A

72
Q

Which of the following is the best course of action when confidential information is inadvertently disseminated outside the organization?
A. Change the encryption keys
B. declare an incident
C. review compliance requirements
D. communicate the exposure

A

B

73
Q

Which of the following is most important when selecting an information security metric?
A. Ensuring the metric is repeatable
B. aligning the metric to the IT strategy
C. defining the metric in qualitative terms
D. defining the metric in quantitative terms

A

A

74
Q

Deciding the level of protection a particular asset should be given is best determined by:
A. the corporate risk appetite
B. a risk analysis
C. a threat assessment
D. a vulnerability assessment

A

B

75
Q

Which type of incident response test is the most efficient way to verify that backup power generators are functioning?
A. Operational full test
B. simulation failure test
C. parallel recovery test
D. full interruption test

A

D

76
Q

Which of the following is the best way to evaluate the impact of threat events on an organization’s IT operations?
A. Risk assessment
B. penetration testing
C. scenario analysis
D. controls review

A

C

77
Q

Which of the following should be done first when establishing security measures for personal data stored and processed on a human resources management system?
A. Conduct A vulnerability assessment
B. move the system into a separate network
C. conduct a privacy impact assessment (PIA)
D. evaluate data encryption technologies

A

C

78
Q

Which of the following is the best approach for governing noncompliance with security requirements?
A. Require users to acknowledge the acceptable use policy
B. base mandatory review and exception approvals on residual risk
C. require the steering committee to review exception requests
D. base mandatory review and exception approvals on inherent risk

A

B

79
Q

Which of the following is most important in increasing the effectiveness of incident responders?
A. Integrating staff with the IT department
B. testing response scenarios
C. communicating with the management team
D. reviewing the incident response plan annually

A

D

80
Q

Which of the following is an information security manager’s best course of action to gain approval for investment in a technical control?
A. Calculate the exposure factor
B. perform a cost-benefit analysis
C. conduct a risk assessment
D. conduct a business impact analysis (BIA)

A

B

81
Q

Which of the following is the most effective way for an organization to ensure its third party service providers are aware of information security requirements and expectations?
A. Include information security clauses within contracts
B. auditing the service delivery of third party providers
C. providing information security training to 3rd party personnel
D. requiring third parties to sign confidentiality agreements

A

A

82
Q

Which of the following security processes will best prevent the exploitation of system vulnerabilities?
A. Antivirus software
B. log monitoring
C. intrusion detection
D. patch management

A

D

83
Q

Which of the following best demonstrates that an anti-phishing campaign is effective?
A. Improved staff attendance in awareness sessions
B. decreased number of incidents that have occurred
C. decreased number of phishing emails received
D. improved feedback on the anti-phishing campaign

A

D

84
Q

Which of the following is the best way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?
A. Establish a present appropriate metrics that track performance
B. perform industry research annually and document the overall ranking of the IPS
C. perform a penetration test to demonstrate the ability to protect
D. provide yearly competitive pricing to illustrate the value of the IPS

A

C

85
Q

A technical vulnerability assessment on a personnel information management server should be performed when:
A. the data owner leaves the organization unexpectedly
B. the number of authorized access attempts increases
C. changes are made to the system configuration
D. at unexpected server outage has occurred

A

C

86
Q

A post-incident review revealed that key stakeholders took longer than acceptable to decide whether an application should be shut down following a security breach. Which of the following is management’s best course of action to rectify this issue?
A. Improve incident response criteria
B. improve incident response testing
C. define incident classification
D. establish containment procedures

A

C

87
Q

Which of the following would best mitigate accidental data loss events?
A. Enforce a data hard drive encryption policy
B. conduct a data loss prevention audit
C. conduct periodic user awareness training
D. obtain senior management support for the information security strategy

A

C

88
Q

Which of the following is the most important reason to conduct interviews as part of the business impact analysis (BIA) process.
A. To facilitate a qualitative risk assessment following the BIA
B. to obtain input from as many relevant stakeholders as possible
C. to ensure the stakeholders providing input on the related risk
D. to increase awareness of information security among key stakeholders

A

B

89
Q

The primary purpose for continuous monitoring of security controls is to ensure:
A. alignment with compliance requirements
B. effectiveness of controls
C. control gaps are minimized
D. system availability

A

B

90
Q

Which of the following is primarily influenced by a business impact analysis (BIA)?
A. Recovery strategy
B. risk mitigation strategy
C. security strategy
D. IT strategy

A

B

91
Q

Which of the following is the primary objective of a business impact analysis (BIA)?
A. Confirm control effectiveness
B. determine recovery priorities
C. define the recovery point objective (RPO)
D. analyze vulnerabilities

A

B

92
Q

Which of the following is an information security manager’s best course of action when a threat Intelligence Report indicates a large number of ransomware attacks targeting the industry?
A. Assess the risk to the organization
B. review the mitigating security controls
C. notify staff members of the threat
D. increase the frequency of system backups

A

A

93
Q

Of the following, whose input is of greatest importance in the development of an information security strategy?
A. Security architects
B. end users
C. corporate auditors
D. process owners

A

D

94
Q

An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would best enable the information security manager to address this concern?
A. Incident classification
B. incident response
C. forensic analysis
D. vulnerability assessment

A

A

95
Q

When designing security controls, it is most important to:
A. focus on preventive controls
B. apply controls to confidential information
C. evaluate the costs associated with the controls
D. apply a risk-based approach

A

C

96
Q

The most important reason for an information security manager to be involved in the change management process is to ensure that:
A. security controls Dr. technology changes
B. risks have been evaluated
C. security controls are updated regularly
D. potential vulnerabilities are identified

A

B

97
Q

An organization is conducting a post-incident review to determine the root cause of an information security incident. Which of the following situations would be most harmful to this investigation?
A. Unencrypted logs of the affected systems were saved on magnetic tapes
B. antivirus signature update processes failed on the affected systems
C. systems logs were cleared by the administrator to free up space on the affected systems
D. the incident response plan has not been updated during the past year

A

C

98
Q

Reviewing which of the following would be most helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
A. Management’s business goals and objectives
B. strategies of other non-regulated companies
C. industry best practices and control recommendations
D. risk assessment results

A

A

99
Q

An organization’s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk leakage is considered high impact. Which of the following is the best risk treatment option in this situation?
A. Accept the risk, as the benefits exceed the potential consequences
B. mitigate the risk by applying anonymization on the data set
C. transfer the risk by purchasing insurance
D. mitigate the risk by encrypting the customer names in the data set

A

B

100
Q

Which of the following is the most important consideration when establishing an organization’s information security governance committee?
A. Members represent functions across the organization
B. members have knowledge of information security controls
C. members are rotated periodically
D. members are business risk owners

A

A

101
Q

Which of the following is the best indication of information security strategy alignment with the business?
A. Number of business executives who have attended information security awareness sessions
B. percentage of corporate budget allocated to inform security initiatives
C. percentage of information security incidents resolved within defined service level agreements (SLAs)
D. number of business objectives directly supported by information security initiatives

A

D

102
Q

Conducting a business impact analysis (BIA) best helps to identify:
A. asset inventory
B. mitigation costs
C. residual risk
D. system criticality

A

D

103
Q

Which of the following is the best indication of a mature information security program?
A. Security spending is below budget
B. security incidents are managed properly
C. security resources are optimized
D. security audit findings are reduced

A

D

104
Q

Which of the following is the most important consideration when defining a recovery strategy in a business continuity plan (BCP)?
A. Legal and regulatory requirements
B. likelihood of a disaster
C. organizational tolerance to service interruption
D. geographical location of the backup site

A

C

105
Q

Which of the following is the best way to reduce the risk associated with a successful social engineering attack targeting help desk staff?
A. Conduct security awareness training
B. implement two-factor authentication
C. blocked access to social media sites
D. enforce role based access to help desk systems

A

A

106
Q

A measure of the effectiveness of the incident response capabilities of an organization is the:
A. number of incidents detected
B. number of employees receiving incident response training
C. reduction of the annual loss expectancy (ALE)
D. time to closer of incidents

A

C

107
Q

An organizations intrusion prevention system (IPS) detected and blocked an unusually large number of external intrusion attempts within a 24-hour period. Which of the following should be the information security manager’s first course of action?
A. Perform security assessments on Internet-facing systems
B. identify the source and nature of the attempts
C. review the server and firewall audit logs
D. report the issue to senior management

A

C

108
Q

A spear phishing attack was used to trick a user into installing a Trojan onto a workstation. Which of the following would have been most effective in preventing this attack from succeeding?
A. Application control
B. website blocking
C. Internet filtering
D. network encryption

A

C

109
Q

Which of the following is most relevant for an information security manager to communicate to the board of directors?
A. The level of exposure
B. vulnerability assessments
C. the level of inherent risk
D. threat assessments

A

A

110
Q

Which of the following best enables an organization to transform its culture to support information security?
A. Strong management support
B. robust technical security controls
C. periodic compliance audits
D. incentives for security incident reporting

A

A

111
Q

In an organization that has several independent security tools including intrusion detection systems (IDSs) and firewalls, which of the following is the best way to ensure timely detection of incidents?
A. Implement a log aggregation and correlation solution
B. ensure that the incident response plan is endorsed by senior management
C. ensure staff are cross trained to manage all security tools
D. outsource the management of security tools to a service provider

A

A

112
Q

Which of the following is the best indication of an effective information security awareness training program?
A. An increase in the identification rate during phishing simulations
B. an increase in the speed of incident resolution
C. an increase in positive user feedback
D. an increase in the frequency of phishing tests

A

A

113
Q

When determining an acceptable risk level, which of the following is the most important consideration?
A. Vulnerability scores
B. system criticalities
C. risk matrices
D. threat profiles

A

B

114
Q

From an information security perspective, legal issues associated with a transborder flow of technology-related items are most often related to:
A. website transactions and taxation
B. encryption tools and personal data
C. lack of competition and free trade
D. software patches and corporate data

A

B

115
Q

Which of the following should be the most important consideration when prioritizing risk remediation?
A. Evaluation of risk
B. duration of exposure
C. comparison to risk appetite
D. impact of compliance

A

D

116
Q

A post-incident review identified that user error resulted in a major breach. Which of the following is most important to determine during the review?
A. The underlying reason for the user error
B. the time and location that the breach occurred
C. appropriate disciplinary procedures for user error
D. evidence of previous incidents caused by the user

A

A

117
Q

An organization is implementing an information security governance framework. To communicate the program’s effectiveness to stakeholders, it is most important to establish:
A. A control self-assessment (CSA) process
B. metrics for each milestone
C. automated reporting to stakeholders
D. a monitoring process for the security policy

A

B

118
Q

The primary purpose of establishing an information security governance framework should be to:
A. establish the business case for strategic integration of information security and organizational efforts
B. document and communicate how the information security program functions within the organization
C. align information security strategy and investments to support organizational activities
D. align corporate governance, activities, And investments to information security goals

A

C

119
Q

Which of the following presents the greatest risk associated with the use of an automated security information and event management (SIEM) system?
A. Low number of false negatives
B. high number of false negatives
C. Low number of false positives
D. high number of false positives

A

B

120
Q

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following is the best way to address this situation?
A. Assign a risk owner to each risk
B. create mitigating controls to manage the risks
C. provide regular updates about the current state of the risks
D. re-perform risk analysis at regular intervals

A

A

121
Q

Which of the following documents should contain the initial prioritization of recovery of services?
A. Threat assessment
B. IT risk analysis
C. business impact analysis (BIA)
D. business process map

A

C

122
Q

An organization has discovered a recurring problem with unsecured code being released into production. Which of the following is the information security manager action?
A. Implement segregation of duties between development and production
B. increase the frequency of penetration testing
C. review existing configuration management processes
D. review existing change management processes

A

D

123
Q

Which of the following is the most critical factor for information security program success?
A. A comprehensive risk assessment program for information security
B. the information security manager’s knowledge of the business
C. ongoing audits and addressing open items
D. security staff with appropriate training and adequate resources

A

A

124
Q

Which of the following is the most important to ensure when developing escalation procedures for an incident response plan?
A. Minimum regulatory requirements are maintained
B. the contact list regularly updated
C. each process is assigned to a responsible party
D. senior management approval has been documented

A
125
Q
A

C

126
Q

An information security manager was informed that a planned penetration test could potentially disrupt some services. Which of the following should be the first course of action?
A. Estimate the impact and inform the business owner
B. accept the risk and document it in the risk register
C. ensure the service owner is available during the penetration test
D. reschedule the activity during an approved maintenance window

A

D

127
Q

Which of the following best ensures timely and reliable access to servers?
A. Authenticity
B. Availability
C. Nonrepudiation
D. recovery time objective (RTO)

A

B

128
Q

Which of the following should an information security manager perform first when an organization’s residual risk has increased?
A. Implement security measures to reduce the risk
B. assess the business impact
C. transfer the risk to third parties
D. communicate the information to senior management

A

B

129
Q

Which of the following is the best method to ensure compliance with password standards?
A. A user-awareness program
B. implementing password-synchronization software
C. using password-cracking software
D. automated enforcement of password syntax rules

A

D

130
Q

Which of the following is the most important criterion when deciding whether to accept residual risk?
A. Cost of replacing the asset
B. annual loss expectancy (ALE)
C. cost of additional mitigation
D. annual rate of occurrence

A

B

131
Q

Which of the following must be performed once risk has been accepted?
A. Reassess the risk on a regular basis
B. calculate the business impact of acceptance
C. flag the risk to avoid future reassessment
D. remove the risk from the risk register

A

A

132
Q

An organization’s IT department needs to implement security patches. Recent reports indicate these patches could result in stability issues. Which of the following is the information security manager’s best recommendation?
A. Research alternative software solutions
B. evaluate the patches in a test environment
C. increase monitoring after patch implementation
D. research compensating security controls

A

B

133
Q

Which of the following is the best way to build a risk-aware culture?
A. Periodically change risk awareness messages
B. ensure that threats are communicated organization-wide in a timely manner
C. periodically test compliance with security controls and post results
D. establish incentives and a channel for staff to report risks

A

C

134
Q

A business unit is not complying with the control implemented to mitigate risk because doing so impacts the ability to achieve business goals. When reporting the noncompliance to senior management, what would be the information security manager’s best recommendation?
A. Except the noncompliance
B. conduct a control assessment
C. implement compensating controls
D. educate the noncompliant users

A

C

135
Q

To implement effective continuous monitoring of IT controls, an information security manager needs to first ensure:
A. security alerts are centralized
B. periodic scanning of IT systems is in place
C. metrics are communicated to senior management
D. information assets have been classified

A

D

136
Q

An information security manager has identified a major security event with potential noncompliance implications. Who should be notified first?
A. Internal audit
B. public relations team
C. senior management
D. regulatory authorities

A

C

137
Q

In a cloud technology environment, which of the following would pose the greatest challenge to the investigation of security incidents?
A. Non-standard event logs
B. access to the hardware
C. data encryption
D. compressed customer data

A

B

138
Q

Which of the following is the most beneficial outcome of testing an incident response plan?
A. The response includes escalation to senior management
B. test plan results are documented
C. incident response time is improved
D. the plan is enhanced to reflect the findings of the test

A

C

139
Q

Which of the following presents the greatest challenge to the recovery of critical systems and data following a ransomware incident?
A. Unavailable or corrupt data backups
B. ineffective alert configurations for backup operations
C. lack of encryption for backup data in transit
D. undefined or undocumented backup retention policies

A

A

140
Q

Which of the following is the most important incident management consideration for an organization subscribing to a cloud service?
A. Decision on the classification of cloud-hosted data
B. expertise of personnel providing incident response
C. implementation of a SIEM in the organization
D. an agreement on the definition of a security incident

A

D

141
Q

Which of the following should be done first to ensure a new critical cloud application can be supported by internal personnel?
A. Establish A capability maturity model
B. develop a training plan
C. conduct a risk assessment
D. perform a skills gap analysis

A

D

142
Q

Which of the following is the main reason for integrating an organization’s incident response plan with its business continuity process?
A. Incidents can escalate into disasters needing proper response
B. recovery time objectives (RTOs) need to be determined
C. incidents will be reported more timely when categorized as a disaster
D. integration of the plan will reduce resource costs to the organization

A

C

143
Q

Which of the following would be of greatest assistance in determining whether to accept residual risk of a critical security system?
A. Maximum tolerable outage (MTO)
B. recovery time objective (RTO)
C. available annual budget
D. Cost-benefit analysis of mitigating controls

A

D

144
Q

Which of the following is the most effective approach to ensure seamless integration between the business continuity plan (BCP) and the incident response plan?
A. The BCP manager is included in the core incident response team
B. criteria for escalating to the BCP manager are in the incident response plan
C. both response teams contain the same members
D. consistent event classifications are used in both plans

A

D

145
Q

What should an information security manager do first to establish a road map for security investments?
A. Perform cost-benefit analyses of the investments
B. gain a thorough understanding of the organization’s operating processes
C. establish business cases for proposed security investments
D. ensure investments are strategically aligned with business objectives

A

D

146
Q

Which of the following provides the best assurance that security policies are applied across business operations?
A. Organizational standards are enforced by technical controls
B. organizational standards are included in awareness training
C. organizational standards are required to be formally accepted
D. organizational standards are documented an operational procedures

A

D

147
Q

Which of the following has the most influence on the information security investment process?
A. Security key performance indicators (KPIs)
B. organizational risk appetite
C. IT governance framework
D. information security policy

A

D

148
Q

Which of the following best determines what information should be shared with different entities during incident response?
A. Escalation procedures
B. communication plan
C. disaster recovery policy
D. business continuity plan (BCP)

A

B

149
Q

Which of the following should an information security manager do first when assessing conflicting requirements between the global organization’s security standards and local regulations?
A. Conduct a gap analysis against local regulations
B. perform a cost-benefit analysis of compliance
C. create a local version of the organizational standards
D. prioritize the organizational standards over local regulations

A

B

150
Q

Which of the following is the primary reason to monitor key risk indicators (KRIs) related to information security?
A. To alert on unacceptable risk
B. to identify residual risk
C. to reassess risk appetite
D. to benchmark control performance

A

A

151
Q

Which of the following must be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
A. Security policy
B. risk management framework
C. security standards
D. risk appetite

A

B

152
Q

Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the best way for the information security manager to respond to this situation?
A. Update roles and responsibilities of the incident response team
B. train the incident response team on escalation procedures
C. implement A monitoring solution for incident response activities
D. validate that the information security strategy maps to corporate objectives

A

A

153
Q

Which of the following best supports the incident management process for attacks on an organization’s supply chain?
A. Requiring security awareness training for vendor staff
B. including service level agreements (SLAs) in vendor contracts
C. performing integration testing with vendor systems
D. establishing communication paths with vendors

A

B

154
Q

An information security manager must have an understanding of the organization’s business goals to:
A. relate information security to change management
B. develop an information security strategy
C. develop operational procedures
D. define key performance indicators (KPIs)

A

D

155
Q

Which of the following provides an information security manager with the most accurate indication of the organization’s ability to respond to a cyber attack?
A. Walk-through of the incident response plan
B. black box penetration test
C. simulated phishing exercise
D. red team exercise

A

D

156
Q

Which of the following is the best way to reduce the risk associated with a bring your own device (BYOD) program?
A. Implement a mobile device policy and standard
B. provide employee training on secure mobile device practices
C. implement a mobile device management (MDM) solution
D. require employees to install an effective anti-malware app

A

C

157
Q

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do first?
A. Initiate incident response
B. initiate a device reset
C. conduct a risk assessment
D. disable remote access

A

A

158
Q

Relationships between critical systems are best understood by:
A. performing a business impact analysis (BIA)
B. developing a system classification scheme
C. evaluating key performance indicators (KPIs)
D. evaluating the recovery time objectives (RTOs)

A

A

CISM (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions