Deck 1 Flashcards by Stephanie Lee

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?
A. Legal and Regulatory requirements
B. Root cause analysis results
C. Availability of resources
D. Adverse effects on the business

How well did you know this?

Not at all

Perfectly

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?
A. Assess the extent of the issue
B. Report the issue to legal personnel
C. Notify senior management of the issue
D. Initiate contract renegotiation

How well did you know this?

Not at all

Perfectly

Which of the following would be MOST useful to help senior management understand the status of information security compliance?
A. Key performance indicators (KPIs)
B. Risk assessment results
C. Industry benchmarks
D. Business impact analysis (BIA) results

How well did you know this?

Not at all

Perfectly

An organization is concerned with the potential for exploitation of vulnerabilities in its server systems. Which of the following is the BEST control to mitigate the associated risk?
A. Enforcing standard System configurations based on secure configuration benchmarks
B. Implementing network and system-based anomaly monitoring software for server systems
C. Enforcing configurations for secure logging and audit trails on server systems
D. Implementing host-based intrusion detection systems (IDS) on server systems

How well did you know this?

Not at all

Perfectly

An organization has identified a risk scenario that has low impact to the organization but is very costly to mitigate. Which risk treatment option is MOST appropriate in this situation?
A. Transfer
B. Acceptance
C. Mitigation
D. Avoidance

How well did you know this?

Not at all

Perfectly

Which of the following should be the MAIN outcome from monitoring key performance indicators (KPIs) for a corporate security management program?
A. A balanced scorecard
B. An effective awareness program
C. Data for the organization to assess progress
D. Optimal level of value delivery

How well did you know this?

Not at all

Perfectly

Which of the following defines the triggers within a business continuity plan (BCP)?
A. Disaster recovery plan (DRP)
B. Needs of the organization
C. Information security policy
D. Gap analysis

How well did you know this?

Not at all

Perfectly

Which of the following should be the MOST important consideration of business continuity management?
A. Ensuring human safety
B. Securing critical information assets
C. Ensuring the reliability of backup data
D. Identifying critical business processes

How well did you know this?

Not at all

Perfectly

Which of the following should be the PRIMARY driver for delaying the delivery of an information security awareness program?
A. Change in senior management
B. High employee turnover
C. Employee acceptance
D. Risk appetite

How well did you know this?

Not at all

Perfectly

During the eradication process phase of an incident response, it is MOST important to:
A. Identify the root cause
B. Restore from the most recent backup
C. Notify affected users
D. Wipe the affected system

How well did you know this?

Not at all

Perfectly

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
A. Defining security asset categorization
B. Assigning information asset ownership
C. Developing a records retention schedule
D. Defining information stewardship roles

How well did you know this?

Not at all

Perfectly

The GREATEST benefit resulting from well-documented information security procedures is that they
A. Facilitate security training of new staff
B. Ensure that security policies are consistently applied
C. Provide a basis for auditing security practices
D. Ensure processes can be followed by temporary staff

How well did you know this?

Not at all

Perfectly

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager’s BEST course of action?
A. Present the risk to senior management
B. Modify the policy
C. Create an exception for the deviation
D. Enforce the policy

How well did you know this?

Not at all

Perfectly

Which of the following should be the PRIMARY consideration when developing an incident response plan?
A. Previously reported incidents
B. Management support
C. Compliance with regulations
D. The definition of an incident

How well did you know this?

Not at all

Perfectly

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
A. Identify recovery time objectives (RTOs)
B. Develop a test plan
C. Analyze the business impact
D. Define response team roles

How well did you know this?

Not at all

Perfectly

An anomaly-based intrusion detection system (IDS) operates by gathering data on:
A. Normal network behavior and using it as a baseline for measuring abnormal activity
B. Abnormal network behavior and using it as a baseline for measuring normal activity
C. Abnormal network behavior and using it as a baseline for measuring normal activity
D. Attack pattern signatures from historical data

How well did you know this?

Not at all

Perfectly

An organization that uses external cloud services extensively is concern with risk monitoring and timely response. The BEST way to address this concern is to ensure:
A. The availability of continuous technical support
B. Appropriate service level agreements (SLAs) are in place
C. a right-to-audit clause is included in contracts
D. Internal security standards are in place

How well did you know this?

Not at all

Perfectly

The security baselines of an organization should be based on:
A. procedures
B. standards
C. policies
D. guidelines

How well did you know this?

Not at all

Perfectly

An employee clicked on a link in a phishing email, triggering a ransomeware attack. Which of the following should be the information security manager’s FIRST step?
A. Notify internal legal
B. Isolate the impacted endpoints
C. Wipe the affected system
D. Notify senior management

How well did you know this?

Not at all

Perfectly

which of the following is most important for an information security manager to communicate to stakeholders when approving exceptions to the information security policy?
A. impact of the risk profile
B. Need for compensating controls
C. Time period for a review
D. Requirements for senior management reporting

How well did you know this?

Not at all

Perfectly

The main purpose of documenting information security guidelines for use within a large, international organization is to:
A. explain the organization’s preferred practices for security
B. ensure that all business units have the same strategic security goals
C. Ensure that all business units implement identical security postures
D. provide evidence for authors that security practices are adequate

How well did you know this?

Not at all

Perfectly

A penetration test of a new system has identified a number of critical vulnerabilities, jeopardizing the go live date. Stop it the information security manager is asked by the system owner to approve an exception to allow the system to be implemented without fixing the vulnerabilities. Which of the following is the most appropriate course of action?
A. Implement a long monitoring process
B. perform a risk assessment
C. develop a set of compensating controls
D. approve and document the exception

How well did you know this?

Not at all

Perfectly

Which of the following is the most important consideration when developing information security objectives?
A. They are regularly reassessed and reported to stakeholders
B. They are approved by the IT governance function
C. They are clear and can be understood by stakeholders
D. they are identified using global security frameworks and standards

How well did you know this?

Not at all

Perfectly

Which of the following is most important to the successful implementation of an information security program?
A. Establishing key performance indicators (KPI’s)
B. Obtaining stakeholder input
C. understanding current and emerging technologies
D. conducting periodic risk assessments

How well did you know this?

Not at all

Perfectly

An organization is in the process of adopting a hybrid data infrastructure, transferring all non core communications to cloud service providers, and maintaining all core business functions in-house. The information security manager has determined a defense in-depth strategy should be used. Which of the following best describes this strategy? A. Separate security controls for applications, platforms, programs, and endpoints B. multifactor login requirement for cloud service applications, timeouts, and complex passwords C. deployment of nested firewalls within the infrastructure D. strict enforcement of rule based access control (RBAC)

Which of the following has the greatest impact on the viability of an information security road map? A. Regulatory requirements B. management support C. Threat landscape D. resource availability

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the best way for the information security manager to help senior management understand the related risk? A. Include the impact of the risk as part of regular metrics B. send regular notifications directly to senior managers C. recommend the security steering committee conduct a review D. update the risk assessment at regular intervals

An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the most important action of the information security manager? A. Follow the outsourcers response plan B. refer to the organizations response plan C. notify the outsourcer of the privacy breach D. alert the appropriate law enforcement

Which of the following provides the best guidance when establishing a security program? A. Risk assessment methodology B. security audit report C. information security budget D. information security framework

During the response to a serious security breach, who is the best organizational staff member to communicate with external entities? A. The resource designated by senior management B. the incident response team leader C. the resource specified in the incident response plan D. a dedicated public relations spokesperson

Which of the following is most important to include in a report of an organization's information security risk? A. Control risk B. mitigated risk C. residual risk D. inherent risk

When developing an incident escalation process, the best approach is to classify incidents based on: A. their root causes B. information assets affected C. recovery point objective (RPOs) D. estimated time to recover

Which of the following is a desired outcome of information security governance? A. Penetration test B. a maturity model C. improved risk management D. business agility right

An incident response team has been assembled from a group of experienced individuals. Which type of exercise would be most beneficial for the team at the first drill? A. Tabletop exercise B. red team exercise C. disaster recovery exercise D. black box penetration test

Which of the following is most helpful for aligning security operations with the IT governance framework? A. Business impact analysis (BIA) B. security operations program C. information security policy D. security risk assessment

Which of the following should be the primary outcome of an information security program? A. Threat reduction B. strategic alignment C. risk elimination D. cost reduction

An organization has just updated its backup capability to a new cloud based solution which of the following tests will most effectively verify this change is working as intended? A. Simulation testing B. tabletop testing C. parallel testing D. black box testing

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on: A. risk assessment results B. International Security standards C. the most stringent requirements D. the security organization structure

Which of the following is the best way to achieve compliance with new global regulations related to the protection of personal information? A. Review contracts and statements of work (SOWs) with vendors B. determine current and desired state of controls C. execute a risk treatment plan D. implement data regionalization controls

Which is the best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required? A. Full interruption test B. Tabletop test C. parallel test D. simulation test

Which of the following is the most effective approach for determining whether an organization's information security program supports the information security strategy? A. Ensure resources meet information security program needs B. Audit the information security program to identify deficiencies C. identify gaps impacting information security strategy D. develop key performance indicators (KPIs) of information security

Which of the following is the most effective way to prevent information security incidents? A. Deploying intrusion detection tools in the network environment B. deploying a consistent incident response approach C. implementing a security information and event management (SIEM) tool D. implementing a security awareness training program for employees

Which of the following should an information security manager do next after creating a road map to execute the strategy for an information security program? A. Develop a project plan to implement the strategy B. obtain consensus on this strategy from the executive board C. define organizational risk tolerance D. review alignment with business goals

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following is most important to include in the business case? A. Alignment with the approved IT strategy B. potential impact of threat realization C. availability of resources to implement the initiative D. peer group threat Intelligence Report

Which of the following is the first step in developing a business continuity plan (BCP)? A. Identify critical business processes B. determine the business recovery strategy C. determine available resources D. identify the applications with the shortest recovery time objectives (RTOs)

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations? A. Containment B. Identification C. Preparation D. Recovery

Which of the following has the most direct impact on the usability of an organization's asset classification policy? A. The granularity of classifications in the hierarchy B. the support of IT management for the classification scheme C. the frequency of updates to the organizations risk register D. the business objectives of the organization

A penetration test was conducted by an accredited third party. Which of the following should be the information security managers first course of action? A. Request funding needed to resolve the top vulnerabilities B. ensure a risk assessment is performed to evaluate the findings C. report findings to senior management D. ensure vulnerabilities found are resolved within acceptable timeframes

When performing a business impact analysis, who should calculate the recovery time and cost estimates? A. Business process owner B. business continuity coordinator C. information security manager D. senior management

An information security manager is reporting on open items from the risk register to senior management. Which of the following is most important to communicate with regard to these risks? A. Key risk indicators (KRIs) B. responsible entities C. compensating controls D. potential business impact

The best way to identify the risk associated with a social engineering attack is to: A. monitor the intrusion detection system (IDS) B. reviews single sign-on (SSO) authentication logs C. perform a business risk assessment of the e-mail filtering system D. test user knowledge of information security practices

A desktop computer is being used to perpetrate a fraud, and data on the machine must be secured for evidence. Which of the following should be done first? A. Encrypt the content of the hard drive using a strong algorithm B. obtain a hash of the desktop computers internal hard drive C. copy the data on the computer to an external hard drive D. capture a forensic image of the computer

Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system? A. Information owner B. business manager C. senior management D. information security manager

An organization has fallen victim to a spearfishing attack that compromise the multifactor authentication code. What is the information security managers most important follow up action? A. Communicate the threat to users B. Install client anti malware solutions C. implement firewall blocking of known attack signatures D. implement an advanced e-mail filtering system

Which of the following is the most effective approach to ensure IT processes are performed in compliance with the information security policies? A. Ensuring that key controls are embedded in the processes B. providing information security policy training to the process owners C. allocating sufficient resources D. identifying risks in the processes and managing those risks

Which of the following should be the primary consideration when implementing a data loss prevention solution? A. Data ownership B. data storage capabilities C. data classification D. selection of tools

An organization is leveraging tablet to replace desktop computers shared by shift based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will best help to mitigate this risk? A. Implement remote wipe capability B. create an acceptable use policy C. conduct a mobile device risk assessment D. deploy mobile device management (MDM)

Which of the following should be the greatest consideration when determining the recovery time objective (RTO) for an in house critical application, database, or server? A. Direction from senior management B. results of recovery testing C. determination of recovery point objective (RPO) D. impact of service interruption

Which of the following would be impacted the most by a business decision to move from traditional computing to cloud computing? A. Security awareness B. security standards C. security policies D. security strategy

The best way to avoid session hijacking is to use: A. strong password controls B. a firewall C. a reverse lookup D. a secure protocol

Which of the following is most helpful for determining which information security policies should be implemented by an organization? A. Business impact analysis B. risk assessment C. vulnerability assessment D. industry best practices

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do first? A. Activate the incident response program B. validate the risk to the organization C. perform a business impact analysis (BIA) D. notify local law enforcement agencies of a breach

Which of the following is the most effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders? A. Create a data classification policy B. implement role based access controls C. require the use of login credentials and passwords D. conduct information security awareness training

An information security manager is implementing a bring your own device (BYOD) program. Which of the following would best ensure that users adhere to the security standards? A. Publish the standards on the intranet landing page B. deploy a device management solution C. establish an acceptable use policy D. monitor user activities on the network

The primary objective of a risk response strategy should be: A. Threat reduction B. Senior management buy in C. appropriate control selection D. regulatory compliance

The most effective tools for responding to new and advanced attacks are those that detect attacks based on: A. behavior analysis B. penetration testing C. signature analysis D. data packet analysis

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be most concerned with: A. developing a security program that meets global and regional requirements B. ensuring effective communication with local regulatory bodies C. monitoring compliance with defined security policies and standards D. using industry best practices to meet local legal regulatory requirements

Which of the following desired outcomes best supports a decision to invest in a new security initiative? A. Enhanced security monitoring and reporting B. reduction of organizational risk C. reduced control complexity D. enhanced threat detection capability

Which of the following is most likely to be included in an enterprise security policy? A. Definitions of responsibilities B. retention schedules C. system access specifications D. organizational risk

Which of the following roles is best able to influence the security culture within an organization? A. Chief information security officer (CISO) B. Chief information officer (CIO) C. chief operating officer (COO) D. chief executive officer (CEO)

To help ensure that an information security training program is most effective, its contents should be: A. aligned to business processes B. based on employees roles C. based on recent incidents D. focused on information security policy

Which of the following best demonstrates return on investment (ROI) for an information security initiative? A. Risk heat map B. business impact analysis (BIA) C. business case D. information security program road map

A financial company executive is concerned about recently increasing cyber attacks and needs to take action to reduce risk. The organization would best respond by: A. increasing budget and staffing levels for the incident response team B. revalidating and mitigating risks to an acceptable level C. Implementing an intrusion detection system (IDS) D. testing the business continuity plan (BCP)

An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action? A. Review the business unit’s function against the policy B. Revise the policy to accommodate the business unit C. Report the business unit for policy noncompliance D. Enforce sanctions on the business unit

Which of the following is most important to consider when determining the criticality and sensitivity of an information asset? A. Results of business continuity testing B. Number of threats that can impact the asset C. Investment required to protect the asset D. Business functions supported by the asset

Which of the following is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense? A. A port scan of the firewall from an internal source B. a simulated denial of service attack (DoS) against the firewall C. a validation of the current firewall rule set D. a ping test from an external source

What is the primary objective of implementing standard security configurations? A. Maintain a flexible approach to mitigate potential risk to unsupported systems B. minimize the operational burden of managing and monitoring unsupported systems C. compare configurations between supported and unsupported systems D. control vulnerabilities and reduce threats from changed configurations

An information security manager note that security incident are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the best automated control to resolve this issue? A. Integrating automated service level agreement (SLA) reporting into the helpdesk ticketing system B. changing the default setting for all security incidents to the highest priority C. integrating incident response workflow into the helpdesk ticketing system D. implementing automated vulnerability scanning in the help desk workflow

Which of the following has the greatest positive impact on the ability to execute a disaster recovery plan? A. Updating the plan periodically B. conducting a walkthrough of the plan C. storing the plan at an off-site location D. communicating the plan to all stakeholders

Which of the following is the most effective way to protect the authenticity of data in transit? A. hash value B. Digital signature C. private key D. public key

Which of the following components of an information security risk assessment is most valuable to senior management? A. Residual risk B. return on investment (ROI) C. mitigation actions D. threat profile

Who should determine data access requirements for an application hosted at an organizations data center? A. Information security manager B. business owner C. data custodian D. systems administrator

An organization recently purchased data loss prevention software but soon discovered the software fails to detect or prevent data loss. Which of the following should the information security manager do first? A. Revise the data classification policy B. review the contract C. review the configuration D. implement stricter data loss controls

Which risk is introduced when using only sanitized data for the testing of applications? A. Unexpected outcomes may arise in production B. data disclosure may occur during the mitigation event C. breaches of compliance obligations will occur D. data loss may occur during the testing phase

Which of the following should be the primary goal of information security? A. Business alignment B. regulatory compliance C. data governance D. information management

what is the primary benefit to an organization when information security program requirements are aligned with employment and staffing processes? A. Access is granted based on task requirements B. information assets are classified appropriately C. security staff turnover is reduced D. security incident reporting procedures are followed

Which of the following would be most helpful to identify worst case disruption scenarios? A. Cost benefit analysis B. SWOT analysis C. business process analysis D. business impact analysis (BIA)

If civil litigation is a goal for an organizational response to a security incident, the primary steps should be to: A. capture evidence using standard server backup utilities B. document the chain of custody C. reboot affected machines in a secure area to search for evidence D. contact law enforcement

Which of the following is most important to the successful implementation of information security program? A. Key performance indicators (KPIs) are defined B. adequate security resources are allocated to the program C. a balanced scorecard is approved by the steering committee D. the program is developed using global security standards

Which of the following is the best way to determine the gap between the present and desired state of an information security program? A. Determine whether critical Success Factors (CSFs) have been defined B. Review and update current operational procedures C. perform a risk analysis for critical applications D. conduct a capability maturity model evaluation

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address: A. baseline security controls B. security objectives C. cost benefit analyses D. benchmarking security metrics

Reverse lookups can be used to prevent successful: A. denial of service (DoS) attacks B. phishing attacks C. Session hacking D. Internet Protocol (IP) spoofing

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do first? A. Assess the business impact to the organization B. present the non compliance risk to senior management C. investigate alternative options to remediate the noncompliance D. determine the cost to remediate the noncompliance

A large organization is in the process of developing its information security program that involves working with several complex organizational functions. Which of the following will best enable the successful implementation of this program? A. Security governance B. security policy C. security metrics D. security guidelines

Which of the following is most important for an information security manager to verify before conducting full-functional continuity testing? A. Incident response and recovery plans are documented in simple language B. copies of recovery and incident response plans are kept off-site C. teams and individuals responsible for recovery have been identified D. risk acceptance by the business has been documented

Which of the following external entities would provide the best guidance to an organization facing advanced attacks? A. Incident response experts from highly regarded peer organizations B. open source reconnaissance C. recognize threat intelligence communities D. disaster recovery consultants widely endorsed in industry forums

Which of the following would best provide stakeholders with information to determine the appropriate response to a disaster? A. Vulnerability assessment B. SWOT analysis C. business impact analysis (BIA) D. risk assessment

The best way to report to the board on the effectiveness of the information security program is to present: A. a summary of the most recent audit findings B. a report of cost savings from process improvements C. peer- group industry benchmarks D. a dashboard illustrating key performance metrics

An organization security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the strongest justification for granting an exception to the policy? A. Users accept the risk of noncompliance B. the benefit is greater than the potential risk C. USB storage devices are enabled based on user roles D. access is restricted to read only

Which of the following will result in the MOST accurate controls assessment? A. Mature change management processes B. Unannounced testing C. Well-defined security policies D. Senior management support

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations? A. Encrypt all personal data stored on systems and networks B. Evaluate privacy technologies required for data protection C. Create an inventory of systems when personal data is stored D. Update disciplinary processes to address privacy violations

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes? A. Results from a business impact analysis (BIA) B. Results from a gap analysis C. An inventory of security controls in place D. Deadlines and penalties for noncompliance

Management decisions concerning information security investments will be MOST effective when they are based on: A. a process for identifying and analyzing threats and vulnerabilities B. the formalized acceptance of risk analysis by management C. the reporting of consistent and periodic assessments of risks D. an annual loss expectancy (ALE) determined from the history of security events

Which of the following will have the MOST negative impact to the effectiveness of incident response processes? A. High organizational risk tolerance B. Decentralized incident monitoring C. Ambiguous severity criteria D. Manual incident reporting processes

Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks? A. Standardize secure web development practices B. Integrate security into the early phases of the development life cycle C. Incorporate security requirements into job descriptions D. Implement a tailored security awareness training program

Which of the following is a PRIMARY objective of an information security governance framework? A. To provide the basis for action plans to achieve information security objectives organization-wide B. To achieve the desired information security state as defined by business unit management C. To align the relationships of stakeholders involved in developing and executing an information security strategy D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST? A. Create a security exception B. Assess the risk to business operations C. Perform a vulnerability assessment D. Perform a gap analysis to determine needed resources

Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action? A. Perform a new risk assessment B. Review the previous risk assessment and countermeasures C. Transfer the new risk to a third party D. Evaluate countermeasures to mitigate new risks

Which of the following BEST enables the design of an effective incident escalation process? A. A well-defined organizational hierarchy B. Enforceable control baselines C. A comprehensive risk register D. Controls designed for defense in depth

Which of the following is an example of risk mitigation? A. Improving security controls B. Discontinuing the activity associated with the risk C. Performing a cost-benefit analysis D. Purchasing insurance

A security policy exception is leading to an unexpected increase in the number of alerts about suspicious internet traffic on an organization's network. Which of the following is the BEST course of action? A. Remove the rules that trigger the increased number of alerts B. Present a risk analysis with recommendations to senior management C. Update the risk register so that senior management is kept informed D. Evaluate and update the enterprise network security architecture

Which of the following is the GREATEST benefit of information asset classification? A. Supporting segregation of duties B. Defining resource ownership C. Providing a basis for implementing a need-to-know policy D. Helping to determine the recovery point objective (RPO)

Which of the following is the MOST relevant factor when determining the appropriate escalation process in the incident response plan? A. Significance of the affected systems B. Number of resources allocated to respond C. Resilience capability of the affected systems D. Replacement cost of the affected systems

The PRIMARY objective of performing a post-incident review is to: A. identify control improvements B. identify vulnerabilities C. re-evaluate the impact of incidents D. identify the root cause

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level? A. Update the risk assessment framework B. Monitor the effectiveness of controls C. Review the risk probability and impact D. Review the inherent risk level

Which of the following is the PRIMARY purpose of establishing an information security governance framework? A. To proactively address security objectives B. To reduce security audit issues C. To enhance business continuity planning D. To minimize security risks

The MOST important reason to use a centralized mechanism to identify information security incidents is to: A. comply with corporate policies B. detect threats across environments C. prevent unauthorized changes to network D. detect potential fraud

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered? A. Deterrent B. Detective C. Preventive D. Corrective

What is the PRIMARY benefit of using key performance indicators (KPIs) for information security risk management? A. Set targets against which the organization's information security function can be evaluated. B. Prevent potential undesirable events from affecting information security C. Identify risk events that have already occurred from affecting information security D. Establish the process for setting organizational objectives in light of information security risk

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall: A. web surfing controls B. packet filtering C. application awareness D. log monitoring

Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program? A. The classifications do not follow industry best practices B. Labeling is not consistent throughout the organization C. The program allows exceptions to be granted D. Data retention requirements are not defined

What should be the information security manager's FIRST step when updating an information security program? A. Review costs and benchmark them against industry norms B. Interview business unit managers and key stakeholders C. Identify program components that do not align with business objectives D. Re-evaluate the organization's business expectations and objectives

Embedding security responsibilities into job descriptions is important PRIMARILY because it: A. simplifies development of the security awareness program B. aligns security to the human resources (HR) function C. strengthens employee accountability D. supports access management

Which of the following is the MAIN objective of a risk management program? A. Reduce corporate liability for information security incidents B. Reduce risk to the level of the organization's risk appetite C. Reduce the risk to the maximum extent possible D. Reduce costs associated with incident response

For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices? A. Device certification process B. Acceptable use policy C. Containerization solution D. Data loss prevention (DLP)

When scoping a risk assessment, assets need to be classified by: A. sensitivity and criticality B. likelihood and impact C. threats and opportunities D. redundancy and recoverability

Which of the following is the BEST tool to monitor the effectiveness of information security governance? A. Balanced scorecard B. Risk profile C. Business impact analysis (BIA) D. Key performance indicators (KPIs)

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems? A. Increase the frequency of log monitoring and analysis B. Implement a security information and event management system (SIEM) C. Increase the sensitivity of intrusion detection systems (IDSs) D. Implement multi-factor authentication

An information security manager of an e-commerce business is reviewing the results of a business continuity plan (BCP) review. Which of the following findings should be the MOST immediate concern? A. The cost of a recent recovery test exceeded budget expectations B. The annual business impact analysis (BIA) has been delayed C. The business continuity plan (BCP) has not been recently tested D. The recovery time objective (RTO) was not met during a recent power outage

To ensure that a new application complies with information security policy, the BEST approach is to: A. perform a vulnerability analysis B. review the security of the application before implementing C. integrate security functionality during the development stage D. periodically audit the security of the application

The PRIMARY goal of information security governance is to: A. reduce risk to an acceptable level B. align with business processes C. align with business objectives D. establish a security strategy

When investigating an information security incident details of the incident should be shared: A. widely to demonstrate positive intent B. only as needed C. only with management D. only with internal audit

Which of the following is MOST likely to be a component is a security incident escalation policy? A. Names and telephone numbers of key management personnel B. A severity-ranking mechanism tied only to the duration of the outage C. Sample scripts and press releases for statements to media D. Decision criteria for when to alert various groups

Which of the following is the MOST important control to implement when senior managers use smartphones to access sensitive company information? A. Centralized device administration B. Remote wipe capability C. Anti-malware on the devices D. Strong passwords

An information security manager's PRIMARY objective for presenting key risks to the board of directors is to: A. ensure appropriate information security governance B. quantify reputational risks C. meet information security compliance requirements D. re-evaluate the risk appetite

When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager? A. Identifying unacceptable risk levels B. Assessing vulnerabilities C. Evaluating potential threats D. Managing the impact

Which of the following is the BEST indicator of an emerging incident? A. A weakness identified within an organization's information systems B. Attempted patching of systems resulting in errors C. Customer complaints about lack of website availability D. A recent security incident at an industry competitor

Network isolation techniques are immediately implemented after a security breach to: A. allow time for key stakeholder decision making B. reduce the extent of further damage C. enforce zero trust architecture principles D. preserver evidence as required for forensics

Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework? A. Executive leadership becomes involved in decisions about information security governance B. Executive leadership views information security governance primarily as a concern of the information security management team C. Information security has little or no experience with the practice of information security governance D. Information security management does not fully accept the responsibility for information security governance

Which of the following should be the KEY consideration when creating an information security communication plan with industry peers? A. Reducing the costs associated with information sharing by automating the process B. Balancing the benefits of information sharing with the drawbacks of sharing sensitive information C. Notifying the legal department whenever an incident-related information is shared D. Ensuring information is detailed enough to be of use to other organizations

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program? A. Security incident details B. Security metrics C. Security risk exposure D. Security baselines

Which of the following should be of MOST concern to an information security manager reviewing the organization's disaster recovery plan (DRP)? A. Organization wide training for disaster recovery has not occurred B. The response team has contracted with an external consultant to support testing activities C. Six months have elapsed since the most recent test of the response plan D. The response plan document has not been updated with the latest notification list details

Which of the following is MOST important to include in an information security strategy? A. Industry benchmarks B. Stakeholder requirements C. Risk register D. Regulatory requirements

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining: A. security requirements for the process being outsourced B. risk-reporting methodologies C. service level agreements (SLAs) D. security metrics

Which of the following BEST demonstrates the added value of an information security program? A. Security baselines B. A gap analysis C. A SWOT analysis D. A balanced scorecard

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees? A. Help desk B. Legal C. Information security D. Human resources (HR)

It is most important for an information security manager to ensure that the security risk assessments are performed: A. during a root cause analysis B. as part of the security business case C. consistently throughout the enterprise D. in response to the threat landscape

Which of the following is the BEST way to strengthen the alignment of an information security program with business strategy? A. Establishing an information security steering committee B. Increasing the frequency of control assessments C. Providing organizational training on information security policies D. Increasing budget for risk assessments

Which of the following is MOST important to consider when defining escalation processes for incident response procedures? A. Key risk indicators (KRIs) B. Business continuity plans (BCPs) C. Recovery time objectives (RTOs) D. Key performance indicators (KPIs)

Which of the following is the PRIMARY role of the information security manager in application development? To ensure: A. enterprise security controls are implemented B. security is integrated into the system development life cycle (SDLC) C. control procedures address business risk D. compliance with industry best practice

Which of the following should be the PRIMARY goal of an information security manager when designing information security policies? A. Minimizing the cost of security controls B. Reducing organizational security risk C. Improving the protection of information D. Achieving organizational objectives

The MOST important objective of security awareness training for business staff is to: A. understand intrusion methods B. reduce negative audit findings C. increase compliance D. modify behavior

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management? A. Security is a business product and not a process B. Effective security eliminates risk to the business C. Adopt a recognized framework with metrics D. Security supports and protects the business

Information security controls should be designed PRIMARILY based on: A. regulatory requirements B. a vulnerability assessment C. business risk scenarios D. a business impact analysis (BIA)

When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that: A. the applications are tested prior to implementaion B. security controls are applied to each device when joining the network C. users have read and signed acceptable use agreements D. business leaders have an understanding of security risk

An attacker was able to gain access to an organization's perimeter firewall and made changes to allow wider external access and to steal data. Which of the following would have BEST provided timely identification of this incident? A. Implementing a data loss prevention (DLP) suite B. Deploying an intrusion prevention system (IPS) C. Deploying a security information and event management system (SIEM) D. Conducting regular system administrator awareness

Which of the following would BEST help to ensure an organization's security program is aligned with business objectives? A. The organization's board of directors includes a dedicated information security advisor B. The security strategy is reviewed and approved by the organization's steering committee C. Security policies are reviewed and approved by the chief information officer (CIO) D. Business leaders receive annual information security awareness training

Which of the following BEST supports information security management in the event of organizational changes in security personnel? A. Ensuring current documentation of security Processes B. Formalizing a security strategy and program C. Developing an awareness program for staff D. Establishing processes within the security operations team

An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the internet. Which of the following stakeholders should be contacted FIRST? A. The business owner B. Key customers C. Executive management D. System administrator

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance? A. Ownership of responsibility B. Auditability of systems C. Allocation of training resources D. Compliance with policies

Which of the following is MOST important to conder when determining the effectiveness of the information security governance program? A. Key performance indicators (KPIs) B. Maturity models C. Risk tolerance levels D. Key risk indicators (KRIs)

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization? A. The third party has not provided evidence of compliance with local regulations where data is generated B. The third party does not have an independent assessment of controls available for review C. The third party's service level agreement (SLA) does not include guarantees of uptime D. The third party contract does not include an indemnity clause for compensation in the event of a breach

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure: A. change activities are documented B. compliance with the risk acceptance framework C. the rationale for acceptance is periodically reviewed D. the acceptance is aligned with business strategy

Which of the following should an information security manager do FIRST when informed that customer data has been breached within a third-party vendor's environment? A. Communicate the breach to leadership B. Request and verify evidence of the breach C. Notify the incident response team D. Review vendor obligations in the contract

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include: A. responses to security questionnaires B. previous training sessions C. examples of help desk requests D. results of exit interviews

In which cloud model does the cloud service buyer assume the MOST security responsibility? A. Infrastructure as a Service (IaaS) B. Software as a Service (SaaS) C. Disaster Recovery as a Service (DSaaS) D. Platform as a Service (PaaS)

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack? A. Purchase cyber insurance B. Encrypt sensitive production data C. Maintain multiple offline backups D. Perform integrity checks on backups

Which of the following is the BEST defense against a brute force attack? A. Intruder detection lockout B. Time-of-day restrictions C. Discretionary access control D. Mandatory access control

Which of the following is MOST useful to display on a dashboard to demonstrate security performance? A. Number of hours spent per vulnerability remediated B. Number of vulnerabilities detected over time C. Severity of currently unremediated vulnerabilities D. Average time to identify vulnerabilities

What is the FIRST line of defense against criminal insider activities? A. Signing security agreements by critical personnel B. Stringent and enforced access controls C. Validating the integrity of personnel D. Monitoring employee activities

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take? A. Evaluate the information security laws that apply to the acquired country B. Apply the existing information security program to the acquired company C. Merge the two existing information security programs D. Determine which country's information security regulations will be used

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan? A. More visibility to the impact of disruptions B. Ability to monitor and control incident management costs C. Effective protection of information assets D. Optimized allocation of recovery resources

Which of the following is the MOST essential element of an information security program? A. Prioritizing program deliverables based on available resources B. benchmarking the program with global standards for relevance C. involving functional managers in program development D. applying project management practices used by the business

Which of the following should be an information security manager’s FIRST course of action when a newly introduced privacy regulation affects the business? A. Identify and assess the risk in the context of business objectives B. consult with IT staff and assess the risk based on their recommendations C. update the security policy based on the regulatory requirements D. propose relevant controls to ensure the business complies with the regulation

The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to: A. obtain the support of executive management B. document the disaster recovery process C. map the business process to supporting IT and other corporate resources D. identify critical processes and the degree of reliance on support services

Which of the following will protect the confidentiality of data transmitted over the Internet? A. Message digests B. encrypting file system C. network address translation D. IPsec protocol

An organization's CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be compromised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee? A. The committee consists of too many senior executives B. the committee lacks sufficient business representation C. there is a conflict of interest between the business andIT D. the CIO is not taking charge of the committee

A common drawback of e-mail software packages that provide native encryption of messages is that the encryption: A. has insufficient key length B. cannot interoperate across product domains C. cannot encrypt attachments D. has no key recovery mechanism

Which of the following is MOST important to ensure ongoing senior management commitment to an organizations information security strategy? A. Effective and reliable security reporting B. A well-defined information security control framework C. a detailed and documented business impact analysis (BIA) D. strategic alignment to an industry framework

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without the server. Which of the following would MOST effectively allowed the hospital to avoid paying the ransom? A. A continual server replication process B. employee training on ransomware C. a properly tested offline backup system D. a properly configured firewall

Which of the following is MOST important to determine following that discovery and eradication of a malware attack? A. The creator of the malware B. the malware entry path C. the type of malware involved D. The method of detecting the malware

Which of the following processes can be used to remediate identified technical vulnerabilities? A. Updating the business impact analysis (BIA) B. performing penetration testing C. enforcing baseline configurations D. conducting a risk assessment

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT? A. Formally document the decision B. review the regulations C. review the risk monitoring plan D. perform a risk assessment

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity? A. Document a security exception B. reduce security hardening settings C. perform a risk assessment D. inform business management of the risk

The BEST indication of a change in risk that may negatively impact an organization is an increase in the number of: A. security incidents reported by staff to the information security team B. malware infections detected by the organizations antivirus software C. alerts triggered by the security information and event management (SIEM) solution D. events logged by the intrusion detection system (IDS)

When monitoring the security of a web-based application, which of the following is MOST frequently reviewed? A. Audit reports B. access logs C. Access lists D. Threat metrics

An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to: A. evaluate the impact B. prepare for criminal prosecution C. document lessons learned D. update information security policies

Which of the following is MOST likely to affect an organization's ability to respond to security incidents in a timely manner? A. Lack of senior management buy-in B. inadequate detective control performance C. misconfiguration of security information and event management (SIEM) tool D. complexity of network segmentation

The PRIMARY Objective of timely declaration of a disaster is to: A. ensure the continuity of the organizations essential services B. protect critical physical assets from further loss C. ensure engagement of business management in the recovery process D. assess and correct disaster recovery process deficiencies

Which of the following methods enables the MOST rigorous testing while avoiding the disruption of normal business operations? A. Walk-through test B. full interruption test C. parallel test D. checklist review test

Which of the following should be the PRIMARY basis for an information security strategy? A. Audit and regulatory requirements B. information security policies C. the organization's vision and mission D. results of a comprehensive gap analysis

Which of the following departments should be responsible for classifying customer relationship management (CRM) system data on a database server maintained by IT? A. Sales B. information security C. human resources (HR) D. IT

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) Has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager’s FIRST course of action? A. Disconnect the real-time access B. conduct A penetration test of the vendor C. review the vendor contract D. review the vendor’s technical security controls

Which of the following is the BEST away to obtain reliable information to help an incident response team maintain awareness of emerging security threats and vulnerabilities? A. Subscribe to a reputed threat intelligence group B. assign staff to engage with social media hacking groups C. review alerts from my security information and event management (SIEM) system D. implement vulnerability scanners

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate? A. Projected increase in maturity level B. estimated increase in efficiency C. projected costs over time D. estimated reduction in risk

Which of the following is the BEST method for reducing the risk of data loss due to phishing attacks? A. Changing passwords frequently B. implementing data loss prevention C. using spam filtering solutions D. educating users

Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization? A. Identify secure social networking sites B. establish disciplinary actions for noncompliance C. perform a vulnerability assessment D. define acceptable information for posting

Labeling information according to its security classification: A. reduces the need to identify baseline controls for each classification B. reduces the number and type of countermeasures required C. enhances the likelihood of people handling information securely D. affects the consequences if information is handled insecurely

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap? A. Perform a cost-benefit analysis B. collect additional metrics C. begin due diligence on the outsourcing company D. submit funding request to senior management

Which of the following BEST indicates the effectiveness of the vendor risk management process? A. Increase in the percentage of vendors certified to a globally recognized security standard B. increase in the percentage of vendors with a completed due diligence review C. increase in the percentage of vendors conducting mandatory security training D. increase in the percentage of vendors that have reported security breaches

Which of the following would provide the GREATEST assurance to management that information security incidents will be detected and contained in a timely manner without jeopardizing the organization's mission? A. Network security penetration testing program B. continuous vulnerability scanning solution C. security information and event management (SIEM) system D. fully operational security operations center (SOC)

Which of the following has the GREATEST impact on efforts to improve an organization’s security organization? A. Well-documented security policies and procedures B. Supportive tone at the top regarding security C. Regular reporting to senior management D. Automation of security controls

The PRIMARY purpose of a penetration test is to: A. test network load capacity B. validate firewall and router configuration C. provide assurance of the security of the network D. identify vulnerabilities at a particular point in time

An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation? A. Controls to be monitored B. Reporting capabilities C. The contract with the SIEM vendor D. Available technical support

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals? A. Number of blocked intrusion attempts B. number of business cases reviewed by senior management C. trends in the number of identified threats to the business D. percentage of controls integrated into the business processes

Which of the following would provide the MOST useful information when prioritizing controls to be added to a system? A. The risk register B. balanced scorecard C. compliance requirements D. baseline to industry standards

Which of the following BEST enable staff acceptance of information security policies? A. Adequate security funding B. a robust incident response program C. strong senior management support D. computer-based training

Which of the following is a PRIMARY benefit of managed security solutions? A. Easier implementation across an organization B. Greater ability to focus on core business operations C. Wider range of capabilities D. Lower cost of operations

Which of the following BEST demonstrates that security controls are effective? A. Audit report B. Tabletop simulation C. Risk and control self-assessment D. Business impact analysis (BIA) results

An information security manager wants to implement a security information and event management (SIEM) system that will aggregate log data from all systems that control perimeter access. Which of the following would BEST support the business case for this initiative to senior management? A. Industry examples of threats detected using a SIEM system B. Alignment with industry best practices C. Independent evidence of a SIEM system's ability to reduce risk D. Metrics related to the number of systems to be consolidated

A PRIMARY purpose of creating security policies is to: A. implement management's security governance strategy B. establish the way security tasks should be executed C. communicate management's security expectations D. define allowable security boundaries

An organization has decided to store production data in a cloud environment. What should be the FIRST consideration? A. Data transfer B. Data classification C. Data backup D. Data isolation

Which of the following should be done FIRST when establishing an information security governance framework? A. Gain an understanding of the business and cultural attributes B. Contract a third party to conduct an independent review of the program C. Conduct a cost-benefit analysis of the framework D. Evaluate information security tools and skills relevant for the environment

An information security manager has been asked to provide regular status reports to senior management regarding the information security program. Which of the following would provide the MOST helpful information? A. A list detailing the latest threats B. Number of phishing incidents per month C. Remediation activities performed D. Key performance indicators (KPIs)

An organization has recently acquired a smaller company located in a different geographic region. Which of the following is the BEST approach for addressing conflicts between the parent organization's security standards and local regulations affecting the acquired company? A. Adopt the standards of the newly acquired company B. Give precedence to the parent organization's standards C. Create a local version of the parent organization's standards D. Create a global version of the local regulations

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation. However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges. Which of the following would BEST enable regulatory compliance? A. Identity and access management (IAM) system B. Privileged access management (PAM) system C. Multi-factor authentication (MFA) system D. Governance risk, and compliance (GRC) system

Which of the following is a PRIMARY responsibility of the information security governance function? A. Administering information security awareness training B. Advising senior management on optimal levels of risk appetite and tolerance C. Defining security strategies to support organizational programs D. Ensuring adequate support for solutions using emerging technologies

Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective? A. Develop an acceptable use policy B. Conduct a vulnerability assessment on the devices C. Assess risks introduced by the technology D. Research mobile device management (MDM) solutions

An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action? A. Block access to the cloud storage service B. Determining the classification level of the information C. Seek business justification from the employee D. Inform higher management of a security breach

Risk scenarios simplify the risk assessment process by: A. covering the full range of possible risk B. ensuring business risk is mitigated C. reducing the need for subsequent risk evaluation D. focusing on important and relevant risk

An information security manager has received confirmation that the organization's e-commerce website was breached, exposing customer information. What should be done FIRST? A. Inform affected customers B. Perform a vulnerability assessment C. Execute the incident response plan D. Take the affected systems offline

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review? A. Security policies B. Automated controls C. Guidelines D. Standards

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective? A. Recommend risk acceptance B. Perform a cost-benefit analysis C. Escalate to senior management D. Revisit the business objective

Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan? A. When recovery time objectives (RTOs) are not met B. When missing information impacts recovery from an incident C. Before an internal audit of the incident response process D. At intervals indicated by industry best practice

After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions? A. Preserving the evidence B. Performing an impact analysis C. Calculating cost of the incident D. Conducting a postmortem assessment

When creating an incident response plan, which of the following is MOST important to include during the preparation phase of the plant's life cycle? A. Communication plan B. Response procedures C. Risk management plan D. Forensic analysis procedures

Which of the following is the MOST effective way to detect security incidents? A. Analyze penetration test results B. Analyze security anomalies C. Analyze recent security risk assessments D. Analyze vulnerability assessments

Which of the following is the MOST important consideration when reporting the effectiveness of an information security program to key business stakeholders? A. Linking security metrics to the business impact analysis (BIA) B. Demonstrating a decrease in information security incidents C. Demonstrating cost savings of each control D. Linking security metrics to business objectives

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input? A. Business impact analysis (BIA) B. Recommendations from senior management C. The business continuity plan (BCP) D. Vulnerability assessment results

When developing an asset classification program, which of the following steps should be completed FIRST? A. Implement a data loss prevention (DLP) system B. Categorize each asset C. Create a business case for a digital rights management tool D. Create an inventory

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization? A. Increase in the frequency of security incident escalations B. Reduction in the impact of security incidents C. Decrease in the number of security incidents D. Increase in the number of reported security incidents

The use of a business case to obtain funding for an information security investment is MOST effective when the business case: A. relates the investment to the organization's strategic plan B. realigns information security objectives to organizational strategy C. articulates management's intent and information security directives in clear language D. translates information security policies and standards into business requirements

Which of the following is the MOST important security feature an information security manager would need for a mobile device management (MDM) program? A. Ability to inventory devices B. Ability to remotely wipe devices C. Ability to locate devices D. Ability to push updates to devices

Which of the following is MOST appropriate to communicate to senior management regarding information risk? A. Risk profile changes B. Vulnerability scanning progress C. Defined risk appetite D. Emerging security technologies

Which of the following is MOST important to consider when developing a business case to support the investment in an information security program? A. Senior management support B. Results of a risk assessment C. Results of a cost-benefit analysis D. Impact on the risk profile

Which of the following is the PRIMARY responsibility of an information security steering committee? A. Setting up a password expiration procedures B. Drafting security policies C. Prioritizing security initiatives D. Reviewing firewall rules

Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced? A. Consult corporate legal counsel B. Conduct a cost-benefit analysis C. Update the information security policy D. Perform a gap analysis

The MAIN purpose of influence by a business impact guideline for use with a large, international organization is to: A. explain the organization's preferred practices for security B. ensure that all business units have the same strategic security goals C. ensure that all business units implement identical security procedures D. provide evidence for auditors that security practices are adequate

Which of the following is MOST effectice in reducing the financial impact following a security breach leading to data disclosure? A. Backup and recovery strategy B. A business continuity plan (BCP) C. A data loss prevention (DLP) strategy D. An incident response plan

To inform a risk treatment decision, which of the following should the information security manager compare with the organization's appetite? A. Gap analysis results B. Level of risk treatment C. Configuration parameters D. Level of residual risk

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program? A. Escalation paths B. Termination language C. Key performance indicators (KPIs) D. Right-to-audit clause

The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to: A. comply with security policy B. increase corporate accountability C. enforce individual accountability D. reinforce the need for training

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements? A. Restrict application network access temporarily B. Update the risk register C. Consult with the business owner D. Include security requirements in the contract

A corporate information security program is BEST positioned for success when: A. staff is receptive to the program B. senior management supports the program C. security is thoroughly assessed in the program D. the program aligns with industry best practice

Which of the following is the BEST way to obtain support for a new organization-wide information security program? A. Deliver an information security awareness campaign B. Publish an information security RACI chart C. Benchmark against similar industry organizations D. Establish an information security strategy committee

Which of the following is necessary to determine what would constitute a disaster for an organization? A. Recovery strategy analysis B. Backup strategy analysis C. Risk analysis D. Threat probability analysts

An organization has established a bring your own device (BYOD) program. Which of the following is the MOST important security consideration when allowing employees to use personal devices for corporate applications remotely? A. Mandatory controls for maintaining security policy B. Mobile operating systems support C. Security awareness training D. Secure application development

Which of the following clauses would represent the MOST significant exposure if included in a contract with a third-party service provider? A. Provider responsibility in a disaster limited to best reasonable efforts B. Provider liability for loss of data limited to cost of physical media C. Audit rights limited to customer data and supporting infrastructure D. Access to escrowed software restricted to specific conditions

Capacity planning would prevent: A. system downtime for scheduled security maintenance B. file system overload arising from distributed denial of service (DDoS) attacks C. application failures arising from insufficient resources D. software failures arising from exploitation of buffer capacity vulnerabilities

Which of the following is the BEST indication of a successful information security culture? A. The budget allocated for information security is sufficient B. End users know how to identify and report incidents C. Individuals are given roles based on job functions D. Penetration testing is done regularly and findings remediated

Which of the following is an information security manager's BEST approach when selecting cost-effective controls needed to meet business objectives? A. Conduct a gap analysis B. Focus on preventative controls C. Align with industry best practice D. Align with the risk appetite

Which of the following BEST enables effective information security governance? A. Security-aware corporate culture B. Advanced security technologies C. Periodic vulnerability assessments D. Established information security metrics

Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT? A. Report the decision to the compliance officer B. Reassess the organization's risk tolerance C. Update details within the risk register D. Assess the impact of the regulation

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns? A. Integrate information security risk assessments into the procurement process B. Invite IT members into regular procurement team meetings to influence best practice C. Enforce the right to audit in procurement contracts with SaaS vendors D. Provide regular information security training to the procurement team

Which of the following is the MOST effective way for an information security manager to ensure that security is incorporated into an organization's project development processes? A. Develop good communications with the project management office (PMO) B. Participate in project initiation, approval, and funding C. Conduct security reviews during design, testing, and implementation D. Integrate organization's security requirements into project management

Which of the following is the BEST evidence of alignment between corporate and information security governance? A. Security key performance indicators (KPIs) B. Senior management sponsorship C. Regular security policy reviews D. Project resource optimization

Prior to implementing a bring your own device (BYOD) program, it is MOST important to: A. review currently utilized applications B. survey employees for requested applications C. select mobile device management (MDM) software D. develop an acceptable user policy

An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented? A. The information security strategy B. The organization's risk appetite C. The cost of noncompliance D. The information security policy

After an information security incident has been detected and its priority established, which of the following should be the NEXT course of action? A. Gathering evidence B. Eradicating the incident C. Performing a risk assessment D. Containing the incident

What is the PRIMARY purpose of an unannounced disaster recovery exercise? A. To provide metrics to senior management B. To evaluate how personnel react to the situation C. To assess service level agreements (SLAs) D. To estimate the recovery time objective (RTO)

Which of the following is the PRIMARY reason that an information security manager would contract with an external provider to perform penetration testing? A. To obtain an independent network security certification B. To mitigate gaps in technical skills C. To obtain an independent view of vulnerabilities D. To obtain the full list of system vulnerabilities

Which of the following is the MOST important objective of testing a security incident response plan? A. Ensure the thoroughness of the response plan B. Verify the response assumptions are valid C. Confirm that systems are recovered in the proper order D. Validate the business impact analysis (BIA)

During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption unauthorized alterations and errors? A. Password management B. Version management C. Change management D. Configuration management

What should be the FIRST step when implementing data loss prevention (DLP) technology? A. Build a business case B. Perform due diligence with vendor candidates C. Classify the organization's data D. Perform a cost benefit analysis

Which of the following BEST describes a buffer overflow? A. A type of covert channel that captures data B. A function is carried out with more data than the function can handle C. Malicious code designed to interfere with normal operations D. A program contains a hidden and unintended function that presents a security risk

To optimize the implementation of information security governance in an organization, an information security manager should: A. implement processes consistent with international standards B. utilize existing governance structures when possible C. ensure changes are consistent with existing standards D. make gradual changes to governance to minimize employee resistance

Which type of control is an incident response team? A. Detective B. Directive C. Corrective D. Preventive

The authorization to transfer the handling of an internal security incident to a third-party support provide is PRIMARILY defined by the: A. escalation procedures B. information security manager C. chain of custody D. disaster recovery plan (DRP)

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives? A. Balanced scorecard B. Benchmarking C. Heat map D. Risk matrix

Which of the following is the BEST way to prevent insider threats? A. Implement strict security policies and password controls B. Conduct organization-wide security awareness training C. Enforce segregation of duties and least privilege access D. Implement logging for all access activities

An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether: A. a classification policy has been developed to incorporate the need for encryption B. the business strategy includes exceptions to the encryption standard C. data can be recovered if the encryption keys are misplaced D. the implementation supports the business strategy

An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective? A. Install biometric access control B. Develop an incident response plan C. Define data retention criteria D. Enable activity logging

An organization recently activated its business continuity plan (BCP). All employees were notified during the event, but some did not fully follow the communications plan. What is the BEST way to prevent a recurrence? A. Perform tabletop testing with appropriate employees B. Reprimand employees for not following the plan C. Enhance external communication instructions in the BCP D. Incorporate BCP communication expectations in job descriptions

Which of the following is the BEST way to help ensure an organization's risk will be considered as part of the risk treatment process? A. Establish key risk indicators (KRIs) B. Provide regular reporting on risk treatment to senior management C. Require steering committee approval of risk treatment plans D. Use quantitative risk assessment methods

What is the PRIMARY responsibility of the security steering committee? A. Implement information security control B. Develop information security policy C. Set direction and monitor performance D. Provide information security training to employees

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies? A. Perform periodic security assessments of the contractors' activities B. Conduct periodic vulnerability scans of the application C. Require annual signed agreements of adherence to security policies D. Include penalties for noncompliance in the contracting agreement

A new law requires an organization to implement specific security controls. Which of the following should the information security manager do FIRST? A. Integrate the new requirements into the security policy B. Perform a gap analysis on the new requirements C. Develop a control implementation plan D. Assess the risk of noncompliance with the new requirements

When an organization decides to accept a risk, it should mean the cost to mitigate: A. Exceeds budget allocation B. is higher than the cost to transfer risk C. is less than the residual risk D. is greater than the residual risk

The PRIMARY advantage of involving end users in continuity planning is that they: A. can see the overall impact to the business B. are more objective than information security management C. can balance the technical and business risks D. have a better understanding of specific business needs

Which of the following needs to be established FIRST in order to categorize data properly? A. A data protection policy B. A data flow diagram C. A data classification framework D. A data custodian

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST? A. Training requirements of the framework B. Global framework standards C. Cross-border data mobility D. Local regulatory requirements

Which of the following is the MOST effective defense against malicious insiders compromising confidential information? A. Regular audits of access controls B. Strong background checks when hiring staff C. Prompt termination procedures D. Role-based control

Deck 1 Flashcards

(282 cards)