Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Certified Information Security Manager Question and Answers

Certified Information Security Manager

Last Update Jan 26, 2025
Total Questions : 801

We are offering FREE CISM Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CISM free exam questions and then go for complete pool of Certified Information Security Manager test questions that will help you more.

CISM pdf

CISM PDF

$69.65  $199
CISM Engine

CISM Testing Engine

$78.75  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$87.15  $249
Questions 1

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

Options:

A.  

Notify the regulatory agency of the incident.

B.  

Implement mitigating controls.

C.  

Evaluate the impact to the business.

D.  

Examine firewall logs to identify the attacker.

Discussion 0
Questions 2

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

Options:

A.  

Perform a risk analysis for critical applications.

B.  

Determine whether critical success factors (CSFs) have been defined.

C.  

Conduct a capability maturity model evaluation.

D.  

Review and update current operational procedures.

Discussion 0
Questions 3

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.  

Network with peers in the industry to share information.

B.  

Browse the Internet to team of potential events

C.  

Search for anomalies in the environment

D.  

Search for threat signatures in the environment.

Discussion 0
Questions 4

The MOST important information for influencing management’s support of information security is:

Options:

A.  

an demonstration of alignment with the business strategy.

B.  

An identification of the overall threat landscape.

C.  

A report of a successful attack on a competitor.

D.  

An identification of organizational risks.

Discussion 0
Questions 5

Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?

Options:

A.  

Record and close security incident tickets.

B.  

Test and verify that compromisedsystems are clean.

C.  

Document recovery steps for senior management reporting.

D.  

Capture and preserve forensic images of affected systems.

Discussion 0
Questions 6

Which of the following components of an information security risk assessment is MOST valuable to senior management?

Options:

A.  

Threat profile

B.  

Residual risk

C.  

Return on investment (ROI)

D.  

Mitigation actions

Discussion 0
Questions 7

Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

Options:

A.  

Statistical reports will be incorrect.

B.  

The service desk will be staffed incorrectly.

C.  

Escalation procedures will be ineffective.

D.  

Timely detection of attacks will be impossible.

Discussion 0
Questions 8

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.  

Define the issues to be addressed.

B.  

Perform a cost-benefit analysis.

C.  

Calculate the total cost of ownership (TCO).

D.  

Conduct a feasibility study.

Discussion 0
Questions 9

Which of the following BEST supports effective communication during information security incidents7

Options:

A.  

Frequent incident response training sessions

B.  

Centralized control monitoring capabilities

C.  

Responsibilities defined within role descriptions

D.  

Predetermined service level agreements (SLAs)

Discussion 0
Questions 10

Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?

Options:

A.  

Reliable image backups

B.  

Impact assessment

C.  

Documented eradication procedures

D.  

Root cause analysis

Discussion 0
Questions 11

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.  

Include the impact of the risk as part of regular metrics.

B.  

Recommend the security steering committee conduct a review.

C.  

Update the risk assessment at regular intervals

D.  

Send regular notifications directly to senior managers

Discussion 0
Questions 12

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Options:

A.  

Incorporating lessons learned

B.  

Implementing an IT resilience solution

C.  

Implementing management reviews

D.  

Documenting critical business processes

Discussion 0
Questions 13

Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?

Options:

A.  

To improve awareness of information security

B.  

To disclose the root cause of the incident

C.  

To increase goodwill toward the organization

D.  

To comply with regulations regarding notification

Discussion 0
Questions 14

Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?

Options:

A.  

Controls analysis

B.  

Emerging risk review

C.  

Penetration testing

D.  

Traffic monitoring

Discussion 0
Questions 15

Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

Options:

A.  

Average return on investment (ROI) associated with security initiatives

B.  

Average number of security incidents across business units

C.  

Mean time to resolution (MTTR) for enterprise-wide security incidents

D.  

Number of vulnerabilities identified for high-risk information assets

Discussion 0
Questions 16

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Options:

A.  

An industry peer experienced a recent breach with a similar application.

B.  

The system can be replicated for additional use cases.

C.  

The cost of implementing the system is less than the impact of downtime.

D.  

The solution is within the organization's risk tolerance.

Discussion 0
Questions 17

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.  

Manage business process changes.

B.  

Update business impact analyses (BIAs) on a regular basis.

C.  

Conduct periodic testing.

D.  

Review and update emergency contact lists.

Discussion 0
Questions 18

Which of the following is the BEST indicator of a successful intrusion into an organization's systems?

Options:

A.  

Decrease in internal network traffic

B.  

Increase in the number of failed login attempts

C.  

Increase in the number of irregular application requests

D.  

Decrease in available storage space

Discussion 0
Questions 19

How does an organization PRIMARILY benefit from the creation of an information security steering committee?

Options:

A.  

An increase in information security risk awareness

B.  

An increased alignment with industry security trends that impact the business

C.  

An increased focus on information security resource management

D.  

An increased alignment of information security with the business

Discussion 0
Questions 20

Which of the following will BEST enable an effective information asset classification process?

Options:

A.  

Including security requirements in the classification process

B.  

Analyzing audit findings

C.  

Reviewing the recovery time objective (RTO) requirements of the asset

D.  

Assigning ownership

Discussion 0
Questions 21

Which of the following BEST facilitates the effective execution of an incident response plan?

Options:

A.  

The plan is based on risk assessment results.

B.  

The response team is trained on the plan

C.  

The plan is based on industry best practice.

D.  

The incident response plan aligns with the IT disaster recovery plan (DRP).

Discussion 0
Questions 22

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Options:

A.  

Legal

B.  

Information security

C.  

Help desk

D.  

Human resources (HR)

Discussion 0
Questions 23

Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Options:

A.  

Increasing false negatives

B.  

Decreasing false negatives

C.  

Decreasing false positives

D.  

Increasing false positives

Discussion 0
Questions 24

To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:

Options:

A.  

isolate the infected systems.

B.  

preserve the evidence.

C.  

image the infected systems.

D.  

clean the malware.

Discussion 0
Questions 25

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

Options:

A.  

Data masking

B.  

Data retention strategy

C.  

Data encryption standards

D.  

Data loss prevention (DLP)

Discussion 0
Questions 26

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

Options:

A.  

Centralized logging

B.  

Time clock synchronization

C.  

Available forensic tools

D.  

Administrator log access

Discussion 0
Questions 27

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Options:

A.  

Security requirements are included in the vendor contract

B.  

External security audit results are reviewed.

C.  

Service level agreements (SLAs) meet operational standards.

D.  

Business continuity contingency planning is provided

Discussion 0
Questions 28

Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

Options:

A.  

Data owner

B.  

Data custodian

C.  

System administrator

D.  

Senior management

Discussion 0
Questions 29

Which of the following is MOST important to include in an information security status report management?

Options:

A.  

List of recent security events

B.  

Key risk indication (KRIs)

C.  

Review of information security policies

D.  

information security budget requests

Discussion 0
Questions 30

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.  

Administering information security awareness training

B.  

Defining security strategies to support organizational programs

C.  

Ensuring adequate support for solutions using emerging technologies

D.  

Advising senior management on optimal levels of risk appetite and tolerance

Discussion 0
Questions 31

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

Options:

A.  

Perform a business impact analysis (BIA).

B.  

Notify local law enforcement agencies of a breach.

C.  

Activate the incident response program.

D.  

Validate the risk to the organization.

Discussion 0
Questions 32

Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

Options:

A.  

Indemnification clause

B.  

Breach detection and notification

C.  

Compliance status reporting

D.  

Physical access to service provider premises

Discussion 0
Questions 33

Which of the following should an information security manager do FIRST after a new cybersecunty regulation has been introduced?

Options:

A.  

Conduct a cost-benefit analysis.

B.  

Consult corporate legal counsel

C.  

Update the information security policy.

D.  

Perform a gap analysis.

Discussion 0
Questions 34

Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

Options:

A.  

Demonstrating the program's value to the organization

B.  

Discussing governance programs found in similar organizations

C.  

Providing the results of external audits

D.  

Providing examples of information security incidents within the organization

Discussion 0
Questions 35

Which of the following is the MOST effective way to detect security incidents?

Options:

A.  

Analyze recent security risk assessments.

B.  

Analyze security anomalies.

C.  

Analyze penetration test results.

D.  

Analyze vulnerability assessments.

Discussion 0
Questions 36

During which of the following development phases is it MOST challenging to implement security controls?

Options:

A.  

Post-implementation phase

B.  

Implementation phase

C.  

Development phase

D.  

Design phase

Discussion 0
Questions 37

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

Options:

A.  

Inform the public relations officer.

B.  

Monitor the third party's response.

C.  

Invoke the incident response plan.

D.  

Inform customers of the breach.

Discussion 0
Questions 38

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.  

Update the risk register.

B.  

Consult with the business owner.

C.  

Restrict application network access temporarily.

D.  

Include security requirements in the contract.

Discussion 0
Questions 39

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.  

Requirement for regular information security awareness

B.  

Right-to-audit clause

C.  

Service level agreement (SLA)

D.  

Requirement to comply with corporate security policy

Discussion 0
Questions 40

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

Options:

A.  

Available annual budget

B.  

Cost-benefit analysis of mitigating controls

C.  

Recovery time objective (RTO)

D.  

Maximum tolerable outage (MTO)

Discussion 0
Questions 41

Which of the following is the BEST indication of an effective disaster recovery planning process?

Options:

A.  

Hot sites are required for any declared disaster.

B.  

Chain of custody is maintained throughout the disaster recovery process.

C.  

Post-incident reviews are conducted after each event.

D.  

Recovery time objectives (RTOs) are shorter than recovery point objectives (RPOs).

Discussion 0
Questions 42

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

Options:

A.  

Recovery

B.  

Identification

C.  

Containment

D.  

Preparation

Discussion 0
Questions 43

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

Options:

A.  

Industry benchmarks

B.  

Key performance indicators (KPIs)

C.  

Business impact analysis (BIA) results

D.  

Risk assessment results

Discussion 0
Questions 44

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.  

Business impact analysis (BIA) results

B.  

Vulnerability assessment results

C.  

The business continuity plan (BCP)

D.  

Recommendations from senior management

Discussion 0
Questions 45

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

Options:

A.  

Regular audits of access controls

B.  

Strong background checks when hiring staff

C.  

Prompt termination procedures

D.  

Role-based access control (RBAC)

Discussion 0
Questions 46

In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or

Options:

A.  

Security budget

B.  

Risk register

C.  

Risk score

D.  

Laws and regulations

Discussion 0
Questions 47

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

Options:

A.  

Limited liability clause

B.  

Explanation of information usage

C.  

Information encryption requirements

D.  

Access control requirements

Discussion 0
Questions 48

To help ensure that an information security training program is MOST effective, its contents should be:

Options:

A.  

based on recent incidents.

B.  

based on employees’ roles.

C.  

aligned to business processes.

D.  

focused on information security policy.

Discussion 0
Questions 49

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

Options:

A.  

Escalate to the chief risk officer (CRO).

B.  

Conduct a vulnerability analysis.

C.  

Conduct a risk analysis.

D.  

Determine compensating controls.

Discussion 0
Questions 50

Which of the following should be the NEXT step after a security incident has been reported?

Options:

A.  

Recovery

B.  

Investigation

C.  

Escalation

D.  

Containment

Discussion 0
Questions 51

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

Options:

A.  

Execution of unauthorized commands

B.  

Prevention of authorized access

C.  

Defacement of website content

D.  

Unauthorized access to resources

Discussion 0
Questions 52

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

Options:

A.  

Lack of a risk framework

B.  

Ineffective security controls

C.  

Presence of known vulnerabilities

D.  

Incomplete identification of threats

Discussion 0
Questions 53

Which of the following should be the PRIMARY goal of information security?

Options:

A.  

Information management

B.  

Regulatory compliance

C.  

Data governance

D.  

Business alignment

Discussion 0
Questions 54

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.  

)the information security officer.

B.  

the steering committee.

C.  

the board of directors.

D.  

the internal audit manager.

Discussion 0
Questions 55

A PRIMARY benefit of adopting an information security framework is that it provides:

Options:

A.  

credible emerging threat intelligence.

B.  

security and vulnerability reporting guidelines.

C.  

common exploitability indices.

D.  

standardized security controls.

Discussion 0
Questions 56

In a call center, the BEST reason to conduct a social engineering is to:

Options:

A.  

Identify candidates for additional security training.

B.  

minimize the likelihood of successful attacks.

C.  

gain funding for information security initiatives.

D.  

improve password policy.

Discussion 0
Questions 57

Which of the following factors would have the MOST significant impact on an organization's information security governance mode?

Options:

A.  

Outsourced processes

B.  

Security budget

C.  

Number of employees

D.  

Corporate culture

Discussion 0
Questions 58

Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

Options:

A.  

Return on investment (ROI)

B.  

Compliance requirements

C.  

Target audience

D.  

Criticality of information

Discussion 0
Questions 59

Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?

Options:

A.  

Information security manager

B.  

Chief risk officer (CRO)

C.  

Information security steering committee

D.  

Risk owner

Discussion 0
Questions 60

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.  

Downtime due to malware infections

B.  

Number of security vulnerabilities uncovered with network scans

C.  

Percentage of servers patched

D.  

Annualized loss resulting from security incidents

Discussion 0
Questions 61

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Options:

A.  

Defined risk appetite

B.  

Emerging security technologies

C.  

Vulnerability scanning progress

D.  

Risk profile changes

Discussion 0
Questions 62

Embedding security responsibilities into job descriptions is important PRIMARILY because it:

Options:

A.  

supports access management.

B.  

simplifies development of the security awareness program.

C.  

aligns security to the human resources (HR) function.

D.  

strengthens employee accountability.

Discussion 0
Questions 63

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

Options:

A.  

Provide regular updates about the current state of the risks.

B.  

Re-perform risk analysis at regular intervals.

C.  

Assign a risk owner to each risk

D.  

Create mitigating controls to manage the risks.

Discussion 0
Questions 64

An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

Options:

A.  

File integrity monitoring software

B.  

Security information and event management (SIEM) tool

C.  

Antivirus software

D.  

Intrusion detection system (IDS)

Discussion 0
Questions 65

Which is following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

Options:

A.  

Reducing the number of vulnerabilities detected

B.  

Ensuring the amount of residual risk is acceptable

C.  

Avoiding identified system threats

D.  

Complying with regulatory requirements

Discussion 0
Questions 66

Which of the following control types should be considered FIRST for aligning employee behavior with an organization's information security objectives?

Options:

A.  

Administrative security controls

B.  

Technical security controls

C.  

Physical security controls

D.  

Access security controls

Discussion 0
Questions 67

The PRIMARY reason for creating a business case when proposing an information security project is to:

Options:

A.  

articulate inherent risks.

B.  

provide demonstrated return on investment (ROI).

C.  

establish the value of the project in relation to business objectives.

D.  

gain key business stakeholder engagement.

Discussion 0
Questions 68

Which of the following would be MOST helpful when creating information security policies?

Options:

A.  

The information security framework

B.  

Business impact analysis (BIA)

C.  

Information security metrics

D.  

Risk assessment results

Discussion 0
Questions 69

An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''

Options:

A.  

Deploy mobile device management (MDM)

B.  

Implement remote wipe capability.

C.  

Create an acceptable use policy.

D.  

Conduct a mobile device risk assessment

Discussion 0
Questions 70

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.  

Compromise of critical assets via third-party resources

B.  

Unavailability of services provided by a supplier

C.  

Loss of customers due to unavailability of products

D.  

Unreliable delivery of hardware and software resources by a supplier

Discussion 0
Questions 71

An online bank identifies a successful network attack in progress. The bank should FIRST:

Options:

A.  

isolate the affected network segment.

B.  

report the root cause to the board of directors.

C.  

assess whether personally identifiable information (Pll) is compromised.

D.  

shut down the entire network.

Discussion 0
Questions 72

Which of the following is a desired outcome of information security governance?

Options:

A.  

Penetration test

B.  

Improved risk management

C.  

Business agility

D.  

A maturity model

Discussion 0
Questions 73

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Options:

A.  

Training project managers on risk assessment

B.  

Having the information security manager participate on the project steering committees

C.  

Applying global security standards to the IT projects

D.  

Integrating the risk assessment into the internal audit program

Discussion 0
Questions 74

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:

Options:

A.  

evaluate results of the most recent incident response test.

B.  

review the number of reported security incidents.

C.  

ensure established security metrics are reported.

D.  

assess progress of risk mitigation efforts.

Discussion 0
Questions 75

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.  

Data is encrypted in transit and at rest at the vendor site.

B.  

Data is subject to regular access log review.

C.  

The vendor must be able to amend data.

D.  

The vendor must agree to the organization's information security policy,

Discussion 0
Questions 76

Which of the following is the BEST indication of an effective information security awareness training program?

Options:

A.  

An increase in the frequency of phishing tests

B.  

An increase in positive user feedback

C.  

An increase in the speed of incident resolution

D.  

An increase in the identification rate during phishing simulations

Discussion 0
Questions 77

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.  

Determine which country's information security regulations will be used.

B.  

Merge the two existing information security programs.

C.  

Apply the existing information security program to the acquired company.

D.  

Evaluate the information security laws that apply to the acquired company.

Discussion 0
Questions 78

Which of the following is the FIRST step to establishing an effective information security program?

Options:

A.  

Conduct a compliance review.

B.  

Assign accountability.

C.  

Perform a business impact analysis (BIA).

D.  

Create a business case.

Discussion 0
Questions 79

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Options:

A.  

Including service level agreements (SLAs) in vendor contracts

B.  

Establishing communication paths with vendors

C.  

Requiring security awareness training for vendor staff

D.  

Performing integration testing with vendor systems

Discussion 0
Questions 80

The MOST important reason for having an information security manager serve on the change management committee is to:

Options:

A.  

identify changes to the information security policy.

B.  

ensure that changes are tested.

C.  

ensure changes are properly documented.

D.  

advise on change-related risk.

Discussion 0
Questions 81

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Options:

A.  

The security strategy is promoted.

B.  

Fewer security incidents are reported.

C.  

Security behavior is improved.

D.  

More security incidents are detected.

Discussion 0
Questions 82

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Options:

A.  

Identification of risk

B.  

Analysis of control gaps

C.  

Design of key risk indicators (KRIs)

D.  

Selection of risk treatment options

Discussion 0
Questions 83

What is the BEST way to reduce the impact of a successful ransomware attack?

Options:

A.  

Perform frequent backups and store them offline.

B.  

Purchase or renew cyber insurance policies.

C.  

Include provisions to pay ransoms ih the information security budget.

D.  

Monitor the network and provide alerts on intrusions.

Discussion 0
Questions 84

Which of the following is PRIMARILY determined by asset classification?

Options:

A.  

Insurance coverage required for assets

B.  

Level of protection required for assets

C.  

Priority for asset replacement

D.  

Replacement cost of assets

Discussion 0
Questions 85

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

Options:

A.  

To facilitate a qualitative risk assessment following the BIA

B.  

To increase awareness of information security among key stakeholders

C.  

To ensure the stakeholders providing input own the related risk

D.  

To obtain input from as many relevant stakeholders as possible

Discussion 0
Questions 86

Which of the following activities is designed to handle a control failure that leads to a breach?

Options:

A.  

Risk assessment

B.  

Incident management

C.  

Root cause analysis

D.  

Vulnerability management

Discussion 0
Questions 87

Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?

Options:

A.  

To identify the organization's risk tolerance

B.  

To improve security processes

C.  

To align security roles and responsibilities

D.  

To optimize security risk management

Discussion 0
Questions 88

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.  

enhance the organization's antivirus controls.

B.  

eliminate the risk of data loss.

C.  

complement the organization's detective controls.

D.  

reduce the need for a security awareness program.

Discussion 0
Questions 89

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.  

Publish adopted information security standards.

B.  

Perform annual information security compliance reviews.

C.  

Implement an information security governance framework.

D.  

Define penalties for information security noncompliance.

Discussion 0
Questions 90

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:

A.  

The capabilities and expertise of the information security team

B.  

The organization's mission statement and roadmap

C.  

A prior successful information security strategy

D.  

The organization's information technology (IT) strategy

Discussion 0
Questions 91

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

Options:

A.  

change activities are documented.

B.  

the rationale for acceptance is periodically reviewed.

C.  

the acceptance is aligned with business strategy.

D.  

compliance with the risk acceptance framework.

Discussion 0
Questions 92

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.  

Number of blocked intrusion attempts

B.  

Number of business cases reviewed by senior management

C.  

Trends in the number of identified threats to the business

D.  

Percentage of controls integrated into business processes

Discussion 0
Questions 93

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.  

contact law enforcement.

B.  

document the chain of custody.

C.  

capture evidence using standard server-backup utilities.

D.  

reboot affected machines in a secure area to search for evidence.

Discussion 0
Questions 94

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:

A.  

Security policies

B.  

Control effectiveness

C.  

Security management processes

D.  

Organizational culture

Discussion 0
Questions 95

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Options:

A.  

A capability and maturity assessment

B.  

Detailed analysis of security program KPIs

C.  

An information security dashboard

D.  

An information security risk register

Discussion 0
Questions 96

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Options:

A.  

Threat management is enhanced.

B.  

Compliance status is improved.

C.  

Security metrics are enhanced.

D.  

Proactive risk management is facilitated.

Discussion 0
Questions 97

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:

A.  

Conduct an impact assessment.

B.  

Isolate the affected systems.

C.  

Rebuild the affected systems.

D.  

Initiate incident response.

Discussion 0
Questions 98

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Options:

A.  

Internal security audit

B.  

External security audit

C.  

Organizational risk appetite

D.  

Business impact analysis (BIA)

Discussion 0
Questions 99

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Options:

A.  

Regulations and standards

B.  

People and culture

C.  

Executive and board directives

D.  

Processes and technology

Discussion 0
Questions 100

When developing an asset classification program, which of the following steps should be completed FIRST?

Options:

A.  

Categorize each asset.

B.  

Create an inventory. &

C.  

Create a business case for a digital rights management tool.

D.  

Implement a data loss prevention (OLP) system.

Discussion 0
Questions 101

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:

A.  

Defining information stewardship roles

B.  

Defining security asset categorization

C.  

Assigning information asset ownership

D.  

Developing a records retention schedule

Discussion 0
Questions 102

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.  

Determine whether the organization can benefit from adopting the new standard.

B.  

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.  

Perform a risk assessment on the new technology.

D.  

Review industry specialists’ analyses of the new standard.

Discussion 0
Questions 103

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Options:

A.  

Establishing risk metrics

B.  

Training on risk management procedures

C.  

Reporting on documented deficiencies

D.  

Assigning a risk owner

Discussion 0
Questions 104

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Options:

A.  

the chief risk officer (CRO).

B.  

business senior management.

C.  

the information security manager.

D.  

the compliance officer.

Discussion 0
Questions 105

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.  

Organizational standards are included in awareness training.

B.  

Organizational standards are enforced by technical controls.

C.  

Organizational standards are required to be formally accepted.

D.  

Organizational standards are documented in operational procedures.

Discussion 0
Questions 106

Which of the following is MOST critical when creating an incident response plan?

Options:

A.  

Identifying vulnerable data assets

B.  

Identifying what constitutes an incident

C.  

Documenting incident notification and escalation processes

D.  

Aligning with the risk assessment process

Discussion 0
Questions 107

Which of the following is the BEST indication ofa successful information security culture?

Options:

A.  

Penetration testing is done regularly and findings remediated.

B.  

End users know how to identify and report incidents.

C.  

Individuals are given roles based on job functions.

D.  

The budget allocated for information security is sufficient.

Discussion 0
Questions 108

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Options:

A.  

Updated security policies

B.  

Defined security standards

C.  

Threat intelligence

D.  

Regular antivirus updates

Discussion 0
Questions 109

Which of the following should be the PRIMARY objective of the information security incident response process?

Options:

A.  

Conducting incident triage

B.  

Communicating with internal and external parties

C.  

Minimizing negative impact to critical operations

D.  

Classifying incidents

Discussion 0
Questions 110

Penetration testing is MOST appropriate when a:

Options:

A.  

new system is about to go live.

B.  

new system is being designed.

C.  

security policy is being developed.

D.  

security incident has occurred,

Discussion 0
Questions 111

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Options:

A.  

Formalizing a security strategy and program

B.  

Developing an awareness program for staff

C.  

Ensuring current documentation of security processes

D.  

Establishing processes within the security operations team

Discussion 0
Questions 112

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Options:

A.  

Collect additional metrics.

B.  

Perform a cost-benefit analysis.

C.  

Submit funding request to senior management.

D.  

Begin due diligence on the outsourcing company.

Discussion 0
Questions 113

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Options:

A.  

Risk levels may be elevated beyond acceptable limits.

B.  

Security audits may report more high-risk findings.

C.  

The compensating controls may not be cost efficient.

D.  

Noncompliance with industry best practices may result.

Discussion 0
Questions 114

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.  

The information security manager

B.  

The data owner

C.  

The application owner

D.  

The security engineer

Discussion 0
Questions 115

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Options:

A.  

Documentation of control procedures

B.  

Standardization of compliance requirements

C.  

Automation of controls

D.  

Integration of assurance efforts

Discussion 0
Questions 116

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.  

Management's business goals and objectives

B.  

Strategies of other non-regulated companies

C.  

Risk assessment results

D.  

Industry best practices and control recommendations

Discussion 0
Questions 117

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Options:

A.  

Metrics to drive the information security program

B.  

Information security policies

C.  

A defined security organizational structure

D.  

An information security strategy

Discussion 0
Questions 118

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Options:

A.  

The information security team is aware of business goals.

B.  

The board is regularly informed of information security key performance indicators (KPIs),

C.  

The information security steering committee is composed of business leaders.

D.  

A cost-benefit analysis is conducted on all information security initiatives.

Discussion 0
Questions 119

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.  

Focus on addressing conflicts between security and performance.

B.  

Collaborate with business and IT functions in determining controls.

C.  

Include information security requirements in the change control process.

D.  

Obtain assistance from IT to implement automated security cantrals.

Discussion 0
Questions 120

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Options:

A.  

Parallel test

B.  

Full interruption test

C.  

Simulation test

D.  

Tabletop test

Discussion 0
Questions 121

Management decisions concerning information security investments will be MOST effective when they are based on:

Options:

A.  

a process for identifying and analyzing threats and vulnerabilities.

B.  

an annual loss expectancy (ALE) determined from the history of security events,

C.  

the reporting of consistent and periodic assessments of risks.

D.  

the formalized acceptance of risk analysis by management,

Discussion 0
Questions 122

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.  

Intrusion detection log analysis

B.  

Controls audit

C.  

Threat analysis

D.  

Penetration test

Discussion 0
Questions 123

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Options:

A.  

reduces unauthorized access to systems.

B.  

promotes efficiency in control of the environment.

C.  

prevents inconsistencies in information in the distributed environment.

D.  

allows administrative staff to make management decisions.

Discussion 0
Questions 124

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Options:

A.  

Cost of replacing the asset

B.  

Cost of additional mitigation

C.  

Annual loss expectancy (ALE)

D.  

Annual rate of occurrence

Discussion 0
Questions 125

Which of the following is the MOST important factor of a successful information security program?

Options:

A.  

The program follows industry best practices.

B.  

The program is based on a well-developed strategy.

C.  

The program is cost-efficient and within budget,

D.  

The program is focused on risk management.

Discussion 0
Questions 126

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

Options:

A.  

To alert on unacceptable risk

B.  

To identify residual risk

C.  

To reassess risk appetite

D.  

To benchmark control performance

Discussion 0
Questions 127

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.  

Increase the frequency of system backups.

B.  

Review the mitigating security controls.

C.  

Notify staff members of the threat.

D.  

Assess the risk to the organization.

Discussion 0
Questions 128

The effectiveness of an information security governance framework will BEST be enhanced if:

Options:

A.  

consultants review the information security governance framework.

B.  

a culture of legal and regulatory compliance is promoted by management.

C.  

risk management is built into operational and strategic activities.

D.  

IS auditors are empowered to evaluate governance activities

Discussion 0
Questions 129

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Options:

A.  

Develop the test plan.

B.  

Analyze the business impact.

C.  

Define response team roles.

D.  

Identify recovery time objectives (RTOs).

Discussion 0
Questions 130

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.  

conduct an incident forensic analysis.

B.  

fallow the incident response plan

C.  

notify the business process owner.

D.  

fallow the business continuity plan (BCP).

Discussion 0
Questions 131

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.  

Risk assessment

B.  

Business impact analysis (BIA)

C.  

Vulnerability assessment

D.  

Industry best practices

Discussion 0
Questions 132

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

Options:

A.  

Recommend canceling the outsourcing contract.

B.  

Request an independent review of the provider's data center.

C.  

Notify affected customers of the data breach.

D.  

Determine the extent of the impact to the organization.

Discussion 0
Questions 133

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.  

an inventory of critical data.

B.  

criteria for escalation.

C.  

a business impact analysis (BIA).

D.  

critical infrastructure diagrams.

Discussion 0
Questions 134

A recovery point objective (RPO) is required in which of the following?

Options:

A.  

Disaster recovery plan (DRP)

B.  

Information security plan

C.  

Incident response plan

D.  

Business continuity plan (BCP)

Discussion 0
Questions 135

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Options:

A.  

Communicate disciplinary processes for policy violations.

B.  

Require staff to participate in information security awareness training.

C.  

Require staff to sign confidentiality agreements.

D.  

Include information security responsibilities in job descriptions.

Discussion 0
Questions 136

Which of the following will result in the MOST accurate controls assessment?

Options:

A.  

Mature change management processes

B.  

Senior management support

C.  

Well-defined security policies

D.  

Unannounced testing

Discussion 0
Questions 137

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.  

Scan the entire application using a vulnerability scanning tool.

B.  

Run the application from a high-privileged account on a test system.

C.  

Perform security code reviews on the entire application.

D.  

Monitor Internet traffic for sensitive information leakage.

Discussion 0
Questions 138

What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Options:

A.  

Monitor the network.

B.  

Perform forensic analysis.

C.  

Disconnect the device from the network,

D.  

Escalate to the incident response team

Discussion 0
Questions 139

Which of the following is the BEST evidence of alignment between corporate and information security governance?

Options:

A.  

Security key performance indicators (KPIs)

B.  

Project resource optimization

C.  

Regular security policy reviews

D.  

Senior management sponsorship

Discussion 0
Questions 140

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.  

Security policy

B.  

Risk management framework

C.  

Risk appetite

D.  

Security standards

Discussion 0
Questions 141

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

Options:

A.  

To compare emerging trends with the existing organizational security posture

B.  

To communicate worst-case scenarios to senior management

C.  

To train information security professionals to mitigate new threats

D.  

To determine opportunities for expanding organizational information security

Discussion 0
Questions 142

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Options:

A.  

Root cause analysis

B.  

Post-incident review

C.  

Chain of custody

D.  

Incident logging

Discussion 0
Questions 143

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Options:

A.  

Enable multi-factor authentication on user and admin accounts.

B.  

Review access permissions annually or whenever job responsibilities change

C.  

Lock out accounts after a set number of unsuccessful login attempts.

D.  

Delegate the management of access permissions to an independent third party.

Discussion 0
Questions 144

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.  

Compatibility with legacy systems

B.  

Application of corporate hardening standards

C.  

Integration with existing access controls

D.  

Unknown vulnerabilities

Discussion 0
Questions 145

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Options:

A.  

incident has been confirmed.

B.  

incident has been contained.

C.  

potential incident has been logged.

D.  

incident has been mitigated.

Discussion 0
Questions 146

Which of the following should be the PRIMARY consideration when developing an incident response plan?

Options:

A.  

The definition of an incident

B.  

Compliance with regulations

C.  

Management support

D.  

Previously reported incidents

Discussion 0
Questions 147

Which of the following is MOST important for building 4 robust information security culture within an organization?

Options:

A.  

Mature information security awareness training across the organization

B.  

Strict enforcement of employee compliance with organizational security policies

C.  

Security controls embedded within the development and operation of the IT environment

D.  

Senior management approval of information security policies

Discussion 0
Questions 148

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.  

Strong senior management support

B.  

Gomputer-based training

C.  

Arobust incident response program

D.  

Adequate security funding

Discussion 0
Questions 149

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Options:

A.  

Assigning restoration priority during incidents

B.  

Determining total cost of ownership (TCO)

C.  

Evaluating vendors critical to business recovery

D.  

Calculating residual risk after the incident recovery phase

Discussion 0
Questions 150

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

Options:

A.  

Risk acceptance by the business has been documented

B.  

Teams and individuals responsible for recovery have been identified

C.  

Copies of recovery and incident response plans are kept offsite

D.  

Incident response and recovery plans are documented in simple language

Discussion 0
Questions 151

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Options:

A.  

Security risk analysis

B.  

Gap assessment

C.  

Maturity assessment

D.  

Vulnerability scan report

Discussion 0
Questions 152

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.  

control gaps are minimized.

B.  

system availability.

C.  

effectiveness of controls.

D.  

alignment with compliance requirements.

Discussion 0
Questions 153

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?

Options:

A.  

Ensure a risk assessment is performed to evaluate the findings

B.  

Ensure vulnerabilities found are resolved within acceptable timeframes

C.  

Request funding needed to resolve the top vulnerabilities

D.  

Report findings to senior management

Discussion 0
Questions 154

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Options:

A.  

results of exit interviews.

B.  

previous training sessions.

C.  

examples of help desk requests.

D.  

responses to security questionnaires.

Discussion 0
Questions 155

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Options:

A.  

Document risk acceptances.

B.  

Revise the organization's security policy.

C.  

Assess the consequences of noncompliance.

D.  

Conduct an information security audit.

Discussion 0
Questions 156

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Options:

A.  

Balanced scorecard

B.  

Risk matrix

C.  

Benchmarking

D.  

Heat map

Discussion 0
Questions 157

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.  

The benefit is greater than the potential risk.

B.  

USB storage devices are enabled based on user roles.

C.  

Users accept the risk of noncompliance.

D.  

Access is restricted to read-only.

Discussion 0
Questions 158

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Options:

A.  

Purchase cyber insurance

B.  

Encrypt sensitive production data

C.  

Perform Integrity checks on backups

D.  

Maintain multiple offline backups

Discussion 0
Questions 159

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.  

Providing training from third-party forensics firms

B.  

Obtaining industry certifications for the response team

C.  

Conducting tabletop exercises appropriate for the organization

D.  

Documenting multiple scenarios for the organization and response steps

Discussion 0
Questions 160

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.  

Verify that information security requirements are included in the contract.

B.  

Request customer references from the vendor.

C.  

Require vendors to complete information security questionnaires.

D.  

Review the results of the vendor's independent control reports.

Discussion 0
Questions 161

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Options:

A.  

Require remote wipe capabilities for devices.

B.  

Conduct security awareness training.

C.  

Review and update existing security policies.

D.  

Enforce passwords and data encryption on the devices.

Discussion 0
Questions 162

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

Options:

A.  

Multi-factor authentication (MFA) system

B.  

Identity and access management (IAM) system

C.  

Privileged access management (PAM) system

D.  

Governance, risk, and compliance (GRC) system

Discussion 0
Questions 163

Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?

Options:

A.  

To reduce risk mitigation costs

B.  

To resolve vulnerabilities in enterprise architecture (EA)

C.  

To manage the risk to an acceptable level

D.  

To eliminate threats impacting the business

Discussion 0
Questions 164

Which of the following has the MOST influence on the inherent risk of an information asset?

Options:

A.  

Risk tolerance

B.  

Net present value (NPV)

C.  

Return on investment (ROI)

D.  

Business criticality

Discussion 0
Questions 165

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.  

Implementing password-synchronization software

B.  

Using password-cracking software

C.  

Automated enforcement of password syntax rules

D.  

A user-awareness program

Discussion 0
Questions 166

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.  

the organization has the required funds to implement the plan.

B.  

compliance with legal and regulatory requirements.

C.  

staff participation in information security efforts.

D.  

the plan aligns with corporate governance.

Discussion 0
Questions 167

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.  

Wipe and reset the endpoint device.

B.  

Isolate the endpoint device.

C.  

Power off the endpoint device.

D.  

Run a virus scan on the endpoint device.

Discussion 0
Questions 168

A balanced scorecard MOST effectively enables information security:

Options:

A.  

risk management

B.  

project management

C.  

governance

D.  

performance

Discussion 0
Questions 169

A balanced scorecard MOST effectively enables information security:

Options:

A.  

project management

B.  

governance.

C.  

performance.

D.  

risk management.

Discussion 0
Questions 170

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Options:

A.  

Business impact analysis (BIA) results

B.  

Key performance indicators (KPIs)

C.  

Recovery procedures

D.  

Systems inventory

Discussion 0
Questions 171

Which of the following BEST enables an organization to transform its culture to support information security?

Options:

A.  

Periodic compliance audits

B.  

Strong management support

C.  

Robust technical security controls

D.  

Incentives for security incident reporting

Discussion 0
Questions 172

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.  

Decrease in the number of security incidents

B.  

Increase in the frequency of security incident escalations

C.  

Reduction in the impact of security incidents

D.  

Increase in the number of reported security incidents

Discussion 0
Questions 173

Which of the following is the MOST effective way to prevent information security incidents?

Options:

A.  

Implementing a security information and event management (SIEM) tool

B.  

Implementing a security awareness training program for employees

C.  

Deploying a consistent incident response approach

D.  

Deploying intrusion detection tools in the network environment

Discussion 0
Questions 174

Which of the following is the PRIMARY objective of incident triage?

Options:

A.  

Coordination of communications

B.  

Mitigation of vulnerabilities

C.  

Categorization of events

D.  

Containment of threats

Discussion 0
Questions 175

Which of the following would BEST justify continued investment in an information security program?

Options:

A.  

Reduction in residual risk

B.  

Security framework alignment

C.  

Speed of implementation

D.  

Industry peer benchmarking

Discussion 0
Questions 176

A common drawback of email software packages that provide native encryption of messages is that the encryption:

Options:

A.  

cannot encrypt attachments

B.  

cannot interoperate across product domains.

C.  

has an insufficient key length.

D.  

has no key-recovery mechanism.

Discussion 0
Questions 177

The fundamental purpose of establishing security metrics is to:

Options:

A.  

increase return on investment (ROI)

B.  

provide feedback on control effectiveness

C.  

adopt security best practices

D.  

establish security benchmarks

Discussion 0
Questions 178

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:

A.  

Personal information requires different security controls than sensitive information.

B.  

Employee access should be based on the principle of least privilege.

C.  

Understanding an information asset's value is critical to risk management.

D.  

The responsibility for security rests with all employees.

Discussion 0
Questions 179

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.  

Conduct an information security audit.

B.  

Validate the relevance of the information.

C.  

Perform a gap analysis.

D.  

Inform senior management

Discussion 0
Questions 180

The PRIMARY advantage of single sign-on (SSO) is that it will:

Options:

A.  

increase efficiency of access management

B.  

increase the security of related applications.

C.  

strengthen user passwords.

D.  

support multiple authentication mechanisms.

Discussion 0
Questions 181

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Options:

A.  

Benchmark against similar industry organizations

B.  

Deliver an information security awareness campaign.

C.  

Publish an information security RACI chart.

D.  

Establish an information security strategy committee.

Discussion 0
Questions 182

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.  

Wider range of capabilities

B.  

Easier implementation across an organization

C.  

Greater ability to focus on core business operations

D.  

Lower cost of operations

Discussion 0
Questions 183

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Options:

A.  

Process owners

B.  

End users

C.  

Security architects.

D.  

Corporate auditors

Discussion 0
Questions 184

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:

A.  

Enhanced security monitoring and reporting

B.  

Reduced control complexity

C.  

Enhanced threat detection capability

D.  

Reduction of organizational risk

Discussion 0
Questions 185

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.  

Fallback processes are tested the weekend before changes are made

B.  

Users are not notified of scheduled system changes

C.  

A manual rather than an automated process is used to compare program versions.

D.  

The development manager migrates programs into production

Discussion 0
Questions 186

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

Options:

A.  

Conduct a penetration test of the vendor.

B.  

Review the vendor's technical security controls

C.  

Review the vendor contract

D.  

Disconnect the real-time access

Discussion 0
Questions 187

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Options:

A.  

Security incident reporting procedures are followed.

B.  

Security staff turnover is reduced.

C.  

Information assets are classified appropriately.

D.  

Access is granted based on task requirements.

Discussion 0
Questions 188

Which of the following should be the PRIMARY basis for determining the value of assets?

Options:

A.  

Cost of replacing the assets

B.  

Business cost when assets are not available

C.  

Original cost of the assets minus depreciation

D.  

Total cost of ownership (TCO)

Discussion 0
Questions 189

Which of the following is the BEST approach to make strategic information security decisions?

Options:

A.  

Establish regular information security status reporting.

B.  

Establish an information security steering committee.

C.  

Establish business unit security working groups.

D.  

Establish periodic senior management meetings.

Discussion 0
Questions 190

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.  

Containment

B.  

Recovery

C.  

Eradication

D.  

Identification

Discussion 0
Questions 191

To support effective risk decision making, which of the following is MOST important to have in place?

Options:

A.  

Established risk domains

B.  

Risk reporting procedures

C.  

An audit committee consisting of mid-level management

D.  

Well-defined and approved controls

Discussion 0
Questions 192

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.  

Determine acceptable levels of information security risk

B.  

Create a roadmap to identify security baselines and controls

C.  

Perform a gap analysis based on the current state

D.  

Identify key stakeholders to champion information security

Discussion 0
Questions 193

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Options:

A.  

Review independent security assessment reports for each vendor.

B.  

Benchmark each vendor's services with industry best practices.

C.  

Analyze the risks and propose mitigating controls.

D.  

Define information security requirements and processes.

Discussion 0
Questions 194

Recovery time objectives (RTOs) are BEST determined by:

Options:

A.  

business managers

B.  

business continuity officers

C.  

executive management

D.  

database administrators (DBAs).

Discussion 0
Questions 195

Which of the following would BEST help to ensure appropriate security controls are built into software?

Options:

A.  

Integrating security throughout the development process

B.  

Performing security testing prior to deployment

C.  

Providing standards for implementation during development activities

D.  

Providing security training to the software development team

Discussion 0
Questions 196

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.  

Establishing the authority to remote wipe

B.  

Developing security awareness training

C.  

Requiring the backup of the organization's data by the user

D.  

Monitoring how often the smartphone is used

Discussion 0
Questions 197

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.  

Revisit the business objective.

B.  

Escalate to senior management.

C.  

Perform a cost-benefit analysis.

D.  

Recommend risk acceptance.

Discussion 0
Questions 198

Which of the following is the MOST critical factor for information security program success?

Options:

A.  

comprehensive risk assessment program for information security

B.  

The information security manager's knowledge of the business

C.  

Security staff with appropriate training and adequate resources

D.  

Ongoing audits and addressing open items

Discussion 0
Questions 199

Labeling information according to its security classification:

Options:

A.  

enhances the likelihood of people handling information securely.

B.  

reduces the number and type of countermeasures required.

C.  

reduces the need to identify baseline controls for each classification.

D.  

affects the consequences if information is handled insecurely.

Discussion 0
Questions 200

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:

A.  

Storing the plan at an offsite location

B.  

Communicating the plan to all stakeholders

C.  

Updating the plan periodically

D.  

Conducting a walk-through of the plan

Discussion 0
Questions 201

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.  

The application does not use a secure communications protocol

B.  

The application is configured with restrictive access controls

C.  

The business process has only one level of error checking

D.  

Server-based malware protection is not enforced

Discussion 0
Questions 202

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.  

Determine operational losses.

B.  

Improve the change control process.

C.  

Update the threat landscape.

D.  

Review the effectiveness of controls

Discussion 0
Questions 203

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.  

Chief information security officer (CISO)

B.  

Chief information officer (CIO)

C.  

Chief executive officer (CEO)

D.  

Chief operating officer (COO)

Discussion 0
Questions 204

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.  

Determine recovery priorities.

B.  

Define the recovery point objective (RPO).

C.  

Confirm control effectiveness.

D.  

Analyze vulnerabilities.

Discussion 0
Questions 205

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.  

focused on information security policy.

B.  

aligned to business processes

C.  

based on employees' roles

D.  

based on recent incidents

Discussion 0
Questions 206

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Options:

A.  

Incorporate policy statements derived from third-party standards and benchmarks.

B.  

Adhere to a unique corporate privacy and security standard

C.  

Establish baseline standards for all locations and add supplemental standards as required

D.  

Require that all locations comply with a generally accepted set of industry

Discussion 0
Questions 207

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Options:

A.  

Security risk assessment

B.  

Security operations program

C.  

Information security policy

D.  

Business impact analysis (BIA)

Discussion 0
Questions 208

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Options:

A.  

developing a security program that meets global and regional requirements.

B.  

ensuring effective communication with local regulatory bodies.

C.  

using industry best practice to meet local legal regulatory requirements.

D.  

monitoring compliance with defined security policies and standards.

Discussion 0
Questions 209

What should be an information security manager's MOST important consideration when developing a multi-year plan?

Options:

A.  

Ensuring contingency plans are in place for potential information security risks

B.  

Ensuring alignment with the plans of other business units

C.  

Allowing the information security program to expand its capabilities

D.  

Demonstrating projected budget increases year after year

Discussion 0
Questions 210

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.  

External consultant

B.  

Information owners

C.  

Information security manager

D.  

Business continuity coordinator

Discussion 0
Questions 211

Which of the following should be the PRIMARY objective of an information security governance framework?

Options:

A.  

Provide a baseline for optimizing the security profile of the organization.

B.  

Demonstrate senior management commitment.

C.  

Demonstrate compliance with industry best practices to external stakeholders.

D.  

Ensure that users comply with the organization's information security policies.

Discussion 0
Questions 212

While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Options:

A.  

Assign responsibility to the database administrator (DBA).

B.  

Review the databases for sensitive content.

C.  

Prepare a report of the databases for senior management.

D.  

Assign the highest classification level to those databases.

Discussion 0
Questions 213

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Options:

A.  

baseline security controls.

B.  

benchmarking security metrics.

C.  

security objectives.

D.  

cost-benefit analyses.

Discussion 0
Questions 214

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Options:

A.  

Host patching

B.  

Penetration testing

C.  

Infrastructure hardening

D.  

Data classification

Discussion 0
Questions 215

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.  

the incident response process to stakeholders

B.  

adequately staff and train incident response teams.

C.  

develop effective escalation and response procedures.

D.  

make tabletop testing more effective.

Discussion 0
Questions 216

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

Options:

A.  

review access rights as the acquisition integration occurs.

B.  

perform a risk assessment of the access rights.

C.  

escalate concerns for conflicting access rights to management.

D.  

implement consistent access control standards.

Discussion 0
Questions 217

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Options:

A.  

Poor documentation of results and lessons learned

B.  

Lack of communication to affected users

C.  

Disruption to the production environment

D.  

Lack of coordination among departments

Discussion 0
Questions 218

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

Options:

A.  

Business process owner

B.  

Business continuity coordinator

C.  

Senior management

D.  

Information security manager

Discussion 0
Questions 219

The PRIMARY objective of performing a post-incident review is to:

Options:

A.  

re-evaluate the impact of incidents.

B.  

identify vulnerabilities.

C.  

identify control improvements.

D.  

identify the root cause.

Discussion 0
Questions 220

Reverse lookups can be used to prevent successful:

Options:

A.  

denial of service (DoS) attacks

B.  

session hacking

C.  

phishing attacks

D.  

Internet protocol (IP) spoofing

Discussion 0
Questions 221

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.  

Multi-factor authentication

B.  

Digital encryption

C.  

Data masking

D.  

Digital signatures

Discussion 0
Questions 222

Which of the following is the BEST justification for making a revision to a password policy?

Options:

A.  

Industry best practice

B.  

A risk assessment

C.  

Audit recommendation

D.  

Vendor recommendation

Discussion 0
Questions 223

Which risk is introduced when using only sanitized data for the testing of applications?

Options:

A.  

Data loss may occur during the testing phase.

B.  

Data disclosure may occur during the migration event

C.  

Unexpected outcomes may arise in production

D.  

Breaches of compliance obligations will occur.

Discussion 0
Questions 224

What is the PRIMARY benefit to an organization that maintains an information security governance framework?

Options:

A.  

Resources are prioritized to maximize return on investment (ROI)

B.  

Information security guidelines are communicated across the enterprise_

C.  

The organization remains compliant with regulatory requirements.

D.  

Business risks are managed to an acceptable level.

Discussion 0
Questions 225

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Options:

A.  

Maintaining a repository base of security policies

B.  

Measuring impact of exploits on business processes

C.  

Facilitating the monitoring of risk occurrences

D.  

Redirecting event logs to an alternate location for business continuity plan

Discussion 0
Questions 226

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Options:

A.  

validate the confidentiality during analysis.

B.  

reinstate original data when accidental changes occur.

C.  

validate the integrity during analysis.

D.  

provide backup in case of media failure.

Discussion 0
Questions 227

Reevaluation of risk is MOST critical when there is:

Options:

A.  

resistance to the implementation of mitigating controls.

B.  

a management request for updated security reports.

C.  

a change in security policy.

D.  

a change in the threat landscape.

Discussion 0
Questions 228

Which of the following backup methods requires the MOST time to restore data for an application?

Options:

A.  

Full backup

B.  

Incremental

C.  

Differential

D.  

Disk mirroring

Discussion 0
Questions 229

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Options:

A.  

Store disaster recovery documentation in a public cloud.

B.  

Maintain an outsourced contact center in another country.

C.  

Require disaster recovery documentation be stored with all key decision makers.

D.  

Provide annual disaster recovery training to appropriate staff.

Discussion 0
Questions 230

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.  

Existence of a right-to-audit clause

B.  

Results of the provider's business continuity tests

C.  

Technical capabilities of the provider

D.  

Existence of the provider's incident response plan

Discussion 0
Questions 231

An organization has suffered from a large-scale security event impacting a critical system. Following the decision to restore the system at an alternate location, which plan should be invoked?

Options:

A.  

Disaster recovery plan (DRP)

B.  

Incident response plan

C.  

Business continuity plan (BCP)

D.  

Communications plan

Discussion 0
Questions 232

An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?

Options:

A.  

Business impact analysis (BIA)

B.  

Business continuity plan (BCP)

C.  

Incident response plan

D.  

Disaster recovery plan (DRP)

Discussion 0
Questions 233

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

Options:

A.  

Low number of false positives

B.  

Low number of false negatives

C.  

High number of false positives

D.  

High number of false negatives

Discussion 0
Questions 234

Which of the following BEST enables an organization to maintain legally admissible evidence7

Options:

A.  

Documented processes around forensic records retention

B.  

Robust legal framework with notes of legal actions

C.  

Chain of custody forms with points of contact

D.  

Forensic personnel training that includes technical actions

Discussion 0
Questions 235

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

Options:

A.  

To define security roles and responsibilities

B.  

To determine return on investment (ROI)

C.  

To establish incident severity levels

D.  

To determine the criticality of information assets

Discussion 0
Questions 236

An organization's information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?

Options:

A.  

No owners were identified for some risks.

B.  

Business applications had the highest number of risks.

C.  

Risk mitigation action plans had no timelines.

D.  

Risk mitigation action plan milestones were delayed.

Discussion 0
Questions 237

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Options:

A.  

Current resourcing levels

B.  

Availability of potential resources

C.  

Information security strategy

D.  

Information security incidents

Discussion 0
Questions 238

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Options:

A.  

Integrity

B.  

Authenticity

C.  

Confidentiality

D.  

Nonrepudiation

Discussion 0
Questions 239

Which of the following is MOST important when developing an information security strategy?

Options:

A.  

Engage stakeholders.

B.  

Assign data ownership.

C.  

Determine information types.

D.  

Classify information assets.

Discussion 0
Questions 240

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?

Options:

A.  

Local regulatory requirements

B.  

Global framework standards

C.  

Cross-border data mobility

D.  

Training requirements of the framework

Discussion 0