CISM Flashcards
1
Q
How can a company MOST effectively minimize the risk of data loss resulting from employee-owned devices accessing the corporate email system?
A. Restricting access to the corporate email system from all employee-owned devices
B. Providing periodic security awareness training to employees
C. Encouraging employees to use personal email accounts for corporate communications
D. Implementing a mobile device management (MDM) solution
A
D. Implementing a mobile device management (MDM) solution
Explanation: The most effective method to minimize the risk of data loss from employee-owned devices accessing the corporate email system is to implement a Mobile Device Management (MDM) solution. MDM solutions provide control and security measures for managing and securing mobile devices, helping to mitigate the associated risks.
2
Q
What constitutes the MOST important defense against spear phishing attacks among the options provided?
A. Advanced email filtering systems
B. Regular software updates and patching C. Multi-factor authentication for email accounts
D. Frequent information security training
A
D. Frequent information security training
Explanation: The most potent defense against spear phishing attacks is frequent information security training. Educating users about the risks and characteristics of phishing helps build awareness and resilience, reducing the likelihood of falling victim to such targeted attacks.
3
Q
What is the MAIN advantage of incorporating information security risk into enterprise risk management?
A. To focus exclusively on technology-related risks
B. To streamline security processes
C. To ensure compliance with industry standards
D. To understand the overall risk environment
A
D. To understand the overall risk environment
Explanation: The main advantage of integrating information security risk into enterprise risk management is to gain a comprehensive understanding of the overall risk environment. This approach allows for a holistic assessment of risks across the organization, enabling more informed decision-making and resource allocation.
4
Q
What would be the PRIMARY concern for senior management in a multinational organization aiming to ensure that its privacy program effectively addresses privacy risk across its operations?
A. Lack of a centralized privacy management framework
B. Insufficient employee training on privacy practices
C. Inconsistent application of privacy policies across departments
D. Limited use of advanced encryption technologies
A
A. Lack of a centralized privacy management framework
Explanation: The primary concern for senior management would be the lack of a centralized privacy management framework, as this could result in inconsistent and fragmented approaches to privacy risk management across various operations of the multinational organization.
5
Q
When overseeing outsourced services in a large organization, which contract clause holds the HIGHEST significance?
A. Inclusion of security requirements
B. Pricing and payment terms
C. Service level agreements (SLAs)
D. Termination clauses
A
A. Inclusion of security requirements
Explanation: The most significant contract clause for the information security manager is the inclusion of security requirements. This clause ensures that the outsourced services align with the organization’s security standards, policies, and expectations, mitigating potential risks associated with data and information security.
6
Q
Before entering into a service level agreement (SLA) for outsourcing mission-critical processes, what is the MOST crucial aspect to confirm?
A. Service provider’s reputation in the industry
B. Availability of round-the-clock customer support
C. Flexibility in modifying SLA terms as needed
D. Service provider is audited periodically by an independent audit firm
A
D. Service provider is audited periodically by an independent audit firm
Explanation: The most crucial aspect is to confirm that the service provider is audited periodically by an independent audit firm. This ensures transparency, accountability, and adherence to industry standards, providing assurance about the service provider’s reliability and security measures.
7
Q
The PRIMARY purpose for an information security manager to observe changes at the industry level in both business and IT is to:
A. Keep up with the latest technological advancements
B. Benchmark the organization against industry standards
C. Enhance collaboration with industry peers
D. Assess the effect of the changes on the organization’s risk environment
A
D. Assess the effect of the changes on the organization’s risk environment
Explanation: The main purpose for an information security manager to monitor changes at the industry level in both business and IT is to assess the impact of these changes on the organization’s risk environment. This proactive approach allows the manager to adapt security measures in response to evolving threats and challenges within the industry.
8
Q
What is the PRIMARY step to take when choosing performance metrics for reporting on the vendor risk management process?
A. Evaluate the historical performance of vendors
B. Identify key risk indicators associated with vendors
C. Align metrics with industry benchmarks
D. Determine the intended audience
A
D. Determine the intended audience
Explanation: The primary step when selecting performance metrics for reporting on the vendor risk management process is to determine the intended audience. Understanding the needs and expectations of the audience helps tailor the metrics to effectively communicate relevant information and address specific concerns related to vendor risk management.
9
Q
What is the MOST useful factor for management in assessing whether risks fall within an organization’s acceptable tolerance level?
A. Risk register
B. Heat map
C. Risk appetite statement
D. Risk assessment report
A
B. Heat map
Explanation: A heat map visually represents and categorizes risks based on their likelihood and impact. It provides a quick and intuitive overview of the risk landscape, allowing management to identify areas of concern and assess whether risks align with the organization’s acceptable tolerance level. The color-coded nature of a heat map makes it an effective tool for communicating risk information, aiding decision-makers in prioritizing and managing risks appropriately.
10
Q
You are the Information Security Manager of HDA Inc. You are tasked with selecting an external Security Operations Center (SOC). What is of utmost importance in this process?
A. The cost-effectiveness of the SOC services.
B. Due diligence of the controls implemented.
C. The SOC’s reputation in the industry.
D. Compliance with regulatory requirements.
A
B. Due diligence of the controls implemented.
Explanation: When choosing an external SOC, conducting due diligence on the controls they have implemented is crucial. This ensures that the SOC is equipped to effectively monitor, detect, and respond to security incidents, aligning with the organization’s needs and standards.
11
Q
You are the Information Security Manager of HDA Inc. You need to minimize the risk of an attacker altering a message and producing a valid hash value when sending a hashed message. What is the best method to achieve this?
A. Increase the hash algorithm complexity
B. Apply a digital signature to the hash
C. Implement a secure communication channel
D. Use an encryption key along with the hash
A
D. Use of encryption key along with hash
Explanation: Incorporating an encryption key along with the hash adds an extra layer of security by ensuring that even if the hash is manipulated, the encryption key will protect the integrity of the message. This dual approach enhances the overall security of the communication.
12
Q
You are the Information Security Manager of HDA Inc. You discover, through an internal audit, that critical patches were not implemented within the policy-established timeline without a valid reason. What is the most appropriate action to take?
A. Implement the critical patches immediately
B. Escalate the issue to senior management
C. Evaluate and understand the patch management process
D. Disregard the audit findings as they might be erroneous
A
C. Evaluate and understand the patch management process
Explanation: In response to the internal audit findings, the information security manager should take the most appropriate action by evaluating and understanding the patch management process. This involves identifying the root causes of the delays, addressing any inefficiencies, and implementing improvements to ensure timely and effective patch management in the future.
13
Q
What is the primary consideration when choosing an information security metric?
A. Ensure the metric is designed based on IT Strategy.
B. Select a metric that aligns with industry benchmarks.
C. Prioritize metrics that are easy to collect and report.
D. Opt for metrics that have a positive impact on employee morale.
A
A. Ensure the metric is designed based on IT Strategy.
Explanation: When choosing an information security metric, it is essential to ensure that the metric aligns with the overall IT strategy of the organization. This ensures that the metric is relevant and contributes to the strategic goals and objectives of the business.
14
Q
As an Information Security Manager, what should be your main concern when conducting a physical security assessment of a potential outsourced data center?
A. Proximity to the organization’s headquarters
B. Access control measures
C. Environmental risk to the data center D. Physical size of the data center
A
C. Environmental risk to the data center
Explanation: Assessing environmental risks to the data center, such as natural disasters or other environmental threats, is crucial to ensure the facility’s resilience and the protection of critical data and assets.
15
Q
You are an Information Security Manager of HDA Inc. In an organization where IT is integral to its business strategy and there is a substantial operational dependence on IT, the most effective demonstration of senior management commitment to security is: What should be the primary concern for an information security manager when performing a physical security assessment of a prospective outsourced data center?
A. Network infrastructure
B. Data encryption standards
C. Environmental risk to the data center D. Employee training programs
A
C. Environmental risk to the data center
Explanation: When conducting a physical security assessment of a potential outsourced data center, the primary concern for an information security manager should be the environmental risks that could affect the data center’s operations and the security of the stored information.
16
Q
What is the MOST effective method to ensure that an IT service provider adheres to the organization’s information security requirements?
A. Regularly review the service provider’s security policies.
B. Obtain a signed agreement from the service provider.
C. Conduct periodic internal assessments of the service provider’s practices.
D. Perform an independent audit of the service provider.
A
D. Perform an independent audit of the service provider.
Explanation: The most effective way to ensure that an IT service provider complies with an organization’s information security requirements is to conduct an independent audit. This allows for an objective and thorough evaluation of the service provider’s security measures.
17
Q
You are the Information Security Manager of HDA Inc. You want to implement a measure that is MOST efficient in preventing internal users from altering sensitive data. What should you choose?
A. Role-based access control mechanism
B. Least privilege principle
C. Need-based access control mechanism
D. Mandatory access control mechanism
A
C. Need-based access control mechanism
Explanation: Implementing a need-based access control mechanism ensures that users are granted access only to the data and resources necessary for their specific job functions. This approach minimizes the risk of unauthorized alterations to sensitive data.
18
Q
You are the Information Security Manager of HDA Inc. You are conducting the annual security assessment of the organization’s servers when you discover that the file server of the customer service team, which contains sensitive customer information, is accessible to all user IDs within the organization. What initial action should you take?
A. Discuss with the information owner and determine the impact
B. Immediately restrict access to the file server
C. Notify the customer service team about the security vulnerability
D. Conduct a comprehensive review of all server access permissions
A
A. Discuss with the information owner and determine the impact
Explanation: In addressing the situation, the first step should be to engage with the information owner to understand the potential impact of the security vulnerability. This collaborative discussion is crucial for assessing the severity of the issue.
19
Q
What is the MOST crucial element to incorporate into a contract with a critical service provider to enhance alignment with the organization’s information security program?
A. Right-to-audit clause
B. Service level agreements
C. Financial penalties for breaches
D. Non-disclosure agreements
A
A. Right-to-audit clause
Explanation: Including a right-to-audit clause in the contract allows the organization to periodically assess and ensure that the critical service provider complies with the established information security program.
20
Q
You are the Information Security Manager of HDA Inc. What would be the MOST efficient approach when rationalizing the expenses associated with implementing security measures for an already established web application?
A. Technical feasibility analysis
B. Risk assessment report
C. Cost-benefit analysis
D. A business case
A
D. A business case
Explanation: Developing a business case is the most effective approach for justifying the costs of adding security controls to an existing web application. It provides a comprehensive evaluation, considering not only technical feasibility and risks but also demonstrating the financial benefits.
21
Q
What role does an Information Security Manager play in incident response?
A. Leading the technical analysis of security incidents
B. Coordinating communication between technical teams and management
C. Developing policies and procedures for incident management
D. Solely responsible for updating antivirus software
A
C. Developing policies and procedures for incident management
Explanation: An Information Security Manager plays a key role in developing policies and procedures for incident management, coordinating the organization’s response to incidents.
22
Q
How does segregation of duties contribute to information security?
A. Reducing the workload of IT staff
B. Allowing all users full access to systems for efficiency
C. Preventing a single point of failure in the security process
D. Centralizing IT decision-making processes
A
C. Preventing a single point of failure in the security process
Explanation: Segregation of duties contributes to information security by preventing a single point of failure in the security process, ensuring that no individual has control over all aspects of any critical security function.
23
Q
When preparing for a disaster recovery test, what is the utmost important factor for you to consider?
A. Speed of recovery processes
B. Participation of all employees in the test
C. Availability of the production system during test procedures
D. Documentation of test results
A
C. Availability of the production system during test procedures
Explanation: The most crucial consideration is ensuring the availability of the production system during the disaster recovery test procedures. This helps assess the effectiveness of the recovery processes without causing disruptions to the actual business operations.
24
Q
What is the MAIN objective of performing a business impact analysis (BIA)?
A. Assessing financial losses in case of a security breach
B. Determining critical business processes
C. Identifying potential security vulnerabilities
D. Evaluating the effectiveness of security controls
A
B. Determining critical business processes
Explanation: The primary purpose of a business impact analysis (BIA) is to identify and prioritize critical business processes within an organization.
25
What is the PRIMARY justification for conducting security risk assessments regularly across an organization?
A. Meeting compliance requirements
B. Identifying vulnerabilities in the IT infrastructure
C. Evaluating the effectiveness of security controls
D. Change in the threat environment
D. Change in the threat environment
Explanation: The primary reason for conducting security risk assessments regularly is to adapt to changes in the threat environment, ensuring that the organization remains vigilant and responsive to evolving security risks.
26
After a recent audit reveals that security controls mandated by the organization's policies have not been implemented for a specific application, what should you do IMMEDIATELY to rectify this matter?
A. Determine the reason for non-compliance
B. Enforce disciplinary actions against responsible individuals
C. Implement additional security controls
D. Escalate the issue to senior management
A. Determine the reason for non-compliance
Explanation: The immediate action should be to investigate and determine the reason for non-compliance. Understanding the root cause will enable the information security manager to address the issue effectively.
27
What is the MAIN responsibility of a data custodian among the following?
A. Data classification and labeling
B. Data collection and analysis
C. Data access authorization
D. To safeguard the information
D. To safeguard the information
Explanation: The primary responsibility of a data custodian is to safeguard the information, ensuring its confidentiality, integrity, and availability according to established security policies and procedures.
28
What is the MOST EFFECTIVE method to guarantee sufficient security for a corporate network from external attacks?
A. Regularly update antivirus software on all devices
B. Implement strict firewall rules and configurations
C. Enforce strong password policies for network access
D. Conduct penetration testing at periodic intervals
D. Conduct penetration testing at periodic intervals
Explanation: The most effective method to ensure sufficient security for a corporate network from external attacks is to conduct penetration testing at periodic intervals. This proactive approach helps identify and address vulnerabilities before malicious actors can exploit them.
29
What is the first step for a security manager when implementing a security strategy?
A. Deploying security tools
B. Evaluating IT architecture and portfolio
C. Training the employees
D. Implementing security policies
B. Evaluating IT architecture and portfolio
Explanation: First step involves understanding and evaluating IT architecture and portfolio.
30
How is risk analysis typically conducted?
A. Through monitoring and controlling
B. By identifying and responding to risks
C. By quantifying or qualifying the level of risk
D. Through evaluation and mitigation planning,
C. By quantifying or qualifying the level of risk
Explanation: Risk analysis involves determining the level of risk either by quantifying it (numerical, percentage, dollar amount, etc.) or by qualifying it (low, medium, high, etc.), which aids in understanding the magnitude of risks.
31
Which aspect of the message does a digital signature primarily ensure?
A. Confidentiality
B. Availability
C. Integrity
D. Authenticity
C. Integrity
Explanation: A digital signature primarily ensures the integrity of the message, ensuring that it has not been altered or tampered with during transmission.
32
What is the MAIN focus of security audit reviews?
A. Controls are effective in meeting the control objectives
B. Identifying specific individuals responsible for security lapses
C. Evaluating the overall IT infrastructure D. Identifying vulnerabilities in the network
A. Controls are effective in meeting the control objectives
Explanation: The primary focus of security audit reviews should be to ensure that controls are effective in meeting the specified control objectives.
33
What is the MOST suitable approach to safeguard a password used to access a confidential file?
A. Memorizing the password and avoiding written records
B. Storing the password in an encrypted file on the same computer
C. Using a different channel for password sharing
D. Sharing the password verbally with trusted colleagues
C. Using a different channel for password sharing
Explanation: The most suitable approach is to use a different channel for password sharing, such as a secure communication platform, to minimize the risk of unauthorized access and enhance the confidentiality of the password.
34
What is the MOST efficient method of access control to deter users from sharing files with unauthorized individuals?
A. Mandatory access control
B. Role-based access control
C. Discretionary access control
D. Rule-based access control
A. Mandatory access control
Explanation: Mandatory access control is the most efficient method for deterring users from sharing files with unauthorized individuals. It ensures strict enforcement of access policies based on predefined rules.
35
What is a built-in vulnerability of intrusion detection systems that rely on signatures?
A. Limited coverage of network traffic
B. Dependency on real-time monitoring
C. Inability to adapt to evolving threats
D. Not able to identify new attacks
D. Not able to identify new attacks
Explanation: The inherent weakness of signature-based intrusion detection systems is their inability to identify new attacks that do not match known signatures.
36
Who is the MOST suitable person to verify that new vulnerabilities have not been introduced into an existing application during the change management process?
A. Network administrators
B. System users
C. Security analysts
D. Change management team
B. System users
Explanation: System users are the most suitable individuals to verify that new vulnerabilities have not been introduced into an existing application during the change management process. They are directly impacted by changes and can provide valuable insights.
37
What poses the MOST SIGNIFICANT threat to information security among the following options?
A. Unauthorized access attempts
B. Use of outdated security protocols
C. Lack of employee awareness training
D. Delay in investigating security incidents
D. Delay in investigating security incidents
Explanation: The most significant threat to information security is a delay in investigating security incidents. Timely response and investigation are crucial for identifying and mitigating the impact of security breaches.
38
What is the MOST EFFECTIVE way to verify the sufficiency of all firewall rules and router configuration settings?
A. Conduct configuration review of network devices at periodic intervals
B. Monitor network traffic continuously
C. Test the firewall rules during a security incident
D. Rely on automated vulnerability scans
A. Conduct configuration review of network devices at periodic intervals
Explanation: The most effective way is to conduct a configuration review of network devices at periodic intervals. This proactive approach ensures that firewall rules and router configurations align with security policies.
39
What is the PRIMARY limitation of sending password-protected zip files over the Internet?
A. Often require additional software for decryption
B. May be intercepted by malicious actors
C. May be filtered by firewall and quarantined
D. Could lead to accidental exposure of passwords
C. May be filtered by firewall and quarantined
Explanation: The primary limitation is that password-protected zip files may be filtered by firewalls and quarantined, leading to potential delivery issues and delays in transmission.
40
What is the MOST suitable change management process for managing emergency program changes?
A. A thorough documentation process before implementing the change
B. No documentation required for emergency changes
C. Documentation can be compiled after change implementation
D. The change should be implemented without any formal process,
C. Documentation can be compiled after change implementation
Explanation: In emergency situations, where immediate action is necessary, documentation can be compiled after the change implementation to ensure a swift response while still capturing essential information.
41
What is the MAIN objective of the change control process?
A. Change prioritization
B. Change scheduling
C. Change authorization
D. Change documentation
C. Change authorization
Explanation: The primary focus of the change control process is to ensure that modifications are authorized before implementation.
42
You are the Information Security Manager of HDA Inc. You have been tasked with establishing a change control process. What is the initial step you should take?
A. Draft the change control policy.
B. Understand the stakeholder's requirements.
C. Implement change management tools.
D. Identify potential risks.
B. Understand the stakeholder's requirements.
Explanation: Before formulating a change control process, it is crucial to comprehend the needs and expectations of the stakeholders involved.
43
What would be the MOST effective method for an information security manager to ensure that all access to a critical device, initially delivered with a single user and password meant to be shared among multiple users, is appropriately authorized?
A. Control the access through a separate device that requires unique authentication credentials.
B. Implement a single sign-on (SSO) mechanism for shared access.
C. Regularly change the shared user credentials to enhance security.
D. Monitor access logs periodically to identify unauthorized users.
A. Control the access through a separate device that requires unique authentication credentials.
Explanation: Controlling access through a separate device with unique authentication credentials enhances security by ensuring that each user has their own distinct credentials.
44
You are the Information Security Manager of HDA Inc. You need to negotiate a critical process with an outsourced service provider. What is the MAIN process you should prioritize in the negotiation?
A. Vendor performance metrics
B. Incident response procedures
C. Right to audit clause
D. Service level agreement (SLA)
C. Right to audit clause
Explanation: The right to audit clause is crucial for maintaining transparency and oversight of the outsourced service provider's security practices.
45
You are the Information Security Manager of HDA Inc. You are tasked with preventing physical access tailgating or piggybacking. What is the MOST effective resource for mitigating this risk?
A. Biometric authentication systems
B. Security guards at entry points
C. Security-related training
D. Proximity card readers
C. Security-related training
Explanation: Security-related training is essential for educating individuals about the importance of not allowing unauthorized individuals to tailgate or piggyback into secure areas.
46
You are the Information Security Manager of HDA Inc. You want to ensure the functionality and accuracy of all information security procedures. Who should actively participate in their creation?
A. External auditors
B. IT support team
C. Business operations team
D. Human resources department
C. Business operations team
Explanation: Active participation from the business operations team is crucial to ensure that information security procedures align with business processes and requirements.
47
You are the Information Security Manager of HDA Inc. What needs to be established before initiating a black box penetration test?
A. List of identified vulnerabilities
B. Detailed information on the internal network structure
C. Sign-off from the testing team on testing scope and objectives
D. Permission from senior management for conducting the test
C. Sign-off from the testing team on testing scope and objectives
Explanation: Obtaining a sign-off from the testing team ensures that everyone is aligned on what is in scope for the test and what the testing goals are.
48
You are the Information Security Manager of HDA Inc. You are tasked with drafting a question for the CISM exam: The primary source of input for the configuration management plan should come from:
A. End-users
B. Network devices
C. Processing units
D. Security appliances
C. Processing units
Explanation: The configuration management plan should primarily consider the processing units, which encompass servers, workstations, and other computing devices central to the organization's IT infrastructure.
49
You are the Information Security Manager of HDA Inc. You need to determine the individual responsible for raising awareness about the need for adequate funding for risk action plans. What is the MOST APPROPRIATE person for this responsibility?
A. Chief Financial Officer (CFO)
B. Chief Executive Officer (CEO)
C. Chief Information Security Officer (CISO)
D. Risk Management Officer (RMO)
C. Chief Information Security Officer (CISO)
Explanation: The CISO is typically responsible for advocating and raising awareness about the importance of securing sufficient funds for risk action plans.
50
You are the Information Security Manager of HDA Inc. You are evaluating adherence to the 'separation of duties' principle. Which of the following individuals having update rights to the database access control list (ACL) would compromise this principle?
A. Database Administrator
B. System Administrator
C. Application Programmer
D. Security Administrator
C. Application Programmer
Explanation: Granting update rights to the database ACL to an application programmer may introduce a conflict of interest and undermine the 'separation of duties' principle.
51
You are the Information Security Manager of HDA Inc. You are seeking the most effective strategy to handle the shortage of staff in the security team while ensuring the internal retention of capability. What is the most effective approach to address the shortage of staff in the security team while maintaining the capability internally?
A. Outsource security functions to a third-party service provider.
B. Hire additional security personnel externally.
C. Form a security team using skilled employees from different departments of the organization.
D. Invest in advanced automation tools to compensate for the staff shortage.
C. Form a security team using skilled employees from different departments of the organization.
Explanation: Creating a security team by leveraging skilled employees from various departments internally ensures a seamless integration of expertise within the organization.
52
You are the Information Security Manager of HDA Inc. You are confronted with issues in various business units' systems following the deployment of multiple security patches. The INITIAL action to address this problem would be to:
A. Identify issues and use rollback procedures, if necessary.
B. Communicate the issues to the affected business units.
C. Implement additional patches to resolve the problems.
D. Investigate the cause of the issues and report to senior management.
A. Identify issues and use rollback procedures, if necessary.
Explanation: The primary step in addressing system issues after patch deployment is to identify the problems and, if needed, utilize rollback procedures.
53
You are the Information Security Manager of HDA Inc. You are assessing a business application developed by a third party and want to test for the presence of back doors. What is the most effective method for testing the presence of back doors in this scenario?
A. System log analysis
B. Application code review
C. Penetration testing
D. User access monitoring,
B. Application code review
Explanation: Conducting an application code review is the most effective method for assessing the presence of back doors in a business application developed by a third party.
54
You are the Information Security Manager of HDA Inc. You are addressing concerns about preventing unauthorized individuals from tailgating or piggybacking through secured entrances. What is the MOST effective method for preventing an unauthorized individual from trailing an authorized person through a secured entrance, also known as tailgating or piggybacking?
A. Biometric authentication
B. Security guards at the entrance
C. Access control systems with turnstiles D. Frequent security awareness training
D. Frequent security awareness training
Explanation: Frequent security awareness training is the most effective method for preventing tailgating or piggybacking incidents by raising awareness about security protocols.
55
You are the Information Security Manager of HDA Inc. The organization is planning to engage an external service provider for hosting its corporate website. What is the foremost concern when the organization intends to contract with an external service provider for hosting its corporate website?
A. The service provider's reputation in the industry.
B. The cost-effectiveness of the hosting service.
C. Information security requirements are included in the contract.
D. The geographical location of the service provider's data centers.
C. Information security requirements are included in the contract.
Explanation: The primary concern is to ensure that information security requirements are explicitly included in the contract with the external service provider.
56
Which statement is true regarding the risk avoidance response option?
A. It is the first choice in all risk management strategies.
B. It involves taking no steps to reduce the risk but accepting it as is.
C. It is considered the last choice when no other response is adequate.
D. It typically involves sharing the risk with partners or through insurance.
C. It is considered the last choice when no other response is adequate.
Explanation: Risk avoidance is often considered a last resort when other risk response strategies, such as mitigation, transfer, or acceptance, are not adequate or possible.
57
You are the Information Security Manager of HDA Inc. There is a need to open a new port in a perimeter firewall, and you are considering the initial step. Before making any alterations, what should be the INITIAL step when there is a need to open a new port in a perimeter firewall?
A. Evaluate the impact of the proposed change.
B. Obtain approval from senior management.
C. Consult with the IT department.
D. Document the current firewall configuration.
A. Evaluate the impact of the proposed change.
Explanation: The first step is to evaluate the impact of the proposed change to assess how the modification might affect the overall security posture, functionality, and performance of the network.
58
You are the Information Security Manager of HDA Inc. The organization is considering outsourcing its customer relationship management (CRM) to a third-party service provider, and you are contemplating the initial step. Before outsourcing its customer relationship management (CRM) to a third-party service provider, what is the INITIAL step the organization should take?
A. Negotiate contractual terms with the service provider.
B. Conduct a risk assessment to determine the required controls.
C. Establish communication channels with the third-party provider.
D. Define the scope of CRM services to be outsourced.
B. Conduct a risk assessment to determine the required controls.
Explanation: The initial step before outsourcing CRM is to conduct a risk assessment to evaluate potential risks and determine the necessary controls.
59
You are the Information Security Manager of HDA Inc. You are considering methods to ensure robust password strength in the organization. What is the MOST suitable approach for ensuring robust password strength in a sizable organization?
A. Enforce mandatory password changes every three months.
B. Implement complex password requirements organization-wide.
C. Conduct regular user training on creating strong passwords.
D. Review the password parameters configured on each application.
D. Review the password parameters configured on each application.
Explanation: Reviewing the password parameters configured on each application ensures consistency and alignment with security best practices across various systems.
60
What is the primary purpose of encryption in information security?
A. To speed up the transfer of data across networks
B. To ensure that data is only readable by unauthorized users
C. To ensure that data can only be read by authorized parties
D. To make data recovery easier in case of data loss
C. To ensure that data can only be read by authorized parties
Explanation: Encryption is used to secure data by making it unreadable to unauthorized users, ensuring that only those with the correct decryption key can access the information.
61
Risk Capacity and Risk Appetite in an organization:
A. Are interchangeable terms with the same meaning.
B. Define the total risk an organization is exposed to.
C. Risk capacity is always greater than risk appetite.
D. Risk appetite is always greater than risk capacity.
C. Risk capacity is always greater than risk appetite.
Explanation: Risk capacity represents the absolute maximum level of risk an organization can sustain, which is always set above the risk appetite to ensure sustainability.
62
What does risk avoidance involve in the context of risk management?
A. Reducing the probability or impact of the risk
B. Accepting the risk as it aligns with the organization's risk appetite
C. Transferring the risk to another party through insurance or contracts
D. Avoiding activities or projects that cause the risk
D. Avoiding activities or projects that cause the risk
Explanation: Risk avoidance involves not engaging in activities or projects that introduce unacceptable levels of risk, effectively eliminating the risk.
63
Which type of test is the most cost-effective way to evaluate the adequacy of a recovery plan?
A. Paper test/desk-based evaluation
B. Preparedness test
C. Full operational test
D. Recovery site simulation
B. Preparedness test
Explanation: A preparedness test involves simulating a system crash in a localized environment and is considered the most cost-effective way to evaluate a recovery plan.
64
What is an essential factor for conducting successful disaster recovery testing at a third-party service provider?
A. Data should not be erased from the third-party infrastructure after the test
B. Recovery processes should be completed within predefined timelines
C. The recovery plan should be tested in isolation from actual business operations
D. All data and applications should have appropriate protection levels
D. All data and applications should have appropriate protection levels
Explanation: Ensuring appropriate protection levels for data and applications at third-party service providers is crucial to prevent data breaches during testing.
65
Which feature is commonly found in Endpoint Detection and Response (EDR) solutions?
A. Automation and artificial intelligence
B. Integration with traditional antivirus software
C. Establishment of a historical audit trail of system/user behavior
D. Network-level protection
C. Establishment of a historical audit trail of system/user behavior
Explanation: EDR solutions commonly establish a historical audit trail of system and user behavior, enabling security analysts to analyze events later.
66
What is the MAIN objective of a Security Information and Event Management (SIEM) system?
A. To archive historical security data.
B. To enforce access control policies.
C. To monitor network bandwidth usage.
D. To identify emerging incidents.
D. To identify emerging incidents.
Explanation: The main objective of a SIEM system is to identify emerging incidents by continuously monitoring and analyzing security events and data.
67
What is the MOST compelling sign that there is a deficiency in senior management commitment to information security within an organization?
A. Infrequent security awareness training sessions.
B. Limited investment in the latest security technologies.
C. Absence of a designated Chief Information Security Officer (CISO).
D. Information security policy is not consistently applied.
D. Information security policy is not consistently applied.
Explanation: A lack of consistent enforcement indicates a potential gap in leadership support, which is crucial for establishing a strong security culture.
68
What is the PRIMARY result sought from the testing of incident response plans?
A. Verification of the incident detection tools.
B. Identification of potential vulnerabilities.
C. Assessment of the incident severity.
D. Response procedures are improvised.
D. Response procedures are improvised.
Explanation: The primary result sought from testing incident response plans is that response procedures are improvised, allowing for adjustments and improvements.
69
What is the MOST effective approach to secure funding from senior management for a security awareness program?
A. Highlighting the latest cybersecurity trends.
B. Demonstrating the capabilities of advanced security tools.
C. Emphasizing the potential financial impact of security incidents.
D. Showing that the information security policy is not consistently applied.
D. Showing that the information security policy is not consistently applied.
Explanation: Highlighting areas where policy compliance is lacking emphasizes the need for increased awareness and training.
70
What is the MOST effective way to enhance the comprehension of information security responsibilities among users throughout the organization?
A. Conducting periodic security training sessions.
B. Distributing informational brochures on security practices.
C. Implementing technical controls to enforce security policies.
D. Including security requirements in the acceptable usage policy.
D. Including security requirements in the acceptable usage policy.
Explanation: Integrating security expectations into the acceptable usage policy provides clear guidelines and expectations related to information security.
71
Which characteristic of the software would prevent unauthorized modifications to the source code?
A. Integration with development tools
B. Version tracking and change history
C. Provide access to only authorized employees
D. Support for multiple programming languages
C. Provide access to only authorized employees
Explanation: Implementing strict access controls and allowing access only to authorized personnel helps prevent unauthorized modifications to the source code.
72
What is the MOST effective measure to guard against phishing attempts within an organization?
A. Conduct regular security awareness training
B. Implement two-factor authentication
C. Enforce strict password policies
D. Implement email monitoring and filtering system
D. Implement email monitoring and filtering system
Explanation: Deploying an email monitoring and filtering system is a proactive approach to identify and block phishing emails before they reach users' inboxes.
73
You are the Information Security Manager of HDA Inc. You need to assess cloud hosting models. Which cloud hosting model provides the client organization with the MOST administrative control over the environment?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Function as a Service (FaaS)
D. Infrastructure as a Service (IaaS)
D. Infrastructure as a Service (IaaS)
Explanation: IaaS allows clients to have greater control over the infrastructure, including operating systems, applications, and networking.
74
You are the Information Security Manager of HDA Inc. You are initiating performance measurement processes for information security. What is the FIRST step in achieving efficient performance measurement?
A. Evaluate existing metrics
B. Implement monitoring tools
C. Establish benchmarking criteria
D. Develop metrics
D. Develop metrics
Explanation: Before embarking on performance measurement, the initial step is to create well-defined metrics that align with organizational goals and objectives.
75
Why is it crucial to separate short-term plans from long-term plans in the information security roadmap?
A. To ensure the effective implementation of lessons learned from short-term plans
B. To maintain flexibility and adaptability in response to changing threats
C. To allocate resources more efficiently across various time horizons
D. To streamline communication and reporting to senior management
A. To ensure the effective implementation of lessons learned from short-term plans
Explanation: Distinguishing short-term plans from long-term plans allows the organization to extract valuable insights and lessons learned from immediate actions.
76
You are the Information Security Manager of HDA Inc. You have learned that certain employees are engaging in discussions about confidential corporate matters on social media platforms. What is the most appropriate course of action?
A. Implement frequent training on social media usage and monitor compliance.
B. Immediately terminate the employees involved.
C. Ignore the situation as long as it does not impact day-to-day operations.
D. Restrict all employees from accessing social media platforms during work hours.
A. Implement frequent training on social media usage and monitor compliance.
Explanation: Providing employees with training on the proper usage of social media and monitoring compliance helps ensure adherence to policies.
77
You are the Information Security Manager of HDA Inc. Your organization is contemplating the acquisition of a competitor. What is the most appropriate action for you to assess the competitor's security stance?
A. Rely on publicly available information about the competitor's security practices.
B. Seek feedback from current employees of the competitor regarding their security awareness.
C. Hire a third-party cybersecurity consultant for an external perspective on the competitor's security.
D. Conduct a security audit of the target organization.
D. Conduct a security audit of the target organization.
Explanation: Conducting a thorough security audit of the target organization allows for an in-depth examination of their security practices.
78
You are the Information Security Manager of HDA Inc. What is the MOST efficient method for disseminating general information security responsibilities throughout the organization?
A. Sending periodic email reminders about security practices.
B. Publishing a comprehensive information security manual.
C. Conducting occasional workshops on information security.
D. Providing frequent awareness training.
D. Providing frequent awareness training.
Explanation: Frequent awareness training ensures that employees receive regular, up-to-date information on security practices.
79
Which of the subsequent metrics can be deemed as a precise indicator of the performance of an information security program?
A. The number of security incidents reported.
B. Meaningful metrics that support the decision-making process.
C. Compliance with industry standards.
D. The total budget allocated for information security.
B. Meaningful metrics that support the decision-making process.
Explanation: Metrics should provide relevant and actionable insights that enable informed decisions and improvements to the security program.
80
What is the PRIMARY justification for refraining from notifying specific users about an impending penetration test?
A. To identify potential vulnerabilities before the users can take preventive measures.
B. To ensure that the test accurately represents the organization's security posture.
C. To determine the incident response capabilities.
D. To prevent panic and maintain a normal operating environment.
C. To determine the incident response capabilities.
Explanation: Not notifying users allows for a more realistic simulation of how the organization would respond to a potential security incident.
81
Which of the following metrics will MOST EFFECTIVELY aid in evaluating the resilience of IT infrastructure security controls?
A. Business impact due to incidents.
B. Number of security incidents reported.
C. Response time to security incidents.
D. Compliance with industry standards.
A. Business impact due to incidents.
Explanation: The business impact due to incidents provides insights into the actual consequences of security incidents on the IT infrastructure.
82
What is the MOST effective method to establish accountability for information security across the entire organization?
A. Conducting periodic security audits
B. Implementing a strict access control policy
C. Utilizing a balanced scorecard
D. Information security policy
D. Information security policy
Explanation: A well-defined and communicated policy establishes clear expectations, responsibilities, and guidelines for all personnel.
83
What is the INITIAL task that the information security manager must undertake when a vulnerability is identified in the facilities offered by an IT service provider?
A. Report the vulnerability to the organization's incident response team.
B. Conduct an internal risk assessment.
C. Verify the contractual responsibilities of the service provider.
D. Implement immediate security controls.
C. Verify the contractual responsibilities of the service provider.
Explanation: Verifying the contractual responsibilities ensures that the organization and the service provider adhere to agreed-upon terms.
84
What is the MOST effective means to safeguard against the disclosure of data?
A. Regular data backups.
B. Encryption of sensitive information.
C. Firewalls and intrusion detection systems.
D. Two-factor authentication.
D. Two-factor authentication.
Explanation: Two-factor authentication requires users to provide two forms of identification before gaining access, significantly enhancing protection.
85
Regarding the transborder flow of technology-related items, legal concerns in the realm of information security are MOST frequently linked to:
A. Intellectual property rights.
B. Export control regulations.
C. Encryption standards.
D. Privacy-related data.
D. Privacy-related data.
Explanation: Legal concerns in information security are most frequently associated with privacy-related data due to data privacy laws and cross-border data transfer regulations.
86
Which attack method relies on exploiting vulnerabilities in DNS servers to redirect traffic to a bogus website?
A. Pharming
B. Piggy backing
C. Parameter tampering
D. IP spoofing
A. Pharming
Explanation: Pharming involves redirecting traffic from legitimate websites to bogus websites by exploiting vulnerabilities in DNS servers.
87
What type of attack involves self-replicating malicious code that can spread from computer to computer?
A. Virus
B. Worm
C. Trojan Horse
D. Logic Bomb
A. Virus
Explanation: A virus is a type of self-replicating malicious code that can spread from computer to computer, often causing damage to files or disrupting system operations.
88
Which attack method involves listening to all traffic in a network to extract usernames and passwords?
A. Shoulder surfing
B. Packet replay
C. Pharming
D. Password sniffing
D. Password sniffing
Explanation: Password sniffing involves listening to all traffic in a network to extract usernames and passwords for unauthorized access.
89
What is the first step in creating a digital signature?
A. Encrypting the message
B. Decrypting the hash value
C. Creating a hash (message digest) of the message
D. Comparing the hash value with the digital signature
C. Creating a hash (message digest) of the message
Explanation: The first step in creating a digital signature is to create a hash (message digest) of the message using a mathematical algorithm.
90
What distinguishes double blind testing from blind testing in penetration testing?
A. The tester is not provided with any information about the network
B. Both the tester and the organization's security team are unaware of the test details
C. The tester is provided with detailed information about the network
D. The test is conducted without the knowledge of the organization's IT team
B. Both the tester and the organization's security team are unaware of the test details
Explanation: In double blind testing, neither the tester nor the organization's security team knows the test details, simulating a real attack scenario.
91
What is the MOST efficient method for an information security manager to safeguard the organization against the improper use of social media?
A. Conducting regular social media awareness training.
B. Implementing strict social media usage policies.
C. Blocking access to all social media platforms on corporate networks.
D. Limiting and monitoring the use of social media on corporate networks and devices.
D. Limiting and monitoring the use of social media on corporate networks and devices.
Explanation: This approach allows for controlled access, reducing the risk of security incidents while enabling effective monitoring.
92
What is the MOST significant worry for the information security manager when employing account locking features in an online application? It has the potential to elevate susceptibility to:
A. Unauthorized access attempts.
B. User dissatisfaction with the locking mechanism.
C. Unavailability of the service.
D. Increased customer support requests.
C. Unavailability of the service.
Explanation: Account locking, if not implemented carefully, may lead to service disruptions, affecting legitimate users and impacting availability.
93
During an audit of a data center's IT architecture, the information security manager uncovers the absence of necessary encryption for data communications. What is the NEXT step to be taken?
A. Assess alternative measures for compensation.
B. Immediately implement encryption protocols.
C. Escalate the issue to senior management.
D. Document the finding in the audit report.
A. Assess alternative measures for compensation.
Explanation: This involves exploring other security measures or controls to compensate for the absence of encryption.
94
What would be the MOST effective countermeasure against malicious programming that manipulates transaction amounts, rounding them down and transferring the funds to the perpetrator's account?
A. Implementing stricter user authentication measures.
B. Enhancing network perimeter defenses.
C. Conducting regular vulnerability assessments.
D. Verifying the presence of appropriate controls for code review.
D. Verifying the presence of appropriate controls for code review.
Explanation: Ensuring that the source code undergoes thorough review helps identify and eliminate malicious logic.
95
Upon discovering an advanced persistent threat (APT), what should be the initial action for the information security manager?
A. Notify law enforcement authorities.
B. Isolate the threat.
C. Conduct a forensic analysis.
D. Implement additional intrusion detection measures.
B. Isolate the threat.
Explanation: Isolating the threat helps contain its impact and prevent further spread within the network.
96
The identification of noncompliance with password-aging rules in a newly developed system is MOST effectively achieved through:
A. User training sessions.
B. Audit procedure.
C. Security awareness campaigns.
D. Implementing stronger password policies.
B. Audit procedure.
Explanation: Auditing allows for a systematic review and examination of the system's configuration and logs to verify adherence.
97
The primary definition of authorization to delegate the management of an internal security incident to a third-party support provider is determined by:
A. Incident severity levels.
B. Approved escalation procedures.
C. Incident response timelines.
D. Executive management approval.
B. Approved escalation procedures.
Explanation: These procedures outline the authorized steps and criteria for escalating incidents to external providers.
98
What is the PRIMARY purpose of the following action, mainly focused on ensuring the integrity of information?
A. Access control matrix.
B. Encryption protocols.
C. Intrusion detection systems.
D. Security awareness training.
A. Access control matrix.
Explanation: The access control matrix regulates and controls user access to information resources, ensuring data integrity.
99
As the Information Security Manager of HDA Inc., you are overseeing the incident response process. At which stage should adjustments and implementations of corrective actions to the response procedure be evaluated?
A. Eradication
B. Identification
C. Containment
D. Recovery
A. Eradication
Explanation: The eradication phase involves eliminating the root cause and assessing corrective actions to improve the response procedure.
100
You are the Information Security Manager of HDA Inc. You are tasked with implementing an authorization policy to address the frequent travel of employees across various geographic locations. Which authorization policy is MOST suitable for this scenario?
A. Rule-based authorization
B. Attribute-based authorization
C. Role-based authorization
D. Discretionary access control
C. Role-based authorization
Explanation: Role-based authorization assigns permissions based on job roles, facilitating efficient access management across locations.
101
You are the Information Security Manager of HDA Inc. You are overseeing a systems development project that involves testing with sensitive customer data. What is the OPTIMAL method for handling this situation?
A. Anonymize the customer data.
B. Pseudonymize the customer data.
C. Encrypt the customer data.
D. Use the actual customer data without any modifications.
B. Pseudonymize the customer data.
Explanation: Pseudonymizing replaces personally identifiable information with pseudonyms, balancing realistic testing with data privacy.
102
You are emphasizing the importance of continuous monitoring in a security strategy. In this context, what is the primary purpose of consistently monitoring a security strategy?
A. Enhance employee productivity
B. Verify control objectives are being achieved
C. Minimize operational costs
D. Expedite incident response time
B. Verify control objectives are being achieved
Explanation: Regular monitoring ensures that security controls are effective and objectives are consistently met.
103
When considering the selection of a key risk indicator (KRI), what holds the utmost significance among the options below?
A. Cost-effectiveness of implementation
B. Availability of advanced monitoring tools
C. Frequency of past security incidents
D. Criticality of the function
D. Criticality of the function
Explanation: The criticality of a business function determines the level of risk associated with it, making it the most significant factor for KRIs.
104
For an organization planning to deploy a security information and event management (SIEM) system, what should be the utmost consideration?
A. System compatibility with existing hardware
B. Cost of SIEM implementation
C. Sources for capturing logs
D. Training programs for SIEM operators
C. Sources for capturing logs
Explanation: A robust SIEM system relies on comprehensive log data from various sources for effective security monitoring.
105
What is the main benefit of single sign-on (SSO)?
A. Enhance network security
B. Simplify user authentication
C. Eliminate the need for password policies
D. Improve the efficiency of access management
D. Improve the efficiency of access management
Explanation: SSO allows users to authenticate once and access multiple systems, streamlining access management.
106
What is the utmost critical justification for conducting vulnerability assessments at regular intervals?
A. Meeting compliance requirements
B. To address the emerging vulnerabilities
C. Identifying historical security incidents
D. Evaluating the effectiveness of existing controls,
B. To address the emerging vulnerabilities
Explanation: Regular assessments help organizations stay proactive in identifying and mitigating newly discovered vulnerabilities.
107
Among the provided options, which e-business architecture most effectively guarantees high availability?
A. Centralized server managing all transactions
B. Smart middleware directing transactions from a non-functional system to an alternate one
C. Distributed server infrastructure with load balancing
D. Client-server architecture with dedicated endpoints
B. Smart middleware directing transactions from a non-functional system to an alternate one
Explanation: This architecture ensures continuous service availability by rerouting transactions to operational systems.
108
The rationale for investing in an information security management infrastructure must encompass:
A. General improvement of organizational processes
B. Potential financial gains from improved security
C. Enhanced employee productivity
D. Consequences of failure to comply with relevant standards
D. Consequences of failure to comply with relevant standards
Explanation: Addressing compliance requirements demonstrates a commitment to maintaining a secure environment.
109
What is the function of an email digital signature?
A. Authenticate the sender's identity
B. Encrypt the email content
C. Enhance email delivery speed
D. Confirm the integrity of an email message to recipients
D. Confirm the integrity of an email message to recipients
Explanation: A digital signature ensures that the content of the email has not been altered during transmission.
110
As the Information Security Manager at HDA Inc., you are tasked with conducting a risk assessment for a business application. What is the first step in this process?
A. Evaluate potential vulnerabilities in the application.
B. Assess the impact of a security incident on the application.
C. Identify the processes and assets linked with the application.
D. Determine the likelihood of specific threats to the application.
C. Identify the processes and assets linked with the application.
Explanation: Identifying the processes and assets provides a foundational understanding of the application's context and potential risks.
111
You are the Information Security Manager of HDA Inc. You are tasked with establishing a security asset classification scheme. Who bears the PRIMARY responsibility for this?
A. IT Department
B. Security Team
C. Employees
D. Business Management
D. Business Management
Explanation: Business Management is best positioned to understand the criticality and value of assets in alignment with business objectives.
112
What is the most substantial advantage of categorizing information assets?
A. Preservation of data confidentiality
B. Facilitation of data backup processes
C. Streamlining of data storage
D. Implementation of the access control policy
D. Implementation of the access control policy
Explanation: Information asset classification enables the enforcement of appropriate access restrictions based on sensitivity levels.
113
When delivering a risk assessment report on information security to senior management, which approach would MOST effectively support well-informed decision-making?
A. Highlighting all identified risks.
B. Focusing on historical risk trends.
C. Emphasizing potential risks.
D. Giving priority to residual risks.
D. Giving priority to residual risks.
Explanation: Prioritizing residual risks directs attention to risks that remain after controls are applied, aiding decision-making.
114
What is the crucial element in ascertaining the definition of a disaster for an organization?
A. Business Continuity Plan
B. Risk Assessment
C. Recovery Strategy
D. Incident Response Plan
C. Recovery Strategy
Explanation: Understanding how the organization plans to recover from a significant incident defines what constitutes a disaster.
115
You are the Information Security Manager of HDA Inc. You are considering embedding security responsibilities into job descriptions to enhance the organization's information security practices. What is the primary reason for doing so?
A. Strengthens adherence to information security policies.
B. Streamlines the hiring process.
C. Improves employee morale.
D. Reinforces accountability among employees.
D. Reinforces accountability among employees.
Explanation: Embedding security responsibilities reinforces accountability by clearly defining employees' roles in maintaining security.
116
You are the Information Security Manager of HDA Inc. You are tasked with implementing security measures for infrastructure administration using a service account. What is the MOST crucial aspect to implement?
A. Strong password policies for the service account.
B. Regularly rotating the service account credentials.
C. Restricting access to the service account based on the principle of least privilege.
D. Maintaining an audit trail.
D. Maintaining an audit trail.
Explanation: An audit trail allows for monitoring and recording activities associated with the service account, aiding in detection of unauthorized actions.
117
What is the purpose of a penetration test?
A. To identify and exploit vulnerabilities in a system
B. To patch vulnerabilities in a system
C. To prevent all attacks on a system
D. To assess the effectiveness of security controls
D. To assess the effectiveness of security controls
Explanation: The purpose of a penetration test is to simulate real-world attacks to assess the effectiveness of security controls.
118
What is the purpose of a privacy impact assessment (PIA)?
A. To assess the impact of privacy regulations on an organization
B. To identify and mitigate privacy risks associated with projects or systems
C. To evaluate customer satisfaction regarding privacy practices
D. To monitor revenue from customer data
B. To identify and mitigate privacy risks associated with projects or systems
Explanation: A PIA identifies and mitigates privacy risks, ensuring compliance with privacy regulations.
119
What is the role of a security policy in an organization?
A. To restrict access to information
B. To guide employees on acceptable use of resources and behaviors
C. To eliminate all security risks
D. To enforce strict disciplinary actions
B. To guide employees on acceptable use of resources and behaviors
Explanation: A security policy establishes guidelines and standards to protect the organization's information assets.
120
Which of the following is NOT a characteristic of a strong password?
A. Length
B. Complexity
C. Memorability
D. Uniqueness
C. Memorability
Explanation: While users prefer memorable passwords, strong passwords may be more difficult to remember from a security perspective.
121
What is the purpose of role-based access control (RBAC)?
A. To assign access rights based on user roles and responsibilities
B. To assign access rights based on geographic location
C. To assign access rights based on job titles
D. To assign access rights based on seniority
A. To assign access rights based on user roles and responsibilities
Explanation: RBAC assigns access rights based on roles and responsibilities within the organization.
122
During which phase of the System Development Life Cycle (SDLC) are the objective, purpose, and scope of the system discussed, finalized, and documented?
A. Initiation/Feasibility
B. Development/Acquisition
C. Implementation
D. Operations/Maintenance
A. Initiation/Feasibility
Explanation: In the Initiation/Feasibility phase, the objective, purpose, and scope of the system are established and documented.
123
Maximum Tolerable Outage (MTO) is defined as:
A. The longest period a business can survive without any operational capability.
B. The maximum period of time that an organization can operate from an alternate site.
C. The duration for which an organization can avoid data backups.
D. The allowable downtime for IT systems before a disaster recovery plan is activated.
B. The maximum period of time that an organization can operate from an alternate site.
Explanation: MTO specifies the maximum duration an organization can sustain operations at an alternate site.
124
Which of the following measures would provide the HIGHEST level of confidence in the integrity of data when transmitted between two parties?
A. Encryption
B. Hashing
C. Digital certificate
D. Digital signature
D. Digital signature
Explanation: Digital signatures use cryptographic techniques to ensure the integrity of data during transmission.
125
You are the Information Security Manager of HDA Inc. You are evaluating the security responsibilities in different cloud service models. In which cloud service model does the buyer of the cloud service take on the GREATEST security responsibilities?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Function as a Service (FaaS)
C. Infrastructure as a Service (IaaS)
Explanation: In IaaS, the buyer has the greatest level of control and responsibility for securing the operating systems, applications, and data.
126
You are the Information Security Manager of HDA Inc. You are assessing the adequacy of the classification of an information asset. What should be your primary concern?
A. Sensitivity level.
B. Business value.
C. Compliance requirements.
D. Technical specifications.
B. Business value.
Explanation: The classification should align with the importance and value of the information to the organization.
127
As an Information Security Manager of HDA Inc., what is of utmost importance for the successful implementation of an information security program?
A. Adhering to industry trends and standards
B. Implementing cutting-edge technologies
C. Seeking input from stakeholders
D. Regularly updating policies and procedures
C. Seeking input from stakeholders
Explanation: Engaging with stakeholders helps in understanding their needs and ensures the security program aligns with organizational goals.
128
What is the MOST effective approach to minimize the consequences of a successful ransomware attack?
A. Implement real-time intrusion detection systems.
B. Enhance network perimeter security measures.
C. Conduct regular backups and store them in an offline location.
D. Train employees on recognizing phishing attempts.
C. Conduct regular backups and store them in an offline location.
Explanation: Regular offline backups ensure critical data can be restored without paying the ransom.
129
You are an Information Security Manager of HDA Inc. You are tasked with initiating the business continuity planning (BCP) process. What should be your first step?
A. Developing a crisis communication plan
B. Identifying critical business functions
C. Establishing alternate processing sites
D. Conducting a business impact analysis (BIA),
D. Conducting a business impact analysis (BIA)
Explanation: A BIA assesses the potential impact of disruptions on critical business functions, prioritizing resources effectively.
130
You are the Information Security Manager of HDA Inc. You are evaluating authentication methods. What is the primary benefit of challenge-response authentication compared to password authentication?
A. Enhanced user convenience and ease of memorization.
B. Greater resistance to brute force attacks.
C. Improved scalability for large user bases.
D. Reduced impact of compromised passwords.
D. Reduced impact of compromised passwords.
Explanation: Challenge-response authentication dynamically generates challenges, reducing the risk of compromised passwords.
131
You are the Information Security Manager of HDA Inc. You are overseeing workstations employed in supporting a forensic investigation. What is the utmost priority to ensure in this context?
A. The use of the latest forensic tools and technologies.
B. Limiting access to the workstations to authorized personnel only.
C. Continuous monitoring of workstation activities during the investigation.
D. Chain of custody is recorded for workstation activities.
D. Chain of custody is recorded for workstation activities.
Explanation: Recording the chain of custody maintains the integrity of forensic investigations.
132
You are the Information Security Manager of HDA Inc. You are tasked with evaluating cloud storage solutions. What is the initial factor to consider in this assessment?
A. Cost-effectiveness of the cloud storage provider.
B. Adherence to the organization's data classification policy.
C. Availability of advanced encryption features.
D. Integration capabilities with existing IT infrastructure.
B. Adherence to the organization's data classification policy.
Explanation: Ensuring alignment with the data classification policy maintains the appropriate level of security and control.
133
What is the MOST effective approach to handle access rights?
A. Periodic access reviews and audits.
B. Implementing role-based access control (RBAC).
C. Zero trust process.
D. Utilizing single sign-on (SSO) authentication.
C. Zero trust process.
Explanation: Zero Trust assumes no implicit trust and requires continuous verification, minimizing unauthorized access risks.
134
What is the MOST effective way to assess the efficiency of an alternative processing site when uninterrupted operation is essential?
A. Tabletop exercise.
B. Parallel test.
C. Full interruption test.
D. Checklist-based evaluation.
B. Parallel test.
Explanation: Running both primary and alternate sites simultaneously assesses the alternative site's efficiency without interrupting operations.
135
You are the Information Security Manager of HDA Inc. In the event that a data loss prevention (DLP) tool identifies the transmission of personally identifiable information (PII), what should be your initial priority?
A. Immediately block the transmission of PII.
B. Notify the IT department for further investigation.
C. Report the incident to the data protection authorities.
D. Discuss the impact with the data owner.
D. Discuss the impact with the data owner.
Explanation: Engaging with the data owner enables a collaborative approach to assess the incident's context and impact.
136
You are the Information Security Manager of HDA Inc. After acquiring a company specializing in the production of Internet of Things (IoT) devices, what is the subsequent action you should take?
A. Conduct a comprehensive risk assessment for the newly acquired company.
B. Upgrade the existing network infrastructure to accommodate IoT devices.
C. Implement additional access controls for the acquired IoT devices.
D. Revise the information security strategy.
D. Revise the information security strategy.
Explanation: Revising the security strategy incorporates considerations specific to IoT security risks.
137
What is the MOST effective way to showcase the return on investment (ROI) for an information security initiative?
A. Cost-benefit analysis.
B. Business case.
C. Security awareness training.
D. Compliance with industry standards.
B. Business case.
Explanation: A business case aligns the security initiative with business objectives, highlighting anticipated benefits and financial gains.
138
For a global organization managing substantial amounts of personal data, what would be the MOST critical characteristic when formulating a data access policy?
A. Flexibility for easy updates.
B. Stringent enforcement mechanisms.
C. Inclusivity to accommodate all user roles.
D. Confidentiality.
D. Confidentiality.
Explanation: Ensuring confidentiality restricts access to authorized individuals, maintaining trust and compliance.
139
What option among the following would MOST effectively offer stakeholders the necessary information to decide the suitable course of action in response to a disaster?
A. Risk assessment
B. Incident response plan
C. Business impact analysis
D. Disaster recovery plan
C. Business impact analysis
Explanation: A BIA evaluates the potential impact of a disruption, helping stakeholders prioritize recovery efforts.
140
You are concerned about preventing computers on the corporate network from being used in a distributed denial of service (DDoS) attack. What is the most appropriate action to take?
A. Install firewalls at network entry points.
B. Monitor the outgoing traffic.
C. Implement intrusion detection systems on all devices.
D. Conduct regular vulnerability assessments.
A. Encryption
Explanation: Encrypting sensitive information in emails ensures that contents remain secure even if intercepted.
141
You are the Information Security Manager of HDA Inc. You need to ensure that a service provider complies with the organization's information security requirements. Which option offers you the most reliable assurance?
A. Vendor self-assessment questionnaire
B. Service Level Agreement (SLA) with penalties for non-compliance
C. Annual security awareness training for the service provider's staff
D. Periodic audit of the third-party supplier's IT systems and processes
D. Periodic audit of the third-party supplier's IT systems and processes
Explanation: An independent audit provides a thorough and objective evaluation of the service provider's compliance.
142
What is the optimal course of action when encountering an organization with budget limitations that lacks critical security capabilities?
A. Propose additional budget allocations for essential security tools
B. Demonstrate return on investment (ROI) on security expenditure
C. Seek external funding or financial support from stakeholders
D. Implement basic security measures within the existing budget constraints
B. Demonstrate return on investment (ROI) on security expenditure
Explanation: Showcasing the value of security investments justifies resource allocation within budget constraints.
143
What is the primary consideration for an organization when assessing an Infrastructure as a Service (IaaS) cloud computing model for an e-commerce application?
A. High availability to ensure continuous operation and minimal downtime.
B. Cost-effectiveness in infrastructure provisioning.
C. Flexibility in resource scalability based on demand.
D. Advanced security features for data protection.
A. High availability to ensure continuous operation and minimal downtime.
Explanation: High availability ensures continuous operation for e-commerce applications, minimizing downtime and revenue loss.
144
For an organization that outsources its payroll processing, what is the MOST effective key risk indicator to monitor the information security of the service provider?
A. Impact on business processes due to incidents
B. Number of security controls implemented by the service provider
C. Frequency of security audits conducted by the service provider
D. Compliance with contractual service-level agreements (SLAs)
A. Impact on business processes due to incidents
Explanation: Assessing the impact of incidents provides a direct measure of potential harm to business processes.
145
Achieving compliance of activities conducted by outsourcing providers with information security policies is MOST effectively accomplished by using:
A. Regular communication and training sessions with outsourcing providers
B. Independent audits
C. Strict contractual penalties for non-compliance
D. In-depth monitoring of outsourcing provider activities
B. Independent audits
Explanation: Independent audits provide an objective and thorough examination of the outsourcing provider's compliance.
146
What should be the PRIMARY consideration when establishing data retention policies among the following options?
A. Employee preferences and convenience
B. Technological advancements in data storage
C. Legal and regulatory requirements
D. Cost-effectiveness in data management
C. Legal and regulatory requirements
Explanation: Adhering to legal and regulatory requirements ensures compliance with data protection and privacy standards.
147
For a small organization with a contract with a multinational cloud computing vendor, what omission from the contract would be of the HIGHEST concern?
A. The specific server locations where data will be stored
B. The duration of the contract and renewal terms
C. Service level agreements (SLAs) for uptime and performance
D. The contract should explicitly define the ownership of the data stored in the cloud
D. The contract should explicitly define the ownership of the data stored in the cloud
Explanation: Clarifying data ownership ensures control over data and addresses issues like access and compliance.
148
In response to the rapid spread of a new email virus using an attachment disguised as a picture file, what should be the INITIAL action taken FIRST?
A. Temporarily shut down the email servers to contain the virus.
B. Restrict emails that include attachments of picture files.
C. Run a full system scan on all computers in the network.
D. Notify employees to avoid opening any email attachments.
B. Restrict emails that include attachments of picture files.
Explanation: Restricting the specific attachment type addresses the immediate risk and contains the threat.
149
What is the UTMOST crucial factor to guarantee the successful recovery of a business in the event of a disaster?
A. Quick detection and attribution of the responsible parties.
B. High availability of secondary data centers.
C. Regularly updating disaster recovery documentation.
D. Well-defined incident criteria.
D. Well-defined incident criteria.
Explanation: Clearly defined criteria enable a structured and efficient response during a disaster.
150
The MAIN objective of implementing an intrusion detection system (IDS) is to detect:
A. Unauthorized access attempts.
B. Network vulnerabilities.
C. Malicious software installations.
D. Determining the potential impact.
D. Determining the potential impact.
Explanation: An IDS aims to analyze and understand the potential impact of security incidents on information security.
151
What document should be PRIMARILY included in a computer incident response team (CIRT) manual?
A. Flowchart illustrating the incident response process.
B. Criteria to define severity.
C. List of potential threats and vulnerabilities.
D. Detailed technical analysis of recent incidents.
B. Criteria to define severity.
Explanation: Severity criteria help prioritize incident response efforts and allocate resources effectively.
152
The MAIN goal of conducting an internal attack and penetration test as part of an incident response program is to pinpoint:
A. Vulnerabilities in the network infrastructure.
B. Areas for improvement in the incident response procedure.
C. Potential insider threats within the organization.
D. Weaknesses in the application layer security.
B. Areas for improvement in the incident response procedure.
Explanation: The main focus is on refining the incident response capabilities by identifying weaknesses in processes.
153
You recently experienced a security incident, and now you are conducting a post-event review to enhance your incident response capabilities. What is the MAIN goal of this post-event review?
A. Identifying the individuals responsible for the incident
B. Implementing immediate corrective actions to prevent a recurrence
C. Streamlining the incident management process
D. Documenting the incident details for legal purposes
C. Streamlining the incident management process
Explanation: The primary objective is to analyze the incident and enhance overall incident response capabilities.
154
As an Information Security Manager of HDA Inc., Elaborate business continuity plans should primarily be grounded in:
A. Technological advancements.
B. Industry best practices.
C. Regulatory requirements.
D. Approaches endorsed by senior management.
D. Approaches endorsed by senior management.
Explanation: Senior management's endorsement ensures business continuity plans align with organizational strategy and receive necessary support.
155
After a web server in a financial institution has been compromised using a super-user account, isolated, and subjected to appropriate forensic procedures, what should be the subsequent course of action?
A. Shut down the server permanently to prevent further compromise.
B. Report the incident to law enforcement authorities.
C. Implement additional security controls on the server.
D. Reconstruct the server using the original media and necessary patches.
D. Reconstruct the server using the original media and necessary patches.
Explanation: Rebuilding the server ensures a clean and secure environment, addressing vulnerabilities.
156
You need to obtain evidence from a compromised server for a forensic investigation. What is the optimal source for obtaining evidence?
A. Replication of data from bit level.
B. Retrieval of log files from the server.
C. Running antivirus scans on the server.
D. Interviewing employees who had access to the server.
A. Replication of data from bit level.
Explanation: Bit-level replication captures all data, including hidden and deleted files, for a comprehensive forensic investigation.
157
You are dealing with an information security incident response, and you need to determine the most effective approach for handling evidence with potential legal implications. What should guide your decision?
A. Global industry standards.
B. Regulations specific to the local area.
C. Recommendations from cybersecurity experts.
D. Best practices outlined in the incident response plan.
B. Regulations specific to the local area.
Explanation: Local regulations dictate legal requirements and standards for handling evidence.
158
What does Recovery Time Objective (RTO) measure in terms of system functionality?
A. The extent of acceptable system downtime
B. The extent of acceptable data loss
C. The frequency of data backups
D. The cost of data recovery solutions
A. The extent of acceptable system downtime
Explanation: RTO measures the maximum duration an organization can afford to have its systems down without significant impact.
