Deck 2 Flashcards
Which of the following is the BEST way to enhance training for incident response teams?
A. Conduct interviews with organizational units
B. establish incident key performance indicators (KPIs)
C. participate in emergency response activities
D. perform post-incident reviews
D
Which of the following is the BEST way to present the status of an information security program to senior management?
A. Detail latest security trends
B. display concise dashboards
C. provide detailed information regarding risk exposure
D. report on root causes of security incident
B
What would be an information security manager’s BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization’s critical data?
A. Cancel the outsourcing contract
B. transfer the risk to the provider
C. create an addendum to the existing contract
D. initiate an external audit of the provider’s data center
C
An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
A. Restore the application and data from a forensic copy
B. install the OS, patches, and application from the original source
C. restore the OS, patches, and application from a backup
D. remove all signs of the intrusion from the OS and application
B
Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?
A. Facilitating the monitoring of risk occurrences
B. measuring impact of exploits on business processes
C. maintaining A repository base of security policies
D. redirecting event logs to an alternate location for business continuity plan (BCP)
A
When performing a data classification project, an information security manager should:
A. assign information criticality and sensitivity
B. identify information custodians
C. identify information owners
D. assign information access privileges
A
Which of the following is the MOST effective way to help assure the integrity of an organization’s accounting system?
A. Performing frequent security reviews of the audit log
B. implementing 2 factor authentication
C. conducting an annual security audit of the system
D. providing security awareness training to accounting staff
A
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
A. Unreliable delivery of hardware and software resources by a supplier
B. unavailability of services provided by a supplier
C. loss of customers due to availability of products
D. compromise of critical assets via third-party resources
D
Which of the following is the PRIMARY driver for determining the classification of application systems?
A. The cost of repairing damage to system elements
B. the extent that compromise can affect revenue
C. the cost to implement regulatory requirements
D. controlling access based on the need to know
D
Which Of the following service offerings in a typical infrastructure as a service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
A. Capability to take a snapshot of virtual machines
B. capability of online virtual machine analysis
C. availability of web application firewall logs
D. availability of current infrastructure documentation
A
An information security manager has contracted with a company to design security architecture for an application. Which of the following is accountable for identification associated with this initiative?
A. The project steering committee
B. the information security manager
C. the infrastructure management team
D. the application development team
B
Which of the following is the FIRST Step 2 establishing an effective information security program?
A. Assign accountability
B. perform a business impact analysis(BIA)
C. create a business case
D. conduct A compliance review
C
Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?
A. SWOT analysis
B. industry benchmarks
C. cost-benefit analysis
D. balanced scorecard
D
Application data integrity risk is MOST directly addressed by a design that includes:
A. strict application of an authorized data dictionary
B. reconciliation routine such as checksums, hash totals, and record counts
C. application log requirements such as field-level audit trails and user activity logs
D. access control technologies such as role-based entitlement
B
Which of the following would BEST ensure that security is integrated during application development?
A. Performing application security testing during acceptance testing
B. introducing security requirements during the initiation phase
C. employing global security standards during development processes
D. providing training on secure development practices to programmers
D
Which of the following should include contact information for representatives of equipment and software vendors?
A. Business continuity plan (BCP)
B. service level agreements (SLAs)
C. information security program charter
D. business impact analysis (BIA)
A
An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan, which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?
A. Banning executable file downloads at the Internet firewall
B. implementing an intrusion detection system (IDS)
C. implementing application blacklisting
D. removing local administrator rights
D
Which of the following is the GREATEST risk of centralized information Security Administration within a multinational organization?
A. Slower turn around
B. less uniformity
C. less objectivity
D. violation of local law
C
Which of the following is the BEST reason to consolidate security operations teams across the global organization?
A. Compliance with regulatory requirements
B. enhanced visibility of threats
C. detection and fraud
D. cost reduction
B
Which of the following is the MOST appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification?
A. Guidelines
B. Procedures
C. Standards
D. Policies
C
If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:
A. transfer risk to a third party to avoid cost of impact
B. recommend that management avoid the business activity
C. assess the gap between current and acceptable level of risk
D. implement controls to mitigate the risk to an acceptable level
C
Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?
A. Select the data source
B. review the confidentiality requirements
C. identify the intended audience
D. identify the data owner
C
When a critical system incident is reported, the FIRST step of the incident handler should be to:
A. power off the system
B. determine the scope of the incident
C. validate the incident
D. notify the appropriate parties
C
The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?
A. Varying threat environments
B. disparate reporting lines
C. conflicting legal requirements
D. differences in work culture
C