Deck 2 Flashcards
Which of the following is the BEST way to enhance training for incident response teams?
A. Conduct interviews with organizational units
B. establish incident key performance indicators (KPIs)
C. participate in emergency response activities
D. perform post-incident reviews
D
Which of the following is the BEST way to present the status of an information security program to senior management?
A. Detail latest security trends
B. display concise dashboards
C. provide detailed information regarding risk exposure
D. report on root causes of security incident
B
What would be an information security manager’s BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization’s critical data?
A. Cancel the outsourcing contract
B. transfer the risk to the provider
C. create an addendum to the existing contract
D. initiate an external audit of the provider’s data center
C
An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
A. Restore the application and data from a forensic copy
B. install the OS, patches, and application from the original source
C. restore the OS, patches, and application from a backup
D. remove all signs of the intrusion from the OS and application
B
Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?
A. Facilitating the monitoring of risk occurrences
B. measuring impact of exploits on business processes
C. maintaining A repository base of security policies
D. redirecting event logs to an alternate location for business continuity plan (BCP)
A
When performing a data classification project, an information security manager should:
A. assign information criticality and sensitivity
B. identify information custodians
C. identify information owners
D. assign information access privileges
A
Which of the following is the MOST effective way to help assure the integrity of an organization’s accounting system?
A. Performing frequent security reviews of the audit log
B. implementing 2 factor authentication
C. conducting an annual security audit of the system
D. providing security awareness training to accounting staff
A
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
A. Unreliable delivery of hardware and software resources by a supplier
B. unavailability of services provided by a supplier
C. loss of customers due to availability of products
D. compromise of critical assets via third-party resources
D
Which of the following is the PRIMARY driver for determining the classification of application systems?
A. The cost of repairing damage to system elements
B. the extent that compromise can affect revenue
C. the cost to implement regulatory requirements
D. controlling access based on the need to know
D
Which Of the following service offerings in a typical infrastructure as a service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
A. Capability to take a snapshot of virtual machines
B. capability of online virtual machine analysis
C. availability of web application firewall logs
D. availability of current infrastructure documentation
A
An information security manager has contracted with a company to design security architecture for an application. Which of the following is accountable for identification associated with this initiative?
A. The project steering committee
B. the information security manager
C. the infrastructure management team
D. the application development team
B
Which of the following is the FIRST Step 2 establishing an effective information security program?
A. Assign accountability
B. perform a business impact analysis(BIA)
C. create a business case
D. conduct A compliance review
C
Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?
A. SWOT analysis
B. industry benchmarks
C. cost-benefit analysis
D. balanced scorecard
D
Application data integrity risk is MOST directly addressed by a design that includes:
A. strict application of an authorized data dictionary
B. reconciliation routine such as checksums, hash totals, and record counts
C. application log requirements such as field-level audit trails and user activity logs
D. access control technologies such as role-based entitlement
B
Which of the following would BEST ensure that security is integrated during application development?
A. Performing application security testing during acceptance testing
B. introducing security requirements during the initiation phase
C. employing global security standards during development processes
D. providing training on secure development practices to programmers
D
Which of the following should include contact information for representatives of equipment and software vendors?
A. Business continuity plan (BCP)
B. service level agreements (SLAs)
C. information security program charter
D. business impact analysis (BIA)
A
An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan, which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?
A. Banning executable file downloads at the Internet firewall
B. implementing an intrusion detection system (IDS)
C. implementing application blacklisting
D. removing local administrator rights
D
Which of the following is the GREATEST risk of centralized information Security Administration within a multinational organization?
A. Slower turn around
B. less uniformity
C. less objectivity
D. violation of local law
C
Which of the following is the BEST reason to consolidate security operations teams across the global organization?
A. Compliance with regulatory requirements
B. enhanced visibility of threats
C. detection and fraud
D. cost reduction
B
Which of the following is the MOST appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification?
A. Guidelines
B. Procedures
C. Standards
D. Policies
C
If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:
A. transfer risk to a third party to avoid cost of impact
B. recommend that management avoid the business activity
C. assess the gap between current and acceptable level of risk
D. implement controls to mitigate the risk to an acceptable level
C
Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?
A. Select the data source
B. review the confidentiality requirements
C. identify the intended audience
D. identify the data owner
C
When a critical system incident is reported, the FIRST step of the incident handler should be to:
A. power off the system
B. determine the scope of the incident
C. validate the incident
D. notify the appropriate parties
C
The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?
A. Varying threat environments
B. disparate reporting lines
C. conflicting legal requirements
D. differences in work culture
C
Which of the following BEST enables an organization to appropriately prioritize information security-focused projects?
A. Return on investment (ROI)
B. privacy compliance requirements
C. organizational risk appetite
D. historical security incidents
C
An organization’s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
A. Require disaster recovery documentation be stored with all key decision makers
B. provide annual disaster recovery training to appropriate staff
C. maintain an outsource contact center in another country
D. store disaster recovery documentation in a public cloud
B
When collecting admissible evidence, which of the following is the MOST important requirement?
A. Need to know
B. due diligence
C. chain of custody
D. preserving audit logs
C
A software vendor has announced a zero-day vulnerability that exposes an organization’s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security manager’s PRIMARY concern?
A. Ability to test the patch prior to deployment
B. adequacy of the incident response plan
C. availability of resources to implement controls
D. documentation of patching procedures
A
To prevent ransomware attacks, it in MOST important to ensure:
A. adequate backup and restoration processes are in place
B. regular security awareness training is conducted
C. the latest security appliances are installed
D. updated firewall software is installed
A
What is the role of the information security manager in finalizing contract negotiations with service providers?
A. To perform a risk analysis on the outsourcing process
B. to obtain a security standard certification from the provider
C. to update security standards for the outsourced process
D. to ensure that clauses for periodic audits are included
D
An information security policy was amended recently to support an organization’s new information security strategy. Which of the following should be the information security manager’s NEXT step?
A. Evaluate the alignment with business strategy
B. update standards and procedures
C. review technical controls
D. refresh the security training program
B
Which of the following is the MOST important consideration when reporting on the status of information security activities?
A. The report is comprehensive
B. the report is updated on a regular basis
C. the report is tailored to stakeholder needs
D. the report structure is consistent with industry standards
C
A newly appointed information security manager has been asked to update the security related policies and procedures that have been static for five years or more. What is the BEST next step?
A. To gain an understanding of the current business direction
B. to update in accordance with the best business practices
C. to perform a risk assessment of the current IT environment
D. to assess corporate culture
D
Which of the following should be the PRIMARY objective of the information security incident response process?
A. Classifying incidents
B. conducting incident triage
C. communicating with internal and external parties
D. minimizing negative impact to critical operations
D
How does an organization’s information security steering committee facilitate the achievement of information security program objectives?
A. Monitoring information security resources
B. making decisions on security priorities
C. enforcing regulatory and policy compliance
D. evaluating information security metrics
D
Which of the following is MOST important to the effectiveness of an information security program?
A. The program is aligned to legal and regulatory requirements
B. the program is aligned to a security control framework
C. annual audits of the program are conducted
D. users are trained on security policies and procedures
B
An executive’s personal mobile device used for business purposes is reported lost. The information security manager should respond based on:
A. the acceptable use policy
B. asset management guidelines
C. the business impact analysis (BIA)
D. incident classification
D
The PRIMARY Benefit of a centralized time server is that it:
A. decreases the likelihood of an unrecoverable systems failure
B. reduces individual time of day request by client applications
C. allows decentralized logs to be kept In synchronization
D. is required by password synchronization programs
C
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
A. Documenting multiple scenarios for the organization and response steps
B. providing training from third party forensics firms
C. obtaining industry certifications for the response team
D. conducting tabletop exercises appropriate for the organization
D
Which of the following is MOST Important for building a robust information security culture within an organization?
A. Mature information security awareness training across the organization
B. security controls embedded within the development and operation of the IT environment
C. senior management approval of information security policies
D. strict enforcement of employee compliance with organizational security policies
A
When evaluating vendors for sensitive data processing, which of the following should be the FIRST step two ensure the correct level of information security is provided?
A. Develop metrics for vendor performance
B. include information security criteria as part of vendor selection
C. review third party reports of potential vendors
D. include information security clauses in the vendor contract
B
An information security manager discovers that the organization’s new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?
A. Business unit management has not emphasized the importance of the new policy
B. different communication methods may be required for each business unit
C. the wording of the policy is not tailored to the audience
D. the corresponding controls are viewed as prohibitive to business operations
D
Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management’s understanding of impact to the organization?
A. Detailed assessment of the security risk profile
B. risks inherent in new security technologies
C. findings from recent penetration testing
D. status of identified key security risks
C
Which of the following is the MOST Reliable way to ensure network security incidents are identified as soon as possible?
A. Install stateful inspection firewalls
B. conduct workshops and training sessions with end users
C. collect and correlate IT infrastructure event logs
D. train help desk staff to identify and prioritize security incidents
C
When preparing an information security policy for a global organization, how should an information security manager BEST address local legislation in multiple countries?
A. Rely on local interpretation of the global policy to comply with local legislation
B. create a policy exception process for each country
C. enforce the same global policy in every country
D. establish local policies for each country that supplement the global policy
D
When evaluating the risk from an external hackers the maximum exposure time would be the difference between:
A. log refresh and restoration
B. Identification and resolution
C. detection and response
D. compromise and containment
C
Which of the following is MOST important to include in monthly information security reports to the board?
A. Root cause analysis of security incidents
B. threat intelligence
C. risk assessment results
D. trend analysis of secure metrics
C
Which of the following has the GREATEST influence on an organization’s information security strategy?
A. Industry security standards
B. the organizational structure
C. the organization’s risk tolerance
D. information security awareness
C
Which of the following BEST Facilitates an information security manager’s efforts to obtain senior management commitment for an information security program?
A. Presenting evidence of inherent risk
B. reporting the security maturity level
C. presenting compliance requirements
D. communicating the residual risk
D
The business value of an information asset is derived from:
A. it’s replacement cost
B. the risk assessment
C. it’s criticality
D. the threat profile
C
Which of the following is the BEST Message to align and information security strategic plan to the corporate strategy?
A. Ensuring the plan complies with business unit expectations
B. involving industry experts in the development of the plan
C. involving senior management in the development of the plan
D. obtaining adequate funds from senior management
C
Which of the following is MOST likely to trigger an update and revision of information security policies?
A. Engagement with a new service provider
B. replacement of the information security manager
C. attainment of business process maturity
D. changes in the organization’s risk appetite
B
Which of the following is MOST Helpful for protecting an enterprise from advanced persistent threats (APTs)?
A. Updated security policies
B. regular antivirus updates
C. define security standards
D. threat intelligence
D
A data-hosting organization’s data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?
A. Review customers’ security policies
B. design single sign-on (SSO) or Federated access
C. develop access control requirements for each system and application
D. conductive risk assessment to determine security risks and mitigating controls
D
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones which of the following is the BEST security control?
A. Monitoring how often the smartphone is used
B. developing security awareness training
C. requiring the backup of the organization’s data by the user
D. establishing the authority to remove wipe
D
When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
A. The information security strategy
B. security investment trends in the industry
C. losses due to security incidents
D. the results of a risk assessment
D
Security program development is PRIMARILY driven by which of the following?
A. Regulatory requirements
B. business strategy
C. risk appetite
D. available resources
C
When developing security processes for handling credit card data on the business units information system, the information security manager should FIRST:
A. ensure that systems that handle credit card data are segmented
B. review industry best practices for handling secure payments
C. ensure alignment with industry encryption standards
D. review corporate policies regarding credit card information
D
An organization’s main product is a customer facing application delivered using software as a service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated risk?
A. The data owner
B. the information security manager
C. the security engineer
D. the application owner
B
Which of the following is the BEST Approach for managing user access permissions to ensure alignment with data classification?
A. Delegate the management of access permissions to an independent third party
B. review access permissions annually or whenever job responsibilities change
C. lockout accounts after a set number of unsuccessful login attempts
D. enable multi factor authentication on user and admin accounts
B
Which of the following is the GREATEST Benefit of integrating information security program requirements into vendor management?
A. The ability to meet industry compliance requirements
B. the ability to define service level agreements (SLAs)
C. the ability to reduce risk in the supply chain
D. the ability to improve vendor performance
C
In a call center, the BEST reason to conduct a social engineering exercise is to:
A. gain funding for information security initiatives
B. identify candidates for additional security training
C. improve password policy
D. minimize the likelihood of successful attacks
D
An information security manager is preparing incident response plans for an organization that processes personal and financial information. Which of the following is the MOST important consideration?
A. Aligning with an established industry framework
B. determining budgetary constraints
C. identifying regulatory requirements
D. aligning with enterprise architecture (EA)
C
Which of the following events would MOST likely require a revision to the information security program?
A. A change in IT management
B. a merger with another organization
C. a significant increase in reported incidents
D. an increase in industry threat level
B
Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public facing web server?
A. Execution of unauthorized commands
B. unauthorized access to resources
C. defacement of website content
D. prevention of authorized access
D
An information security manager developing an incident response plan MUST ensure it includes:
A. critical infrastructure diagrams
B. a business impact analysis (BIA)
C. criteria for escalation
D. an inventory of critical data
C
Which of the following BEST Provides an information security manager with sufficient assurance that a service provider complies with the organization’s information security requirements?
A. A live demonstration of the third party supplier’s security capabilities
B. the ability to audit the third party suppliers IT systems and processes
C. third party security control self-assessment (CSA) results
D. an independent review report indicating compliance with industry standards
B
When developing A categorization method for security incidents, the categories MUST:
A. be created by the incident handler
B. align with reporting requirements
C. have agreed upon definitions
D. align with industry standards
C
An organization recently updated and published its information security policy and standards what should the information security manager do NEXT?
A. Update the organization’s risk register
B. develop a policy exception process
C. communicate the changes to stakeholders
D. conduct a risk assessment
C
An information security team is investigating an alleged breach of an organization’s network. Which of the following would be the BEST single source of evidence to review?
A. File integrity monitoring software
B. security information and event manager (SIEM) tool
C. intrusion detection system (IDS)
D. antivirus software
B
Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
A. Percentage of outstanding high risk audit issues
B. number of incidents resulting in disruptions
C. number of successful disaster recovery tests
D. frequency of updates to system software
B
Which of the following would MOST effectively communicate the benefits of an information security program to executive management?
A. Can you performance indicators (KPIs)
B. threat models
C. key risk indicators (KRIs)
D. industry benchmarks
A
Which of the following is MOST Useful to an information security manager when conducting a post incident review of an attack?
A. Cost of the attack to the organization
B. location of the attacker
C. details from intrusion detection system (IDS) logs
D. method of operation used by the attacker
C
To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:
A. the steering committee provides guidance and dispute resolution
B. the security policy is changed to accommodate IT performance pressure
C. IT policies and procedures are better aligned to security policies
D. Non-compliance issues are reported to senior management
A
The MOST Effective way to continuously monitor an organization cybersecurity posture is to evaluate its:
A. compliance with industry regulations
B. key performance indicators (KPIs)
C. level of support from senior management
D. timeliness in responding to attacks
D
The ULTIMATE Responsibility for ensuring the objectives of an information security framework are being met belongs to:
A. the board of directors
B. the information security officer
C. the steering committee
D. the internal audit manager
A
An employee who denies accusations of downloading inappropriate material to an organizational device has been discharged. In support of the disciplinary action the collection of legal evidence is required. Which of the following is the information security manager’s BEST recommendation?
A. Delete all inappropriate material after taking a local copy
B. create a forensic image of the original file system
C. log in to the employees device and create a local copy to USB drive
D. rely on server backup allowing strict access control
B
When developing A tabletop test plan for incident response testing, the PRIMARY purpose of this scenario should be to:
A. measure management engagement as part of an incident response team
B. provide participants with situations to ensure understanding of their roles
C. give the business a measure of the organization’s overall readiness
D. challenge the incident response team to solve the problem under pressure
B
Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?
A. Detailed analysis of security program KPI’s
B. an information security risk register
C. an information security dashboard
D. a capability and maturity assessment
C
An information security manager finds that a soon to be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?
A. Recommend a different application
B. instruct IT to deploy controls based on urgent business needs
C. solicit bids for compensating control products
D. present a business case for additional controls to senior management
D
During which of the following development phases is it MOST challenging to implement security controls?
A. Implementation phase
B. Post-implementation phase
C. design phase
D. development phase
B
Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
A. And identity and access management (IAM) system
B. a virtual private network (VPN) with multi factor authentication
C. a security information and event management (SIEM) system
D. an intrusion prevention system (IPS)
C
Reevaluation of risk is most critical when there is:
A. a management request for updated security reports
B. resistance to the implementation of mitigating controls
C. a change in the threat landscape
D. a change in security policy
C
The PRIMARY Benefit of introducing a single point of administration in network monitoring is that it:
A. reduces unauthorized access to systems
B. promote efficiency and control of the environment
C. prevent inconsistencies in information in the distributed environment
D. allows administrative staff to make management decisions
C
The fundamental purpose of establishing security metrics is to:
A. adopt security best practices
B. establish security benchmarks
C. provide feedback on control effectiveness
D. increase return on investment (ROI)
C
What is the MOST Important reason to regularly report information security risk to relevant stakeholders?
A. To enable risk informed decision making
B. to reduce the impact of information security risk
C. to ensure information security controls are effective
D. to achieve compliance with regulatory requirements
C
If an organization does not have an information security governance framework in place, which of the following would BEST facilitate the adoption of a future governance program?
A. Audit recommendations
B. IT department support
C. information security funding
D. involvement of business stakeholders
D
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
A. Incident response plan
B. disaster recovery plan (DRP)
C. business contingency plan
D. business continuity plan (BCP)
D
Which of the following presents the GREATEST challenge to a security operations center’s timely identification of potential security breaches?
A. An organization has a decentralized data center that uses cloud services
B. operating systems are no longer supported by the vendor
C. IT system clocks are not synchronized with the centralized logging server
D. the patch management system does not deploy patches in a timely manner
C
Which of the following is the best course of action when an online company discovers a network attack in progress?
A. Shut off all network access points
B. isolate the affected network segment
C. dump all event logs to removable media
D. enable trace logging on all events
B
Recovery time objectives (RTOs) are an output of which of the following?
A. Business continuity plan (BCP)
B. business impact analysis (BIA)
C. service level agreement (SLA)
D. disaster recovery plan (DRP)
B
An empowered security steering committee has decided to accept a critical risk. Which of the following is the information security manager’s best course of action?
A. Notify the chief risk officer (CRO) and internal audit
B. determine the impact to information security objectives
C. remove the specific risk item from the risk register
D. document the risk acceptance and justification
D
When defining and communicating roles and responsibilities between an organization and cloud service provider, which of the following situations would present the GREATEST risk to the organization’s ability to ensure information risk is managed appropriately?
A. the service agreement uses a custom developed RACI instead of an industry standard RACI to document responsibilities
B. the organization believes the provider accepted responsibility for issues affecting security that the provider did not accept
C. the organization and provider identified multiple information security responsibilities that neither party was planning to provide
D. the service agreement results in unnecessary duplication of effort because shared responsibilities have not been clearly defined
B
Which of the following is MOST Important for an information security manager to consider when identifying information security resource requirements?
A. Availability of potential resources
B. information security incidents
C. current resourcing levels
D. information security strategy
D
Which of the following is necessary to ensure consistent protection for an organization’s information assets?
A. Control assessment
B. data ownership
C. regulatory requirements
D. classification mode
D
Which of the following best conveys minimum information security requirements to an organization in alignment with policies?
A. Procedures
B. Regulations
C. Baselines
D. Standards
D
Which of the following activities is designed to handle a control failure that leads to a breach?
A. Vulnerability management
B. incident management
C. root cause analysis
D. risk assessment
B
Which of the following should be an information security manager’s FIRST course of action when developing an incident management and response plan?
A. Reassess management’s risk appetite
B. conduct a gap analysis
C. update the current risk register
D. revise the business continuity plan (BCP)
A
Which of the following should be an information security manager’s FIRST course of action when developing an incident management and response plan?
A. Reassess management’s risk appetite
B. conduct a gap analysis
C. update the current risk register
D. revise the business continuity plan (BCP)
A
Which of the following tasks would provide a newly appointed information security manager with the best view of the organization’s existing security posture?
A. Performing a business impact analysis (BIA)
B. reviewing policies and procedures
C. performing a risk assessment
D. interviewing business managers and employees
C
Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when information security management is:
A. partially staffed by external security consultants
B. combined with the change management function
C. reporting to the network infrastructure manager
D. outside of information technology
C
Which of the following would be most effective in changing the security culture and behavior of staff?
A. Promoting the information security mission within the enterprise
B. enforcing strict technical information security controls
C. auditing compliance with the information security policy
D. developing procedures to enforce the information security policy
D
Which of the following best supports investments in an information security program?
A. Business impact analysis (BIA)
B. risk assessment results
C. gap analysis results
D. business cases
B
An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager’s FIRST course of action?
A. Prioritize the risk and implement treatment options
B. report the non compliance to the board of directors
C. inform respective risk owners of the impact of exceptions
D. design mitigating controls for the exceptions
C
Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?
A. Schedule the target end date for implementation activities
B. develop an implementation strategy
C. budget the total cost of implementation activities
D. calculate the cost for each countermeasure
D
Which of the following is the most important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?
A. The ability to remotely locate devices
B. the ability to centrally manage devices
C. the ability to restrict unapproved applications
D. the ability to classify types of devices
B
An organization’s senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security managers first step to support this strategy?
A. Incorporate social media into the security awareness program
B. develop a guideline on the acceptable use of social media
C. employ the use of a web content filtering solution
D. develop a business case for a data loss prevention (DLP) solution
A
An organization is developing a disaster recovery strategy and needs to identify each applications criticality so that the recovery sequence can be established which of the following is the best course of action?
A. Restore the applications with the shortest recovery times first
B. document the data flow and review the dependencies
C. perform a business impact analysis (BIA) on each application
D. identify which applications contribute the most cash flow
C
Which of the following would be MOST useful when illustrating to senior management the status of a recently implemented information security governance framework?
A. Periodic testing results
B. A risk assessment
C. A maturity model
D. A threat assessment
C
Which of the following activities provides the GREATEST insight into the level of threat exposure within an IT environment?
A. Executing an organization-wide security audit
B. Performing penetration testing
C. Performing technical vulnerability assessments
D. Conducting a red team exercise
D
When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:
A. Affected stakeholders
B. Incident response team
C. Availability of technical resources
D. Media coverage
A
Recovery time objectives (RTOs) are BEST determined by:
A. Database administrators (DBAs)
B. Business managers
C. Executive management
D. Business continuity officers
B
Which of the following will best enable an effective information asset classification process?
A. Reviewing the recovery time objective (RTO) requirements of the asset
B. assigning ownership
C. including security requirements in the classification process
D. analyzing audit findings
C
An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization’s first action?
A. Implement additional controls
B. report to senior management
C. initiate incident response processes
D. conduct an impact analysis
C
Which of the following is the MOST important function of an information security steering committee?
A. Assigning data classifications to organizational assets
B. defining security standards for logical access controls
C. developing organizational risk assessment processes
D. obtaining multiple perspectives from the business
D
The PRIMARY Purpose of an information security governance framework is to ensure that the information security strategy is an extension of:
A. organizational strategies
B. information technology strategies
C. formal enterprise architecture
D. approved business cases
A
Which of the following should an information security manager do first to address complaints that a newly implemented security control has slowed business operations?
A. Conduct user awareness training
B. remove the control and identify alternatives
C. discuss the issue with senior management for direction
D. validate whether the control is operating as intended
D
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
A. Regulatory requirements
B. compliance acceptance
C. management support
D. budgetary approval
C
The MAIN Benefit of implementing a data loss prevention (DLP) solution is to:
A. enhance the organization’s antivirus controls
B. reduce the need for a security awareness program
C. complement the organization’s detective controls
D. eliminate the risk of data loss
C
Which of the following should be the first step in incident response procedures?
A. Classify the event depending on severity and type
B. perform a risk assessment to determine the business impact
C. evaluate the cause of the control failure
D. identify if there is a need for additional technical assistance
A
Which of the following is MOST Important to the successful management of an information security program?
A. Compliance with regulatory requirements
B. adequate security budget
C. support from key stakeholders
D. continuous controls monitoring
C
Which of the following BEST facilitates the effective execution of an incident response plan?
A. The plan is based on industry best practices
B. the incident response plan aligns with the IT disaster recovery plan (DRP)
C. the plan is based on risk assessment results
D. the response team is trained on the plan
D
Which of the following is the most important constraint to be considered when developing an information security strategy?
A. Established security policies and standards
B. information security architecture
C. compliance with an International Security standard
D. legal and regulatory requirements
D
Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the first step the information security manager should take?
A. Block the end user’s ability to use shadow IT
B. Update the security policy to address shadow IT
C. Determine the value of IT projects
D. Determine the extent of shadow IT usage
D
The business advantage of implementing authentication tokens is that they:
A. Provide nonrepudiation
B. Reduce overall cost
C. Reduce administrative workload
D. Improve access security
C
Which of the following is a PRIMARY function of an incident response team?
A. To provide a single point of contact for critical incidents
B. To provide a risk assessment for zero-day vulnerabilities
C. To provide a business impact analysis (BIA)
D. To provide effective incident mitigation
D
An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?
A. Notify the CISO of the security policy violation
B. Perform a system access review
C. Perform a full review of all system transactions over the past 90 days
D. Immediately suspend the executives’ access privileges
B
The effectiveness of an information security governance framework will BEST be enhanced if:
A. Consultants review the information security governance framework
B. IS auditors are empowered to evaluate governance activities
C. A culture of legal and regulatory compliance is promoted my management
D. Risk management is built into operational and strategic activities
D
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
A. Wipe the device remotely
B. Remove user’s access to corporate data
C. Prevent the user from using personal mobile devices
D. Report the incident to the police
B
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
A. Improve the change control process
B. Update the threat landscape
C. Determine operational losses
D. Review the effectiveness of controls
D
Which of the following is MOST important to the effectiveness of an information security program?
A. Organizational culture
B. Risk management
C. IT governance
D. Security metrics
A
Which of the following metrics BEST measures the effectiveness of an organization’s information security program?
A. Return on information security investment
B. Number of information security business cases developed
C. Reduction in information security incidents
D. Increase in risk assessments completed
A
Of the following, who is in the BEST position to evaluate business impacts?
A. Senior management
B. Information security manager
C. Process manager
D. IT manager
C
Which of the following is the GREATEST benefit of using cyber threat intelligence to improve an organization’s patch management program?
A. It allows the organization to define its risk tolerance and appetite
B. It identifies when to use workarounds to mitigate vulnerabilities rather than patching
C. It reduces the number of patches the organization needs to apply
D. It provides information about exploited vulnerabilities to expedite patching
D
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
A. conduct a cost benefit analysis
B. conduct a risk assessment
C. interview senior management
D. perform a gap analysis
D
Which of the following should be given the HIGHEST priority during an information security post incident review?
A. Evaluating incident response effectiveness
B. documenting actions taken in sufficient detail
C. evaluating the performance of incident response team members
D. updating the key risk indicators (KRIs)
A
Which of the following BEST determines the allocation of resources during a security incident response?
A. Defined levels of severity
B. senior management commitment
C. a business continuity plan (BCP)
D. an established escalation process
A
Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
A. Compliance status is improved
B. threat management is enhanced
C. security metrics are enhanced
D. proactive risk management is facilitated
D
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
A. Security audit reports
B. recovery time objectives (RTO)
C. technological capabilities
D. Escalation processes
D
Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?
A. Performing penetration tests against the network to demonstrate business vulnerability
B. highlighting competitor performance regarding network best security practices
C. presenting comparable security implementation estimates from several vendors
D. demonstrating that targeted security controls tie to business objectives
D
Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?
A. There have been no reported successful phishing attempts since the training started
B. employees from each department have completed the required training
C. there has been an increase in the number of phishing attempts reported
D. senior management supports funding for ongoing awareness training
C
Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?
A. Remediation of audit findings
B. decentralization of security governance
C. establishment of security governance
D. maturity of security processes
C
Which of the following should be an information security manager’s PRIMARY focus during the development of a critical system storing highly confidential data?
A. Insuring the amount of residual risk is acceptable
B. reducing the number of vulnerabilities detected
C. avoiding identified system threats
D. complying with regulatory requirements
D
One supporting an organization’s privacy officer which of the following is the information security manager’s PRIMARY role regarding privacy requirements?
A. Ensuring appropriate controls are in place
B. monitoring the transfer of private data
C. determining data classification
D. conducting privacy awareness programs
A
An information security manager needs to ensure security testing is conducted on a new system. Which of the following would provide the HIGHEST level of assurance?
A. The vendor provides the results of a penetration test and code review
B. an independent party is directly engaged to conduct testing
C. the internal audit team is enlisted to run a vulnerability assessment against the system
D. the security team conducts a self-assessment against a recognized industry framework
B
The primary reason for using metrics as part of an information security program is to help management:
A. determine whether objectives are being met
B. visualize security trends
C. develop an information security baseline
D. track financial impact of the program
A
An organization is about to purchase a rival organization. The primary reason for performing information security due diligence prior to making the purchase is to:
A. determine the security exposures
B. assess the ability to integrate the security department operations
C. ensure compliance with international standards
D. evaluate the security policy and standards
A
An organization’s operations have been significantly impacted by cyberattack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?
A. Update the incident response plan
B. perorm a root cause analysis
C. implement compensating controls
D. conduct a lessons learned exercise
B
Which of the following is the most important action to prepare for a ransomware attack?
A. Backup data regularly and verify the integrity of backups
B. scan emails to detect threats and filter out executable files
C. configure access controls with lease privilege in mind
D. execute operating systems and programs in a virtualized environment
A
The most important information for influencing management’s support of information security is:
A. a report of a successful attack on a competitor
B. a demonstration of alignment with the business strategy
C. an identification of the overall threat landscape
D. an identification of organizational risks
B
Which of the following is the best way to strengthen the security of corporate data on a personal mobile device?
A. Implementing a strong password policy
B. using containerized software
C. mandating use of pre-approved devices
D. implementing multi-factor authentication
C
When integrating security risk management into an organization it is most important to ensure:
A. the risk management methodology follows an established framework
B. business units approve the risk management methodology
C. the risk treatment process is defined
D. information security policies are documented and understood
B
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the best way to help ensure similar incidents are identified more quickly in the future?
A. Establish performance metrics for the team
B. perform a post-incident review
C. perform a threat analysis
D. implement a SIEM solution
B
Which of the following is the primary responsibility of an information security governance committee?
A. Reviewing the information security risk register
B. approving changes to the information security strategy
C. discussing upcoming information security projects
D. reviewing monthly information security metrics
B
In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager’s first course of action?
A. Revised the policy
B. conduct a risk assessment
C. communicate the acceptable use policy
D. perform a root cause analysis
B
An organization wants to integrate information security into its human resource management processes. Which of the following should be the first step?
A. Identify information security risk associated with the processes
B. assess the business objectives of the processes
C. evaluate the cost of information security integration
D. benchmark the processes with best practice to identify gaps
B
An information security manager is asked to provide a short presentation on the organization’s current IT risk posture to the board of directors. Which of the following would be included in this presentation?
A. Gap analysis results
B. risk register
C. threat assessment results
D. risk heat map
D
