Deck 3 Flashcards
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done first?
A. Perform a risk assessment of the new technology
B. obtain legal counsels opinion on the standards applicability to regulations
C. determine whether the organization can benefit from adopting the new standard
D. Review industry specialists’ analyses of the new standard
A
Which of the following should an information security manager do first when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?
A. Develop a business case for funding remediation efforts
B. advise senior management to accept the risk of noncompliance
C. notify legal and internal audit of the non compliant legacy application
D. assess the consequences of non compliance against the cost of remediation
D
An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do first?
A. Invoke the organization’s incident response plan
B. set up communication channels for the target audience
C. create a comprehensive singular communication
D. determine the needs and requirements of each audience
D
Which of the following is the most important reason for an organization to develop an information security governance program?
A. Establishment of accountability
B. compliance with audit requirements
C. creation of tactical solutions
D. monitoring of security incident
A
When establishing metrics for an information security program, the BEST approach is to identify indicators that:
A. Support major information security initiatives
B. reflect the corporate risk culture
C. reduce information security program spending
D. demonstrate the effectiveness of the security program
D
Which of the following provides the most comprehensive information related to an organization’s current risk profile?
A. Gap analysis results
B. risk register
C. heat map
D. risk assessment results
D
Which type of recovery site is most reliable and can support stringent recovery requirements?
A. Cold site
B. warm site
C. Mobile site
D. Hot site
D
Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?
A. To prevent accountability issues
B. To ensure segregation of duties is maintained
C. To ensure system audit trails are not bypassed
D. To prevent unauthorized user access
A
Which of the following backup methods requires the MOST time to restore data for an application?
A. Disk mirroring
B. Differential
C. Incremental
D. Full backup
C
Which of the following is MOST important to do after a security incident has been verified?
A. Notify the appropriate law enforcement authorities of the incident
B. Follow the escalation process to inform key stakeholders
C. Prevent the incident from creating further damage to the organization
D. Contact forensic investigators to determine the root cause
B
Which of the following is MOST important to review following a security incident?
A. Incident response procedures
B. Response tools and techniques
C. Incident response plan
D. Lesson learned
D
An organization has experienced multiple instances of privileged users misusing their access. Which of the following processes would be MOST helpful in identifying such violations?
A. Policy exception review
B. Review of access controls
C. Security assessment
D. Log review
D
An IT department plans to migrate to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative?
A. Review cloud provider independent assessment reports
B. Provide cloud security requirements
C. Evaluate service level agreements (SLAs)
D. Calculate security implementation costs
A
Which of the following is the MOST important reason to implement information security governance?
A. To align the security strategy with the organization’s strategy
B. To monitor the performance of business goals and objectives
C. To monitor the achievement of business goals and objectives
D. To provide adequate resources to achieve business goals
A
Which of the following is the PRIMARY reason for an information security manager to present the business case for an information security initiative to senior management?
A. To aid management in the decision-making process for purchasing the solution
B. To represent stakeholders who will benefit from enhancements in information security
C. To provide management with the status of the information security program
D. To demonstrate to management the due diligence involved with selecting the solution
D
IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure are relevant to a project?
A. Involving information security at each stage of project management
B. Creating a data classification framework and providing it to stakeholders
C. Identifying responsibilities during the project business case analysis
D. Providing stakeholders with minimum information security requirements
A
An information security manager has been asked to provide contract guidance from a security perspective for outsourcing the organization’s payroll processing. Which of the following is MOST important to address?
A. Vendor compliance with the most stringent data security regulations
B. Vendor compliance with the organization’s information security policies
C. Vendor compliance with organizational service level agreement (SLA) requirements
D. Vendor compliance with recognized industry standards
B
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager’s BEST course of action?
A. Instruct the vendor to conduct penetration testing
B. Suspend the connection to the application in the firewall
C. Initiate the organization’s incident response process
D. Report the situation to the business owner of the application
D
Which of the following is the MOST important element in the evaluation of inherent security risks?
A. Impact to the organization
B. Control effectiveness
C. Residual risk
D. Cost of countermeasures
A
Which of the following is the PRIMARY purpose of implementing information security standards?
A. To provide a basis for developing information security policies
B. To provide step-by-step instructions for performing security-related tasks
C. To provide management direction with a specific security objective
D. To establish a minimum acceptable security baseline
D
Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within it’s cloud services. Which of the following should be the PRIMARY focus of company A’s information security manager?
A. The cost to align to Company A’s security policies
B. The organizational structure of Company B
C. Company B’s security policies
D. Company A’s security architecture
C
Which of the following metrics provides the BEST measurement of the effectiveness of a security awareness program?
A. Variance of program cost to allocated budget
B. The number of security breaches
C. Mean time between incident detection and remediation
D. The number of reported security incidents
C
A risk owner has accepted a large amount of risk due to the high cost controls. Which of the following should be the information security manager’s PRIMARY focus in this situation?
A. Conducting an independent review of risk responses
B. Establishing a strong ongoing risk monitoring process
C. Presenting the risk profile for approval by the risk owner
D. Updating the information security standards to include the accepted risk
D
Which of the following should be the PRIMARY driver for selecting and implementing appropriate controls to address the risk associated with weak user passwords?
A. The organization’s risk tolerance
B. The organization’s culture
C. The cost of risk mitigation controls
D. Direction from senior management
B
Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?
A. It transfers the risk associated with recovery to a third party
B. It eliminates the need for the business to perform testing
C. It eliminates the need to maintain offsite facilities
D. It lowers the annual cost to the business
A
An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:
A. Transfer to risk to a third party
B. Determine appropriate countermeasures
C. Report to management
D. Quantify the aggregated risk
D
Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?
A. The indicator should provide a retrospective view of risk impacts and be measured annually
B. The indicator should focus on IT and accurately represent risk variances
C. The indicator should align with key performance indicators (KPIs) and measure root causes of process performance issues
D. The indicator should possess a high correlation with a specific risk and be measured on a regular basis
D
Signature based anti-malware controls are MOST effective against:
A. Poorly configured firewall rules
B. Reused virus code
C. Known threats
D. Zero-day exploits
B
Which of the following analyses will BEST identify the external influences to an organization’s information security?
A. Threat analysis
B. Business impact analysis (BIA)
C. Gap analysis
D. Vulnerability analysis
A
An organization has decided to outsource its disaster recovery function. Which of the following is the MOST important consideration when drafting the service level agreement (SLA)?
A. Testing requirements
B. Authorization chain
C. Recovery time objectives (RTOs)
D. Recovery point objectives (RPOs)
A
Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?
A. Mapping the risks to existing controls
B. Illustrating risk on a heat map
C. Providing a technical risk assessment report
D. Mapping the risks to the security classification scheme
B
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
A. Perform a vulnerability assessment
B. Perform a business impact analysis (BIA)
C. Perform a privacy impact assessment
D. Perform a gap analysis
D
Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?
A. To provide the response team with expert training on evidence handling
B. To ensure evidence is handled by qualified resources
C. To prevent evidence from being disclosed to any internal staff members
D. To validate the incident response processes
B
Which of the following is an information security manager’s FIRST priority after a high-profile system has been compromised?
A. Implement improvements to prevent recurrence
B. Identify the malware that compromised the system
C. Restore the compromised system
D. Preserve incident-related data
C
While classifying information assets, an information security manager notices that several production databases do not have owners assigned to them. What should the information security manager address in this situation?
A. Assign the highest classification level to those databases
B. Assign responsibility to the database administrator (DBA)
C. Prepare a report of the databases for senior management
D. Review the databases for sensitive content
B
In a business proposal, a potential vendor promotes being certified for the international security standards as a measure of its security capability. Before relying on this certification, it is MOST important that the information security manager confirms that the:
A. Certification scope is relevant to the service being offered
B. Certification will remain current through the life of the contract
C. Current international standard was used to assess security processes
D. Certification can be extended to cover the client’s business
A
The PRIMARY goal of the eradication phase in an incident response is to:
A. Provide effective triage and containment of the incident
B. Remove the threat and restore affected systems
C. Maintain a strict chain of custody
D. Obtain a forensic evidence from the affected system
B
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
A. Focus on compliance
B. Reiterate the necessity of security
C. Promote the relevance and contribution of security
D. Rely on senior management to enforce security
C
Which of the following should be the PRIMARY basis for determining information security objectives?
A. Business strategy
B. Regulatory requirements
C. Information security strategy
D. Data classification
C
Which of the following is the MOST important issue in a penetration test?
A. Performing the test without the benefit of any insider knowledge
B. Having an independent group perform the test
C. Having a defined goal as well as success and failure criteria
D. Obtaining permission from an audit
C
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
A. Transfer responsibility for incident response to the cloud provider
B. Continue using the existing incident response procedures
C. Revise incident response procedures to encompass the cloud environment
D. Adopt the cloud provider’s incident response procedures
C
Which of the following is MOST important to include in an information security status report to senior management?
A. Review of information security policies
B. List of recent security events
C. Key risk indicators (KRIs)
D. Information security budget requests
C
Which of the following is an information security manager’s BEST course of action upon discovering an organization with budget constraints lacks several important security capabilities?
A. Suggest the deployment of open-source security tools to mitigate identified risks
B. Establish a business case to demonstrate return on investment (ROI) of a security tool
C. Recommend that the organization avoid the most severe risks
D. Review the most recent audit report and request funding to address the most serious finding
B
The MOST important reason for having an information security manager servce on the change management committee it to:
A. Ensure changes are properly documented
B. Advise on change-related risk
C. Identify changes to the information security policy
D. Ensure that changes are tested
B
When choosing the best controls to mitigate risk to acceptable levels, the information security managers decision should be MAINLY driven by:
A. Regulatory requirements
B. Control framework
C. Best practices
D. Cost-benefit analysis
D
Which of the following is MOST important when designing an information security governance framework?
A. Assessing the availability of information security resources
B. Assessing the current state of information security
C. Aligning with the information security strategy
D. Aligning with industry-best practice frameworks
D
Which of the following BEST enables an information security manager to determine the comprehensiveness Inadvertant disclosure of the internal business information on social media is BEST minimized by which of the following?of an organization’s information security strategy?
A. Internal security audit
B. Organizational risk appetite
C. External security audit
D. Business impact analysis (BIA)
B
Inadvertent disclosure of the internal business information on social media is BEST minimized by which of the following?
A. Implementing data loss prevention (DLP) solutions
B. Limiting access to social media sites
C. Developing social media guidelines
D. Education users on social media risks
B
Which of the following is MOST important to consider when determining asset valuation?
A. Potential business loss
B. Asset classification level
C. Asset recovery cost
D. Cost of insurance premiums
A
Changes have been proposed to a large organization’s enterprise resource planning (ERP) system that would violate existing security standards. Which of the following should be done FIRST to address this conflict?
A. Perform a cost-benefit analysis
B. Calculate business impact levels
C. Validate current standards
D. Implement updated standards
B
The PRIMARY goal of a post-incident review should be to:
A. Identify policy changes to prevent reoccurrence
B. Establish the cost of the incident to the business
C. Determine why the incident occurred
D. Determine how to improve the incident handling process
D
Which of the following BEST indicates that information assets are classified accurately?
A. An accurate and complete information asset catalog
B. Appropriate assignment of information asset owners
C. Appropriate prioritization of information risk treatment
D. Increased compliance with information security
A
Which of the following is the BEST approach to make strategic information security decisions?
A. Establish periodic senior management meetings
B. Establish regular information security status reporting
C. Establish an information security steering committee
D. Establish business unit security working groups
C
An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
A. Verify the provider follows a cloud service framework standard
B. Review the provider’s information security policies and procedures
C. Obtain documentation of the encryption management practices
D. Ensure an audit of the provider is conducted to identify control gaps
D
Which of the following would BEST support an information security manager’s efforts to obtain management approval for an identify and access management (IAM) system implementation?
A. A recent security incident involving access authorization
B. An established security policy with access management requirements
C. A third-party audit finding based on regulatory requirements
D. A business case proposal for the solution
D
Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
A. Compliance requirements associated with the regulation
B. Criticality of the service to the organization
C. Corresponding breaches associated with each vendor
D. Compensating controls in place to protect information security
B
Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
A. Inform senior management
B. Update the risk assessment
C. Validate the user acceptance testing (UAT)
D. Modify key risk indicators (KRIs)
D
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
A. The likelihood of a given threat attempting to exploit a vulnerability
B. The magnitude of the impact, should a threat exploit a vulnerability
C. A function of the cost and effectiveness of controls over a vulnerability
D. A function of the likelihood and impact, should a threat exploit a vulnerability
D
Which of the following is the BEST justification for making a revision to a password policy?
A. A risk assessment
B. Industry best practice
C. Audit recommendation
D. Vendor recommendation
A
An organization’s outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager’s NEXT course of action?
A. Reconfigure the firewall in accordance with best practices
B. Obtain supporting evidence that the problem has been corrected
C. Seek damages from the service provider
D. Revisit the contract and improve accountability of the service provider
B
The PRIMARY purpose for defining key risk indicators (KRIs) for a security program is to:
A. Support investments in the security program
B. Compare security program effectiveness to benchmarks
C. Provide information needed to take action
D. Ensure mitigating controls meet specifications
C
The PRIMARY advantage of performing black-box controls tests as opposed to white-box control testes is that they:
A. Require les IT staff preparation
B. Identify more threats
C. Simulate real-world attacks
D. Cause fewer potential production issues
A
In a multinational organization, local security regulations should be implemented over global security policy because:
A. Business objectives are defined by local business unit managers
B. Deploying awareness of local regulations is more practical than of global policy
C. Global security policies include unnecessary controls for local businesses
D. Requirements of local regulations take precedence
D
Which of the following would BEST enable the timely execution of an incident response plan?
A. Definition of trigger events
B. Centralized service desk
C. The introduction of a decision support tool
D. Clearly defined data classification process
A
Which of the following is MOST helpful in ensuring an information security governance framework continues to support business objectives?
A. A consistent risk assessment methodology
B. A monitoring strategy
C. An effective organizational structure
D. Stakeholder buy-in
A
Which of the following is the BEST way to demonstrate the alignment of the information security strategy with the business strategy?
A. Show the relationship between information security goals and corporate goals
B. Compare the allocated budget for business with the information security budget
C. Present senior management’s approval of information security policies
D. Provide evidence that information security is included in the change management process
A
A health care organization’s information security manager is notified of a possible breach of critical patient data involving a large volume of records. What should the information security manager do FIRST?
A. Notify health care regulators
B. Escalate the breach to senior management
C. Validate whether the breach occurred
D. Assess the possible impact of the breach
C
What is the PRIMARY goal of an incident management program?
A. Contain the incident
B. Communicate to external entities
C. Minimize impact to the organization
D. Identify root cause
C
Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?
A. Gaps between current and desirable levels will be addressed
B. Information security management costs will be optimized
C. Information security strategy will be in line with industry best practice
D. Staff awareness of information security compliance will be promoted
A
An information security manager must have an understanding of an information security program?
A. Understanding current and emerging technologies
B. establishing key performance indicators (KPIs)
C. conducting periodic risk assessments
D. obtaining stakeholder input
D
Which of the following is best determined by using technical metrics?
A. Weather controls are operating effectively
B. how well security risk is being managed
C. whether security resources are adequately allocated
D. how well the security strategy is aligned with organizational objectives
A
Information security awareness programs are most effective when they are:
A. sponsored by senior management
B. reinforced by computer based training
C. customized for each target audience
D. conducted at employee orientation
C
Which of the following is an information security managers most important consideration when exploring the use of a third party provider to handle an IT function?
A. The provider carries cyber insurance to cover security breaches
B. the provider agrees to provide historical security incident data
C. the provider’s security processes align with the organization’s
D. the provider has undergone an independent security review
C
Which of the following best prepares a computer incident response team for a variety of information security scenarios?
A. Tabletop exercises
B. forensics certification
C. penetration tests
D. disaster recovery drills
A
Which of the following is most important to have in place to help ensure an organizations cybersecurity program meets the needs of the business?
A. Information security awareness training
B. risk assessment program
C. information security governance
D. information security metrics
C
Which of the following is the most important consideration when updating procedures for managing security devices?
A. Updates based on changes in risk, technology, and processes
B. review and approval of procedures by management
C. updates based on the organization’s security framework
D. notification to management of the procedural changes
A
Which of the following is the most important consideration for a global organization that is designing an information security awareness program?
A. National regulations
B. program costs
C. cultural backgrounds
D. local languages
A
What should be an information security manager’s first step when developing a business case for a new intrusion detection system (IDS) solution?
A. Calculate the total cost of ownership (TCO)
B. define the issues to be addressed
C. perform a cost-benefit analysis
D. conduct a feasibility study
C
Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:
A. escalate concerns for conflicting access rights to management
B. review access rights as the acquisition integration occurs
C. implement consistent access control standards
D. perform a risky access rights
C
To set security expectations across the enterprise, it is most important for the information security policy to be regularly reviewed and endorsed by:
A. security administrators
B. senior management
C. the chief information security officer (CISO)
D. The IT steering committee
B
An organization is performing an annual review of its risk landscape. Which of the following anticipated changes will have the most significant impact on the information security strategy?
A. The renewal and renegotiation of the organization’s contract with its managed security services provider
B. migration of personal data to a new database system on a different server platform
C. the expansion to an international location with unfamiliar security and privacy regulations
D. replacement of the aging enterprise wide core firewall infrastructure with a new solution from a different vendor
C
Which of the following is most effective for communicating forward-looking trends within security reporting?
A. Key risk indicators (KRIs)
B. key performance indicators (KPIs)
C. key control indicators (KCIs)
D. key global indicators (KGIs)
A
Which of the following is the most important outcome of effective risk treatment?
A. Implementation of corrective actions
B. elimination of risk
C. timely reporting of incidents
D. reduced cost of acquiring controls
A
Which of the following provides the most assurance that a third party hosting provider will be able to meet availability requirements?
A. The third party’s business continuity plan (BCP)
B. the third parties incident response plan
C. right-to- audit clause
D. Service level agreement (SLA)
D
An information security risk analysis best assists an organization in ensuring that:
A. the infrastructure has the appropriate level of access control
B. cost-effective decisions are made with regard to which assets need protection
C. an appropriate level of funding is applied to security processes
D. the organization implements appropriate security technologies
B
Which of the following is the most important reason for performing a cost-benefit analysis when implementing a security control?
A. To ensure that the mitigation effort does not exceed the asset value
B. to ensure that benefits are aligned with business strategies
C. to present a realistic information security budget
D. to justify information security program activities
A
Prior to conducting a forensic examination, an information security manager should:
A. boot the original hard disk on a clean system
B. create an image of the original data on new media
C. duplicate data from the backup media
D. shut down and relocate the server
B
What is the primary benefit of effective configuration management?
A. Standardization of system support
B. reduced frequency of incidents
C. decreased risk to the organization’s systems
D. improved vulnerability management
D
Of the following, who should the security manager consult first when determining the severity level of a security incident involving a third party vendor?
A. Risk manager
B. business partners
C. IT process owners
D. business process owners
D
Which of the following is the greatest inherent risk when performing a disaster recovery plan (DRP) test?
A. Lack of communication to affected users
B. poor documentation of results and lessons learned
C. lack of coordination among departments
D. disruption to the production environment
B
Which of the following is an information security manager’s best course of action when a potential business breach is discovered in a critical business system?
A. Update the incident response plan
B. inform affected stakeholders
C. inform IT management
D. implement mitigating actions immediately
B
The primary purpose for deploying information security metrics is to:
A. ensure that technical operations meet specifications
B. compare program effectiveness to benchmarks
C. support ongoing security budget requirements
D. provide information needed to make decisions
A
For an organization that is experiencing outages due to malicious code, which of the following is the best index of the effectiveness of countermeasures?
A. Number of virus infections detected
B. average recovery time per incident
C. amount of infection-related downtime
D. number of downtime-related help desk calls
C
Which of the following provides the best assurance that a contracted third-party provider meets an organization’s security requirements?
A. Continuous monitoring
B. due diligence questionnaires
C. right-to-audit clause in the contract
D. performance metrics
A
Which of the following would best demonstrate the status of an organization’s information security program to the board of directors?
A. The information security operations matrix
B. changes to information security risks
C. information security program metrics
D. results of a recent external audit
D
Which of the following would best justify continued investment in an information security program?
A. Speed of implementation
B. reduction in residual risk
C. industry peer benchmarking
D. security framework alignment
B
Which of the following is an information security manager ‘s best recommendation to senior management following a breach at the organization Software as a Service (SaaS) vendor?
A. Engage legal counsel
B. terminate the relationship with the vendor
C. renegotiate the vendor contract
D. update the vendor risk assessment
D
Which of the following is the most important factor of a successful information security program?
A. The program follows industry best practices
B. the program is based on a well-developed strategy
C. the program is focused on risk management
D. the program is cost-efficient and within budget
B
Which of the following is the most important input to the development of an effective information security strategy?
A. Well-defined security policies and procedures
B. current and desired state of security
C. business processes and requirements
D. risk and business impact assessments
B
Which of the following is most important when providing updates during a security incident?
A. Responding immediately to questions from the public
B. validating the reliability of information prior to dissemination
C. designating a communications representative
D. ensuring timely incident information to internal stakeholders
C
Which of the following is most important to ensure when considering exceptions to an information security policy?
A. Exceptions are approved by executive management
B. exceptions undergo regular review
C. exceptions reflect the organizational risk appetite
D. exceptions are based on data classification
C
Which of the following is the most important requirement for a successful security program?
A. Management decision on asset value
B. penetration testing on key systems
C. nondisclosure agreements (NDAs) with employees
D. mapping security processes to baseline security standards
A
A security incident has been reported within an organization. When should an information security manager contact the information owner? After the:
A. potential incident has been logged
B. incident has been contained
C. incident has been mitigated
D. incident has been confirmed
D
When designing an information security risk monitoring framework, it is most important to ensure:
A. preservation of forensic evidence is enabled
B. the monitoring system is patched regularly
C. feedback is communicated to stakeholders
D. outlier events are escalated to system administrators
C
Which of the following best protects against phishing attacks?
A. Security strategy training
B. e-mail filtering
C. network encryption
D. application whitelisting
A
Audit trails of changes to source code and object code are best tracked through:
A. use of compilers
B. code review
C. program library software
D. job control statement
C
Which of the following is the best course of action for an information security manager to align security and business goals?
A. Reviewing the business strategy
B. conducting a business impact analysis (BIA)
C. actively engaging with stakeholders
D. defining key performance indicators (KPIs)
C
Which of the following is the best approach to reduce unnecessary duplication of compliance activities?
A. Integration of assurance efforts
B. automation of controls
C. documentation of control procedures
D. standardization of compliance requirements
D
An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the most important input to assist the committee in making this decision?
A. IT strategy
B. security architecture
C. risk assessment
D. business case
D
Which of the following best validates that security controls are implemented in a new business process?
A. Verify the use of a recognized control framework
B. review the process for conformance with information security best practices
C. benchmark the process against industry practices
D. assess the process according to information security policy
A
The effectiveness of an incident response team will be greatest when:
A. the incident response process is updated based on lessons learned
B. the incident response team members are trained security personnel
C. the incident response team meets on a regular basis to review log files
D. incidents are identified using a security information and event monitoring (SIEM) system
A
Which of the following would BEST enable an organization to aggregate information from different systems to allow for centralized categorization of incidents?
A. Intrusion detection system (IDS)
B. Application program interfaces (APIs)
C. Intrusion prevention system (IPS)
D. Security information and event management (SIEM)
D
What would be the MAIN purpose of an immediate post-incident review after a comprehensive test of the incident response plan?
A. To reduce costs associated with incident response efforts
B. To determine ways to improve incident response plan processes
C. To document weaknesses for the next incident response plan test
D. To revalidate incident response plan activities
B
During which of the following phases should an incident response team document actions required to remove the threat caused by the incident?
A. Eradication
B. Identification
C. Containment
D. Post-incident review
A
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
A. Proposed that IT update information security policies and procedures
B. request that internal audit conduct a review of the policy development process
C. conduct user awareness training within the IT function
D. determine the risk related to noncompliance with the policy
D
What should an information security manager ‘s most important consideration be when reviewing A proposed upgrade to a business units production database?
A. Ensure the application inventory is updated
B. ensuring residual risk is within appetite
C. ensuring a cost-benefit analysis is completed
D. ensuring senior management is aware of associated risk
B
The best indicator of the effectiveness of a security program conducted for users is an increase in the number of:
A. social engineering attempts reported to information security
B. requests for more security training information
C. participants in the security awareness program
D. threats detected by information security staff
A
An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the best information for the information security manager to draw a conclusion?
A. Initiating a cost-benefit analysis of the implemented controls
B. performing a risk assessment
C. reviewing the risk register
D. conducting a business impact analysis (BIA)
A
The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the most likely reason?
A. The strategy does not include a cost-benefit analysis
B. there was a lack of engagement with the business during development
C. this strategy does not comply with security standards
D. the CISO reports to the CIO
B
The most important element in achieving executive commitment to an information security governance program is:
A. identified business drivers
B. a process improvement model
C. established security strategies
D. a defined security framework
A
Which of the following is the most important detail to capture in an organization’s risk register?
A. Risk acceptance criteria
B. risk severity level
C. risk ownership
D. risk appetite
C
What is the primary objective of information security involvement in the change management process?
A. To narrow the threat landscape
B. to ensure changes are not applied without prior authorization
C. to reduce the likelihood of control failure
D. to meet obligations for regulatory and legal compliance
B
An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the best way to address this situation?
A. Publish an acceptable use policy and require signed acknowledgement
B. turn on logging and record user activity
C. communicate the responsibility and provide appropriate training
D. implement a data loss prevention (DLP) solution
C
An organization’s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
A. business senior management
B. the compliance officer
C. the information security manager
D. the chief risk officer (CRO)
A
During the due diligence phase of an acquisition, the most important course of action for an information security manager is to:
A. review the state of security awareness
B. review information security policies
C. perform a risk assessment
D. perform a gap analysis
C
When establishing escalation processes for an organization’s computer security incident response team, the organization’s procedure should:
A. require events to be escalated whenever possible to ensure that management is kept informed
B. provide unrestricted communication channels to executive leadership to ensure direct access
C. specify step-by-step escalation paths to ensure an appropriate chain of command
D. recommend the same communication path for each events to ensure consistency of communication
D
A business unit handles sensitive personally identifiable information (PII), which presents a significant financial liability to the organization should a breach occur. Which of the following is the best way to mitigate the risk to the organization?
A. Implementing audit logging on systems
B. including indemnification into customer contracts
C. contracting the process to a third party
D. purchasing insurance
D
During a security assessment, an information security manager finds a number of security patches or not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager’s first course of action?
A. Report the risk to the information security steering committee
B. determine mitigation options with IT management
C. communicate the potential impact to the application owner
D. escalate the risk to senior management
C
A new regulatory requirement affecting an organization’s information security program is released. Which of the following should be the information security manager’s first course of action?
A. Conduct benchmarking
B. perform a gap analysis
C. notify the legal department
D. determine the disruption to the business
C
Which of the following is best suited to provide regular reporting to the board regarding the status of compliance to a global security standard?
A. Legal counsel
B. quality assurance (QA)
C. information security
D. internal audit
D
What is the best reason to keep information security policies separate from procedures?
A. To keep policies from having to be changed too frequently
B. to ensure that individual documents do not contain conflicting information
C. to keep policy documents from becoming too large
D. to ensure policies receive the appropriate approvals
A
An organization has implemented a new security control in response to a recently discovered vulnerability. Several employees have voiced concerns that the control disrupts their ability to work. Which of the following is the information security manager’s best course of action?
A. Evaluate compensating control options
B. educate users about the vulnerability
C. accept the vulnerability
D. report the control risk to senior management
A
Recommendations for Enterprise Investment in security technology should be primarily based on:
A. availability of financial resources
B. alignment with business needs
C. the organization’s risk tolerance
D. adherence to international standards
D
A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done first to reverse this bottom-up approach to security?
A. Implement an information security awareness training program
B. conduct a threat analysis
C. establish an audit committee
D. create an information security steering committee
D
Which of the following is the best method to protect against emerging advanced persistent threat (APT) actors?
A. Providing ongoing training to the incident response team
B. updating information security awareness materials
C. implementing a honeypot environment
D. implementing proactive systems monitoring
D
Which of the following would be most useful in determining how an organization will be affected by a new regulatory requirement for cloud services?
A. Data loss production plan
B. risk assessment
C. information asset inventory
D. data classification policy
B
Which of the following is the most important consideration when defining security configuration baselines?
A. The baselines address applicable regulatory standards
B. the baselines are proportionate to risk
C. the baselines address known system vulnerabilities
D. the baselines align with lines of business
B
An organization would like to invest in a new emerging technology. Which of the following is most important for the information security manager to consider when evaluating its impact?
A. Secure configuration
B. vulnerabilities in the technology
C. industry peer reviews of the technology
D. systems compatibility
B
Which of the following should be an information security manager ‘s main concern if the same digital signing certificate is able to be used by two or more users?
A. Potential to decrypt digital hash values
B. inability to validate identity of sender
C. certificate alteration
D. segregation of duties
B
An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the highest priority?
A. Identification of risk
B. selection of risk treatment options
C. analysis of control gaps
D. design of key risk indicators (KRIs)
A
Which of the following most effectively allows for disaster recovery testing without interrupting business operations?
A. Structured walk-through
B. simulation testing
C. parallel testing
D. full interruption testing
C
Which of the following is the most important consideration when selecting members for an information security steering committee?
A. Information security expertise
B. tenure in the organization
C. business expertise
D. cross-functional composition
D
Which of the following is the most important reason to document information security incidents that are reported across the organization?
A. Support business investments in security
B. evaluate the security posture of the organization
C. identify unmitigated risk
D. prevent incident recurrence
D
Which of the following activities must be performed by an information security manager for change requests?
A. Assess impact on information security risk
B. perform penetration testing on affected systems
C. scan IT systems for operating system vulnerabilities
D. review change in business requirements for information security
A
What is the best way to reduce the impact of a successful ransomware attack?
A. Include provisions to pay ransoms in the information security budget
B. monitor the network and provide alerts on intrusions
C. perform frequent backups and store them offline
D. purchase or renew cyber insurance policies
C
Which of the following is the most effective way to help staff members understand their responsibilities for information security?
A. Require staff to sign confidentiality agreements
B. require staff to participate in information security awareness training
C. communicate disciplinary processes for violating policy
D. include information security responsibilities and job descriptions
D
An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is most important for the security manager to:
A. follow the incident response plan
B. follow the business continuity plan (BCP)
C. conduct an incident forensic analysis
D. notify the business process owner
D
A recovery point objective (RPO) is required in which of the following?
A. Business continuity plan (BCP)
B. information security plan
C. incident response plan
D. disaster recovery plan (DRP)
A
Which of the following factors would have the most significant impact on an organization’s information security governance model?
A. Corporate culture
B. outsourced processes
C. number of employees
D. security budget
A
An employee of an organization has reported losing a smartphone that contains sensitive information. The best step to address this situation is to:
A. remotely wipe the device
B. terminate the device connectivity
C. disable the users access to corporate resources
D. escalate to the users management
A
An organization is considering using a third party to host sensitive archived data. Which of the following is most important to verify before entering into the relationship?
A. Independent audits of the vendor’s operations are regularly conducted
B. the vendor’s controls are in line with the organization’s security standards
C. the encryption keys are not provided to the vendor
D. the vendor’s data centers are in the same geographic region
B
A modification to a critical system was not detected until the system was compromised. Which of the following will best help to prevent future occurrences?
A. Conducting continuous network monitoring
B. improving the change control process
C. conducting continuous risk assessments
D. baselining server configurations
B
Which of the following would best enable effective decision-making?
A. Annualized lost estimates determined from past security events
B. a universally applied list of generic threats, impacts, and vulnerabilities
C. a consistent process to analyze new and historical information risk
D. formalized acceptance of risk analysis by business management
D
An information security manager finds a legacy application has no defined data owner. Of the following, who would be most helpful in identifying the appropriate data owner?
A. The individual responsible for providing support for the application
B. the individual who manages the process supported by the application
C. the individual who manages users of the application
D. the individual who has the most privileges within the application
B
Which of the following change management procedures is most likely to cause concern to the information security manager?
A. Users are not notified of scheduled system changes
B. fall back processes are tested the weekend before changes are made
C. the development manager migrates programs into production
D. a manual rather than an automated process is used to compare program versions
A
Which of the following is the primary benefit of implementing an information security governance framework?
A. The framework provides a roadmap to maximize revenue through the secure use of technology
B. the framework is able to confirm the validity of business goals and strategies
C. the framework defines managerial responsibilities for risk impacts to business goals
D. the framework provides direction to meet business goals while balancing risks and controls
D
Which of the following is the best way to strengthen the security of corporate data on a personal mobile device?
A. Implementing a strong password policy
B. using containerized software
C. mandating use of pre-approved devices
D. implementing multi-factor authentication
C
Which of the following should be the most important consideration when reviewing an information security strategy?
A. Changes to the security budget
B. new business initiatives
C. internal audit findings
D. recent security incidents
A
