TEST 2 251-500

Which of the following is the PRIMARY responsibility of an information security steering committee composed of management representation from business units?. Oversee the execution of the information security strategy. Perform business impact analyses (BIAs). Manage the implementation of the information security plan. Monitor the treatment of information security risk.

Audit trails of changes to source code and object code are BEST tracked through: use of compilers. code review. program library software. job control statements.

Which of the following should be determined FIRST when preparing a risk communication plan?. Reporting content. Communication channel. Target audience. Reporting frequency.

Which of the following will protect the confidentiality of data transmitted over the Internet?. Message digests. Encrypting file system. Network address translation. IPsec protocol.

Which of the following would MOST effectively communicate the benefits of an information security program to executive management?. Key performance indicators (KPIs). Threat models. Key risk indicators (KRIs). Industry benchmarks.

Which of the following processes can be used to remediate identified technical vulnerabilities?. Updating the business impact analysis (BIA). Performing penetration testing. Enforcing baseline configurations. Conducting a risk assessment.

Which of the following BEST enables the detection of advanced persistent threats (APTs)?. Vulnerability scanning. Security information and event management system (SIEM). Internet gateway filtering. Periodic reviews of intrusion prevention system (IPS).

Which of the following is the BEST way to strengthen the security of corporate data on a personal mobile device?. Implementing a strong password policy. Using containerized software. Mandating use of pre-approved devices. Implementing multi-factor authentication.

An organization has implemented a new security control in response to a recently discovered vulnerability. Several employees have voiced concerns that the control disrupts their ability to work. Which of the following is the information security manager's BEST course of action?. Evaluate compensating control options. Educate users about the vulnerability. Accept the vulnerability. Report the control risk to senior management.

Which of the following would be MOST helpful when determining appropriate access controls for an application?. Industry best practices. Gap analysis results. End-user input. Data criticality.

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?. Assess the extent of the issue. Report the issue to legal personnel. Notify senior management of the issue. Initiate contract renegotiation.

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?. Establish performance metrics for the team. Perform a post-incident review. Perform a threat analysis. Implement a SIEM solution.

Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?. Senior management. Affected customers. Cloud service provider. The incident response team.

An organization's operations have been significantly impacted by a cyberattack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?. Update the incident response plan. Perform a root cause analysis. Implement compensating controls. Conduct a lessons learned exercise.

Which of the following would BEST help to ensure an organization's security program is aligned with business objectives?. The organization's board of directors includes a dedicated information security advisor. The security strategy is reviewed and approved by the organization's steering committee. Security policies are reviewed and approved by the chief information officer (CIO). Business leaders receive annual information security awareness training This question has been.

When defining and communicating roles and responsibilities between an organization and cloud service provider, which of the following situations would present the GREATEST risk to the organization's ability to ensure information risk is managed appropriately?. The service agreement uses a custom-developed RACI instead of an industry standard RACI to document responsibilities. The organization believes the provider accepted responsibility for issues affecting security that the provider did not accept. The organization and provider identified multiple information security responsibilities that neither party was planning to provide. The service agreement results in unnecessary duplication of effort because shared responsibilities have not been clearly defined.

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?. Review cloud provider independent assessment reports. Provide cloud security requirements. Evaluate service level agreements (SLAs). Calculate security implementation costs.

An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on: the acceptable use policy. asset management guidelines. the business impact analysis (BIA). incident classification.

What is the BEST approach for the information security manager to reduce the impact on a security program due to turnover within the security staff?. Recruit certified staff. Revise the information security program. Document security procedures. Ensure everyone is trained in their roles.

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?. Access manager. System administrator. Business owner. IT director.

For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?. Number of virus infections detected. Average recovery time per incident. Amount of infection-related downtime. Number of downtime-related help desk calls.

Which of the following should be the MOST important consideration when reviewing an information security strategy?. Changes to the security budget. New business initiatives. Internal audit findings. Recent security incidents.

Human resources (HR) is evaluating potential Software as a Service (SaaS) cloud services. Which of the following should the information security manager do FIRST to support this effort?. Perform a cost-benefit analysis of using cloud services. Conduct a security audit on the cloud service providers. Review the cloud service providers' control reports. Perform a risk assessment of adopting cloud services.

Which of the following is the BEST way to evaluate the impact of threat events on an organization's IT operations?. Risk assessment. Penetration testing. Scenario analysis. Controls review.

Which of the following BEST demonstrates that an anti-phishing campaign is effective?. Improved staff attendance in awareness sessions. Decreased number of incidents that have occurred. Decreased number of phishing emails received. Improved feedback on the anti-phishing campaign.

The GREATEST benefit resulting from well-documented information security procedures is that they: facilitate security training of new staff. ensure that security policies are consistently applied. provide a basis for auditing security practices. ensure processes can be followed by temporary staff.

Which of the following is the MOST reliable way to ensure network security incidents are identified as soon as possible?. Install stateful inspection firewalls. Conduct workshops and training sessions with end users. Collect and correlate IT infrastructure event logs. Train help desk staff to identify and prioritize security incidents.

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?. Requiring an external security audit of the IT service provider. Defining the business recovery plan with the IT service provider. Defining information security requirements with internal IT. Requiring regular reporting from the IT service provider.

Which of the following is MOST important to include in an information security status report to senior management?. Review of information security policies. List of recent security events. Key risk indicators (KRIs). Information security budget requests.

Which of the following MOST effectively allows for disaster recovery testing without interrupting business operations?. Structured walk-through. Simulation testing. Parallel testing. Full interruption testing.

The PRIMARY goal of the eradication phase in an incident response process is to: provide effective triage and containment of the incident. remove the threat and restore affected systems. maintain a strict chain of custody. obtain forensic evidence from the affected system.

Which of the following is MOST important to ensuring that incident management plans are executed effectively?. Management support and approval has been obtained. An incident response maturity assessment has been conducted. A reputable managed security services provider has been engaged. The incident response team has the appropriate training.

To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?. Gap analysis results. Level of risk treatment. Configuration parameters. Level of residual risk.

Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?. Set up an agent to run a virus-scanning program across platforms. Ensure that proper controls exist for code review and release management. Implement controls for continuous monitoring of middleware transactions. Apply the latest patch programs to the production operating systems.

Which of the following is the PRIMARY responsibility of an information security governance committee?. Reviewing the information security risk register. Approving changes to the information security strategy. Discussing upcoming information security projects. Reviewing monthly information security metrics.

The MOST important information for influencing management's support of information security is: a report of a successful attack on a competitor. a demonstration of alignment with the business strategy. an identification of the overall threat landscape. an identification of organizational risks.

What should be an information security manager's MOST important consideration when reviewing a proposed upgrade to a business unit's production database?. Ensuring the application inventory is updated. Ensuring residual risk is within appetite. Ensuring a cost-benefit analysis is completed. Ensuring senior management is aware of associated risk.

Prior to implementing a bring your own device (BYOD) program, it is MOST important to: review currently utilized applications. survey employees for requested applications. select mobile device management (MDM) software. develop an acceptable use policy.

When developing an incident escalation process, the BEST approach is to classify incidents based on: their root causes. information assets affected. recovery point objectives (RPOs). estimated time to recover.

Which of the following is the PRIMARY objective of defining a severity hierarchy for security incidents?. To streamline the risk analysis process. To facilitate the classification of an organization's IT assets. To prioritize available incident response resources. To facilitate root cause analysis of incidents.

For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices?. Device certification process. Acceptable use policy. Containerization solution. Data loss prevention (DLP).

Which of the following should be the PRIMARY driver for delaying the delivery of an information security awareness program?. Change in senior management. High employee turnover. Employee acceptance. Risk appetite.

An organization is developing a disaster recovery strategy and needs to identify each application's criticality so that the recovery sequence can be established. Which of the following is the BEST course of action?. Restore the applications with the shortest recovery times first. Document the data flow and review the dependencies. Perform a business impact analysis (BIA) on each application. Identify which applications contribute the most cash flow.

An organization's IT department needs to implement security patches. Recent reports indicate these patches could result in stability issues. Which of the following is the information security manager's BEST recommendation?. Research alternative software solutions. Evaluate the patches in a test environment. Increase monitoring after patch implementation. Research compensating security controls.

An organization has established a bring your own device (BYOD) program. Which of the following is the MOST important security consideration when allowing employees to use personal devices for corporate applications remotely?. Mandatory controls for maintaining security policy. Mobile operating systems support. Security awareness training. Secure application development.

What is the BEST way for an information security manager to ensure critical assets are prioritized in a new information security program?. Update operating procedures to include new requirements. Conduct security awareness training. Conduct an inventory of information assets. Backup information assets and store them offsite.

Which of the following would provide the MOST useful information when prioritizing controls to be added to a system?. The risk register. Balanced scorecard. Compliance requirements. Baseline to industry standards.

An organization has recently acquired a smaller company located in a different geographic region. Which of the following is the BEST approach for addressing conflicts between the parent organization's security standards and local regulations affecting the acquired company?. Adopt the standards of the newly acquired company. Give precedence to the parent organization's standards. Create a local version of the parent organization's standards. Create a global version of the local regulations.

A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?. Conduct benchmarking. Perform a gap analysis. Notify the legal department. Determine the disruption to the business.

An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?. Verify the provider follows a cloud service framework standard. Review the provider's information security policies and procedures. Obtain documentation of the encryption management practices. Ensure an audit of the provider is conducted to identify control gaps.