TEST 3 501-750

Which of the following is the PRIMARY benefit of implementing an information security governance framework?. The framework provides a roadmap to maximize revenue through the secure use of technology. The framework is able to confirm the validity of business goals and strategies. The framework defines managerial responsibilities for risk impacts to business goals. The framework provides direction to meet business goals while balancing risks and controls.

Which of the following is the BEST way to prevent insider threats?. Implement strict security policies and password controls. Conduct organization-wide security awareness training. Enforce segregation of duties and least privilege access. Implement logging for all access activities.

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?. Establish a capability maturity model. Develop a training plan. Conduct a risk assessment. Perform a skills gap analysis.

An organization is conducting a post-incident review to determine the root cause of an information security incident. Which of the following situations would be MOST harmful to this investigation?. Unencrypted logs of the affected systems were saved on magnetic tapes. Antivirus signature update processes failed on the affected systems. Systems logs were cleared by the administrator to free up space on the affected systems. The incident response plan has not been updated during the past year.

When building support for an information security program, which of the following elements is MOST important?. Business impact analysis (BIA). Identification of existing vulnerabilities. Threat analysis. Information risk assessment.

Capacity planning would prevent: system downtime for scheduled security maintenance. file system overload arising from distributed denial of service (DDoS) attacks. application failures arising from insufficient hardware resources. software failures arising from exploitation of buffer capacity vulnerabilities.

Which of the following is the MOST effective way to ensure information security policies are understood?. Implement a whistle-blower program. Document security procedures. Include security responsibilities in job descriptions. Provide regular security awareness training.

Which of the following is the MOST effective method for testing an incident response plan?. Disaster recovery testing. Risk assessment. Tabletop exercises. Industry benchmarking.

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?. Request funding needed to resolve the top vulnerabilities. Ensure a risk assessment is performed to evaluate the findings. Report findings to senior management. Ensure vulnerabilities found are resolved within acceptable timeframes.

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?. IT strategy. Security architecture. Risk assessment. Business case.

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?. Perform a vulnerability assessment. Perform a business impact analysis (BIA). Perform a privacy impact assessment. Perform a gap analysis.

Which of the following will have the MOST negative impact to the effectiveness of incident response processes?. High organizational risk tolerance. Decentralized incident monitoring. Ambiguous severity criteria. Manual incident reporting processes.

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?. Performing a business impact analysis (BIA). Reviewing policies and procedures. Performing a risk assessment. Interviewing business managers and employees.

Which of the following is the MOST important consideration when developing incident classification methods?. Data classification. Data owner input. Service level agreements (SLAs). Business impact.

Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?. Minimizing the cost of security controls. Reducing organizational security risk. Improving the protection of information. Achieving organizational objectives.

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?. Perform periodic security assessments of the contractors' activities. Conduct periodic vulnerability scans of the application. Require annual signed agreements of adherence to security policies. Include penalties for noncompliance in the contracting agreement.

How does an organization's information security steering committee facilitate the achievement of information security program objectives?. Monitoring information security resources. Making decisions on security priorities. Enforcing regulatory and policy compliance. Evaluating information security metrics.

Which of the following is the BEST reason to consolidate security operations teams across a global organization?. Compliance with regulatory requirements. Enhanced visibility of threats. Detection of fraud. Cost reduction.

The business value of an information asset is derived from: its replacement cost. the risk assessment. its criticality. the threat profile.

A business unit handles sensitive personally identifiable information (PII), which presents a significant financial liability to the organization should a breach occur. Which of the following is the BEST way to mitigate the risk to the organization?. Implementing audit logging on systems. Including indemnification into customer contracts. Contracting the process to a third party. Purchasing insurance.

Which of the following would be impacted the MOST by a business decision to move from traditional computing to cloud computing?. Security awareness. Security standards. Security policies. Security strategy.

Key risk indicators (KRIs) are MOST effective when they: are mapped to core strategic initiatives. allow for comparison with industry peers. are redefined on a regular basis. assess progress toward declared goals.

An organization's intrusion prevention system (IPS) detected and blocked an unusually large number of external intrusion attempts within a 24-hour period. Which of the following should be the information security manager's FIRST course of action?. Perform security assessments on Internet-facing systems. Identify the source and nature of the attempts. Review the server and firewall audit logs. Report the issue to senior management.

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?. Direction from senior management. Results of recovery testing. Determination of recovery point objective (RPO). Impact of service interruption.

Which of the following is the PRIMARY purpose of implementing information security standards?. To provide a basis for developing information security policies. To provide step-by-step instructions for performing security-related tasks. To provide management direction with a specific security objective. To establish a minimum acceptable security baseline.

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?. Validate the authenticity of the patch. Conduct comprehensive testing of the patch. Schedule patching based on the criticality. Install the patch immediately to eliminate the vulnerability.

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on: behavior analysis. penetration testing. signature analysis. data packet analysis.

When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST: ensure that systems that handle credit card data are segmented. review industry best practices for handling secure payments. ensure alignment with industry encryption standards. review corporate policies regarding credit card information.

What is the PRIMARY objective of information security involvement in the change management process?. To narrow the threat landscape. To ensure changes are not applied without prior authorization. To reduce the likelihood of control failure. To meet obligations for regulatory and legal compliance.

Which of the following is MOST likely to trigger an update and revision of information security policies?. Engagement with a new service provider. Replacement of the information security manager. Attainment of business process maturity. Changes in the organization's risk appetite.

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator, and application administrator. What is the manager's BEST course of action?. Formally document IT administrator activities. Automate user provisioning activities. Maintain strict control over user provisioning activities. Implement monitoring of IT administrator activities.

Which of the following should an information security manager do FIRST when assessing conflicting requirements between the global organization's security standards and local regulations?. Conduct a gap analysis against local regulations. Perform a cost-benefit analysis of compliance. Create a local version of the organizational standards. Prioritize the organizational standards over local regulations.

Which of the following is the BEST method to reduce the risk of an information security breach due to spear phishing?. Implementing a vulnerability management program. Deploying an intrusion protection system (IPS). Establishing a company-wide information security awareness plan. Reviewing log files daily to identify any suspicious activity.

A desktop computer is being used to perpetrate a fraud, and data on the machine must be secured for evidence. Which of the following should be done FIRST?. Encrypt the content of the hard drive using a strong algorithm. Obtain a hash of the desktop computer's internal hard drive. Copy the data on the computer to an external hard drive. Capture a forensic image of the computer.

The PRIMARY purpose of an information security governance framework is to ensure that the information security strategy is an extension of: organizational strategies. information technology strategies. formal enterprise architecture. approved business cases.

Which of the following is the MOST important consideration for a global organization that is designing an information security awareness program?. National regulations. Program costs. Cultural backgrounds. Local languages.

Changes have been proposed to a large organization's enterprise resource planning (ERP) system that would violate existing security standards. Which of the following should be done FIRST to address this conflict?. Perform a cost-benefit analysis. Calculate business impact levels. Validate current standards. Implement updated standards.

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?. Develop a project plan to implement the strategy. Obtain consensus on the strategy from the executive board. Define organizational risk tolerance. Review alignment with business goals.

An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?. Simulation testing. Tabletop testing. Parallel testing. Black box testing.

Which of the following is the MOST important function of an information security steering committee?. Assigning data classifications to organizational assets. Defining security standards for logical access controls. Developing organizational risk assessment processes. Obtaining multiple perspectives from the business.

Which of the following is the BEST way to obtain reliable information to help an incident response team maintain awareness of emerging security threats and vulnerabilities?. Subscribe to a reputed threat intelligence group. Assign staff to engage with social media hacking groups. Review alerts from a security information and event management (SIEM) system. Implement vulnerability scanners.

Which of the following is the MOST effective approach to ensure seamless integration between the business continuity plan (BCP) and the incident response plan?. The BCP manager is included in the core incident response team. Criteria for escalating to the BCP manager are in the incident response plan. Both response teams contain the same members. Consistent event classifications are used in both plans.

Which of the following is an information security manager's BEST course of action when a potential business breach is discovered in a critical business system?. Update the incident response plan. Inform affected stakeholders. Inform IT management. Implement mitigating actions immediately.

Which of the following is MOST important to include in a report of an organization's information security risk?. Control risk. Mitigated risk. Residual risk. Inherent risk.

Which of the following is an information security manager's BEST recommendation to senior management following a breach at the organization's Software as a Service (SaaS) vendor?. Engage legal counsel. Terminate the relationship with the vendor. Renegotiate the vendor contract. Update the vendor risk assessment.

Which of the following is MOST important to consider when determining asset valuation?. Potential business loss. Asset classification level. Asset recovery cost. Cost of insurance premiums.

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?. Restrict application network access temporarily. Update the risk register. Consult with the business owner. Include security requirements in the contract.

An event occurred that resulted in the activation of the business continuity plan (BCP). All employees were notified during the event, and they followed the plan. However, two major suppliers missed deadlines because they were not aware of the disruption. What is the BEST way to prevent a similar situation in the future?. Ensure service level agreements (SLAs) with suppliers are enforced. Conduct a vulnerability assessment. Perform testing of the BCP communication plan. Provide suppliers with access to the BCP document.

When performing a data classification project, an information security manager should: assign information criticality and sensitivity. identify information custodians. identify information owners. assign information access privileges.

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?. Gap analysis results. Risk register. Heat map. Risk assessment results.

Which of the following has the GREATEST impact on the viability of an information security roadmap?. Regulatory requirements. Management support. Threat landscape. Resource availability.

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following is MOST important to include in the business case?. Alignment with the approved IT strategy. Potential impact of threat realization. Availability of resources to implement the initiative. Peer group threat intelligence report.

Which of the following is the MOST important output from a post-incident review?. Documentation of lessons learned. Repository of digital forensic artifacts. Revised business impact analysis (BIA). Compilation of incident-related costs.

Which of the following is the GREATEST benefit of using a network-based intrusion prevention system (IPS)?. The ability to review and monitor data streams by network segment. The ability to shut down or block suspicious connections. Increased visibility into user web surfing. Centralized controls for incident handling.

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?. Local laws and regulations. Backup and restoration of data. Vendor service level agreements (SLAs). Independent review of the vendor.

Which of the following should be an information security manager's MAIN concern if the same digital signing certificate is able to be used by two or more users?. Potential to decrypt digital hash values. Inability to validate identity of sender. Certificate alteration. Segregation of duties.

Signature based anti-malware controls are MOST effective against: poorly configured firewall rules. reused virus code. known threats. zero-day exploits.

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?. Confirm control effectiveness. Determine recovery priorities. Define the recovery point objective (RPO). Analyze vulnerabilities.

A common drawback of email software packages that provide native encryption of messages is that the encryption: has an insufficient key length. cannot interoperate across product domains. cannot encrypt attachments. has no key-recovery mechanism.

Which of the following is the MOST important outcome of effective risk treatment?. Implementation of corrective actions. Elimination of risk. Timely reporting of incidents. Reduced cost of acquiring controls.

Which of the following is MOST important to the successful management of an information security program?. Compliance with regulatory requirements. Adequate security budget. Support from key stakeholders. Continuous controls monitoring.

A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager’s FIRST course of action?. Design and document a new process. perform a risk assessment. Report the issue to senior management. Update the security policy.

Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?. Procedures. Regulations. Baselines. Standards.

Which of the following security initiatives should be the FIRST step in helping an organization maintain compliance with privacy regulations?. Implementing a data classification framework. Implementing security information and event management (SIEM). Installing a data loss prevention (DLP) solution. Developing security awareness training.

Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?. Senior management support. Results of a risk assessment. Results of a cost-benefit analysis. Impact on the risk profile.

The PRIMARY reason for using metrics as part of an information security program is to help management: determine whether objectives are being met. visualize security trends. develop an information security baseline. track financial impact of the program.

After an information security incident has been detected and its priority established, which of the following should be the NEXT course of action?. Gathering evidence. Eradicating the incident. Performing a risk assessment. Containing the incident.

Which of the following is the MOST important input to the development of an effective information security strategy?. Well-defined security policies and procedures. Current and desired state of security. Business processes and requirements. Risk and business impact assessments.

Which of the following is MOST important to review following a security incident?. Incident response procedures. Response tools and techniques. Incident response plan. Lessons learned.

Which of the following is necessary to ensure consistent protection for an organization’s information assets?. Control assessment. Data ownership. Regulatory requirements. Classification mode.

A new law requires an organization to implement specific security controls. Which of the following should the information security manager do FIRST?. Integrate the new requirements into the security policy. Perform a gap analysis on the new requirements. Develop a control implementation plan. Assess the risk of noncompliance with the new requirements.

Which of the following BEST demonstrates that security controls are effective?. Audit report. Tabletop simulation. Risk and control self-assessment. Business impact analysis (BIA) results.

Which of the following activities provides the GREATEST insight into the level of threat exposure within an IT environment?. Executing an organization-wide security audit. Performing penetration testing. Performing technical vulnerability assessments. Conducting a red team exercise.

Which of the following is MOST important to ensure when an organization is moving portions of its sensitive database to the cloud?. The conversion has been approved by the information security team. A right to audit clause is included in the contract. Input from data owners is included in the requirements definition. Data encryption is used in the cloud hosting solution.

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?. Determine whether critical success factors (CSFs) have been defined. Review and update current operational procedures. Perform a risk analysis for critical applications. Conduct a capability maturity model evaluation.

The PRIMARY goal of information security governance is to: reduce risk to an acceptable level. align with business processes. align with business objectives. establish a security strategy.

An information security manager of an e-commerce business is reviewing the results of a business continuity plan (BCP) review. Which of the following findings should be the MOST immediate concern?. The cost of a recent recovery test exceeded budget expectations. The annual business impact analysis (BIA) has been delayed. The business continuity plan (BCP) has not been recently tested. The recovery time objective (RTO) was not met during a recent power outage.

If an organization does not have an information security governance framework in place, which of the following would BEST facilitate the adoption of a future governance program?. Audit recommendations. IT department support. Information security funding. Involvement of business stakeholders.

Which of the following would provide the GREATEST assurance to management that information security incidents will be detected and contained in a timely manner without jeopardizing the organization’s mission?. Network security penetration testing program. Continuous vulnerability scanning solution. Security information and event management (SIEM) system. Fully operational security operations center (SOC).

Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?. Vulnerability assessment. SWOT analysis. Business impact analysis (BIA). Risk assessment.

Which of the following provides the BEST guidance when establishing a security program?. Risk assessment methodology. Security audit report. Information security budget. Information security framework.

Which of the following should be of MOST concern to an information security manager reviewing the organization’s disaster recovery plan (DRP)?. Organization wide training for disaster recovery has not occurred. The response team has contracted with an external consultant to support testing activities. Six months have elapsed since the most recent test of the response plan. The response plan document has not been updated with the latest notification list details.

Which of the following is the GREATEST risk of centralized information security administration within a multinational organization?. Slower turnaround. Less uniformity. Less objectivity. Violation of local law.

Which of the following would BEST enable an organization to aggregate information from different systems to allow for centralized categorization of incidents?. Intrusion detection system (IDS). Application program interfaces (APIs). Intrusion prevention system (IPS). Security information and event management (SIEM).

When preparing an information security policy for a global organization, how should an information security manager BEST address local legislation in multiple countries?. Rely on local interpretation of the global policy to comply with local legislation. Create a policy exception process for each country. Enforce the same global policy in every country. Establish local policies for each country that supplement the global policy.

Which of the following is the MOST important control to implement when senior managers use smartphones to access sensitive company information?. Centralized device administration. Remote wipe capability. Anti-malware on the devices. Strong passwords.

Which of the following is the MOST appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification?. Guidelines. Procedures. Standards. Policies.

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?. The third party has not provided evidence of compliance with local regulations where data is generated. The third party does not have an independent assessment of controls available for review. The third party’s service level agreement (SLA) does not include guarantees of uptime. The third-party contract does not include an indemnity clause for compensation in the event of a breach.

The PRIMARY objective of timely declaration of a disaster is to: ensure the continuity of the organization’s essential services. protect critical physical assets from further loss. ensure engagement of business management in the recovery process. assess and correct disaster recovery process deficiencies.

Which of the following BEST enables the design of an effective incident escalation process?. A well-defined organizational hierarchy. Enforceable control baselines. A comprehensive risk register. Controls designed for defense in depth.

An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?. Notify the CISO of the security policy violation. Perform a system access review. Perform a full review of all system transactions over the past 90 days. Immediately suspend the executives’ access privileges.

Which of the following is MOST useful to display on a dashboard to demonstrate security performance?. Number of hours spent per vulnerability remediated. Number of vulnerabilities detected over time. Severity of currently unremediated vulnerabilities. Average time to identify vulnerabilities.

Which of the following should be done FIRST when establishing an information security governance framework?. Gain an understanding of the business and cultural attributes. Contract a third party to conduct an independent review of the program. Conduct a cost-benefit analysis of the framework. Evaluate information security tools and skills relevant for the environment.

Which of the following is the BEST approach to make strategic information security decisions?. Establish periodic senior management meetings. Establish regular information security status reporting. Establish an information security steering committee. Establish business unit security working groups.

Which type of incident response test is the MOST efficient way to verify that backup power generators are functioning?. Operational full test. Simulation failure test. Parallel recovery test. Full interruption test.

Which of the following is the MOST important action to prepare for a ransomware attack?. Back up data regularly and verify the integrity of backups. Scan emails to detect threats and filter out executable files. Configure access controls with least privilege in mind. Execute operating systems and programs in a virtualized environment.

Which of the following should be the MAIN outcome from monitoring key performance indicators (KPIs) for a corporate security management program?. A balanced scorecard. An effective security awareness program. Data for the organization to assess progress. Optimal level of value delivery.

An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?. Independent audits of the vendor’s operations are regularly conducted. The vendor’s controls are in line with the organization’s security standards. The encryption keys are not provided to the vendor. The vendor’s data centers are in the same geographic region.

When creating an incident response plan, which of the following is MOST important to include during the preparation phase of the plan’s life cycle?. Communication plan. Response procedures. Risk management plan. Forensic analysis procedures.

A software vendor has announced a zero-day vulnerability that exposes an organization’s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security manager’s PRIMARY concern?. Ability to test the patch prior to deployment. Adequacy of the incident response plan. Availability of resources to implement controls. Documentation of patching procedures.

What is the MOST important reason to regularly report information security risk to relevant stakeholders?. To enable risk-informed decision making. To reduce the impact of information security risk. To ensure information security controls are effective. To achieve compliance with regulatory requirements.

Which of the following is MOST important to ensure ongoing senior management commitment to an organization’s information security strategy?. Effective and reliable security reporting. A well-defined information security control framework. A detailed and documented business impact analysis (BIA). Strategic alignment to an industry framework.

A penetration test of a new system has identified a number of critical vulnerabilities, jeopardizing the go-live date. The information security manager is asked by the system owner to approve an exception to allow the system to be implemented without fixing the vulnerabilities. Which of the following is the MOST appropriate course of action?. Implement a log monitoring process. Perform a risk assessment. Develop a set of compensating controls. Approve and document the exception.

Which of the following information security activities is MOST helpful to support compliance with information security policy?. Conducting information security awareness programs. Creating monthly trend metrics. Performing periodic IT reviews on new system acquisitions. Obtaining management commitment.

Which of the following is MOST important to determine following the discovery and eradication of a malware attack?. The creator of the malware. The malware entry path. The type of malware involved. The method of detecting the malware.

Which of the following is MOST helpful in ensuring an information security governance framework continues to support business objectives?. A consistent risk assessment methodology. A monitoring strategy. An effective organizational structure. Stakeholder buy-in.

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?. Management’s business goals and objectives. Strategies of other non-regulated companies. Industry best practices and control recommendations. Risk assessment results.

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to: review the number of reported security incidents. evaluate results of the most recent incident response test. ensure established security metrics are reported. assess progress of risk mitigation efforts.

Information security controls should be designed PRIMARILY based on: regulatory requirements. a vulnerability assessment. business risk scenarios. a business impact analysis (BIA).

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on: risk assessment results. international security standards. the most stringent requirements. the security organization structure.

An information security manager developing an incident response plan MUST ensure it includes: critical infrastructure diagrams. a business impact analysis (BIA). criteria for escalation. an inventory of critical data.

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?. Require staff to sign confidentiality agreements. Require staff to participate in information security awareness training. Communicate disciplinary processes for policy violations. Include information security responsibilities in job descriptions.

Security program development is PRIMARILY driven by which of the following?. Regulatory requirements. Business strategy. Risk appetite. Available resources.

An organization has identified a risk scenario that has low impact to the organization but is very costly to mitigate. Which risk treatment option is MOST appropriate in this situation?. Transfer. Acceptance. Mitigation. Avoidance.

Prior to conducting a forensic examination, an information security manager should: boot the original hard disk on a clean system. create an image of the original data on new media. duplicate data from the backup media. shut down and relocate the server.

The fundamental purpose of establishing security metrics is to: adopt security best practices. establish security benchmarks. provide feedback on control effectiveness. increase return on investment (ROI).

Which of the following presents the GREATEST challenge to a security operations center's timely identification of potential security breaches?. An organization has a decentralized data center that uses cloud services. Operating systems are no longer supported by the vendor. IT system clocks are not synchronized with the centralized logging server. The patch management system does not deploy patches in a timely manner.

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?. Review independent security assessment reports for each vendor. Benchmark each vendor's services with industry best practices. Define information security requirements and processes. Analyze the risks and propose mitigating controls.

An online bank identifies a successful network attack in progress. The bank should FIRST: report the root cause to the board of directors. isolate the affected network segment. shut down the entire network. assess whether personally identifiable information (PII) is compromised.

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?. Walk-through of the incident response plan. Black box penetration test. Simulated phishing exercise. Red team exercise.

Which of the following would be MOST helpful to identify worst-case disruption scenarios?. Cost-benefit analysis. SWOT analysis. Business process analysis. Business impact analysis (BIA).

Which of the following BEST enables an organization to appropriately prioritize information security-focused projects?. Return on investment (ROI). Privacy compliance requirements. Organizational risk appetite. Historical security incidents.

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?. Document a security exception. Reduce security hardening settings. Perform a risk assessment. Inform business management of the risk.

Which of the following activities MUST be performed by an information security manager for change requests? A. Assess impact on information security risk. B. Perform penetration testing on affected systems. C. Scan IT systems for operating system vulnerabilities. D. Review change in business requirements for information security. Assess impact on information security risk. Perform penetration testing on affected systems. Scan IT systems for operating system vulnerabilities. Review change in business requirements for information security.

The PRIMARY purpose for continuous monitoring of security controls is to ensure: alignment with compliance requirements. effectiveness of controls. control gaps are minimized. system availability.

Which of the following is the MOST important factor of a successful information security program?. The program follows industry best practices. The program is based on a well-developed strategy. The program is focused on risk management. The program is cost-efficient and within budget.

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?. Security is a business product and not a process. Effective security eliminates risk to the business. Adopt a recognized framework with metrics. Security supports and protects the business.

When choosing the best controls to mitigate risk to acceptable levels, the information security manager s decision should be MAINLY driven by: regulatory requirements. control framework. best practices. cost-benefit analysis.

A high-risk issue is discovered during an information security risk assessment of a legacy application. The business is unwilling to allocate the resources to remediate the issue. Which of the following would be the information security manager’s BEST course of action?. Document risk acceptance from the business. Recommend discontinuing the use of the legacy application. Design alternative compensating controls to reduce the risk. Present the worst-case scenario related to the risk.

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it: reduces unauthorized access to systems. promotes efficiency in control of the environment. prevents inconsistencies in information in the distributed environment. allows administrative staff to make management decisions.

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?. Support business investments in security. Evaluate the security posture of the organization. Identify unmitigated risk. Prevent incident recurrence.

Which of the following is MOST important for building a robust information security culture within an organization?. Mature information security awareness training across the organization. Security controls embedded within the development and operation of the IT environment. Senior management approval of information security policies. Strict enforcement of employee compliance with organizational security policies.

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?. Documenting multiple scenarios for the organization and response steps. Providing training from third-party forensics firms. Obtaining industry certifications for the response team. Conducting tabletop exercises appropriate for the organization.

Which of the following metrics BEST measures the effectiveness of an organization’s information security program?. Return on information security investment. Number of information security business cases developed. Reduction in information security incidents. Increase in risk assessments completed.

Which of the following is MOST important when conducting a forensic investigation?. Capturing full system images. Documenting analysis steps. Maintaining a chain of custody. Analyzing system memory.

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?. Unavailable or corrupt data backups. Ineffective alert configurations for backup operations. Lack of encryption for backup data in transit. Undefined or undocumented backup retention policies.

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager’s FIRST course of action?. Identify the skill set of the provider's incident response team. Update the incident escalation process. Evaluate the provider’s audit logging and monitoring controls. Review the provider’s incident definitions and notification criteria.

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?. Key risk indicators (KRIs). Responsible entities. Compensating controls. Potential business impact.

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager’s BEST course of action?. Present the risk to senior management. Modify the policy. Create an exception for the deviation. Enforce the policy.

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?. Perform a cost-benefit analysis. Collect additional metrics. Begin due diligence on the outsourcing company. Submit funding request to senior management.

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?. Business impact analysis (BIA). Risk assessment. Vulnerability assessment. Industry best practices.

Which of the following BEST ensures timely and reliable access to services?. Authenticity. Availability. Nonrepudiation. Recovery time objective (RTO).

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?. Deterrent. Detective. Preventive. Corrective.

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization’s information security strategy?. Internal security audit. Organizational risk appetite. External security audit. Business impact analysis (BIA).

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?. Assess the risk to the organization. Review the mitigating security controls. Notify staff members of the threat. Increase the frequency of system backups.

Of the following, whose input is of GREATEST importance in the development of an information security strategy?. Security architects. End users. Corporate auditors. Process owners.

Which risk is introduced when using only sanitized data for the testing of applications?. Unexpected outcomes may arise in production. Data disclosure may occur during the migration event. Breaches of compliance obligations will occur. Data loss may occur during the testing phase.

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?. Legal and regulatory requirements. Likelihood of a disaster. Organizational tolerance to service interruption. Geographical location of the backup site.

Which of the following should be done FIRST when developing an information security program?. Establish security policies. Define the security strategy. Approve security standards. Set security baselines.

The BEST way to identify the risk associated with a social engineering attack is to: monitor the intrusion detection system (IDS). review single sign-on (SSO) authentication logs. perform a business risk assessment of the email filtering system. test user knowledge of information security practices.

Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?. Information security awareness training. Risk assessment program. Information security governance. Information security metrics.

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?. More visibility to the impact of disruptions. Ability to monitor and control incident management costs. Effective protection of information assets. Optimized allocation of recovery resources.

A recovery point objective (RPO) is required in which of the following?. Business continuity plan (BCP). Information security plan. Incident response plan. Disaster recovery plan (DRP).

Which of the following provides the BEST assurance that security policies are applied across business operations?. Organizational standards are enforced by technical controls. Organizational standards are included in awareness training. Organizational standards are required to be formally accepted. Organizational standards are documented in operational procedures.

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?. Recommend risk acceptance. Perform a cost-benefit analysis. Escalate to senior management. Revisit the business objective.

A business unit is not complying with a control implemented to mitigate risk because doing so impacts the ability to achieve business goals. When reporting the noncompliance to senior management, what would be the information security manager's BEST recommendation?. Accept the noncompliance. Conduct a control assessment. Implement compensating controls. Educate the noncompliant users.

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?. Updated security policies. Regular antivirus updates. Defined security standards. Threat intelligence.

Which of the following should be the PRIMARY consideration when developing an incident response plan?. Previously reported incidents. Management support. Compliance with regulations. The definition of an incident.

A strict new regulation is being finalized to address global concerns regarding cybersecurity. Which of the following should the information security manager do FIRST?. Monitor industry response to the regulation. Seek legal counsel on the new regulation. Validate the applicability of the regulation. Escalate compliance risk to senior management.

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?. The underlying reason for the user error. The time and location that the breach occurred. Appropriate disciplinary procedures for user error. Evidence of previous incidents caused by the user.

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include: responses to security questionnaires. previous training sessions. examples of help desk requests. results of exit interviews.

A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. The MOST likely reason for this decision is: the cost of implementing controls exceeds the potential financial losses. the risk assessment has not defined the likelihood of occurrence. executive management is not aware of the impact potential. the reported vulnerability has not been validated.

Which of the following is the BEST indication of an effective information security awareness training program?. An increase in the identification rate during phishing simulations. An increase in the speed of incident resolution. An increase in positive user feedback. An increase in the frequency of phishing tests.

Penetration testing is MOST appropriate when a: new system is about to go live. security incident has occurred. security policy is being developed. new system is being designed.

Which of the following will result in the MOST accurate controls assessment?. Mature change management processes. Unannounced testing. Well-defined security policies. Senior management support.

The MOST important reason for having an information security manager serve on the change management committee is to: ensure changes are properly documented. advise on change-related risk. identify changes to the information security policy. ensure that changes are tested.

Of the following, who is in the BEST position to evaluate business impacts?. Senior management. Information security manager. Process manager. IT manager.

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?. Encrypt all personal data stored on systems and networks. Evaluate privacy technologies required for data protection. Create an inventory of systems where personal data is stored. Update disciplinary processes to address privacy violations.

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?. Transfer responsibility for incident response to the cloud provider. Continue using the existing incident response procedures. Revise incident response procedures to encompass the cloud environment. Adopt the cloud provider’s incident response procedures.

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?. Establish key risk indicators (KRIs). Provide regular reporting on risk treatment to senior management. Require steering committee approval of risk treatment plans. Use quantitative risk assessment methods.

Which of the following is MOST important to include in a post-incident review following a data breach?. An evaluation of the effectiveness of the information security strategy. Documentation of regulatory reporting requirements. A review of the forensics chain of custody. Evaluations of the adequacy of existing controls.

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?. Conduct vulnerability assessments on social network platforms. Assess the security risk associated with the use of social networks. Establish processes to publish content on social networks. Develop security controls for the use of social networks.

Which of the following BEST supports information security management in the event of organizational changes in security personnel?. Ensuring current documentation of security processes. Formalizing a security strategy and program. Developing an awareness program for staff. Establishing processes within the security operations team.

Which of the following is the BEST tool to monitor the effectiveness of information security governance?. Balanced scorecard. Risk profile. Business impact analysis (BIA). Key performance indicators (KPIs).

Management decisions concerning information security investments will be MOST effective when they are based on: a process for identifying and analyzing threats and vulnerabilities. the formalized acceptance of risk analysis by management. the reporting of consistent and periodic assessments of risks. an annual loss expectancy (ALE) determined from the history of security events.

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?. Identification of risk. Selection of risk treatment options. Analysis of control gaps. Design of key risk indicators (KRIs).

Which of the following change management procedures is MOST likely to cause concern to the information security manager?. Users are not notified of scheduled system changes. Fallback processes are tested the weekend before changes are made. The development manager migrates programs into production. A manual rather than an automated process is used to compare program versions.

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?. Full interruption test. Tabletop test. Parallel test. Simulation test.

Which of the following should be the MOST important consideration when establishing information security policies for an organization?. Job descriptions include requirements to read security policies. Senior management supports the policies. The policies are aligned to industry best practices. The policies are updated annually.

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to: capture evidence using standard server-backup utilities. document the chain of custody. reboot affected machines in a secure area to search for evidence. contact law enforcement.

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by: business senior management. the compliance officer. the information security manager. the chief risk officer (CRO).

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure: change activities are documented. compliance with the risk acceptance framework. the rationale for acceptance is periodically reviewed. the acceptance is aligned with business strategy.

Which of the following is the BEST course of action for an information security manager to align security and business goals?. Reviewing the business strategy. Conducting a business impact analysis (BIA). Actively engaging with stakeholders. Defining key performance indicators (KPIs).

What should be the information security manager’s FIRST step when updating an information security program?. Review costs and benchmark them against industry norms. Interview business unit managers and key stakeholders. Identify program components that do not align with business objectives. Re-evaluate the organization's business expectations and objectives.

Which of the following defines the triggers within a business continuity plan (BCP)?. Disaster recovery plan (DRP). Needs of the organization. Information security policy. Gap analysis.

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?. Instruct the vendor to conduct penetration testing. Suspend the connection to the application in the firewall. Initiate the organization’s incident response process. Report the situation to the business owner of the application.

Which of the following is the BEST indication of a successful information security culture?. The budget allocated for information security is sufficient. End users know how to identify and report incidents. Individuals are given roles based on job functions. Penetration testing is done regularly and findings remediated.

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?. Incident response plan. Disaster recovery plan (DRP). Business contingency plan. Business continuity plan (BCP).

Which of the following sources is MOST useful when planning a business-aligned information security program?. Business impact analysis (BIA). Information security policy. Security risk register. Enterprise architecture (EA).

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?. Requiring multifactor authentication. Requiring challenge/response information. Enforcing frequent password changes. Enforcing complex password formats.

What is the BEST way to reduce the impact of a successful ransomware attack?. Include provisions to pay ransoms in the information security budget. Monitor the network and provide alerts on intrusions. Perform frequent backups and store them offline. Purchase or renew cyber insurance policies.

Which of the following is the BEST approach for governing noncompliance with security requirements?. Require users to acknowledge the acceptable use policy. Base mandatory review and exception approvals on residual risk. Require the steering committee to review exception requests. Base mandatory review and exception approvals on inherent risk.

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?. Defining security asset categorization. Assigning information asset ownership. Developing a records retention schedule. Defining information stewardship roles.

In which cloud model does the cloud service buyer assume the MOST security responsibility?. Infrastructure as a Service (IaaS). Software as a Service (SaaS). Disaster Recovery as a Service (DRaaS). Platform as a Service (PaaS).

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?. More security incidents are detected. Security behavior is improved. The security strategy is promoted. Fewer security incidents are reported.

Which of the following is the FIRST step to establishing an effective information security program?. Assign accountability. Perform a business impact analysis (BIA). Create a business case. Conduct a compliance review.

An information security manager believes that information has been classified inappropriately, increasing the risk of a breach. Which of the following is the information security manager's BEST action?. Re-classify the data and increase the security level to meet business risk. Complete a risk assessment and refer the results to the data owners. Instruct the relevant system owners to reclassify the data. Refer the issue to internal audit for a recommendation.

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?. Requiring security awareness training for vendor staff. Including service level agreements (SLAs) in vendor contracts. Performing integration testing with vendor systems. Establishing communication paths with vendors.

Which of the following is MOST useful to an information security manager when conducting a post-incident review of an attack?. Cost of the attack to the organization. Location of the attacker. Details from intrusion detection system (IDS) logs. Method of operation used by the attacker.

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?. Existence of a right to audit clause. Technical capabilities of the provider. Results of the provider's business continuity tests. Existence of the provider's incident response plan.

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?. Antivirus software. Log monitoring. Intrusion detection. Patch management.

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?. Providing ongoing training to the incident response team. Updating information security awareness materials. Implementing a honeypot environment. Implementing proactive systems monitoring.

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?. Number of blocked intrusion attempts. Number of business cases reviewed by senior management. Trends in the number of identified threats to the business. Percentage of controls integrated into business processes.

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?. Perform security code reviews on the entire application. Scan the entire application using a vulnerability scanning tool. Monitor Internet traffic for sensitive information leakage. Run the application from a high-privileged account on a test system.

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?. The vendor must be able to amend data. The vendor must agree to the organization's information security policy. Data is encrypted in transit and at rest at the vendor site. Data is subject to regular access log review.

When investigating an information security incident details of the incident should be shared: widely to demonstrate positive intent. only as needed. only with management. only with internal audit.

The PRIMARY advantage of involving end users in continuity planning is that they: can see the overall impact to the business. are more objective than information security management. can balance the technical and business risks. have a better understanding of specific business needs.

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability. Before relying on this certification, it is MOST important that the information security manager confirms that the: certification scope is relevant to the service being offered. certification will remain current through the life of the contract. current international standard was used to assess security processes. certification can be extended to cover the client's business.

Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?. Capability to take a snapshot of virtual machines. Capability of online virtual machine analysis. Availability of web application firewall logs. Availability of current infrastructure documentation.

Which of the following roles is BEST able to influence the security culture within an organization?. Chief information security officer (CISO). Chief information officer (CIO). Chief operating officer (COO). Chief executive officer (CEO).

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?. Increase in the frequency of security incident escalations. Reduction in the impact of security incidents. Decrease in the number of security incidents. Increase in the number of reported security incidents.

Which of the following is the BEST evidence of alignment between corporate and information security governance?. Security key performance indicators (KPIs). Senior management sponsorship. Regular security policy reviews. Project resource optimization.

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?. Key performance indicators (KPIs). Systems inventory. Recovery procedures. Business impact analysis (BIA) results.

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?. Regulatory requirements. Compliance acceptance. Management support. Budgetary approval.

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?. Delegate the management of access permissions to an independent third party. Review access permissions annually or whenever job responsibilities change. Lock out accounts after a set number of unsuccessful login attempts. Enable multi-factor authentication on user and admin accounts.

Which of the following is the MOST critical factor for information security program success?. A comprehensive risk assessment program for information security. The information security manager's knowledge of the business. Ongoing audits and addressing open items. Security staff with appropriate training and adequate resources.

Which of the following events would MOST likely require a revision to the information security program?. A change in IT management. A merger with another organization. A significant increase in reported incidents. An increase in industry threat level.

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?. Members represent functions across the organization. Members have knowledge of information security controls. Members are rotated periodically. Members are business risk owners.

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is MOST important for the security manager to: follow the incident response plan. follow the business continuity plan (BCP). conduct an incident forensic analysis. notify the business process owner.

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?. Purchase cyber insurance. Encrypt sensitive production data. Maintain multiple offline backups. Perform integrity checks on backups.

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?. Unreliable delivery of hardware and software resources by a supplier. Unavailability of services provided by a supplier. Loss of customers due to unavailability of products. Compromise of critical assets via third-party resources.

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?. Conduct an information security audit. Perform a gap analysis. Validate the relevance of the information. Inform senior management.

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?. Internal compliance requirements are being met. Regulatory requirements are being met. Risk management objectives are being met. Business needs are being met.

The MOST important attribute of a security control is that it is: auditable. measurable. scalable. reliable.

Which of the following will BEST enable an effective information asset classification process?. Reviewing the recovery time objective (RTO) requirements of the asset. Assigning ownership. Including security requirements in the classification process. Analyzing audit findings.

An information security manager has been notified about a compromised endpoint device. Which of the following is the BEST course of action to prevent further damage?. Run a virus scan on the endpoint device. Wipe and reset the endpoint device. Power off the endpoint device. Isolate the endpoint device.

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?. Eradication. Identification. Containment. Post-incident review.

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?. Wipe the device remotely. Remove user's access to corporate data. Prevent the user from using personal mobile devices. Report the incident to the police.

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?. Evaluate the information security laws that apply to the acquired company. Apply the existing information security program to the acquired company. Merge the two existing information security programs. Determine which country's information security regulations will be used.

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?. Require disaster recovery documentation be stored with all key decision makers. Provide annual disaster recovery training to appropriate staff. Maintain an outsourced contact center in another country. Store disaster recovery documentation in a public cloud.

Which of the following is a desired outcome of information security governance?. Penetration test. A maturity model. Improved risk management. Business agility.

When designing an information security risk monitoring framework, it is MOST important to ensure: preservation of forensic evidence is enabled. the monitoring system is patched regularly. feedback is communicated to stakeholders. outlier events are escalated to system administrators.

Which of the following BEST enables staff acceptance of information security policies?. Adequate security funding. A robust incident response program. Strong senior management support. Computer-based training.

Which of the following is the BEST way to rigorously test a disaster recovery plan (DRP) for a mission-critical system without disrupting business operations?. Parallel testing. Simulation testing. Checklist review. Structured walk-through.

An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?. Review the business unit’s function against the policy. Revise the policy to accommodate the business unit. Report the business unit for policy noncompliance. Enforce sanctions on the business unit.

Which of the following BEST facilitates an information security manager’s efforts to obtain senior management commitment for an information security program?. Presenting evidence of inherent risk. Reporting the security maturity level. Presenting compliance requirements. Communicating the residual risk.

Which of the following is PRIMARILY determined by asset classification?. Priority for asset replacement. Level of protection required for assets. Replacement cost of assets. Insurance coverage required for assets.

Which of the following is MOST helpful for aligning security operations with the IT governance framework?. Business impact analysis (BIA). Security operations program. Information security policy. Security risk assessment.

An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?. Perform a gap analysis. Consult with senior management on the best course of action. Implement a program of work to comply with the new legislation. Understand the cost of noncompliance.

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?. Perform a risk assessment on the new technology. Obtain legal counsel’s opinion on the standard's applicability to regulations. Determine whether the organization can benefit from adopting the new standard. Review industry specialists’ analyses of the new standard.

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?. Impact on information security program. Cost of controls. Impact to business function. Cost to replace.

Which of the following BEST demonstrates return on investment (ROI) for an information security initiative?. Risk heat map. Business impact analysis (BIA). Business case. Information security program roadmap.

Which of the following is BEST suited to provide regular reporting to the board regarding the status of compliance to a global security standard?. Legal counsel. Quality assurance (QA). Information security. Internal audit.

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?. Performing penetration tests against the network to demonstrate business vulnerability. Highlighting competitor performance regarding network best security practices. Presenting comparable security implementation estimates from several vendors. Demonstrating that targeted security controls tie to business objectives.

Which of the following is the MOST important reason to implement information security governance?. To align the security strategy with the organization’s strategy. To monitor the performance of information security resources. To monitor the achievement of business goals and objectives. To provide adequate resources to achieve business goals.

Which of the following is a PRIMARY objective of an information security governance framework?. To provide the basis for action plans to achieve information security objectives organization-wide. To achieve the desired information security state as defined by business unit management. To align the relationships of stakeholders involved in developing and executing an information security strategy. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk.

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?. Implement a mobile device policy and standard. Provide employee training on secure mobile device practices. Implement a mobile device management (MDM) solution. Require employees to install an effective anti-malware app.

An information security manager has contracted with a company to design security architecture for an application. Which of the following is accountable for identification associated with this initiative?. The project steering committee. The information security manager. The infrastructure management team. The application development team.

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?. Enhanced security monitoring and reporting. Reduction of organizational risk. Reduced control complexity. Enhanced threat detection capability.

Which of the following is an information security manager’s MOST important consideration when exploring the use of a third-party provider to handle an IT function?. The provider carries cyber insurance to cover security breaches. The provider agrees to provide historical security incident data. The provider’s security processes align with the organization’s. The provider has undergone an independent security review.