TEST 3 501-750

Which of the following is the PRIMARY benefit of implementing an information security governance framework?. The framework provides a roadmap to maximize revenue through the secure use of technology. The framework is able to confirm the validity of business goals and strategies. The framework defines managerial responsibilities for risk impacts to business goals. The framework provides direction to meet business goals while balancing risks and controls.

Which of the following is the BEST way to prevent insider threats?. Implement strict security policies and password controls. Conduct organization-wide security awareness training. Enforce segregation of duties and least privilege access. Implement logging for all access activities.

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?. Establish a capability maturity model. Develop a training plan. Conduct a risk assessment. Perform a skills gap analysis.

An organization is conducting a post-incident review to determine the root cause of an information security incident. Which of the following situations would be MOST harmful to this investigation?. Unencrypted logs of the affected systems were saved on magnetic tapes. Antivirus signature update processes failed on the affected systems. Systems logs were cleared by the administrator to free up space on the affected systems. The incident response plan has not been updated during the past year.

When building support for an information security program, which of the following elements is MOST important?. Business impact analysis (BIA). Identification of existing vulnerabilities. Threat analysis. Information risk assessment.

Capacity planning would prevent: system downtime for scheduled security maintenance. file system overload arising from distributed denial of service (DDoS) attacks. application failures arising from insufficient hardware resources. software failures arising from exploitation of buffer capacity vulnerabilities.

Which of the following is the MOST effective way to ensure information security policies are understood?. Implement a whistle-blower program. Document security procedures. Include security responsibilities in job descriptions. Provide regular security awareness training.

Which of the following is the MOST effective method for testing an incident response plan?. Disaster recovery testing. Risk assessment. Tabletop exercises. Industry benchmarking.

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?. Request funding needed to resolve the top vulnerabilities. Ensure a risk assessment is performed to evaluate the findings. Report findings to senior management. Ensure vulnerabilities found are resolved within acceptable timeframes.

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?. IT strategy. Security architecture. Risk assessment. Business case.

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?. Perform a vulnerability assessment. Perform a business impact analysis (BIA). Perform a privacy impact assessment. Perform a gap analysis.

Which of the following will have the MOST negative impact to the effectiveness of incident response processes?. High organizational risk tolerance. Decentralized incident monitoring. Ambiguous severity criteria. Manual incident reporting processes.

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?. Performing a business impact analysis (BIA). Reviewing policies and procedures. Performing a risk assessment. Interviewing business managers and employees.

Which of the following is the MOST important consideration when developing incident classification methods?. Data classification. Data owner input. Service level agreements (SLAs). Business impact.

Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?. Minimizing the cost of security controls. Reducing organizational security risk. Improving the protection of information. Achieving organizational objectives.

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?. Perform periodic security assessments of the contractors' activities. Conduct periodic vulnerability scans of the application. Require annual signed agreements of adherence to security policies. Include penalties for noncompliance in the contracting agreement.

How does an organization's information security steering committee facilitate the achievement of information security program objectives?. Monitoring information security resources. Making decisions on security priorities. Enforcing regulatory and policy compliance. Evaluating information security metrics.

Which of the following is the BEST reason to consolidate security operations teams across a global organization?. Compliance with regulatory requirements. Enhanced visibility of threats. Detection of fraud. Cost reduction.

The business value of an information asset is derived from: its replacement cost. the risk assessment. its criticality. the threat profile.

A business unit handles sensitive personally identifiable information (PII), which presents a significant financial liability to the organization should a breach occur. Which of the following is the BEST way to mitigate the risk to the organization?. Implementing audit logging on systems. Including indemnification into customer contracts. Contracting the process to a third party. Purchasing insurance.

Which of the following would be impacted the MOST by a business decision to move from traditional computing to cloud computing?. Security awareness. Security standards. Security policies. Security strategy.

Key risk indicators (KRIs) are MOST effective when they: are mapped to core strategic initiatives. allow for comparison with industry peers. are redefined on a regular basis. assess progress toward declared goals.

An organization's intrusion prevention system (IPS) detected and blocked an unusually large number of external intrusion attempts within a 24-hour period. Which of the following should be the information security manager's FIRST course of action?. Perform security assessments on Internet-facing systems. Identify the source and nature of the attempts. Review the server and firewall audit logs. Report the issue to senior management.

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?. Direction from senior management. Results of recovery testing. Determination of recovery point objective (RPO). Impact of service interruption.

Which of the following is the PRIMARY purpose of implementing information security standards?. To provide a basis for developing information security policies. To provide step-by-step instructions for performing security-related tasks. To provide management direction with a specific security objective. To establish a minimum acceptable security baseline.

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?. Validate the authenticity of the patch. Conduct comprehensive testing of the patch. Schedule patching based on the criticality. Install the patch immediately to eliminate the vulnerability.

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on: behavior analysis. penetration testing. signature analysis. data packet analysis.

When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST: ensure that systems that handle credit card data are segmented. review industry best practices for handling secure payments. ensure alignment with industry encryption standards. review corporate policies regarding credit card information.

What is the PRIMARY objective of information security involvement in the change management process?. To narrow the threat landscape. To ensure changes are not applied without prior authorization. To reduce the likelihood of control failure. To meet obligations for regulatory and legal compliance.

Which of the following is MOST likely to trigger an update and revision of information security policies?. Engagement with a new service provider. Replacement of the information security manager. Attainment of business process maturity. Changes in the organization's risk appetite.

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator, and application administrator. What is the manager's BEST course of action?. Formally document IT administrator activities. Automate user provisioning activities. Maintain strict control over user provisioning activities. Implement monitoring of IT administrator activities.

Which of the following should an information security manager do FIRST when assessing conflicting requirements between the global organization's security standards and local regulations?. Conduct a gap analysis against local regulations. Perform a cost-benefit analysis of compliance. Create a local version of the organizational standards. Prioritize the organizational standards over local regulations.

Which of the following is the BEST method to reduce the risk of an information security breach due to spear phishing?. Implementing a vulnerability management program. Deploying an intrusion protection system (IPS). Establishing a company-wide information security awareness plan. Reviewing log files daily to identify any suspicious activity.

A desktop computer is being used to perpetrate a fraud, and data on the machine must be secured for evidence. Which of the following should be done FIRST?. Encrypt the content of the hard drive using a strong algorithm. Obtain a hash of the desktop computer's internal hard drive. Copy the data on the computer to an external hard drive. Capture a forensic image of the computer.

The PRIMARY purpose of an information security governance framework is to ensure that the information security strategy is an extension of: organizational strategies. information technology strategies. formal enterprise architecture. approved business cases.

Which of the following is the MOST important consideration for a global organization that is designing an information security awareness program?. National regulations. Program costs. Cultural backgrounds. Local languages.

Changes have been proposed to a large organization's enterprise resource planning (ERP) system that would violate existing security standards. Which of the following should be done FIRST to address this conflict?. Perform a cost-benefit analysis. Calculate business impact levels. Validate current standards. Implement updated standards.

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?. Develop a project plan to implement the strategy. Obtain consensus on the strategy from the executive board. Define organizational risk tolerance. Review alignment with business goals.

An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?. Simulation testing. Tabletop testing. Parallel testing. Black box testing.

Which of the following is the MOST important function of an information security steering committee?. Assigning data classifications to organizational assets. Defining security standards for logical access controls. Developing organizational risk assessment processes. Obtaining multiple perspectives from the business.

Which of the following is the BEST way to obtain reliable information to help an incident response team maintain awareness of emerging security threats and vulnerabilities?. Subscribe to a reputed threat intelligence group. Assign staff to engage with social media hacking groups. Review alerts from a security information and event management (SIEM) system. Implement vulnerability scanners.

Which of the following is the MOST effective approach to ensure seamless integration between the business continuity plan (BCP) and the incident response plan?. The BCP manager is included in the core incident response team. Criteria for escalating to the BCP manager are in the incident response plan. Both response teams contain the same members. Consistent event classifications are used in both plans.

Which of the following is an information security manager's BEST course of action when a potential business breach is discovered in a critical business system?. Update the incident response plan. Inform affected stakeholders. Inform IT management. Implement mitigating actions immediately.

Which of the following is MOST important to include in a report of an organization's information security risk?. Control risk. Mitigated risk. Residual risk. Inherent risk.

Which of the following is an information security manager's BEST recommendation to senior management following a breach at the organization's Software as a Service (SaaS) vendor?. Engage legal counsel. Terminate the relationship with the vendor. Renegotiate the vendor contract. Update the vendor risk assessment.

Which of the following is MOST important to consider when determining asset valuation?. Potential business loss. Asset classification level. Asset recovery cost. Cost of insurance premiums.

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?. Restrict application network access temporarily. Update the risk register. Consult with the business owner. Include security requirements in the contract.

An event occurred that resulted in the activation of the business continuity plan (BCP). All employees were notified during the event, and they followed the plan. However, two major suppliers missed deadlines because they were not aware of the disruption. What is the BEST way to prevent a similar situation in the future?. Ensure service level agreements (SLAs) with suppliers are enforced. Conduct a vulnerability assessment. Perform testing of the BCP communication plan. Provide suppliers with access to the BCP document.

When performing a data classification project, an information security manager should: assign information criticality and sensitivity. identify information custodians. identify information owners. assign information access privileges.

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?. Gap analysis results. Risk register. Heat map. Risk assessment results.