TEST 4 751 - 1000

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?. Security policy. Risk management framework. Security standards. Risk appetite.

When an organization decides to accept a risk, it should mean the cost to mitigate: exceeds budget allocation. is higher than the cost to transfer risk. is less than the residual risk. is greater than the residual risk.

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?. To facilitate a qualitative risk assessment following the BIA. To obtain input from as many relevant stakeholders as possible. To ensure the stakeholders providing input own the related risk. To increase awareness of information security among key stakeholders.

Due to changes in an organization’s environment, security controls may no longer be adequate. What is the information security manager’s BEST course of action?. Perform a new risk assessment. Review the previous risk assessment and countermeasures. Transfer the new risk to a third party. Evaluate countermeasures to mitigate new risks.

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?. Access is granted based on task requirements. Information assets are classified appropriately. Security staff turnover is reduced. Security incident reporting procedures are followed.

When developing an asset classification program, which of the following steps should be completed FIRST?. Implement a data loss prevention (DLP) system. Categorize each asset. Create a business case for a digital rights management tool. Create an inventory.

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?. To alert on unacceptable risk. To identity residual risk. To reassess risk appetite. To benchmark control performance.

Which of the following is the BEST indicator of an emerging incident?. A weakness identified within an organization's information systems. Attempted patching of systems resulting in errors. Customer complaints about lack of website availability. A recent security incident at an industry competitor.

An organization has discovered a recurring problem with unsecure code being released into production. Which of the following is the information security manager action?. Implement segregation of duties between development and production. Increase the frequency of penetration testing. Review existing configuration management processes. Review existing change management processes.

When developing a categorization method for security incidents, the categories MUST: be created by the incident hander. align with reporting requirements. have agreed-upon definitions. align with industry standards.

Which of the following is MOST likely to be impacted when emerging technologies are introduced to an organization?. Risk profile. Security policies. Control effectiveness. Risk assessment approach.

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated risk?. The data owner. The information security manager. The security engineer. The application owner.

Which of the following is the MOST important criterion when deciding whether to accept residual risk?. Cost of replacing the asset. Annual loss expectancy (ALE). Cost of additional mitigation. Annual rate of occurrence.

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?. Recommend a different application. Instruct IT to deploy controls based on urgent business needs. Solicit bids for compensating control products. Present a business case for additional controls to senior management.

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?. The information security strategy. Security investment trends in the industry. Losses due to security incidents. The results of a risk assessment.

A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?. Review customers’ security policies. Design single sign-on (SSO) or federated access. Develop access control requirements for each system and application. Conduct a risk assessment to determine security risks and mitigating controls.

Which of the following is a PRIMARY benefit of managed security solutions?. Easier implementation across an organization. Greater ability to focus on core business operations. Wider range of capabilities. Lower cost of operations.

Which of the following is an example of risk mitigation?. Improving security controls. Discontinuing the activity associated with the risk. Performing a cost-benefit analysis. Purchasing insurance.

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?. Engaging external experts to provide guidance on changes in compliance requirements. Assigning the operations manager accountability for meeting compliance requirements. Embedding compliance requirements within operational processes. Performing periodic audits for compliance with legal and regulatory requirements.

Following a successful attack, an information security manager should be confident the malware has not continued to spread at the completion of which incident response phase?. Recovery. Eradication. Identification. Containment.

Which of the following is the BEST method to align an information security strategic plan to the corporate strategy?. Ensuring the plan complies with business unit expectations. Involving industry experts in the development of the plan. Involving senior management in the development of the plan. Obtaining adequate funds from senior management.

Which of the following would BEST ensure that security is integrated during application development?. Performing application security testing during acceptance testing. Introducing security requirements during the initiation phase. Employing global security standards during development processes. Providing training on secure development practices to programmers.

Which of the following is MOST important in increasing the effectiveness of incident responders?. Integrating staff with the IT department. Testing response scenarios. Communicating with the management team. Reviewing the incident response plan annually.

Which of the following should be the PRIMARY objective of the information security incident response process?. Classifying incidents. Conducting incident triage. Communicating with internal and external parties. Minimizing negative impact to critical operations.

An incident response team has been assembled from a group of experienced individuals. Which type of exercise would be MOST beneficial for the team at the first drill?. Tabletop exercise. Red team exercise. Disaster recovery exercise. Black box penetration test.

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?. Revise the policy. Conduct a risk assessment. Communicate the acceptable use policy. Perform a root cause analysis.

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?. Business process owner. Business continuity coordinator. Information security manager. Senior management.

A PRIMARY purpose of creating security policies is to: implement management's security governance strategy. establish the way security tasks should be executed. communicate management's security expectations. define allowable security boundaries.

The MAIN benefit of implementing a data loss prevention (DLP) solution is to: enhance the organization's antivirus controls. reduce the need for a security awareness program. complement the organization's detective controls. eliminate the risk of data loss.

Which of the following is the MOST important detail to capture in an organization's risk register?. Risk acceptance criteria. Risk severity level. Risk ownership. Risk appetite.

Which of the following is the GREATEST benefit of information asset classification?. Supporting segregation of duties. Defining resource ownership. Providing a basis for implementing a need-to-know policy. Helping to determine the recovery point objective (RPO).

While classifying information assets, an information security manager notices that several production databases do not have owners assigned to them. What the information security manager address this situation?. Assign the highest classification level to those databases. Assign responsibility to the database administrator (DBA). Prepare a report of the databases for senior management. Review the databases for sensitive content.

An organization’s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?. Accept the risk, as the benefits exceed the potential consequences. Mitigate the risk by applying anonymization on the data set. Transfer the risk by purchasing insurance. Mitigate the risk by encrypting the customer names in the data set.

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant to a project?. Involving information security at each stage of project management. Creating a data classification framework and providing it to stakeholders. Identifying responsibilities during the project business case analysis. Providing stakeholders with minimum information security requirements.

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?. Integration of assurance efforts. Automation of controls. Documentation of control procedures. Standardization of compliance requirements.

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?. Establishing risk metrics. Training on risk management procedures. Reporting on documented deficiencies. Assigning a risk owner.

An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?. Propose that IT update information security policies and procedures. Request that internal audit conduct a review of the policy development process. Conduct user awareness training within the IT function. Determine the risk related to noncompliance with the policy.

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?. Security incident details. Security metrics. Security risk exposure. Security baselines.

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?. Integrate information security risk assessments into the procurement process. Invite IT members into regular procurement team meetings to influence best practice. Enforce the right to audit in procurement contracts with SaaS vendors. Provide regular information security training to the procurement team.

Which of the following should be the KEY consideration when creating an information security communication plan with industry peers?. Reducing the costs associated with information sharing by automating the process. Balancing the benefits of information sharing with the drawbacks of sharing sensitive information. Notifying the legal department whenever incident-related information is shared. Ensuring information is detailed enough to be of use to other organizations.

Which of the following is MOST effective for communicating forward-looking trends within security reporting?. Key risk indicators (KRIs). Key performance indicators (KPIs). . Key control indicators (KCIs). Key goal indicators (KGIs).

An organization recently purchased data loss prevention (DLP) software but soon discovered the software fails to detect or prevent data loss. Which of the following should the information security manager do FIRST?. Revise the data classification policy. Review the contract. Review the configuration. Implement stricter data loss controls.

Network isolation techniques are immediately implemented after a security breach to. allow time for key stakeholder decision making. reduce the extent of further damage. enforce zero trust architecture principles. preserve evidence as required for forensics.

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?. Containment. Identification. Preparation. Recovery.

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?. Isolate the affected systems. Conduct an impact assessment. Initiate incident response. Rebuild the affected systems.

Which of the following has the GREATEST positive impact on the ability to execute a disaster recovery plan (DRP)?. Updating the plan periodically. Conducting a walk-through of the plan. Storing the plan at an offsite location. Communicating the plan to all stakeholders.

Which of the following is MOST important to include in monthly information security reports to the board?. Root cause analysis of security incidents. Threat intelligence. Risk assessment results. Trend analysis of security metrics.

Which of the following activities is designed to handle a control failure that leads to a breach?. Vulnerability management. Incident management. Root cause analysis. Risk assessment.

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?. Processes and technology. People and culture. Regulations and standards. Executive and board directives.

Which of the following BEST indicates that information assets are classified accurately?. An accurate and complete information asset catalog. Appropriate assignment of information asset owners. Appropriate prioritization of information risk treatment. Increased compliance with information security policy.

Reevaluation of risk is MOST critical when there is: a management request for updated security reports. resistance to the implementation of mitigating controls. a change in the threat landscape. a change in security policy.

Which of the following BEST supports investments in an information security program?. Business impact analysis (BIA). Risk assessment results. Gap analysis results. Business cases.

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?. Minimum regulatory requirements are maintained. The contact list regularly updated. Each process is assigned to a responsible party. Senior management approval has been documented.

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?. Compliance status is improved. Threat management is enhanced. Security metrics are enhanced. Proactive risk management is facilitated.

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish: a control self-assessment (CSA) process. metrics for each milestone. automated reporting to stakeholders. a monitoring process for the security policy.

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?. Detailed analysis of security program KPIs. An information security risk register. An information security dashboard. A capability and maturity assessment.

Which of the following is the BEST way to obtain support for a new organization-wide information security program?. Deliver an information security awareness campaign. Publish an information security RACI chart. Benchmark against similar industry organizations. Establish an information security strategy committee.

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure: contract clauses comply with the organization's information security policy. security metrics are included in the service level agreement (SLA). the information security policy of the third-party service provider is reviewed. right to audit is included in the service level agreement (SLA).

Which of the following BEST enables an organization to transform its culture to support information security?. Strong management support. Robust technical security controls. Periodic compliance audits. Incentives for security incident reporting.

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?. Postpone the implementation until the vulnerability has been fixed. Commission further penetration tests to validate initial test results. Assess whether the vulnerability is within the organization's risk tolerance levels. Implement the application and request the cloud service provider to fix the vulnerability.

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?. Review contracts and statements of work (SOWs) with vendors. Determine current and desired state of controls. Execute a risk treatment plan. Implement data regionalization controls.

Which of the following should be given the HIGHEST priority during an information security post-incident review?. Evaluating incident response effectiveness. Documenting actions taken in sufficient detail. Evaluating the performance of incident response team members. Updating key risk indicators (KRIs).

Which of the following is the BEST course of action when an online company discovers a network attack in progress?. Shut off all network access points. Isolate the affected network segment. Dump all event logs to removable media. Enable trace logging on all events.

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?. It transfers the risk associated with recovery to a third party. It eliminates the need for the business to perform testing. It eliminates the need to maintain offsite facilities. It lowers the annual cost to the business.

When properly implemented, secure transmission protocols protect transactions: from eavesdropping. in the server's database. from denial of service (DoS) attacks. on the client desktop.

An organization is in the process of acquiring a new company. Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?. Review data architecture. Include security requirements in the contract. Perform a risk assessment. Assess security controls.

The PRIMARY objective of a post-incident review of an information security incident is to: minimize impact. determine the impact. prevent recurrence. update the risk profile.

The MOST appropriate time to conduct a disaster recovery test would be after: the security risk profile has been reviewed. major business processes have been redesigned. the business continuity plan (BCP) has been updated. noncompliance incidents have been filed.

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?. Gap assessment. Vulnerability scan report. Maturity assessment. Security risk analysis.

Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?. Notify law enforcement. Contact forensic investigators. Follow the escalation process. Identify the indicators of compromise.

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?. Document risk acceptances. Conduct an information security audit. Assess the consequences of noncompliance. Revise the organization's security policy.

Which of the following BEST facilitates effective incident response testing?. Including all business units in testing. Testing after major business changes. Simulating realistic test scenarios. Reviewing test results quarterly.

Which of the following is the BEST indication of effective information security governance?. Information security is considered the responsibility of the entire information security team. Information security is integrated into corporate governance. Information security governance is based on an external security framework. Information security controls are assigned to risk owners.

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization. Which of the following should be done FIRST?. Re-evaluate the risk. Ask the business owner for the new remediation plan. Inform senior management. Implement compensating controls.

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?. Require vendors to complete information security questionnaires. Request customer references from the vendor. Verify that information security requirements are included in the contract. Review the results of the vendor's independent control reports.

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?. Access control lists. Distributed access control. Discretionary access control. Role-based access control.

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization's information security program?. Focus on addressing conflicts between security and performance. Obtain assistance from IT to implement automated security controls. Include information security requirements in the change control process. Collaborate with business and IT functions in determining controls.

Which of the following should an information security manager do FIRST upon learning of noncompliance with an impending information security regulatory change?. Conduct a business impact and vulnerability analysis. Report the noncompliance to senior management. Assess the risk and cost of noncompliance. Implement the correct measures to become compliant.

Which of the following is MOST critical when creating an incident response plan?. Identifying what constitutes an incident. Identifying vulnerable data assets. Documenting incident notification and escalation processes. Aligning with the risk assessment process.

Which of the following would BEST help to ensure appropriate security controls are built into software?. Integrating security throughout the development process. Performing security testing prior to deployment. Providing standards for implementation during development activities. Providing security training to the software development team.

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?. Implementing an information security awareness program. Documenting the information security governance framework. Developing an information security policy based on risk assessments. Establishing an information security steering committee.

Which of the following should an information security manager do FIRST when noncompliance with security standards is identified?. Validate the noncompliance Most Voted. Include the noncompliance in the risk register. Report the noncompliance to senior management. Implement compensating controls to mitigate the noncompliance.

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?. Network system logs. Intrusion detection system (IDS) logs. Patch management files. Configuration management files.

When deciding to move to a cloud-based model, the FIRST consideration should be: data classification. physical location of the data. storage in a shared environment. availability of the data.

Which of the following is the PRIMARY objective of incident triage?. Containment of threats. Coordination of communications. Categorization of events. Mitigation of vulnerabilities.

Who is accountable for ensuring risk mitigation is effective?. Application owner. Business owner. Risk owner. Control owner.

Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?. Conducting periodic vulnerability assessments. Defining the organization's risk management framework. Communicating business impact analysis (BIA) results. Establishing effective stakeholder relationships.

To support effective risk decision making, which of the following is MOST important to have in place?. An audit committee consisting of mid-level management. Risk reporting procedures. Well-defined and approved controls. Established risk domains.

Which of the following parties should be responsible for determining access levels to an application that processes client information?. The identity and access management team. The business client. The information security team. Business unit management.

What should be an information security manager's MOST important consideration when developing a multi-year plan?. Ensuring contingency plans are in place for potential information security risks. Ensuring alignment with the plans of other business units. Demonstrating projected budget increases year after year. Allowing the information security program to expand its capabilities.

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?. Information security manager. External consultant. Business continuity coordinator. Information owner.

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?. Digital encryption. Multi-factor authentication. Digital signatures. Data masking.

Who is BEST suited to determine how the information in a database should be classified?. Information security analyst. Database analyst. Database administrator (DBA). Data owner.

Which of the following is an incident containment method?. Reviewing system logs and audit trails. Removing compromised systems from the network. Analyzing systems for impact from the incident. Mapping the scope of the incident on the network.

A CISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?. Determine the extent of the impact to the organization. Request an independent review of the provider's data center. Notify affected customers of the data breach. Recommend canceling the outsourcing contract.

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?. Skills required for the incident response team. A detailed incident notification process. A list of external resources to assist with incidents. Service level agreements (SLAs).

Which of the following is the PRIMARY role of an information security manager in a software development project?. To identify software security weaknesses. To identify noncompliance in the early design stage. To assess and approve the security application architecture. To enhance awareness for secure software design.

Which of the following MOST effectively identifies issues related to noncompliance with legal, regulatory, and contractual requirements?. Compliance maturity assessment. Compliance benchmarking data. Compliance gap analysis. Independent compliance audit.

Which of the following is MOST helpful for fostering an effective information security culture?. Obtaining support from key organizational influencers. Implementing comprehensive technical security controls. Conducting regular information security awareness training. Developing procedures to enforce the information security policy.

Which of the following is MOST important to convey to employees in building a security risk-aware culture?. Employee access should be based on the principle of least privilege. Personal information requires different security controls than sensitive information. The responsibility for security rests with all employees. Understanding an information asset's value is critical to risk management.

Which of the following is the PRIMARY objective of integrating information security governance into corporate governance?. To align security goals with the information security program. To ensure the business supports information security goals. To adequately safeguard the business in achieving its mission. To obtain management commitment for sustaining the security program.

Which of the following is an information security manager's MOST important action to mitigate the risk associated with malicious software?. Disabling end-user computer peripheral access ports. Implementing a multi-layered security program. Ensuring antivirus has the latest definition files. Strengthening security patch implementation processes.

Which of the following is the PRIMARY reason for granting a security exception?. The risk is justified by the cost to security. The risk is justified by the benefit to security. The risk is justified by the benefit to the business. The risk is justified by the cost to the business.

Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?. A patch management process. Change management controls. Version control. Logical access controls.

An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?. Requirements for regularly testing backups. The disaster recovery communication plan. Recovery time objectives (RTOs). Definition of when a disaster should be declared.

Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?. Incident response plan. Business continuity plan (BCP). Security awareness plan. Disaster recovery plan (DRP).

Which of the following is the MOST important outcome of strategic alignment of corporate and information security governance?. Implementation of information security controls. Development of a common and comprehensive set of IT security policies. Higher acceptance of information security projects. Reduction of adverse impacts on the organization to an acceptable level.

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?. An information security strategy. A defined security organizational structure. Information security policies. Metrics to drive the information security program.

Which of the following BEST enables the integration of information security governance into corporate governance?. Senior management approval of the information security strategy. Clear lines of authority across the organization. An information security steering committee with business representation. Well-documented information security policies and standards.

Which of the following contributes MOST to the effectiveness of information security governance?. Properly managed risk. Alignment with technology strategy. Stakeholder commitment. A defined security policy.

Which of the following is the BEST approach for addressing noncompliance with security standards?. Maintain a security exceptions process. Apply additional logging and monitoring to affected assets. Discontinue affected activities until security requirements can be met. Develop new security standards.

Which of the following is the BEST method for managing information security compliance of third-party suppliers?. Develop specific information security policies for third parties. Conduct a vulnerability assessment of the third-party supplier. Include third-party supplier details in the risk register. Ensure information security requirements are addressed in the contract.

An organization is in the process of creating an agreement with a cloud provider. Who should determine the third party's destruction schedule for the organization's information?. The organization's information security manager. The cloud provider's information security manager. The organization's data owner. The cloud provider's data custodian.

Which of the following is the BEST course of action when an organization's incident response team does not have expertise in forensic analysis?. Contract with external forensic experts. Develop forensic analysis procedures. Document the shortcoming. Acquire forensic analysis tools.

What should be the FIRST step when investigating an employee suspected of inappropriately downloading proprietary information?. Check for a signed nondisclosure agreement (NDA). Review system access logs. Conduct a forensic examination of the device. Discuss the concern with the employee.

Which of the following is MOST critical to ensure that information security incidents are managed properly?. Conducting an incident capability maturity assessment. Testing the incident response plan. Establishing an incident management performance matrix. Assembling the incident response team.

The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when: high-level disk formatting has been performed. all files in the directory have been deleted. the partition table on the disk has been deleted. the file has been overwritten.

Which of the following is MOST helpful in determining the criticality of an organization's business functions?. Disaster recovery plan (DRP). Business continuity plan (BCP). Security assessment report (SAR). Business impact analysis (BIA).

The contribution of recovery point objective (RPO) to disaster recovery is to: eliminate single points of failure. reduce mean time between failures (MTBF). define backup strategy. minimize outage periods.

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of: threats to the organization. organizational alignment. existing control costs. IT strategy alignment.

Which of the following should be established FIRST when implementing an Information security governance framework?. Security incident management learn. Security policies. Security architecture. Security awareness training program.

An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?. Review the vendor’s security policy. Review controls listed in the vendor contract. Focus the review on the infrastructure with the highest risk. Determine whether the vendor follows the selected security framework rules.

A third-party audit of an organization's network security has identified several critical risks. Which of the following should the information security manager do NEXT?. Assign risk ownership. Identify mitigating controls. Report the findings to senior management. Prioritize the risks.

Which of the following provides the BEST evidence that a recently established information security program is effective?. The number of reported incidents has increased. Regular IT balanced scorecards are communicated. The number of tickets associated with IT incidents have stayed consistent. Senior management has reported fewer junk emails.

An investigation of a recent security incident determined that the root cause was negligent handling of incident alerts by system administrators. What is the BEST way for the information security manager to address this issue?. Provide incident response training to data owners. Provide incident response training to data custodians. Conduct a risk assessment and share the results with senior management. Revise the incident response plan to align with business processes.

An organization is the victim or a targeted attack and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?. Web-application firewall. Security information and event management (SIEM). Data leakage prevention (DLP). Network access control.

Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?. The information security manager. The service provider that hosts the data. The incident response team. The business data owner.

Which of the following BEST minimizes information security risk in deploying applications to the production environment?. Conducting penetration testing post implementation. Having a well-defined change process. Verifying security during the testing process. Integrating security controls in each phase of the life cycle.

Which of the following would BEST guide the development and maintenance of an information security program?. A business impact assessment. The organization's risk appetite. A comprehensive risk register. An established risk assessment process.

Which of the following BEST indicates effective information security governance?. Availability of information security policies. Regular steering committee meetings. Organization-wide attendance at annual security training. Regular testing of the security incident response plan.

The MOST useful technique for maintaining management support for the information security program is: informing management about the security of business operations. identifying the risks and consequences of failure to comply with standards. benchmarking the security programs of comparable organizations. implementing a comprehensive security awareness and training program.

When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided: by the use of a remote access server. if a robust IT infrastructure exists. subject to legal and regulatory requirements. on a need-to-know basis subject to controls.

Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?. Disaster recovery plan (DRP). Vulnerability management plan. Incident response plan. Business continuity plan (BCP).

Which of the following is the FIRST step in developing a business impact analysis (BIA)?. Identifying interdependencies among critical functions within the business. Determining the minimum resources needed for recovery. Identifying which business functions are critical to the organization. Determining the required recovery time objective (RTO) of business operations.

Which of the following is MOST important when defining how an information security budget should be allocated?. Business impact assessment. Regulatory compliance standards. Information security strategy. Information security policy.

A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?. Perform a backup of the computer using the network. Perform a bit-by-bit backup of the hard disk using a write-blocking device. Reboot the system using third-party forensic software in the CD-ROM drive. Perform a backup of the hard drive using backup utilities.

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?. Define policies and standards for data processing. Implement applicable privacy principles. Research cyber insurance policies. Assess local or regional regulation.

Which of the following BEST enables an organization to measure the total time that operations can be sustained at an alternative site designated in the business continuity plan (BCP)?. Recovery point objective (RPO). Allowable interruption window (AIW). Maximum tolerable outage (MTO). Recovery time objective (RTO).

Which of the following has the GREATEST influence on the successful integration of information security within the business?. Organizational structure and culture. Risk tolerance and organizational objectives. Information security personnel. The desired state of the organization.

Which of the following is the MOST important consideration to support potential legal action when responding to a security incident?. Contacting the appropriate law enforcement agency. Encrypting the documentation being assembled. Maintaining chain-of-custody of evidence. Preparing full forensic system backups.

An incident response team has established that an application has been breached. Which of the following should be done NEXT?. Maintain the affected systems in a forensically acceptable state. Inform senior management of the breach. Isolate the impacted systems from the rest of the network. Conduct a risk assessment on the affected application.

A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to: perform an analysis of the change. report the event to senior management. require that the change be reversed. review the change management process.

Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?. Security benchmark report. Risk heat map. Security metrics dashboard. Key risk indicators (KRIs).

Which of the following BEST mitigates the risk or information loss caused by a cloud service provider becoming insolvent?. Contractual provisions for the right to audit. Effective data loss prevention (DLP) controls. Contractual provisions for data repatriation. The purchasing of cybersecurity insurance.

An information security team has been tasked with identifying confidential data within the organization to formalize its asset classification scheme. The MOST relevant input would be provided by: business process owners. the legal department. the chief information officer (CIO). database administrators (DBAs).

Which of the following is the PRIMARY reason to conduct a post-incident review?. To determine whether digital evidence is admissible. To notify regulatory authorities. To improve the response process. To aid in future risk assessments.

Which of the following is the BEST way to protect against unauthorized access to an encrypted file sent via email?. Validating the recipient's identity. Using a digital signature in the email. Utilizing a separate distribution channel for the password. Ensuring a policy exists for encrypting files in transit.

The PRIMARY purpose of implementing information security governance metrics is to: measure alignment with best practices. refine control operations. assess operational and program metrics. guide security towards the desired state.

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?. Information owner. Information security steering committee. Senior management. Information security manager.

Which of the following should be done FIRST when developing an information security strategy?. Establish information security steering committee. Determine the desired state of information security. Develop security policies and standards. Identity owners of information assets.

A business impact analysis (BIA) should be periodically executed PRIMARILY to: verify the effectiveness of controls. check compliance with regulations. validate vulnerabilities on environmental changes. analyze the importance of assets.

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?. While responding to the incident. During post-incident review. During a tabletop exercise. After a risk reassessment.

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?. Updated risk assessments. Audit reports. Counts of information security incidents. Monthly metrics.

Which of the following would BEST justify spending for a compensating control?. Root cause analysis. Emerging risk trends. Vulnerability assessment. Risk analysis.

Which or the following is the BEST way to monitor for advanced persistent threats (APT) in an organization?. Browse the Internet to learn of potential events. Search for threat signatures in the environment. Search for anomalies in the environment. Network with peers in the industry to share information.

In response to recent ransomware threats, an organization deployed a new endpoint detection and response (EDR) solution in its employee laptops. Of the following, who should be accountable for reviewing the solution to verify it has been properly deployed and configured?. The security analyst. The chief audit executive (CAE). The chief information security officer (CISO). The system administrator.

An organization's quality process can BEST support security management by providing: a repository for security systems documentation. assurance that security requirements are met. guidance for security strategy. security configuration controls.

Which of the following is the MOST important consideration when defining an information security framework?. Information security budget. Industry standards. Business strategy. Organizational culture.

Which of the following is the MOST important consideration for reporting risk assessment results to senior management?. The reports should include comparisons to industry benchmarks. The reports should be presented in business terms. The reports should use formal methodologies. The reports should include recommended controls.

Which of the following is the BEST way to determine the effectiveness of an incident response plan?. Reviewing previous audit reports. Benchmarking the plan against best practices. Performing a penetration test. Conducting a tabletop exercise.

Which of the following should be an information security manager's MOST important consideration when determining the priority for implementing security controls?. Availability of security budget. Alignment with industry benchmarks. Results of business impact analyses (BIAs). Possibility of reputational loss due to incidents.

Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?. To prioritize security initiatives. To avoid redundant controls. To align with emerging risk. To address end-user control complaints.

Which of the following should be done FIRST when implementing a security program?. Implement data encryption. Perform a risk analysis. Create an information asset inventory. Determine the value of information assets.

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?. Data owner. Information security manager. Business owner. Compliance manager.

Which of the following is an example of a deterrent control?. Segregation of responsibilities. A warning banner. An intrusion detection system (IDS). Periodic data restoration.

An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?. Implement countermeasures to mitigate risk. Classify all identified risks. Conduct an evaluation of controls. Determine if the risk is within the risk appetite.

Which of the following BEST enables an organization to maintain an appropriate security control environment?. Periodic employee security training. Budgetary support for security. Alignment to an industry security framework. Monitoring of the threat landscape.

Which of the following is MOST important for responding effectively to security breaches?. Chain of custody. Incident classification. Log monitoring. Communication plan.

Which of the following is the BEST method for assisting with incident containment in an Infrastructure as a Service (IaaS) cloud environment?. Disabling unnecessary services. Implementing privileged identity management. Establishing automated detection. Implementing network segmentation Most Voted.

Which of the following should be performed FIRST in response to a new information security regulation?. Industry benchmarking. Independent audit. Risk assessment. Gap analysis.

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?. Assess the level of security awareness of the service provider. Review a recent independent audit report of the service provider. Review samples of service level reports from the service provider. . Request the service provider comply with information security policy.

Which of the following is the MOST important reason to consider organizational culture when developing an information security program?. It helps expedite approval for the information security budget. It helps the organization meet compliance requirements. Everyone in the organization is responsible for information security. Security incidents have an adverse impact on the entire organization.

Which of the following processes BEST supports the evaluation of incident response effectiveness?. Post-incident review. Chain of custody. Incident logging. Root cause analysis.

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?. Validate the breach with the provider. Suspend the data exchange with the provider. Notify appropriate regulatory authorities of the breach. Initiate the business continuity plan (BCP).

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?. Update the change management process. Revise the procurement process. Discuss the issue with senior leadership. Remove the application from production.

An organization is strategizing on how to improve security awareness. Which of the following is MOST important to consider when developing this strategy?. Technical solutions for delivery. Cost to implement. Organizational culture. Organizational maturity.

A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?. Vulnerabilities were caused by insufficient user acceptance testing (UAT). Exploit code for one of the vulnerabilities is publicly available. Atules of engagement form was not signed prior to the penetration test. Vulnerabilities were not found by internal tests.

Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?. The service desk will be staffed incorrectly. Timely detection of attacks will be impossible. Statistical reports will be incorrect. Escalation procedures will be ineffective.

Which of the following would be the BEST way to maintain organization-wide support for an information security strategy?. Ensure information security objectives are understood by key stakeholders. Monitor user activity to identify and track information security policy violations. Place information security awareness materials in visible locations. Ensure information security policies are easily accessible.

Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?. Reimage the systems. Block access to the impacted systems. Perform malware scanning. Perform a vulnerability assessment.

Which of the following is the MOST important success factor for maintaining an organizational security-aware culture?. Senior management sign-off on security projects and resources. Regular security training and simulation exercises. Regular organization-wide reporting on the risk profile. Employee security policy acknowledgment.

Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations. Which of the following BEST indicates that the information security manager has tuned the system to address this concern?. Decreasing false positives. Decreasing false negatives. Increasing false negatives. Increasing false positives.

Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?. Information security incidents caused due to unauthorized changes. Unauthorized changes in the environment. Denied changes due to insufficient security details. Information security-related changes.

Which of the following metrics is MOST appropriate for evaluating the incident notification process?. Elapsed time between detection, reporting, and response. Average number of incidents per reporting period. Average total cost of downtime per reported incident. Elapsed time between response and resolution.

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?. Confidentiality. Integrity. Authenticity. Nonrepudiation.

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?. Backups are maintained on multiple sites and regularly reviewed. Impacted networks can be detached at the network switch level. Backups are maintained offline and regularly tested. Production data is continuously replicated between primary and secondary sites.

Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?. Head of IT department. Head of human resources (HR). Information security manager. Data privacy officer.

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?. Business continuity contingency planning is provided. Security requirements are included in the vendor contract. External security audit results are reviewed. Service level agreements (SLAs) meet operational standards.

Which of the following is MOST effective in gaining support for the information security strategy from senior management?. Cost-benefit analysis results. Third-party security audit results. Business impact analysis (BIA) results. A major breach at a competitor.

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation of a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?. Deviation from risk management best practices. Impact on the risk culture. Inability to determine short-term impact. Impact on compliance risk.

An employee's bring your own device (BYOD) smartphone has been lost. To reduce the risk associated with the loss of corporate sensitive data stored on the phone, the information security manager's BEST course of action should have been to implement: a requirement of prompt notification in the event of loss. multi-factor authentication for the mobile device. a board-approved and communicated mobile policy and standard. a securely configured device enforced by a mobile device management (MDM) solution.

Which of the following is the BEST approach for an information security manager to develop an organization's information security strategy?. Budget training costs and contingencies for unexpected events. Determine desired outcomes and perform a gap analysis. Evaluate the security posture in comparison with competitors. Estimate operational costs and perform reliability checks.

Which of the following is the BEST way to monitor the effectiveness of security controls?. Review application and system audit logs. Conduct regular threat assessments. Establish and report security metrics. Benchmark security controls against similar organizations.

An organization experienced a data breach that affected many of its clients. Legal counsel found out about this event only after a press release was issued. Which of the following would have been MOST helpful in preventing this situation?. A gap analysis of technical controls. Regular information security policy reviews. Tabletop testing of the incident response plan. A comprehensive business continuity plan (BCP).

Which of the following would MOST effectively ensure that a new server is appropriately secured?. Enforcing technical security standards. Performing secure code reviews. Initiating security scanning. Conducting penetration testing.

Spoofing should be prevented because it may be used to: assemble information, track traffic, and identify network vulnerabilities. predict which way a program will branch when an option is presented. capture information such as passwords traveling through the network. gain illegal entry to a secure system by faking the sender's address.

Which of the following is MOST important to have in place for an organization's information security program to be effective?. Senior management support. A comprehensive IT strategy. Defined and allocated budget. Documented information security processes.

When assigning a risk owner, the MOST important consideration is to ensure the owner has: adequate knowledge of risk treatment and related control activities. decision-making authority and the ability to allocate resources for risk. sufficient time for monitoring and managing the risk effectively. risk communication and reporting skills to enable decision-making.

After a ransomware incident, an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?. The service level agreement (SLA) was not met. The recovery time objective (RTO) was not met. The root cause was not identified. Notification to stakeholders was delayed.

To improve the efficiency of the development of a new software application, security requirements should be defined: based on code review. based on available security assessment tools. after functional requirements. concurrently with other requirements.

Which of the following would provide the MOST effective security outcome in an organization's contract management process?. Extending security assessment to cover asset disposal on contract termination. Ensuring security requirements are defined at the request-for-proposal (RFP) stage. Extending security assessment to include random penetration testing. Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage.

Which of the following is the BEST way to contain an SQL injection attack that has been detected by a web application firewall?. Force password changes on the SQL database. Reconfigure the web application firewall to block the attack. Update the detection patterns on the web application firewall. Block the IPs from where the attack originates.

Who is accountable for approving an information security governance framework?. The board of directors. The chief information security officer (CISO). The enterprise risk committee. The chief information officer (CIO).

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?. Protection of business value and assets. Identification of core business strategies. Easier entrance into new businesses and technologies. Improved regulatory compliance posture.

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?. Network address translation (NAT). Message hashing. Transport Layer Security (TLS). Multi-factor authentication.

Which of the following is the FIRST step when conducting a post-incident review?. Identify mitigating controls. Assess the costs of the incident. Perform root cause analysis. Assign responsibility for corrective actions.

Which of the following BEST facilitates the effectiveness of cybersecurity incident response?. Utilizing a security information and event management (SIEM) tool. Utilizing industry-leading network penetration testing tools. Increasing communication with all incident response stakeholders. Continuously updating signatures of the anti-malware solution.

A business requires a legacy version of an application to operate, but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?. Accept. Transfer. Mitigate. Avoid.

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?. Escalate to the chief risk officer (CRO). Conduct a vulnerability analysis. Conduct a risk analysis. Determine compensating controls.

An email digital signature will: automatically correct unauthorized modification of an email message. verify to recipients the integrity of an email message. protect the confidentiality of an email message. prevent unauthorized modification of an email message.

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?. Establish an organization-wide social media policy. Develop sanctions for misuse of social media sites. Monitor social media sites visited by employees. Restrict social media access on corporate devices.

Which of the following BEST facilitates effective strategic alignment of security initiatives?. Procedures and standards are approved by department heads. Organizational units contribute to and agree on priorities. Periodic security audits are conducted by a third-party. The business strategy is periodically updated.

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP), and disaster recovery plan (DRP)?. Asset classification. Recovery time objectives (RTOs). Chain of custody. Escalation procedures.

An information security program is BEST positioned for success when it is closely aligned with: information security best practices. recognized industry frameworks. information security policies. the information security strategy.

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?. Isolate the PC from the network. Perform a vulnerability scan. Determine why the PC is not included in the inventory. Reinforce information security training.

Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?. Including a situational forecast. Using appropriate language for the target audience. Including trend charts for metrics. Using a rating system to demonstrate program effectiveness.

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?. Data loss prevention (DLP). Data retention strategy. Data encryption standards. Data masking.

Which of the following is ESSENTIAL to ensuring effective incident response?. Business continuity plan (BCP). Cost-benefit analysis. Classification scheme. Senior management support.

Which of the following is the BEST indicator of an organization's information security status?. Threat analysis. Controls audit. Penetration test. Intrusion detection log analysis.

Which of the following practices is MOST effective for determining the adequacy of incident management operations?. Conducting unannounced external vulnerability testing. Testing current incident response plans with relevant stakeholders. Assessing incident response team members’ incident response skills. Reviewing incident response procedures against best practices.

Which of the following MUST happen immediately following the identification of a malware incident?. Eradication. Containment. Preparation. Recovery.

Which of the following is MOST effective in monitoring an organization's existing risk?. Vulnerability assessment results. Security information and event management (SIEM) systems. Periodic updates to risk register. Risk management dashboards.

Which of the following BEST indicates that information security governance and corporate governance are integrated?. The information security team is aware of business goals. A cost-benefit analysis is conducted on all information security initiatives. The board is regularly informed of information security key performance indicators (KPIs). The information security steering committee is composed of business leaders.

Which of the following should be the PRIMARY basis for determining the value of assets?. Cost of replacing the assets. Total cost of ownership (TCO). Business cost when assets are not available. Original cost of the assets minus depreciation.

Which of the following is MOST helpful to identify whether information security policies have been followed?. Corrective controls. Directive controls. Detective controls. Preventive controls.

Which of the following is the MOST important reason to classify an incident after detection?. To assign appropriate prioritization levels. To obtain funds for external forensic support. To approve data breach notifications. To ensure management is accurately informed.

Which of the following principles BEST addresses the protection of data from unauthorized modification?. Nonrepudiation. Integrity. Availability. Authenticity.

The MAIN reason for continuous monitoring of the security program is to: validate reduction of incidents. confirm benefits are being realized. ensure alignment with industry standards. optimize resource allocation.

Which of the following would BEST enable the help desk to recognize an information security incident?. Provide the help desk with criteria for security incidents. Include members of the help desk on the security incident response team. Require the help desk to participate in past-incident reviews. Train the help desk to review the call logs.

Which of the following would be the GREATEST concern with the implementation of key risk indicators (KRIs)?. Inability to measure KRIs. Poorly defined risk appetite. Overly specific KRI definitions. Complex organizational structure.

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?. Purchase forensic standard operating procedures. Retain a forensics firm prior to experiencing an incident. Ensure the incident response policy allows hiring a forensics firm. Provide forensics training to the information security team.

Which of the following is MOST important for the effective implementation of an information security governance program?. Information security roles and responsibilities are documented. The program budget is approved and monitored by senior management. Employees receive customized information security training. The program goals are communicated and understood by the organization.

Which of the following is the BEST way to maintain ongoing senior management support for the implementation of a security monitoring toot?. Demonstrate return on investment (ROI). Update security plans. Present security monitoring reports. Communicate risk reduction.

Which of the following would BEST support a business case to implement an anti-ransomware solution?. Industry benchmark of anti-ransomware investments. A threat and vulnerability assessment. Trend analysis of ransomware attacks. A reduction in required backups and associated costs.

When responding to an incident involving malware on a server, which of the following should be done FIRST?. Isolate the server from the network. Identify the owner of the server. Locate the most recent backups. Investigate the source of the malware.

Which of the following BEST reduces the likelihood of leakage of private information via email?. User awareness training. Periodic phishing exercises. Email signature verification. Restricted personal use of company email.

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?. Business impact analysis (BIA). Risk appetite. Business requirements. Supplier requirements.

Which of the following MUST be established to maintain an effective information security governance framework?. Security controls automation. Change management processes. Security policy provisions. Defined security metrics.

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?. Continuous monitoring. Compartmentalization. Multi-factor authentication. Overlapping redundancy.

When responding to a security incident, information security management and the affected business unit management cannot agree whether to escalate the incident to senior management. Which of the following would MOST effectively prevent this situation from recurring?. Develop additional communication channels. Obtain senior management buy-in for incident response processes. Periodically test the incident response plan. Create a clear definition of incident classifications.

Which of the following should be done FIRST to ensure information security is integrated in system development projects?. Assign resources based on the business impact. Define security requirements. Review the security policy. Embed a security representative in each project team.

For which of the following is it MOST important that system administrators be restricted to read-only access?. User access log files. Administrator user profiles. System logging options. Administrator log files.

Which of the following business units should own the data that populates an identity management system?. Legal. Human resources (HR). Information security. Information technology.

Which of the following BEST indicates senior management support for an information security program?. Top-down communication. Regular security awareness training. Participation in a certification program. Steering committee involvement.

When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to: identify the program's risk and compensating controls. consider the organization's business strategy. consider the strategic objectives of the program. leverage industry benchmarks.

A business continuity plan (BCP) should contain: criteria for activation. hardware and software inventories. data restoration procedures. information about eradication activities.

A finance department director has decided to outsource the organization's budget application and has identified potential providers. Which of the following actions should be initiated FIRST by the information security manager?. Determine the required security controls for the new solution. Obtain audit reports on the service providers’ hosting environment. Review the disaster recovery plans (DRPs) of the providers. Align the roles of the organization's and the service providers’ staffs.

What type of control is being implemented when a security information and event management (SIEM) system is installed?. Corrective. Preventive. Deterrent. Detective.

Which of the following should be done FIRST when developing an information asset classification policy?. Identify accountability for information assets throughout the organization. Establish the criteria that define an asset's classification level. Identify existing security measures for protecting assets. Obtain executive input to identify high-value assets to be classified.

Which of the following is the BEST option to lower the cost to implement application security controls?. Include standard application security requirements. Perform security tests in the development environment. Perform a risk analysis after project completion. Integrate security activities within the development process.