CISM-Exam 7 1-250

An information security risk analysis BEST assists an organization in ensuring that: the infrastructure has the appropriate level of access control. cost-effective decisions are made with regard to which assets need protection. an appropriate level of funding is applied to security processes. the organization implements appropriate security technologies.

In a multinational organization, local security regulations should be implemented over global security policy because: business objectives are defined by local business unit managers. deploying awareness of local regulations is more practical than of global policy. global security policies include unnecessary controls for local businesses. requirements of local regulations take precedence.

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST: conduct a cost-benefit analysis. conduct a risk assessment. interview senior management. perform a gap analysis.

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?. Access control management. Change management. Configuration management. Risk management.

Which of the following is the BEST way to build a risk-aware culture?. Periodically change risk awareness messages. Ensure that threats are communicated organization-wide in a timely manner. Periodically test compliance with security controls and post results. Establish incentives and a channel for staff to report risks.

What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?. Cancel the outsourcing contract. Transfer the risk to the provider. Create an addendum to the existing contract. Initiate an external audit of the provider's data center.

An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?. Controls to be monitored. Reporting capabilities. The contract with the SIEM vendor. Available technical support.

Which of the following is MOST likely to be included in an enterprise security policy?. Definitions of responsibilities. Retention schedules. System access specifications. Organizational risk.

Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?. Develop a business case for funding remediation efforts. Advise senior management to accept the risk of noncompliance. Notify legal and internal audit of the noncompliant legacy application. Assess the consequences of noncompliance against the cost of remediation.

Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?. Review the third-party contract with the organization's legal department. Communicate security policy with the third-party vendor. Ensure security is involved in the procurement process. Conduct an information security audit on the third-party vendor.

Which of the following is the BEST method to protect consumer private information for an online public website?. Apply strong authentication to online accounts. Encrypt consumer data in transit and at rest. Use secure encrypted transport layer. Apply a masking policy to the consumer data.

Which of the following is the MOST important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?. The ability to remotely locate devices. The ability to centrally manage devices. The ability to restrict unapproved applications. The ability to classify types of devices.

An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the BEST information for the information security manager to draw a conclusion?. Initiating a cost-benefit analysis of the implemented controls. Performing a risk assessment. Reviewing the risk register. Conducting a business impact analysis (BIA).

An organization that uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure: the availability of continuous technical support. appropriate service level agreements (SLAs) are in place. a right-to-audit clause is included in contracts. internal security standards are in place.

Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?. Obtain annual sign-off from executive management. Align the policies to the most stringent global regulations. Send the policies to stakeholders for review. Outsource compliance activities.

The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to: comply with security policy. increase corporate accountability. enforce individual accountability. reinforce the need for training.

Threat and vulnerability assessments are important PRIMARILY because they are: used to establish security investments. needed to estimate risk. the basis for setting control objectives. elements of the organization's security posture.

Which of the following should be an information security managers PRIMARY focus during the development of a critical system storing highly confidential data?. Ensuring the amount of residual risk is acceptable. Reducing the number of vulnerabilities detected. Avoiding identified system threats. Complying with regulatory requirements.

When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?. Develop metrics for vendor performance. Include information security criteria as part of vendor selection. Review third-party reports of potential vendors. Include information security clauses in the vendor contract.

An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?. File integrity monitoring (FIM) software. Security information and event management (SIEM) tool. Intrusion detection system (IDS). Antivirus software.

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?. Compliance requirements associated with the regulation. Criticality of the service to the organization. Corresponding breaches associated with each vendor. Compensating controls in place to protect information security.

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?. Security audit reports. Recovery time objective (RTO). Technological capabilities. Escalation processes.

Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework?. Executive leadership becomes involved in decisions about information security governance. Executive leadership views information security governance primarily as a concern of the information security management team. Information security staff has little or no experience with the practice of information security governance. Information security management does not fully accept the responsibility for information security governance.

Risk scenarios simplify the risk assessment process by: covering the full range of possible risk. ensuring business risk is mitigated. reducing the need for subsequent risk evaluation. focusing on important and relevant risk.

Which of the following is the MOST important consideration when developing information security objectives?. They are regularly reassessed and reported to stakeholders. They are approved by the IT governance function. They are clear and can be understood by stakeholders. They are identified using global security frameworks and standards.

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?. Assess the business impact to the organization. Present the noncompliance risk to senior management. Investigate alternative options to remediate the noncompliance. Determine the cost to remediate the noncompliance.

Which of the following BEST enables effective information security governance?. Security-aware corporate culture. Advanced security technologies. Periodic vulnerability assessments. Established information security metrics.

Application data integrity risk is MOST directly addressed by a design that includes. strict application of an authorized data dictionary. reconciliation routines such as checksums, hash totals, and record counts. application log requirements such as field-level audit trails and user activity logs. access control technologies such as role-based entitlements.

Deciding the level of protection a particular asset should be given is BEST determined by: the corporate risk appetite. a risk analysis. a threat assessment. a vulnerability assessment.

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?. Calculate the total cost of ownership (TCO). Define the issues to be addressed. Perform a cost-benefit analysis. Conduct a feasibility study.

Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?. Decision on the classification of cloud-hosted data. Expertise of personnel providing incident response. Implementation of a SIEM in the organization. An agreement on the definition of a security incident.

Which of the following is the BEST way for an organization to determine the maturity level of its information security program?. Review the results of information security awareness testing. Validate the effectiveness of implemented security controls. Benchmark the information security policy against industry standards. Track the trending of information security incidents.

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?. Increase the frequency of log monitoring and analysis. Implement a security information and event management system (SIEM). Increase the sensitivity of intrusion detection systems. Implement multi-factor authentication.

When supporting an organization's privacy officer which of the following is the information security manager's PRIMARY role regarding privacy requirements?. Ensuring appropriate controls are in place. Monitoring the transfer of private data. Determining data classification. Conducting privacy awareness programs.

The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?. The strategy does not include a cost-benefit analysis. There was a lack of engagement with the business during development. The strategy does not comply with security standards. The CISO reports to the CIO.

An organization's CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?. The committee consists of too many senior executives. The committee lacks sufficient business representation. There is a conflict of interest between the business and IT. The CIO is not taking charge of the committee.

What is the PRIMARY purpose of an unannounced disaster recovery exercise?. To provide metrics to senior management. To evaluate how personnel react to the situation. To assess service level agreements (SLAs). To estimate the recovery time objective (RTO).

Labeling information according to its security classification: reduces the need to identify baseline controls for each classification. reduces the number and type of countermeasures required. enhances the likelihood of people handling information securely. affects the consequences if information is handled insecurely.

Which of the following is the MOST effective approach for determining whether an organization's information security program supports the information security strategy?. Ensure resources meet information security program needs. Audit the information security program to identify deficiencies. Identify gaps impacting information security strategy. Develop key performance indicators (KPIs) of information security.

When drafting the corporate privacy statement for a public web site, which of the following MUST be included?. Limited liability clause. Access control requirements. Explanation of information usage. Information encryption requirements.

An organization is concerned with the potential for exploitation of vulnerabilities in its server systems. Which of the following is the BEST control to mitigate the associated risk?. Enforcing standard system configurations based on secure configuration benchmarks. Implementing network and system-based anomaly monitoring software for server systems. Enforcing configurations for secure logging and audit trails on server systems. Implementing host-based intrusion detection systems (IDS) on server systems.

Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization?. Identify secure social networking sites. Establish disciplinary actions for noncompliance. Perform a vulnerability assessment. Define acceptable information for posting.

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?. Include the impact of the risk as part of regular metrics. Send regular notifications directly to senior managers. Recommend the security steering committee conduct a review. Update the risk assessment at regular intervals.

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?. Tabletop exercises. Forensics certification. Penetration tests. Disaster recovery drills.

Which of the following BEST protects against phishing attacks?. Security strategy training. Email filtering. Network encryption. Application whitelisting.

Which of the following is the MOST effective method of preventing deliberate internal security breaches?. Well-designed intrusion detection system (IDS). Biometric security access control. Well-designed firewall system. Screening prospective employees.

When designing security controls, it is MOST important to: focus on preventive controls. apply controls to confidential information. evaluate the costs associated with the controls. apply a risk-based approach.

An information security team plans to increase password complexity requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager's BEST course of action. Evaluate business compensating controls. Quantify the security risk to the business. Assess business impact against security risk. Conduct industry benchmarking.

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?. Review and update existing security policies. Enforce passwords and data encryption on the devices. Conduct security awareness training. Require remote wipe capabilities for devices.

Which of the following would be MOST useful to help senior management understand the status of information security compliance?. Key performance indicators (KPIs). Risk assessment results. Industry benchmarks. Business impact analysis (BIA) results.

Which of the following is the MOST important reason for an organization to develop an information security governance program?. Establishment of accountability. Compliance with audit requirements. Creation of tactical solutions. Monitoring of security incidents.

Which of the following provides the MOST essential input for the development of an information security strategy?. Results of an information security gap analysis. Measurement of security performance against IT goals. Results of a technology risk assessment. Availability of capable information security resources.

The MOST important reason for an information security manager to be involved in the change management process is to ensure that: security controls drive technology changes. risks have been evaluated. security controls are updated regularly. potential vulnerabilities are identified.

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?. Confirming the organization complies with security policies. Verifying security costs do not exceed the budget. Demonstrating risk is managed at the desired level. Providing evidence that resources are performing as expected.

Which of the following is MOST likely to be a component of a security incident escalation policy?. Names and telephone numbers of key management personnel. A severity-ranking mechanism tied only to the duration of the outage. Sample scripts and press releases for statements to media. Decision criteria for when to alert various groups.

Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?. Configuration management. Mobile application control. Inconsistent device security. End user acceptance.

Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services. Which of the following should be the PRIMARY focus of Company A's information security manager?. The cost to align to Company A's security policies. The organizational structure of Company B. Company B's security policies. Company A's security architecture.

Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?. Select the data source. Review the confidentiality requirements. Identify the intended audience. Identify the data owner.

Which of the following BEST determines what information should be shared with different entities during incident response?. Escalation procedures. Communication plan. Disaster recovery policy. Business continuity plan (BCP).

Which of the following is the BEST way to enhance training for incident response teams?. Conduct interviews with organizational units. Establish incident key performance indicators (KPIs). Participate in emergency response activities. Perform post-incident reviews.

An information security manager wants to improve the ability to identify changes in risk levels affecting the organization's systems. Which of the following is the BEST method to achieve this objective?. Performing business impact analyses (BIA). Monitoring key goal indicators (KGIs). Monitoring key risk indicators (KRIs). Updating the risk register.

When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the: affected stakeholders. incident response team. availability of technical resources. media coverage.

Which of the following should be an information security managers MOST important consideration when determining if an information asset has been classified appropriately?. Value to the business. Security policy requirements. Ownership of information. Level of protection.

The effectiveness of an incident response team will be GREATEST when: the incident response process is updated based on lessons learned. the incident response team members are trained security personnel. the incident response team meets on a regular basis to review log files. incidents are identified using a security information and event monitoring (SIEM) system.

An information security manager MUST have an understanding of the organization's business goals to: relate information security to change management. develop an information security strategy. develop operational procedures. define key performance indicators (KPIs).

An information security manager MUST have an understanding of an information security program?. Understanding current and emerging technologies. Establishing key performance indicators (KPIs). Conducting periodic risk assessments. Obtaining stakeholder input.

An attacker was able to gain access to an organization's perimeter firewall and made changes to allow wider external access and to steal data. Which of the following would have BEST provided timely identification of this incident?. Implementing a data loss prevention (DLP) suite. Deploying an intrusion prevention system (IPS). Deploying a security information and event management system (SIEM). Conducting regular system administrator awareness training.

When establishing metrics for an information security program, the BEST approach is to identify indicators that: support major information security initiatives. reflect the corporate risk culture. reduce information security program spending. demonstrate the effectiveness of the security program.

For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?. Anti-malware alerts on several employees' workstations. Several port scans of the web server. Multiple failed login attempts on an employee's workstation. Suspicious network traffic originating from the demilitarized zone (DMZ).

An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?. Publish the standards on the intranet landing page. Deploy a device management solution. Establish an acceptable use policy. Monitor user activities on the network.

When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?. Audit reports. Access logs. Access lists. Threat metrics.

Which of the following is the MOST effective way for an information security manager to ensure that security is incorporated into an organization's project development processes?. Develop good communications with the project management office (PMO). Participate in project initiation, approval, and funding. Conduct security reviews during design, testing, and implementation. Integrate organization's security requirements into project management.

Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?. SWOT analysis. Industry benchmarks. Cost-benefit analysis. Balanced scorecard.

An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan, which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?. Banning executable file downloads at the Internet firewall. Implementing an intrusion detection system (IDS). Implementing application blacklisting. Removing local administrator rights.

When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to: measure management engagement as part of an incident response team. provide participants with situations to ensure understanding of their roles. give the business a measure of the organization's overall readiness. challenge the incident response team to solve the problem under pressure.

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?. Availability of potential resources. Information security incidents. Current resourcing levels. Information security strategy.

Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?. Validation of current capabilities. Benchmarking against industry peers. Prioritization of action plans. Identification of threats and vulnerabilities.

Which of the following BEST describes a buffer overflow?. A type of covert channel that captures data. A function is carried out with more data than the function can handle. Malicious code designed to interfere with normal operations. A program contains a hidden and unintended function that presents a security risk.

Which of the following is the MOST important consideration when selecting members for an information security steering committee?. Information security expertise. Tenure in the organization. Business expertise. Cross-functional composition.

Which of the following BEST validates that security controls are implemented in a new business process?. Verify the use of a recognized control framework. Review the process for conformance with information security best practices. Benchmark the process against industry practices. Assess the process according to information security policy.

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?. Including information security clauses within contracts. Auditing the service delivery of third-party providers. Providing information security training to third-party personnel. Requiring third parties to sign confidentiality agreements.

The MOST important reason to use a centralized mechanism to identify information security incidents is to: comply with corporate policies. detect threats across environments. prevent unauthorized changes to networks. detect potential fraud.

Which of the following should be done FIRST when establishing security measures for personal data stored and processed on a human resources management system?. Conduct a vulnerability assessment. Move the system into a separate network. Conduct a privacy impact assessment (PIA). Evaluate data encryption technologies.

An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. Which of the following should the information security manager do FIRST?. Implement mitigating controls. Perform a business impact analysis (BIA). Perform a risk assessment. Notify senior management.

Which of the following is MOST relevant for an information security manager to communicate to the board of directors?. The level of exposure. Vulnerability assessments. The level of inherent risk. Threat assessments.

Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?. Report the decision to the compliance officer. Reassess the organization's risk tolerance. Update details within the risk register. Assess the impact of the regulation.

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?. A live demonstration of the third-party supplier's security capabilities. The ability to audit the third-party supplier's IT systems and processes. Third-party security control self-assessment results. An independent review report indicating compliance with industry standards.

Which of the following is the MOST essential element of an information security program?. Prioritizing program deliverables based on available resources. Benchmarking the program with global standards for relevance. Involving functional managers in program development. Applying project management practices used by the business.

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?. Projected increase in maturity level. Estimated increase in efficiency. Projected costs over time. Estimated reduction in risk.

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST: transfer risk to a third party to avoid cost of impact. recommend that management avoid the business activity. assess the gap between current and acceptable level of risk. implement controls to mitigate the risk to an acceptable level.

Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?. Remediation of audit findings. Decentralization of security governance. Establishment of security governance. Maturity of security processes.

What is the PRIMARY benefit of effective configuration management?. Standardization of system support. Reduced frequency of incidents. Decreased risk to the organization's systems. Improved vulnerability management.

A large organization is in the process of developing its information security program that involves working with several complex organizational functions. Which of the following will BEST enable the successful implementation of this program?. Security governance. Security policy. Security metrics. Security guidelines.

What is the BEST reason to keep information security policies separate from procedures?. To keep policies from having to be changed too frequently. To ensure that individual documents do not contain conflicting information. To keep policy documents from becoming too large. To ensure policies receive the appropriate approvals.

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?. Escrow of software code with conditions for code release. Right of the subscriber to conduct onsite audits of the vendor. Authority of the subscriber to approve access to its data. Commingling of subscribers' data on the same physical server.

An information security manager has identified a major security event with potential noncompliance implications. Who should be notified FIRST?. Internal audit. Public relations team. Senior management. Regulatory authorities.

Which of the following is the PRIMARY purpose of establishing an information security governance framework?. To proactively address security objectives. To reduce security audit issues. To enhance business continuity planning. To minimize security risks.

An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?. Implement remote wipe capability. Create an acceptable use policy. Conduct a mobile device risk assessment. Deploy mobile device management (MDM).

When scoping a risk assessment, assets need to be classified by: sensitivity and criticality. likelihood and impact. threats and opportunities. redundancy and recoverability.

Which of the following would BEST enable effective decision-making?. Annualized loss estimates determined from past security events. A universally applied list of generic threats, impacts, and vulnerabilities. A consistent process to analyze new and historical information risk. Formalized acceptance of risk analysis by business management.

Which of the following has the GREATEST impact on efforts to improve an organization's security posture?. Well-documented security policies and procedures. Supportive tone at the top regarding security. Regular reporting to senior management. Automation of security controls.

Which of the following is the BEST strategy to implement an effective operational security posture?. Increased security awareness. Defense in depth. Threat management. Vulnerability management.

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?. Non-standard event logs. Access to the hardware. Data encryption. Compressed customer data.

The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to: obtain the support of executive management. document the disaster recovery process. map the business process to supporting IT and other corporate resources. identify critical processes and the degree of reliance on support services.

Which of the following is MOST important when selecting an information security metric?. Ensuring the metric is repeatable. Aligning the metric to the IT strategy. Defining the metric in qualitative terms. Defining the metric in quantitative terms.

Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?. Establish and present appropriate metrics that track performance. Perform industry research annually and document the overall ranking of the IPS. Perform a penetration test to demonstrate the ability to protect. Provide yearly competitive pricing to illustrate the value of the IPS.

An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?. Install biometric access control. Develop an incident response plan. Define data retention criteria. Enable activity logging.

An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager's FIRST step?. Notify internal legal counsel. Isolate the impacted endpoints. Wipe the affected system. Notify senior management.

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?. Security policies. Automated controls. Guidelines. Standards.

Which of the following metrics is the BEST measure of the effectiveness of an information security program?. Reduction in the amount of risk exposure in an organization. Reduction in the number of threats to an organization. Reduction in the cost of risk remediation for an organization. Reduction in the number of vulnerabilities in an organization.

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?. Update the risk assessment framework. Monitor the effectiveness of controls. Review the risk probability and impact. Review the inherent risk level.

The BEST way to avoid session hijacking is to use: strong password controls. a firewall. a reverse lookup. a secure protocol.

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the following would MOST effectively allow the hospital to avoid paying the ransom?. A continual server replication process. Employee training on ransomware. A properly tested offline backup system. A properly configured firewall.

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?. Help desk. Legal. Information security. Human resources (HR).

The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the: escalation procedures. information security manager. chain of custody. disaster recovery plan (DRP).

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?. Improve the change control process. Update the threat landscape. Determine operational losses. Review the effectiveness of controls.

Which of the following should an information security manager perform FIRST when an organization's residual risk has increased?. Implement security measures to reduce the risk. Assess the business impact. Transfer the risk to third parties. Communicate the information to senior management.

Which of the following is the PRIMARY reason for an information security manager to present the business case for an information security initiative to senior management?. To aid management in the decision-making process for purchasing the solution. To represent stakeholders who will benefit from enhancements in information security. To provide management with the status of the information security program. To demonstrate to management the due diligence involved with selecting the solution.

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action?. Report the risk to the information security steering committee. Determine mitigation options with IT management. Communicate the potential impact to the application owner. Escalate the risk to senior management.

Which of the following BEST indicates an effective vulnerability management program?. Security incidents are reported in a timely manner. Threats are identified accurately. Controls are managed proactively. Risks are managed within acceptable limits.

An organization has experienced multiple instances of privileged users misusing their access. Which of the following processes would be MOST helpful in identifying such violations?. Policy exception review. Review of access controls. Security assessment. Log review.

An information security manager discovers that the organization's new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?. Business unit management has not emphasized the importance of the new policy. Different communication methods may be required for each business unit. The wording of the policy is not tailored to the audience. The corresponding controls are viewed as prohibitive to business operations.

Which of the following is the BEST defense against a brute force attack?. Intruder detection lockout. Time-of-day restrictions. Discretionary access control. Mandatory access control.

Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?. To provide the response team with expert training on evidence handling. To ensure evidence is handled by qualified resources. To prevent evidence from being disclosed to any internal staff members. To validate the incident response process.

Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?. The ability to meet industry compliance requirements. The ability to define service level agreements (SLAs). The ability to reduce risk in the supply chain. The ability to improve vendor performance.

Who should determine data access requirements for an application hosted at an organization's data center?. Information security manager. Business owner. Data custodian. Systems administrator.

Which of the following is the MOST important objective of testing a security incident response plan?. Ensure the thoroughness of the response plan. Verify the response assumptions are valid. Confirm that systems are recovered in the proper order. Validate the business impact analysis (BIA).

Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?. To ensure that the mitigation effort does not exceed the asset value. To ensure that benefits are aligned with business strategies. To present a realistic information security budget. To justify information security program activities.

An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?. Policies. Standards. Procedures. Guidelines.

Which of the following information BEST supports risk management decision making?. Results of a vulnerability assessment. Estimated savings resulting from reduced risk exposure. Average cost of risk events. Quantification of threats through threat modeling.

Which of the following is MOST important to do after a security incident has been verified?. Notify the appropriate law enforcement authorities of the incident. Follow the escalation process to inform key stakeholders. Prevent the incident from creating further damage to the organization. Contact forensic investigators to determine the root cause.

Which of the following should be the PRIMARY driver for selecting and implementing appropriate controls to address the risk associated with weak user passwords?. The organization's risk tolerance. The organization's culture. The cost of risk mitigation controls. Direction from senior management.

Which of the following is MOST important to consider when determining the effectiveness of the information security governance program?. Key performance indicators (KPIs). Maturity models. Risk tolerance levels. Key risk indicators (KRIs).

The business advantage of implementing authentication tokens is that they: provide nonrepudiation. reduce overall cost. reduce administrative workload. improve access security.

In an organization that has several independent security tools including intrusion detection systems (IDSs) and firewalls, which of the following is the BEST way to ensure timely detection of incidents?. Implement a log aggregation and correlation solution. Ensure that the incident response plan is endorsed by senior management. Ensure staff are cross trained to manage all security tools. Outsource the management of security tools to a service provider.

Which of the following is the MAIN objective of a risk management program?. Reduce corporate liability for information security incidents. Reduce risk to the level of the organization's risk appetite. Reduce risk to the maximum extent possible. Reduce costs associated with incident response.

An information security manager was informed that a planned penetration test could potentially disrupt some services. Which of the following should be the FIRST course of action?. Estimate the impact and inform the business owner. Accept the risk and document it in the risk register. Ensure the service owner is available during the penetration test. Reschedule the activity during an approved maintenance window.

The PRIMARY advantage of single sign-on (SSO) is that it will: support multiple authentication mechanisms. strengthen user passwords. increase efficiency of access management. increase the security of related applications.

Which of the following is BEST determined by using technical metrics?. Whether controls are operating effectively. How well security risk is being managed. Whether security resources are adequately allocated. How well the security strategy is aligned with organizational objectives.

The use of a business case to obtain funding for an information security investment is MOST effective when the business case: relates the investment to the organization's strategic plan. realigns information security objectives to organizational strategy. articulates management's intent and information security directives in clear language. translates information security policies and standards into business requirements.

The MOST important objective of security awareness training for business staff is to: understand intrusion methods. reduce negative audit findings. increase compliance. modify behavior.

Which of the following is the PRIMARY responsibility of an information security steering committee?. Setting up password expiration procedures. Drafting security policies. Prioritizing security initiatives. Reviewing firewall rules.

During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on: a consolidated event timeline. logs from systems involved. interviews with personnel. documents created during the incident.

Which of the following is the MOST important element in the evaluation of inherent security risks?. Impact to the organization. Control effectiveness. Residual risk. Cost of countermeasures.

Recovery time objectives (RTOs) are an output of which of the following?. Business continuity plan (BCP). Business impact analysis (BIA). Service level agreement (SLA). Disaster recovery plan (DRP).

Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management's understanding of impact to the organization?. Detailed assessment of the security risk profile. Risks inherent in new security technologies. Findings from recent penetration testing. Status of identified key security risks.

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?. Escalation paths. Termination language. Key performance indicators (KPIs). Right-to-audit clause.

Which of the following is the BEST way to determine if a recent investment in access control software was successful?. Senior management acceptance of the access control software. A comparison of security incidents before and after software installation. A business impact analysis (BIA) of the systems protected by the software. A review of the number of key risk indicators (KRIs) implemented for the software.

Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?. Create a data classification policy. Implement role-based access controls. Require the use of login credentials and passwords. Conduct information security awareness training.

Which of the following is the MOST important consideration when reporting the effectiveness of an information security program to key business stakeholders?. Linking security metrics to the business impact analysis (BIA). Demonstrating a decrease in information security incidents. Demonstrating cost savings of each control. Linking security metrics to business objectives.

The PRIMARY purpose of establishing an information security governance framework should be to: establish the business case for strategic integration of information security in organizational efforts. document and communicate how the information security program functions within the organization. align information security strategy and investments to support organizational activities. align corporate governance, activities, and investments to information security goals.

Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way for the information security manager to respond to this situation?. Update roles and responsibilities of the incident response team. Train the incident response team on escalation procedures. Implement a monitoring solution for incident response activities. Validate that the information security strategy maps to corporate objectives.

An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?. The business owner. Key customers. Executive management. System administrator.

Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?. Incident response experts from highly regarded peer organizations. Open-source reconnaissance. Recognized threat intelligence communities. Disaster recovery consultants widely endorsed in industry forums.

Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan?. When recovery time objectives (RTOs) are not met. When missing information impacts recovery from an incident. Before an internal audit of the incident response process. At intervals indicated by industry best practice.

During which stage of the software development life cycle (SDLC) should application security controls FIRST be addressed?. Software code development. Configuration management. Requirements gathering. Application system design.

Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program?. The classifications do not follow industry best practices. Labeling is not consistent throughout the organization. The program allows exceptions to be granted. Data retention requirements are not defined.

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?. Recovery strategy. Risk mitigation strategy. Security strategy. IT strategy.

The MAIN purpose of influenced by a business impact guideline for use within a large, international organization is to: explain the organization's preferred practices for security. ensure that all business units have the same strategic security goals. ensure that all business units implement identical security procedures. provide evidence for auditors that security practices are adequate.

Which of the following is an information security manager's BEST course of action upon discovering an organization with budget constraints lacks several important security capabilities?. Suggest the deployment of open-source security tools to mitigate identified risks. Establish a business case to demonstrate return on investment (ROI) of a security tool. Recommend that the organization avoid the most severe risks. Review the most recent audit report and request funding to address the most serious finding.

What is the FIRST line of defense against criminal insider activities?. Signing security agreements by critical personnel. Stringent and enforced access controls. Validating the integrity of personnel. Monitoring employee activities.

The BEST way to report to the board on the effectiveness of the information security program is to present: a summary of the most recent audit findings. a report of cost savings from process improvements. peer-group industry benchmarks. a dashboard illustrating key performance metrics.

An organization's outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager's NEXT course of action?. Reconfigure the firewall in accordance with best practices. Obtain supporting evidence that the problem has been corrected. Seek damages from the service provider. Revisit the contract and improve accountability of the service provider.

Which is the MOST important requirement when establishing a process for responding to zero-day vulnerabilities?. The IT team updates antivirus signatures on user systems. The IT team implements an emergency patch deployment process. Business users stop using the impacted application until a patch is released. The information security team implements recommended workarounds.

An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would BEST enable the information security manager to address this concern?. Incident classification. Incident response. Forensic analysis. Vulnerability assessment.

An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the BEST way to address this situation?. Publish an acceptable use policy and require signed acknowledgment. Turn on logging and record user activity. Communicate the responsibility and provide appropriate training. Implement a data loss prevention (DLP) solution.

Which of the following should be the MOST important consideration when prioritizing risk remediation?. Evaluation of risk. Duration of exposure. Comparison to risk appetite. Impact of compliance.

To set security expectations across the enterprise, it is MOST important for the information security policy to be regularly reviewed and endorsed by: security administrators. senior management. the chief information security officer (CISO). the IT steering committee.

Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective?. Develop an acceptable use policy. Conduct a vulnerability assessment on the devices. Assess risks introduced by the technology. Research mobile device management (MDM) solutions.

An information security manager needs to ensure security testing is conducted on a new system. Which of the following would provide the HIGHEST level of assurance?. The vendor provides the results of a penetration test and code review. An independent party is directly engaged to conduct testing. The internal audit team is enlisted to run a vulnerability assessment against the system. The security team conducts a self-assessment against a recognized industry framework.

An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to: transfer the risk to a third party. determine appropriate countermeasures. report to management. quantify the aggregated risk.

Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?. The URL of the e-commerce server. The certificate of the e-commerce server. The IP address of the e-commerce server. The browser's indication of SSL use.

Which of the following provides the MOST useful information for identifying security control gaps on an application server?. Risk assessments. Penetration testing. Threat models. Internal audit reports.

Which of the following components of an information security risk assessment is MOST valuable to senior management?. Residual risk. Return on investment (ROI). Mitigation actions. Threat profile.

Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?. Gaps between current and desirable levels will be addressed. Information security management costs will be optimized. Information security strategy will be in line with industry best practice. Staff awareness of information security compliance will be promoted.

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?. Integrating automated service level agreement (SLA) reporting into the help desk ticketing system. Changing the default setting for all security incidents to the highest priority. Integrating incident response workflow into the help desk ticketing system. Implementing automated vulnerability scanning in the help desk workflow.

An information security manager's PRIMARY objective for presenting key risks to the board of directors is to: ensure appropriate information security governance. quantify reputational risks. meet information security compliance requirements. re-evaluate the risk appetite.

Which of the following should be the PRIMARY consideration when implementing a data loss prevention (DLP) solution?. Data ownership. Data storage capabilities. Data classification. Selection of tools.

Which of the following is the MOST important function of an information security steering committee?. Evaluating the effectiveness of information security controls on a periodic basis. Defining the objectives of the information security framework. Conducting regular independent reviews of the state of security in the business. Approving security awareness content prior to publication.

When determining an acceptable risk level, which of the following is the MOST important consideration?. Vulnerability scores. System criticalities. Risk matrices. Threat profiles.

Which of the following is MOST important to include when reporting information security risk to executive leadership?. Key performance objectives and budget trends. Security awareness training participation and residual risk exposures. Risk analysis results and key risk indicators (KRIs). Information security risk management plans and control compliance.

During which of the following development phases is it MOST challenging to implement security controls?. Implementation phase. Post-implementation phase. Design phase. Development phase.

An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action?. Block access to the cloud storage service. Determine the classification level of the information. Seek business justification from the employee. Inform higher management of a security breach.

Which of the following is the MOST effective method of determining security priorities?. Vulnerability assessment. Gap analysis. Threat assessment. Impact analysis.

A measure of the effectiveness of the incident response capabilities of an organization is the: number of incidents detected. number of employees receiving incident response training. reduction of the annual loss expectancy (ALE). time to closure of incidents.

An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers, and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?. Separate security controls for applications, platforms, programs, and endpoints. Multi-factor login requirements for cloud service applications, timeouts, and complex passwords. Deployment of nested firewalls within the infrastructure. Strict enforcement of role-based access control (RBAC).

Which of the following is an information security manager's BEST approach when selecting cost-effective controls needed to meet business objectives?. Conduct a gap analysis. Focus on preventive controls. Align with industry best practice. Align with the risk appetite.

A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?. Document and schedule a date to revisit the issue. Document and escalate to senior management. Shut down the business application. Determine a lower-cost approach to remediation.

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?. Identify information security risk associated with the processes. Assess the business objectives of the processes. Evaluate the cost of information security integration. Benchmark the processes with best practice to identify gaps.

The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its: compliance with industry regulations. key performance indicators (KPIs). level of support from senior management. timeliness in responding to attacks.

Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?. Harden the communication infrastructure. Require files to be digitally signed before they are transmitted. Enforce multi-factor authentication on both ends of the communication. Require data to be transmitted over a secure connection.

Which of the following is MOST important to the successful implementation of an information security program?. Establishing key performance indicators (KPIs). Obtaining stakeholder input. Understanding current and emerging technologies. Conducting periodic risk assessments.

Which of the following is the BEST way to strengthen the alignment of an information security program with business strategy?. Establishing an information security steering committee. Increasing the frequency of control assessments. Providing organizational training on information security policies. Increasing budget for risk assessments.

Which of the following is necessary to determine what would constitute a disaster for an organization?. Recovery strategy analysis. Backup strategy analysis. Risk analysis. Threat probability analysis.

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should: escalate concerns for conflicting access rights to management. review access rights as the acquisition integration occurs. implement consistent access control standards. perform a risk assessment of the access rights.

Which of the following metrics provides the BEST measurement of the effectiveness of a security awareness program?. Variance of program cost to allocated budget. The number of security breaches. Mean time between incident detection and remediation. The number of reported security incidents.

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to: the board of directors. the information security officer. the steering committee. the internal audit manager.

Which of the following is MOST likely to affect an organization's ability to respond to security incidents in a timely manner?. Lack of senior management buy-in. Inadequate detective control performance. Misconfiguration of security information and event management (SIEM) tool. Complexity of network segmentation.

After a server has been attacked, which of the following is the BEST course of action?. Isolate the system. Initiate incident response. Conduct a security audit. Review vulnerability assessment.

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?. Business impact analysis (BIA) results. Recommendations from senior management. The business continuity plan (BCP). Vulnerability assessment results.

What is the PRIMARY responsibility of the security steering committee?. Implement information security control. Develop information security policy. Set direction and monitor performance. Provide information security training to employees.

The PRIMARY objective of a risk response strategy should be: threat reduction. senior management buy-in. appropriate control selection. regulatory compliance.

Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?. Consult corporate legal counsel. Conduct a cost-benefit analysis. Update the information security policy. Perform a gap analysis.

Which of the following is the MOST important security feature an information security manager would need for a mobile device management (MDM) program?. Ability to inventory devices. Ability to remotely wipe devices. Ability to locate devices. Ability to push updates to devices.

Which of the following is the MOST relevant factor when determining the appropriate escalation process in the incident response plan?. Significance of the affected systems. Number of resources allocated to respond. Resilience capability of the affected systems. Replacement cost of the affected systems.

Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?. Block the end user's ability to use shadow IT. Update the security policy to address shadow IT. Determine the value of shadow IT projects. Determine the extent of shadow IT usage.

The PRIMARY purpose for defining key risk indicators (KRIs) for a security program is to: support investments in the security program. compare security program effectiveness to benchmarks. provide information needed to take action. ensure mitigating controls meet specifications.

Which of the following is the MOST effective way to protect the authenticity of data in transit?. Digital signature. Hash value. Private key. Public key.

An organization shares customer information across its globally dispersed branches. Which of the following should be the GREATEST concern to information security management?. Conflicting data protection regulations. Cross-cultural differences between branches. Insecure wide area networks (WANs). Decentralization of information security.

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining: security requirements for the process being outsourced. risk-reporting methodologies. service level agreements (SLAs). security metrics.

Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?. Schedule the target end date for implementation activities. Develop an implementation strategy. Budget the total cost of implementation activities. Calculate the cost for each countermeasure.

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?. Regular audits of access controls. Strong background checks when hiring staff. Prompt termination procedures. Role-based access control.

An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?. Gap analysis results. Risk register. Threat assessment results. Risk heat map.

Which of the following provides the BEST assurance that a contracted third-party provider meets an organization's security requirements?. Continuous monitoring. Due diligence questionnaires. Right-to-audit clause in the contract. Performance metrics.

An organization's senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager s FIRST step to support this strategy?. Incorporate social media into the security awareness program. Develop a guideline on the acceptable use of social media. Employ the use of a web content filtering solution. Develop a business case for a data loss prevention (DLP) solution.

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?. Ownership of security. Auditability of systems. Allocation of training resources. Compliance with policies.

Which of the following is a PRIMARY responsibility of the information security governance function?. Administering information security awareness training. Advising senior management on optimal levels of risk appetite and tolerance. Defining security strategies to support organizational programs. Ensuring adequate support for solutions using emerging technologies.

Which of the following is MOST important to the successful implementation of an information security program?. Key performance indicators (KPIs) are defined. Adequate security resources are allocated to the program. A balanced scorecard is approved by the steering committee. The program is developed using global security standards.

To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that: the steering committee provides guidance and dispute resolution. the security policy is changed to accommodate IT performance pressure. IT policies and procedures are better aligned to security policies. noncompliance issues are reported to senior management.

Information security awareness programs are MOST effective when they are: sponsored by senior management. reinforced by computer-based training. customized for each target audience. conducted at employee orientation.

Which of the following would BEST help an organization's ability to manage advanced persistent threats (APT)?. Having a skilled information security team. Increasing the information security budget. Using multiple security vendors. Having network detection tools in place.

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?. Initiate incident response. Initiate a device reset. Conduct a risk assessment. Disable remote access.

An organization has fallen victim to a spear-phishing attack that compromised the multi-factor authentication code. What is the information security manager's MOST important follow-up action?. Communicate the threat to users. Install client anti-malware solutions. Implement firewall blocking of known attack signatures. Implement an advanced email filtering system.

Which of the following is MOST important for an information security manager to communicate to stakeholders when approving exceptions to the information security policy?. Impact on the risk profile. Need for compensating controls. Time period for review. Requirements for senior management reporting.

To implement effective continuous monitoring of IT controls, an information security manager needs to FIRST ensure: security alerts are centralized. periodic scanning of IT systems is in place. metrics are communicated to senior management. information assets have been classified.

Which of the following would provide the BEST evidence to senior management that security control performance has improved?. Demonstrated return on security investment. Review of security metrics trends. Results of an emerging threat analysis. Reduction in inherent risk.

An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?. The information security strategy. The organization's risk appetite. The cost of noncompliance. The information security policy.

The PRIMARY benefit of a centralized time server is that it: decreases the likelihood of an unrecoverable systems failure. reduces individual time-of-day requests by client applications. allows decentralized logs to be kept in synchronization. is required by password synchronization programs.

Which of the following is MOST appropriate to communicate to senior management regarding information risk?. Risk profile changes. Vulnerability scanning progress. Defined risk appetite. Emerging security technologies.

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?. Implement an information security awareness training program. Conduct a threat analysis. Establish an audit committee. Create an information security steering committee.

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?. Invoke the organization's incident response plan. Set up communication channels for the target audience. Create a comprehensive singular communication. Determine the needs and requirements of each audience.

Which of the following is MOST appropriate to add to a dashboard for the purpose of illustrating an organization's risk level to senior management?. Results of risk and control testing. Number of reported incidents. Budget variance for information security. Risk heat map.

When establishing escalation processes for an organization's computer security incident response team, the organization's procedures should: require events to be escalated whenever possible to ensure that management is kept informed. provide unrestricted communication channels to executive leadership to ensure direct access. specify step-by-step escalation paths to ensure an appropriate chain of command. recommend the same communication path for events to ensure consistency of communication.

Which of the following is the MOST beneficial outcome of testing an incident response plan?. The response includes escalation to senior management. Test plan results are documented. Incident response time is improved. The plan is enhanced to reflect the findings of the test.

The PRIMARY goal of a post-incident review should be to: identify policy changes to prevent a recurrence. establish the cost of the incident to the business. determine why the incident occurred. determine how to improve the incident handling process.

Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?. Applying data classification rules. Following the principle of least privilege. Restricting the use of removable media. Enforcing penalties for security policy violations.

Which type of control is an incident response team?. Detective. Directive. Corrective. Preventive.

It is MOST important for an information security manager to ensure that security risk assessments are performed: during a root cause analysis. as part of the security business case. consistently throughout the enterprise. in response to the threat landscape.

Which of the following BEST indicates the effectiveness of the vendor risk management process?. Increase in the percentage of vendors certified to a globally recognized security standard. Increase in the percentage of vendors with a completed due diligence review. Increase in the percentage of vendors conducting mandatory security training. Increase in the percentage of vendors that have reported security breaches.

An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?. Data transfer. Data classification. Data backup. Data isolation.

Which of the following is the PRIMARY reason that an information security manager would contract with an external provider to perform penetration testing?. To obtain an independent network security certification. To mitigate gaps in technical skills. To obtain an independent view of vulnerabilities. To obtain the full list of system vulnerabilities.

An organization has decided to outsource its disaster recovery function. Which of the following is the MOST important consideration when drafting the service level agreement (SLA)?. Testing requirements. Authorization chain. Recovery time objectives (RTOs). Recovery point objectives (RPOs).

What is the PRIMARY objective of implementing standard security configurations?. Maintain a flexible approach to mitigate potential risk to unsupported systems. Minimize the operational burden of managing and monitoring unsupported systems. Compare configurations between supported and unsupported systems. Control vulnerabilities and reduce threats from changed configurations.

Which of the following is MOST important to ensure when considering exceptions to an information security policy?. Exceptions are approved by executive management. Exceptions undergo regular review. Exceptions reflect the organizational risk appetite. Exceptions are based on data classification.

An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?. The impact of noncompliance on the organization's risk profile. An accountability report to initiate remediation activities. Control owner responses based on a root cause analysis. A plan for mitigating the risk due to noncompliance.

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?. Users accept the risk of noncompliance. The benefit is greater than the potential risk. USB storage devices are enabled based on user roles. Access is restricted to read-only.

Which of the following is an information security manager's FIRST priority after a high-profile system has been compromised?. Implement improvements to prevent recurrence. Identify the malware that compromised the system. Restore the compromised system. Preserve incident-related data.

Which of the following has the MOST direct impact on the usability of an organization's asset classification policy?. The granularity of classifications in the hierarchy. The support of IT management for the classification scheme. The frequency of updates to the organization's risk register. The business objectives of the organization.

A corporate information security program is BEST positioned for success when: staff is receptive to the program. senior management supports the program. security is thoroughly assessed in the program. the program aligns with industry best practice.

Following a significant change to the underlying code of an application, it is MOST important for the information security manager to: inform senior management. update the risk assessment. validate the user acceptance testing (UAT). modify key risk indicators (KRIs).