VENOM

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST: conduct a cost-benefit analysis. conduct a risk assessment. interview senior management. perform a gap analysis.

Which of the following is the MOST important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?. The ability to remotely locate devices. The ability to centrally manage devices. The ability to restrict unapproved applications. The ability to classify types of devices.

The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to: comply with security policy. increase corporate accountability. enforce individual accountability. reinforce the need for training.

When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?. Develop metrics for vendor performance. Include information security criteria as part of vendor selection. Review third-party reports of potential vendors. Include information security clauses in the vendor contract.

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?. Security audit reports. Recovery time objective (RTO). Technological capabilities. Escalation processes.

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?. Assess the business impact to the organization. Present the noncompliance risk to senior management. Investigate alternative options to remediate the noncompliance. Determine the cost to remediate the noncompliance.

Which of the following BEST enables effective information security governance?. Security-aware corporate culture. Advanced security technologies. Periodic vulnerability assessments. Established information security metrics.

Which of the following is the BEST way for an organization to determine the maturity level of its information security program?. Review the results of information security awareness testing. Validate the effectiveness of implemented security controls. Benchmark the information security policy against industry standards. Track the trending of information security incidents.

What is the PRIMARY purpose of an unannounced disaster recovery exercise?. To provide metrics to senior management. To evaluate how personnel react to the situation. To assess service level agreements (SLAs). To estimate the recovery time objective (RTO).

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?. Tabletop exercises. Forensics certification. Penetration tests. Disaster recovery drills.

Which of the following would be MOST useful to help senior management understand the status of information security compliance?. Key performance indicators (KPIs). Risk assessment results. Industry benchmarks. Business impact analysis (BIA) results.

Which of the following is the MOST important reason for an organization to develop an information security governance program?. Establishment of accountability. Compliance with audit requirements. Creation of tactical solutions. Monitoring of security incidents.

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?. Confirming the organization complies with security policies. Verifying security costs do not exceed the budget. Demonstrating risk is managed at the desired level. Providing evidence that resources are performing as expected.

Which of the following should be an information security managers MOST important consideration when determining if an information asset has been classified appropriately?. Value to the business. Security policy requirements. Ownership of information. Level of protection.

An information security manager MUST have an understanding of the organization's business goals to: relate information security to change management. develop an information security strategy. develop operational procedures. define key performance indicators (KPIs).

When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be t. measure management engagement as part of an incident response team. provide participants with situations to ensure understanding of their roles. give the business a measure of the organization's overall readiness. challenge the incident response team to solve the problem under pressure.

An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. Which of the following should the information security manager do FIRST. Implement mitigating controls. Perform a business impact analysis (BIA). Perform a risk assessment. Notify senior management.

Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?. Report the decision to the compliance officer. Reassess the organization's risk tolerance. Update details within the risk register. Assess the impact of the regulation.

Which of the following is the MOST essential element of an information security program?. Prioritizing program deliverables based on available resources. Benchmarking the program with global standards for relevance. Involving functional managers in program development. Applying project management practices used by the business.

The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the: escalation procedures. information security manager. chain of custody. disaster recovery plan (DRP).

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action. Report the risk to the information security steering committee. Determine mitigation options with IT management. Communicate the potential impact to the application owner. Escalate the risk to senior management.

An information security manager discovers that the organization's new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?. Business unit management has not emphasized the importance of the new policy. Different communication methods may be required for each business unit. The wording of the policy is not tailored to the audience. The corresponding controls are viewed as prohibitive to business operations.

Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?. To provide the response team with expert training on evidence handling. To ensure evidence is handled by qualified resources. To prevent evidence from being disclosed to any internal staff members. To validate the incident response process.

Who should determine data access requirements for an application hosted at an organization's data center?. Information security manager. Business owner. Data custodian. Systems administrator.

An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?. Policies. Standards. Procedures. Guidelines.

Which of the following is the PRIMARY responsibility of an information security steering committee. Setting up password expiration procedures. Drafting security policies. Prioritizing security initiatives. Reviewing firewall rules.

Which of the following is the MOST important element in the evaluation of inherent security risks?. Impact to the organization. Control effectiveness. Residual risk. Cost of countermeasures.

Recovery time objectives (RTOs) are an output of which of the following?. Business continuity plan (BCP). Business impact analysis (BIA). Service level agreement (SLA). Disaster recovery plan (DRP).

Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management's understanding of impact to the organization?. Detailed assessment of the security risk profile. Risks inherent in new security technologies. Findings from recent penetration testing. Status of identified key security risks.

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?. Escalation paths. Termination language. Key performance indicators (KPIs). Right-to-audit clause.

Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way for the information security manager to respond to this situation?. Update roles and responsibilities of the incident response team. Train the incident response team on escalation procedures. Implement a monitoring solution for incident response activities. Validate that the information security strategy maps to corporate objectives.

Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan?. When recovery time objectives (RTOs) are not met. When missing information impacts recovery from an incident. Before an internal audit of the incident response process. At intervals indicated by industry best practice.

What is the FIRST line of defense against criminal insider activities?. Signing security agreements by critical personnel. Stringent and enforced access controls. Validating the integrity of personnel. Monitoring employee activities.

Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective?. Develop an acceptable use policy. Conduct a vulnerability assessment on the devices. Assess risks introduced by the technology. Research mobile device management (MDM) solutions.

When determining an acceptable risk level, which of the following is the MOST important consideration?. Vulnerability scores. System criticalities. Risk matrices. Threat profiles.

Which of the following is an information security manager's BEST approach when selecting cost-effective controls needed to meet business objectives?. Conduct a gap analysis. Focus on preventive controls. Align with industry best practice. Align with the risk appetite.

A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?. Document and schedule a date to revisit the issue. Document and escalate to senior management. Shut down the business application. Determine a lower-cost approach to remediation.

Which of the following is MOST important to the successful implementation of an information security program?. Establishing key performance indicators (KPIs). Obtaining stakeholder input. Understanding current and emerging technologies. Conducting periodic risk assessments.

Which of the following metrics provides the BEST measurement of the effectiveness of a security awareness program?. Variance of program cost to allocated budget. The number of security breaches. Mean time between incident detection and remediation. The number of reported security incidents.

After a server has been attacked, which of the following is the BEST course of action?. Isolate the system. Initiate incident response. Conduct a security audit. Review vulnerability assessment.

Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?. Consult corporate legal counsel. Conduct a cost-benefit analysis. Update the information security policy. Perform a gap analysis.

Which of the following is the MOST important security feature an information security manager would need for a mobile device management (MDM) program?. Ability to inventory devices. Ability to remotely wipe devices. Ability to locate devices. Ability to push updates to devices.

An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?. Gap analysis results. Risk register. Threat assessment results. Risk heat map.

Information security awareness programs are MOST effective when they are: sponsored by senior management. reinforced by computer-based training. customized for each target audience. conducted at employee orientation.

Which of the following would BEST help an organization's ability to manage advanced persistent threats (APT)?. Having a skilled information security team. Increasing the information security budget. Using multiple security vendors. Having network detection tools in place.

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?. Initiate incident response. Initiate a device reset. Conduct a risk assessment. Disable remote access.

Which of the following would provide the BEST evidence to senior management that security control performance has improved?. Demonstrated return on security investment. Review of security metrics trends. Results of an emerging threat analysis. Reduction in inherent risk.

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?. Implement an information security awareness training program. Conduct a threat analysis. Establish an audit committee. Create an information security steering committee.

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?. Invoke the organization's incident response plan. Set up communication channels for the target audience. Create a comprehensive singular communication. Determine the needs and requirements of each audience.

The PRIMARY goal of a post-incident review should be to: identify policy changes to prevent a recurrence. establish the cost of the incident to the business. determine why the incident occurred. determine how to improve the incident handling process.

Which type of control is an incident response team?. Detective. Directive. Corrective. Preventive.

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?. Users accept the risk of noncompliance. The benefit is greater than the potential risk. USB storage devices are enabled based on user roles. Access is restricted to read-only.

Which of the following should be determined FIRST when preparing a risk communication plan?. Reporting content. Communication channel. Target audience. Reporting frequency.

Which of the following would MOST effectively communicate the benefits of an information security program to executive management?. Key performance indicators (KPIs). Threat models. Key risk indicators (KRIs). Industry benchmarks.

Which of the following BEST enables the detection of advanced persistent threats (APTs)?. Vulnerability scanning. Security information and event management system (SIEM). Internet gateway filtering. Periodic reviews of intrusion prevention system (IPS).

Which of the following BEST demonstrates that an anti-phishing campaign is effective?. Improved staff attendance in awareness sessions. Decreased number of incidents that have occurred. Decreased number of phishing emails received. Improved feedback on the anti-phishing campaig.

When developing an incident escalation process, the BEST approach is to classify incidents based on: their root causes. information assets affected. recovery point objectives (RPOs). estimated time to recover.

A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?. Conduct benchmarking. Perform a gap analysis. Notify the legal department. Determine the disruption to the business.

Which of the following would be MOST useful in determining how an organization will be affected by a new regulatory requirement for cloud services?. Data loss protection plan. Risk assessment. Information asset inventory. Data classification policy.

Embedding security responsibilities into job descriptions is important PRIMARILY because it: simplifies development of the security awareness program. aligns security to the human resources (HR) function. strengthens employee accountability Most Voted. supports access management.