Which of the following BEST indicates that information security governance and corporate governance are integrated?
AThe information security team is aware of business goals.
BA cost-benefit analysis is conducted on all information security initiatives.
CThe board is regularly informed of information security key performance indicators (KPIs).
DThe information security steering committee is composed of business leaders.
Which of the following is ESSENTIAL to ensuring effective incident response?
ABusiness continuity plan (BCP)
BCost-benefit analysis
CClassification scheme
DSenior management support
Which of the following is the BEST method for managing information security compliance of third-party suppliers?
ADevelop specific information security policies for third parties.
BConduct a vulnerability assessment of the third-party supplier.
CInclude third-party supplier details in the risk register.
DEnsure information security requirements are addressed in the contract.
A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?
APerform a backup of the computer using the network.
BPerform a bit-by-bit backup of the hard disk using a write-blocking device.
CReboot the system using third-party forensic software in the CD-ROM drive.
DPerform a backup of the hard drive using backup utilities.
Which of the following is the FIRST step when conducting a post-incident review?
AIdentify mitigating controls.
BAssess the costs of the incident.
CPerform root cause analysis.
DAssign responsibility for corrective actions.
Which of the following is the MOST important reason to consider organizational culture when developing an information security program?
AIt helps expedite approval for the information security budget.
BIt helps the organization meet compliance requirements.
CEveryone in the organization is responsible for information security.
DSecurity incidents have an adverse impact on the entire organization.
Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
Ainform senior management.
Bupdate the risk assessment.
Cvalidate the user acceptance testing (UAT).
Dmodify key risk indicators (KRIs).
Which of the following should be an information security managers PRIMARY focus during the development of a critical system storing highly confidential data?
AEnsuring the amount of residual risk is acceptable
BReducing the number of vulnerabilities detected
CAvoiding identified system threats
DComplying with regulatory requirements
Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation of a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?
ADeviation from risk management best practices
BImpact on the risk culture
CInability to determine short-term impact
DImpact on compliance risk
Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
AUpdate the change management process.
BRevise the procurement process.
CDiscuss the issue with senior leadership.
DRemove the application from production.
Which of the following should be established FIRST when implementing an Information security governance framework?
ASecurity incident management learn
BSecurity policies
CSecurity architecture
DSecurity awareness training program
Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP), and disaster recovery plan (DRP)?
AAsset classification
BRecovery time objectives (RTOs)
CChain of custody
DEscalation procedures
Which of the following BEST indicates effective information security governance?
AAvailability of information security policies
BRegular steering committee meetings
COrganization-wide attendance at annual security training
DRegular testing of the security incident response plan
Which of the following BEST enables an organization to measure the total time that operations can be sustained at an alternative site designated in the business continuity plan (BCP)?
ARecovery point objective (RPO)
BAllowable interruption window (AIW)
CMaximum tolerable outage (MTO)
DRecovery time objective (RTO)
Which of the following has the GREATEST influence on the successful integration of information security within the business?
AOrganizational structure and culture
BRisk tolerance and organizational objectives
CInformation security personnel
DThe desired state of the organization
Which of the following BEST mitigates the risk or information loss caused by a cloud service provider becoming insolvent?
AContractual provisions for the right to audit
BEffective data loss prevention (DLP) controls
CContractual provisions for data repatriation
DThe purchasing of cybersecurity insurance
Which of the following is the BEST way to protect against unauthorized access to an encrypted file sent via email?
AValidating the recipient's identity
BUsing a digital signature in the email
CUtilizing a separate distribution channel for the password
DEnsuring a policy exists for encrypting files in transit
A business impact analysis (BIA) should be periodically executed PRIMARILY to:
Averify the effectiveness of controls.
Bcheck compliance with regulations.
Cvalidate vulnerabilities on environmental changes.
Danalyze the importance of assets.
Which of the following would BEST justify spending for a compensating control?
ARoot cause analysis
BEmerging risk trends
CVulnerability assessment
DRisk analysis
Which of the following is the MOST important consideration for reporting risk assessment results to senior management?
AThe reports should include comparisons to industry benchmarks.
BThe reports should be presented in business terms.
CThe reports should use formal methodologies.
DThe reports should include recommended controls.
An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?
AImplement countermeasures to mitigate risk.
BClassify all identified risks.
CConduct an evaluation of controls.
DDetermine if the risk is within the risk appetite.
Which of the following BEST enables an organization to maintain an appropriate security control environment?
APeriodic employee security training
BBudgetary support for security
CAlignment to an industry security framework
DMonitoring of the threat landscape
Which of the following is MOST important for responding effectively to security breaches?
AChain of custody
BIncident classification
CLog monitoring
DCommunication plan
Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations. Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
ADecreasing false positives
BDecreasing false negatives
CIncreasing false negatives
DIncreasing false positives
Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?
ABackups are maintained on multiple sites and regularly reviewed.
BImpacted networks can be detached at the network switch level.
CBackups are maintained offline and regularly tested.
DProduction data is continuously replicated between primary and secondary sites.
Preview
