Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

CISM Certified Information Security Manager Questions and Answers

Questions 4

Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?

Options:

A.

Security strategy

B.

Program metrics

C.

Key risk indicators (KRIs)

D.

Risk register

Buy Now
Questions 5

What should be an information security manager's MOST important consideration when developing a multi-year plan?

Options:

A.

Ensuring contingency plans are in place for potential information security risks

B.

Ensuring alignment with the plans of other business units

C.

Allowing the information security program to expand its capabilities

D.

Demonstrating projected budget increases year after year

Buy Now
Questions 6

Which is MOST important to identify when developing an effective information security strategy?

Options:

A.

Security awareness training needs

B.

Potential savings resulting from security governance

C.

Business assets to be secured

D.

Residual risk levels

Buy Now
Questions 7

Once a suite of security controls has been successfully implemented for an organization's business units, it is MOST important for the information security manager to:

Options:

A.

hand over the controls to the relevant business owners.

B.

ensure the controls are regularly tested for ongoing effectiveness.

C.

perform testing to compare control performance against industry levels.

D.

prepare to adapt the controls for future system upgrades.

Buy Now
Questions 8

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

Options:

A.

Security metrics

B.

Security baselines

C.

Security incident details

D.

Security risk exposure

Buy Now
Questions 9

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Buy Now
Questions 10

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor's independent control reports.

Buy Now
Questions 11

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Options:

A.

Regulatory requirements

B.

Compliance acceptance

C.

Management support

D.

Budgetary approval

Buy Now
Questions 12

Which of the following is ESSENTIAL to ensuring effective incident response?

Options:

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Buy Now
Questions 13

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Options:

A.

Request the service provider comply with information security policy.

B.

Review a recent independent audit report of the service provider.

C.

Assess the level of security awareness of the service provider.

D.

Review samples of service level reports from the service provider.

Buy Now
Questions 14

Which of the following BEST enables an organization to continuously assess the information security risk posture?

Options:

A.

Key risk indicators (KRIs)

B.

Periodic review of the risk register

C.

Degree of senior management support

D.

Compliance with industry regulations

Buy Now
Questions 15

The PRIMARY objective of timely declaration of a disaster is to:

Options:

A.

ensure engagement of business management in the recovery process.

B.

assess and correct disaster recovery process deficiencies.

C.

protect critical physical assets from further loss.

D.

ensure the continuity of the organization's essential services.

Buy Now
Questions 16

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

Options:

A.

cause fewer potential production issues.

B.

require less IT staff preparation.

C.

simulate real-world attacks.

D.

identify more threats.

Buy Now
Questions 17

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Options:

A.

Prevent the user from using personal mobile devices.

B.

Report the incident to the police.

C.

Wipe the device remotely.

D.

Remove user's access to corporate data.

Buy Now
Questions 18

An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?

Options:

A.

Review of the audit logs

B.

Ownership of the data

C.

Employee's job role

D.

Valid use case

Buy Now
Questions 19

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

Options:

A.

rely on senior management to enforce security.

B.

promote the relevance and contribution of security.

C.

focus on compliance.

D.

reiterate the necessity of security.

Buy Now
Questions 20

Which of the following is the MOST effective way to identify changes in an information security environment?

Options:

A.

Business impact analysis (BIA)

B.

Annual risk assessments

C.

Regular penetration testing

D.

Continuous monitoring

Buy Now
Questions 21

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Options:

A.

Communicate disciplinary processes for policy violations.

B.

Require staff to participate in information security awareness training.

C.

Require staff to sign confidentiality agreements.

D.

Include information security responsibilities in job descriptions.

Buy Now
Questions 22

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Buy Now
Questions 23

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Buy Now
Questions 24

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

Which of the following would provide the MOST useful information for planning purposes? »

Options:

A.

Results from a business impact analysis (BIA)

B.

Deadlines and penalties for noncompliance

C.

Results from a gap analysis

D.

An inventory of security controls currently in place

Buy Now
Questions 25

Which of the following BEST indicates misalignment of security policies with business objectives?

Options:

A.

Low completion rate of employee awareness training

B.

Lack of adequate funding for the security program

C.

A large number of long-term policy exceptions

D.

A large number of user noncompliance incidents

Buy Now
Questions 26

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Buy Now
Questions 27

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Buy Now
Questions 28

When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:

Options:

A.

ensure alignment with industry encryption standards.

B.

ensure that systems that handle credit card data are segmented.

C.

review industry best practices for handling secure payments.

D.

review corporate policies regarding credit card information.

Buy Now
Questions 29

Which of the following is the PRIMARY purpose of an acceptable use policy?

Options:

A.

To provide steps for carrying out security-related procedures

B.

To facilitate enforcement of security process workflows

C.

To protect the organization from misuse of information assets

D.

To provide minimum security baselines for information assets

Buy Now
Questions 30

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.

Management's business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Buy Now
Questions 31

Which of the following is necessary to ensure consistent protection for an organization's information assets?

Options:

A.

Classification model

B.

Control assessment

C.

Data ownership

D.

Regulatory requirements

Buy Now
Questions 32

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Options:

A.

Employees use smartphone tethering when accessing from remote locations.

B.

Employees physically lock PCs when leaving the immediate area.

C.

Employees are trained on the acceptable use policy.

D.

Employees use the VPN when accessing the organization's online resources.

Buy Now
Questions 33

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Buy Now
Questions 34

Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?

Options:

A.

Mitigate

B.

Avoid

C.

Transfer

D.

Accept

Buy Now
Questions 35

Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

Options:

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Buy Now
Questions 36

Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?

Options:

A.

Disconnect the system from the network.

B.

Change passwords on the compromised system.

C.

Restore the system from a known good backup.

D.

Perform operation system hardening.

Buy Now
Questions 37

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

Options:

A.

the integrity of evidence is preserved.

B.

forensic investigation software is loaded on the server.

C.

the incident is reported to senior management.

D.

the server is unplugged from power.

Buy Now
Questions 38

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Options:

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Buy Now
Questions 39

Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Options:

A.

The framework defines managerial responsibilities for risk impacts to business goals.

B.

The framework provides direction to meet business goals while balancing risks and controls.

C.

The framework provides a roadmap to maximize revenue through the secure use of technology.

D.

The framework is able to confirm the validity of business goals and strategies.

Buy Now
Questions 40

Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?

Options:

A.

Program metrics

B.

Key risk indicators (KRIs)

C.

Risk register

D.

Security strategy

Buy Now
Questions 41

What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Options:

A.

Developing a dashboard for communicating the metrics

B.

Agreeing on baseline values for the metrics

C.

Benchmarking the expected value of the metrics against industry standards

D.

Aligning the metrics with the organizational culture

Buy Now
Questions 42

An organization's quality process can BEST support security management by providing:

Options:

A.

security configuration controls.

B.

assurance that security requirements are met.

C.

guidance for security strategy.

D.

a repository for security systems documentation.

Buy Now
Questions 43

Which of the following should be of GREATEST concern regarding an organization's security controls?

Options:

A.

Some controls are performing outside of an acceptable range.

B.

No key control indicators (KCIs) have been implemented.

C.

Control ownership has not been updated.

D.

Control gap analysis is outdated.

Buy Now
Questions 44

Recovery time objectives (RTOs) are BEST determined by:

Options:

A.

business managers

B.

business continuity officers

C.

executive management

D.

database administrators (DBAs).

Buy Now
Questions 45

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Options:

A.

Skills required for the incident response team

B.

A list of external resources to assist with incidents

C.

Service level agreements (SLAs)

D.

A detailed incident notification process

Buy Now
Questions 46

Following an employee security awareness training program, what should be the expected outcome?

Options:

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Buy Now
Questions 47

Management decisions concerning information security investments will be MOST effective when they are based on:

Options:

A.

a process for identifying and analyzing threats and vulnerabilities.

B.

an annual loss expectancy (ALE) determined from the history of security events,

C.

the reporting of consistent and periodic assessments of risks.

D.

the formalized acceptance of risk analysis by management,

Buy Now
Questions 48

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Options:

A.

Benchmark the processes with best practice to identify gaps.

B.

Calculate the return on investment (ROI).

C.

Provide security awareness training to HR.

D.

Assess the business objectives of the processes.

Buy Now
Questions 49

Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

Options:

A.

Average return on investment (ROI) associated with security initiatives

B.

Average number of security incidents across business units

C.

Mean time to resolution (MTTR) for enterprise-wide security incidents

D.

Number of vulnerabilities identified for high-risk information assets

Buy Now
Questions 50

Which of the following will BEST enable an organization to meet incident response requirements when outsourcing its incident response function?

Options:

A.

Including response times in service level agreements (SLAs)

B.

Including a right-to-audit clause in service level agreements (SLAs)

C.

Contracting with a well-known incident response provider

D.

Requiring comprehensive response applications and tools

Buy Now
Questions 51

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Options:

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Buy Now
Questions 52

Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

Options:

A.

Quantitative loss

B.

Industry benchmarks

C.

Threat analysis

D.

Root cause analysis

Buy Now
Questions 53

Which of the following is MOST important to ensure incident management readiness?

Options:

A.

The plan is compliant with industry standards.

B.

The plan is regularly tested.

C.

The plan is updated annually.

D.

The plan is concise and includes a checklist.

Buy Now
Questions 54

Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Options:

A.

Incident management procedures

B.

Incident management policy

C.

System risk assessment

D.

Organizational risk register

Buy Now
Questions 55

Which of the following is the MOST important reason for an information security manager to archive and retain the organization's electronic communication and email data?

Options:

A.

To track personal use of electronic communication by users

B.

To provide as evidence in legal proceedings when required

C.

To meet the requirements of global security standards

D.

To identify and scan attachments for malware

Buy Now
Questions 56

Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

Options:

A.

Demonstrating the program's value to the organization

B.

Discussing governance programs found in similar organizations

C.

Providing the results of external audits

D.

Providing examples of information security incidents within the organization

Buy Now
Questions 57

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Buy Now
Questions 58

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Options:

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Buy Now
Questions 59

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Options:

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Buy Now
Questions 60

Reevaluation of risk is MOST critical when there is:

Options:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Buy Now
Questions 61

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

Options:

A.

Business process owner

B.

Business continuity coordinator

C.

Senior management

D.

Information security manager

Buy Now
Questions 62

An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

Options:

A.

File integrity monitoring software

B.

Security information and event management (SIEM) tool

C.

Antivirus software

D.

Intrusion detection system (IDS)

Buy Now
Questions 63

An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?

Options:

A.

Conduct user awareness training within the IT function.

B.

Propose that IT update information security policies and procedures.

C.

Determine the risk related to noncompliance with the policy.

D.

Request that internal audit conduct a review of the policy development process,

Buy Now
Questions 64

An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?

Options:

A.

Local regulations

B.

Data backup strategy

C.

Consistency in awareness programs

D.

Organizational reporting structure

Buy Now
Questions 65

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Buy Now
Questions 66

Which of the following should be the NEXT step after a security incident has been reported?

Options:

A.

Recovery

B.

Investigation

C.

Escalation

D.

Containment

Buy Now
Questions 67

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.

enhance the organization's antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization's detective controls.

D.

reduce the need for a security awareness program.

Buy Now
Questions 68

Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

Options:

A.

Regular reporting to senior management

B.

Supportive tone at the top regarding security

C.

Automation of security controls

D.

Well-documented security policies and procedures

Buy Now
Questions 69

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

Options:

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Buy Now
Questions 70

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees' roles

D.

based on recent incidents

Buy Now
Questions 71

Which of the following is MOST important to include in an information security status report management?

Options:

A.

List of recent security events

B.

Key risk indication (KRIs)

C.

Review of information security policies

D.

information security budget requests

Buy Now
Questions 72

Capacity planning would prevent:

Options:

A.

file system overload arising from distributed denial of service (DDoS) attacks.

B.

system downtime for scheduled security maintenance.

C.

application failures arising from insufficient hardware resources.

D.

software failures arising from exploitation of buffer capacity vulnerabilities.

Buy Now
Questions 73

Which of the following is the MOST important issue in a penetration test?

Options:

A.

Having an independent group perform the test

B.

Obtaining permission from audit

C.

Performing the test without the benefit of any insider knowledge

D.

Having a defined goal as well as success and failure criteria

Buy Now
Questions 74

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

Options:

A.

Regular audits of access controls

B.

Strong background checks when hiring staff

C.

Prompt termination procedures

D.

Role-based access control (RBAC)

Buy Now
Questions 75

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

Options:

A.

Execution of unauthorized commands

B.

Prevention of authorized access

C.

Defacement of website content

D.

Unauthorized access to resources

Buy Now
Questions 76

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?

Options:

A.

Suspend the data exchange with the provider

B.

Notify appropriate regulatory authorities of the breach.

C.

Initiate the business continuity plan (BCP)

D.

Validate the breach with the provider

Buy Now
Questions 77

Which of the following is the MOST important consideration when determining which type of failover site to employ?

Options:

A.

Reciprocal agreements

B.

Disaster recovery test results

C.

Recovery time objectives (RTOs)

D.

Data retention requirements

Buy Now
Questions 78

Prior to conducting a forensic examination, an information security manager should:

Options:

A.

boot the original hard disk on a clean system.

B.

create an image of the original data on new media.

C.

duplicate data from the backup media.

D.

shut down and relocate the server.

Buy Now
Questions 79

From a business perspective, the GREATEST benefit of an incident response plan is that it:

Options:

A.

Promotes efficiency by providing predefined response procedures

B.

Improves security responsiveness to disruptive events

C.

Limits the negative impact of disruptive events

D.

Ensures compliance with regulatory requirements

Buy Now
Questions 80

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Buy Now
Questions 81

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Buy Now
Questions 82

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Buy Now
Questions 83

Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?

Options:

A.

To validate the incident

B.

To review network configurations

C.

To validate the payload signature

D.

To devise the incident response strategy

Buy Now
Questions 84

Which of the following risks is an example of risk transfer?

Options:

A.

Utilizing third-party applications

B.

Moving risk ownership to another department

C.

Conducting off-site backups

D.

Purchasing cybersecurity insurance

Buy Now
Questions 85

Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?

Options:

A.

Alignment with financial reporting

B.

Alignment with business initiatives

C.

Alignment with industry frameworks

D.

Alignment with risk appetite

Buy Now
Questions 86

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

Options:

A.

A validation of the current firewall rule set

B.

A port scan of the firewall from an internal source

C.

A ping test from an external source

D.

A simulated denial of service (DoS) attack against the firewall

Buy Now
Questions 87

Which of the following BEST enables an organization to identify and contain security incidents?

Options:

A.

Risk assessments

B.

Threat modeling

C.

Continuous monitoring

D.

Tabletop exercises

Buy Now
Questions 88

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

Options:

A.

Ensure security is involved in the procurement process.

B.

Review the third-party contract with the organization's legal department.

C.

Conduct an information security audit on the third-party vendor.

D.

Communicate security policy with the third-party vendor.

Buy Now
Questions 89

Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

Options:

A.

Indemnification clause

B.

Breach detection and notification

C.

Compliance status reporting

D.

Physical access to service provider premises

Buy Now
Questions 90

Which of the following analyses will BEST identify the external influences to an organization's information security?

Options:

A.

Business impact analysis (BIA)

B.

Gap analysis

C.

Threat analysis

D.

Vulnerability analysis

Buy Now
Questions 91

Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

Options:

A.

The organization's risk tolerance

B.

The organization's mission

C.

Resource availability

D.

Incident response team training

Buy Now
Questions 92

Which of the following is the MOST important function of an information security steering committee?

Options:

A.

Assigning data classifications to organizational assets

B.

Developing organizational risk assessment processes

C.

Obtaining multiple perspectives from the business

D.

Defining security standards for logical access controls

Buy Now
Questions 93

Which of the following is the MOST critical factor for information security program success?

Options:

A.

comprehensive risk assessment program for information security

B.

The information security manager's knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Buy Now
Questions 94

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Buy Now
Questions 95

Network isolation techniques are immediately implemented after a security breach to:

Options:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Buy Now
Questions 96

Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?

Options:

A.

Consult with IT staff and assess the risk based on their recommendations

B.

Update the security policy based on the regulatory requirements

C.

Propose relevant controls to ensure the business complies with the regulation

D.

Identify and assess the risk in the context of business objectives

Buy Now
Questions 97

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Options:

A.

Lack of availability

B.

Lack of accountability

C.

Improper authorization

D.

Inadequate authentication

Buy Now
Questions 98

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Options:

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Buy Now
Questions 99

Which of the following is MOST helpful to identify whether information security policies have been followed?

Options:

A.

Preventive controls

B.

Detective controls

C.

Directive controls

D.

Corrective controls

Buy Now
Questions 100

An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?

Options:

A.

Establish processes to publish content on social networks.

B.

Assess the security risk associated with the use of social networks.

C.

Conduct vulnerability assessments on social network platforms.

D.

Develop security controls for the use of social networks.

Buy Now
Questions 101

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

Options:

A.

a function of the likelihood and impact, should a threat exploit a vulnerability.

B.

the magnitude of the impact, should a threat exploit a vulnerability.

C.

a function of the cost and effectiveness of controls over a vulnerability.

D.

the likelihood of a given threat attempting to exploit a vulnerability

Buy Now
Questions 102

Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?

Options:

A.

The plan has summarized IT costs for implementation.

B.

The plan resolves all potential threats to business processes.

C.

The plan focuses on meeting industry best practices and industry standards.

D.

The plan is based on a review of threats and vulnerabilities.

Buy Now
Questions 103

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Buy Now
Questions 104

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

Options:

A.

To ensure separation of duties is maintained

B.

To ensure system audit trails are not bypassed

C.

To prevent accountability issues

D.

To prevent unauthorized user access

Buy Now
Questions 105

The PRIMARY advantage of involving end users in continuity planning is that they:

Options:

A.

have a better understanding of specific business needs.

B.

are more objective than information security management.

C.

can see the overall impact to the business.

D.

can balance the technical and business risks.

Buy Now
Questions 106

An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

Options:

A.

inventory sensitive customer data to be processed by the solution.

B.

determine information security resource and budget requirements.

C.

assess potential information security risk to the organization.

D.

develop information security requirements for the big data solution.

Buy Now
Questions 107

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Options:

A.

Security risk assessments

B.

Lessons learned analysis

C.

Information security audits

D.

Key performance indicators (KPIs)

Buy Now
Questions 108

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?

Options:

A.

Reviewing policies and procedures

B.

Performing a risk assessment

C.

Interviewing business managers and employees

D.

Performing a business impact analysis (BIA)

Buy Now
Questions 109

Which of the following BEST determines an information asset's classification?

Options:

A.

Value of the information asset in the marketplace

B.

Criticality to a business process

C.

Risk assessment from the data owner

D.

Cost of producing the information asset

Buy Now
Questions 110

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

Options:

A.

Revise the procurement process.

B.

Update the change management process.

C.

Discuss the issue with senior leadership.

D.

Remove the application from production.

Buy Now
Questions 111

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Options:

A.

Asset classification

B.

Recovery time objectives (RTOs)

C.

Chain of custody

D.

Escalation procedures

Buy Now
Questions 112

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The total cost of the investment

B.

The cost and associated risk reduction

C.

The number and severity of ransomware incidents

D.

Benchmarks of industry peers impacted by ransomware

Buy Now
Questions 113

Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?

Options:

A.

Data privacy officer

B.

Information security manager

C.

Head of IT department

D.

Head of human resources (HR)

Buy Now
Questions 114

As part of incident response activities, the BEST time to begin the recovery process is after:

Options:

A.

The eradication phase has been completed

B.

The incident response team has been established

C.

The root cause has been determined

D.

The incident manager has declared the incident

Buy Now
Questions 115

Which of the following has the MOST influence on the information security investment process?

Options:

A.

IT governance framework

B.

Information security policy

C.

Organizational risk appetite

D.

Security key performance indicators (KPIs)

Buy Now
Questions 116

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

Options:

A.

Alignment with industry benchmarks

B.

Results of business impact analyses (BIAs)

C.

Possibility of reputational loss due to incidents

D.

Availability of security budget

Buy Now
Questions 117

Labeling information according to its security classification:

Options:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Buy Now
Questions 118

Which of the following BEST minimizes information security risk in deploying applications to the production environment?

Options:

A.

Integrating security controls in each phase of the life cycle

B.

Conducting penetration testing post implementation

C.

Having a well-defined change process

D.

Verifying security during the testing process

Buy Now
Questions 119

The PRIMARY reason to properly classify information assets is to determine:

Options:

A.

appropriate encryption strength using a risk-based approach.

B.

the business impact if assets are compromised.

C.

the appropriate protection based on sensitivity.

D.

user access levels based on the need to know.

Buy Now
Questions 120

An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?

Options:

A.

Using secure communication channels

B.

Establishing mutual non-disclosure agreements (NDAs)

C.

Requiring third-party privacy policies

D.

Obtaining industry references

Buy Now
Questions 121

A new information security reporting requirement will soon become effective. Which of the following should be the information security manager's FIRST action?

Options:

A.

Conduct a cost-benefit analysis related to noncompliance with the new requirement.

B.

Perform a gap assessment against the new requirement.

C.

Investigate to determine whether the new requirement applies to the business.

D.

Inform senior management of the new requirement.

Buy Now
Questions 122

A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to:

Options:

A.

require that the change be reversed

B.

review the change management process

C.

perform an analysis of the change

D.

report the event to senior management

Buy Now
Questions 123

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Options:

A.

Store disaster recovery documentation in a public cloud.

B.

Maintain an outsourced contact center in another country.

C.

Require disaster recovery documentation be stored with all key decision makers.

D.

Provide annual disaster recovery training to appropriate staff.

Buy Now
Questions 124

Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?

Options:

A.

Benchmarking against industry peers

B.

Adoption of an industry recognized framework

C.

Approval from senior management

D.

Identification of business-specific risk factors

Buy Now
Questions 125

An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:

Options:

A.

disable the user's access to corporate resources.

B.

terminate the device connectivity.

C.

remotely wipe the device

D.

escalate to the user's management

Buy Now
Questions 126

An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:

Options:

A.

Assign accountability for monitoring social media

B.

Identify security monitoring tools

C.

Evaluate risks to the organization

D.

Develop security awareness training

Buy Now
Questions 127

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

Options:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Buy Now
Questions 128

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

Options:

A.

Inform the public relations officer.

B.

Monitor the third party's response.

C.

Invoke the incident response plan.

D.

Inform customers of the breach.

Buy Now
Questions 129

What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?

Options:

A.

Report the noncompliance to senior management.

B.

Assess the risk of noncompliance.

C.

Activate the incident response plan.

D.

Evaluate possible compensating controls.

Buy Now
Questions 130

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Options:

A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Buy Now
Questions 131

A recovery point objective (RPO) is required in which of the following?

Options:

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Buy Now
Questions 132

Which of the following is the BEST way to obtain organization-wide support for an information security program?

Options:

A.

Mandate regular security awareness training.

B.

Develop security performance metrics.

C.

Position security as a business enabler.

D.

Prioritize security initiatives based on IT strategy.

Buy Now
Questions 133

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Options:

A.

Developing an information security policy based on risk assessments

B.

Establishing an information security steering committee

C.

Documenting the information security governance framework

D.

Implementing an information security awareness program

Buy Now
Questions 134

Which of the following is the BEST reason to implement an information security architecture?

Options:

A.

Assess the cost-effectiveness of the integration.

B.

Fast-track the deployment of information security components.

C.

Serve as a post-deployment information security road map.

D.

Facilitate consistent implementation of security requirements.

Buy Now
Questions 135

Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?

Options:

A.

Vulnerability assessment

B.

Regulatory requirements

C.

Industry best practices

D.

Enterprise goals

Buy Now
Questions 136

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

Options:

A.

Senior management

B.

Application owner

C.

Information security manager

D.

Legal representative

Buy Now
Questions 137

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Options:

A.

a control self-assessment (CSA) process.

B.

automated reporting to stakeholders.

C.

a monitoring process for the security policy.

D.

metrics for each milestone.

Buy Now
Questions 138

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:

A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Buy Now
Questions 139

A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Perform a gap analysis.

B.

Conduct benchmarking.

C.

Notify the legal department.

D.

Determine the disruption to the business.

Buy Now
Questions 140

Which of the following has the MOST influence on the inherent risk of an information asset?

Options:

A.

Risk tolerance

B.

Net present value (NPV)

C.

Return on investment (ROI)

D.

Business criticality

Buy Now
Questions 141

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Buy Now
Questions 142

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Buy Now
Questions 143

The MOST appropriate time to conduct a disaster recovery test would be after:

Options:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Buy Now
Questions 144

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

Options:

A.

A data forensics program

B.

A configuration management program

C.

A layered security program

D.

An incident response program

Buy Now
Questions 145

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Establish performance metrics for the team

B.

Perform a post-incident review

C.

Implement a SIEM solution

D.

Perform a threat analysis

Buy Now
Questions 146

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

Options:

A.

The vendor's proposal allows for contract modification during technology refresh cycles.

B.

The vendor's proposal aligns with the objectives of the organization.

C.

The vendor's proposal requires the provider to have a business continuity plan (BCP).

D.

The vendor's proposal allows for escrow in the event the third party goes out of business.

Buy Now
Questions 147

An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?

Options:

A.

Perform a manual verification of file counts.

B.

Encrypt and back up the hard drive before copying.

C.

Use the same hardware for the image as the original.

D.

Perform digital hashing of the original and the image.

Buy Now
Questions 148

Which of the following is the BEST course of action for an information security manager to align security and business goals?

Options:

A.

Conducting a business impact analysis (BIA)

B.

Reviewing the business strategy

C.

Defining key performance indicators (KPIs)

D.

Actively engaging with stakeholders

Buy Now
Questions 149

What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Options:

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Buy Now
Questions 150

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Options:

A.

Risk levels may be elevated beyond acceptable limits.

B.

Security audits may report more high-risk findings.

C.

The compensating controls may not be cost efficient.

D.

Noncompliance with industry best practices may result.

Buy Now
Questions 151

Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?

Options:

A.

Mapping the risks to the security classification scheme

B.

Illustrating risk on a heat map

C.

Mapping the risks to existing controls

D.

Providing a technical risk assessment report

Buy Now
Questions 152

A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

Options:

A.

Perform a backup of the hard drive using backup utilities.

B.

Perform a bit-by-bit backup of the hard disk using a write-blocking device

C.

Perform a backup of the computer using the network

D.

Reboot the system using third-party forensic software in the CD-ROM drive

Buy Now
Questions 153

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Options:

A.

Legal and regulatory requirements

B.

Likelihood of a disaster

C.

Organizational tolerance to service interruption

D.

Geographical location of the backup site

Buy Now
Questions 154

When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

Options:

A.

Configuration management

B.

Risk management

C.

Access control management

D.

Change management

Buy Now
Questions 155

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

Options:

A.

Recommend canceling the outsourcing contract.

B.

Request an independent review of the provider's data center.

C.

Notify affected customers of the data breach.

D.

Determine the extent of the impact to the organization.

Buy Now
Questions 156

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.

Downtime due to malware infections

B.

Number of security vulnerabilities uncovered with network scans

C.

Percentage of servers patched

D.

Annualized loss resulting from security incidents

Buy Now
Questions 157

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Options:

A.

Instruct IT to deploy controls based on urgent business needs.

B.

Present a business case for additional controls to senior management.

C.

Solicit bids for compensating control products.

D.

Recommend a different application.

Buy Now
Questions 158

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Buy Now
Questions 159

The PRIMARY purpose of vulnerability identification is to:

Options:

A.

Remediate vulnerabilities before they are exploited

B.

Discover control deficiencies

C.

Provide vulnerability identifiers for risk reporting

D.

Prioritize vulnerability remediation

Buy Now
Questions 160

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?

Options:

A.

Business impact analysis (BIA)

B.

Business requirements

C.

Supplier requirements

D.

Risk appetite

Buy Now
Questions 161

Which of the following is the MOST important constraint to be considered when developing an information security strategy?

Options:

A.

Legal and regulatory requirements

B.

Established security policies and standards

C.

Compliance with an international security standard

D.

Information security architecture

Buy Now
Questions 162

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Buy Now
Questions 163

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Options:

A.

Incorporating lessons learned

B.

Implementing an IT resilience solution

C.

Implementing management reviews

D.

Documenting critical business processes

Buy Now
Questions 164

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

Options:

A.

It identifies appropriate follow-up work to address shortcomings in the plan.

B.

It allows for greater participation and planning from the business side.

C.

It helps in assessing the availability of compatible backup hardware.

D.

It provides a low-cost method of assessing the BCP's completeness.

Buy Now
Questions 165

Which of the following is the BEST strategy when determining an organization's approach to risk treatment?

Options:

A.

Implementing risk mitigation controls that are considered quick wins

B.

Prioritizing controls that directly mitigate the organization's most critical risks

C.

Advancing the maturity of existing controls based on risk tolerance

D.

Implementing a one-size-fits-all set of controls across all organizational units

Buy Now
Questions 166

A balanced scorecard MOST effectively enables information security:

Options:

A.

risk management

B.

project management

C.

governance

D.

performance

Buy Now
Questions 167

Which of the following is the MOST important characteristic of an effective information security metric?

Options:

A.

The metric expresses residual risk relative to risk tolerance.

B.

The metric is frequently reported to senior management.

C.

The metric directly maps to an industry risk management framework.

D.

The metric compares the organization's inherent risk against its risk appetite.

Buy Now
Questions 168

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Options:

A.

Block IP addresses used by the attacker

B.

Redirect the attacker's traffic

C.

Disable firewall ports exploited by the attacker.

D.

Power off affected servers

Buy Now
Questions 169

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Options:

A.

Maintaining a repository base of security policies

B.

Measuring impact of exploits on business processes

C.

Facilitating the monitoring of risk occurrences

D.

Redirecting event logs to an alternate location for business continuity plan

Buy Now
Questions 170

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

Options:

A.

Performing penetration testing

B.

Improving user awareness

C.

Installing new firewalls

D.

Updating security policies

Buy Now
Questions 171

Which of the following BEST ensures information security governance is aligned with corporate governance?

Options:

A.

A security steering committee including IT representation

B.

A consistent risk management approach

C.

An information security risk register

D.

Integration of security reporting into corporate reporting

Buy Now
Questions 172

A business continuity plan (BCP) should contain:

Options:

A.

information about eradication activities.

B.

hardware and software inventories.

C.

data restoration procedures.

D.

criteria for activation.

Buy Now
Questions 173

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:

A.

The capabilities and expertise of the information security team

B.

The organization's mission statement and roadmap

C.

A prior successful information security strategy

D.

The organization's information technology (IT) strategy

Buy Now
Questions 174

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Buy Now
Questions 175

Which of the following is an example of risk mitigation?

Options:

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Buy Now
Questions 176

The MOST important element in achieving executive commitment to an information security governance program is:

Options:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Buy Now
Questions 177

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Buy Now
Questions 178

Which of the following is the BEST defense against a brute force attack?

Options:

A.

Time-of-day restrictions

B.

Mandatory access control

C.

Discretionary access control

D.

Multi-factor authentication (MFA)

Buy Now
Questions 179

Which of the following is the PRIMARY benefit of an information security awareness training program?

Options:

A.

Influencing human behavior

B.

Evaluating organizational security culture

C.

Defining risk accountability

D.

Enforcing security policy

Buy Now
Questions 180

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Options:

A.

Review current recovery policies.

B.

Define the organizational strategy.

C.

Prioritize the critical processes.

D.

Review existing cyber insurance coverage.

Buy Now
Questions 181

Which of the following is the PRIMARY reason to assign a risk owner in an organization?

Options:

A.

To remediate residual risk

B.

To define responsibilities

C.

To ensure accountability

D.

To identify emerging risk

Buy Now
Questions 182

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Buy Now
Questions 183

The business value of an information asset is derived from:

Options:

A.

the threat profile.

B.

its criticality.

C.

the risk assessment.

D.

its replacement cost.

Buy Now
Questions 184

Which of the following is MOST important to have in place when conducting a security control assessment of a system?

Options:

A.

Control specifications

B.

Assurance test plan

C.

Scanning tools

D.

Security documentation

Buy Now
Questions 185

The categorization of incidents is MOST important for evaluating which of the following?

Options:

A.

Appropriate communication channels

B.

Allocation of needed resources

C.

Risk severity and incident priority

D.

Response and containment requirements

Buy Now
Questions 186

Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?

Options:

A.

The strategy aligns with management’s acceptable level of risk.

B.

The strategy addresses ineffective information security controls.

C.

The strategy aligns with industry benchmarks and standards.

D.

The strategy addresses organizational maturity and the threat environment.

Buy Now
Questions 187

Which of the following is the BEST indication of an effective disaster recovery planning process?

Options:

A.

Hot sites are required for any declared disaster.

B.

Chain of custody is maintained throughout the disaster recovery process.

C.

Post-incident reviews are conducted after each event.

D.

Recovery time objectives (RTOs) are shorter than recovery point objectives (RPOs).

Buy Now
Questions 188

Which of the following is the BEST option to lower the cost to implement application security controls?

Options:

A.

Perform security tests in the development environment.

B.

Integrate security activities within the development process

C.

Perform a risk analysis after project completion.

D.

Include standard application security requirements

Buy Now
Questions 189

Which of the following is the BEST course of action when confidential information is inadvertently disseminated outside the organization?

Options:

A.

Review compliance requirements.

B.

Communicate the exposure.

C.

Declare an incident.

D.

Change the encryption keys.

Buy Now
Questions 190

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Options:

A.

reduces unauthorized access to systems.

B.

promotes efficiency in control of the environment.

C.

prevents inconsistencies in information in the distributed environment.

D.

allows administrative staff to make management decisions.

Buy Now
Questions 191

Which of the following risk responses is an example of risk transfer?

Options:

A.

Utilizing third-party applications

B.

Purchasing cybersecurity insurance

C.

Moving risk ownership to another department

D.

Conducting off-site backups

Buy Now
Questions 192

After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?

Options:

A.

Calculating cost of the incident

B.

Conducting a postmortem assessment

C.

Performing an impact analysis

D.

Preserving the evidence

Buy Now
Questions 193

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Create a security exception.

B.

Perform a gap analysis to determine needed resources.

C.

Perform a vulnerability assessment.

D.

Assess the risk to business operations.

Buy Now
Questions 194

Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?

Options:

A.

Service level agreement (SLA)

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Business impact analysis (BIA)

Buy Now
Questions 195

Which of the following BEST demonstrates the added value of an information security program?

Options:

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Buy Now
Questions 196

Which of the following is the BEST source of information to support an organization's information security vision and strategy?

Options:

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Buy Now
Questions 197

Which of the following is a PRIMARY function of an incident response team?

Options:

A.

To provide effective incident mitigation

B.

To provide a risk assessment for zero-day vulnerabilities

C.

To provide a single point of contact for critical incidents

D.

To provide a business impact analysis (BIA)

Buy Now
Questions 198

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Options:

A.

Integrate risk management into the vendor management process.

B.

Conduct security reviews on the services and solutions delivered.

C.

Review third-party contracts as part of the vendor management process.

D.

Perform an audit on vendors' security controls and practices.

Buy Now
Questions 199

Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?

Options:

A.

Incident response plan can be activated in a timely manner.

B.

Incident metrics can be communicated.

C.

Risk response options can be identified quickly.

D.

Incident classification times can be improved.

Buy Now
Questions 200

Which of the following is the BEST indication ofa successful information security culture?

Options:

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Buy Now
Questions 201

An organization has identified a large volume of old data that appears to be unused. Which of the following should the information

security manager do NEXT?

Options:

A.

Consult the record retention policy.

B.

Update the awareness and training program.

C.

Implement media sanitization procedures.

D.

Consult the backup and recovery policy.

Buy Now
Questions 202

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

Options:

A.

Perform a risk analysis for critical applications.

B.

Determine whether critical success factors (CSFs) have been defined.

C.

Conduct a capability maturity model evaluation.

D.

Review and update current operational procedures.

Buy Now
Questions 203

Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Options:

A.

Risk assessments

B.

Threat models

C.

Penetration testing

D.

Internal audit reports

Buy Now
Questions 204

Which of the following tools would be MOST helpful to an incident response team?

Options:

A.

Intrusion detection system (IDS)

B.

Endpoint detection and response (EDR) solution

C.

User and entity behavior analytics

D.

Vulnerability scanning tools

Buy Now
Questions 205

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

Options:

A.

Inadequate incident response controls

B.

Lack of legal review

C.

Inadequate change control

D.

Lack of quality control

Buy Now
Questions 206

A global organization is developing an incident response team. The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events. Which of the following BEST supports these objectives?

Options:

A.

Virtual incident response team

B.

Distributed incident response team

C.

Outsourced incident response team

D.

Centralized incident response team

Buy Now
Questions 207

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

EradicationB Recovery

B.

Lessons learned review

C.

Incident declaration

Buy Now
Questions 208

A Seat a-hosting organization's data center houses servers, appli

BEST approach for developing a physical access control policy for the organization?

Options:

A.

Review customers’ security policies.

B.

Conduct a risk assessment to determine security risks and mitigating controls.

C.

Develop access control requirements for each system and application.

D.

Design single sign-on (SSO) or federated access.

Buy Now
Questions 209

An organization's information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?

Options:

A.

No owners were identified for some risks.

B.

Business applications had the highest number of risks.

C.

Risk mitigation action plans had no timelines.

D.

Risk mitigation action plan milestones were delayed.

Buy Now
Questions 210

An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''

Options:

A.

Deploy mobile device management (MDM)

B.

Implement remote wipe capability.

C.

Create an acceptable use policy.

D.

Conduct a mobile device risk assessment

Buy Now
Questions 211

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

Options:

A.

Perform a business impact analysis (BIA).

B.

Notify local law enforcement agencies of a breach.

C.

Activate the incident response program.

D.

Validate the risk to the organization.

Buy Now
Questions 212

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

Options:

A.

To define security roles and responsibilities

B.

To determine return on investment (ROI)

C.

To establish incident severity levels

D.

To determine the criticality of information assets

Buy Now
Questions 213

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Options:

A.

results of exit interviews.

B.

previous training sessions.

C.

examples of help desk requests.

D.

responses to security questionnaires.

Buy Now
Questions 214

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application's security compliance?

Options:

A.

During user acceptance testing (UAT)

B.

During the design phase

C.

During static code analysis

D.

During regulatory review

Buy Now
Questions 215

Relationships between critical systems are BEST understood by

Options:

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Buy Now
Questions 216

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

Options:

A.

Recovery

B.

Identification

C.

Containment

D.

Preparation

Buy Now
Questions 217

A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?

Options:

A.

Security manager

B.

Chief information security officer (CISO)

C.

System administrator

D.

Business owner

Buy Now
Questions 218

When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

Options:

A.

strong encryption

B.

regulatory compliance.

C.

data availability.

D.

security awareness training

Buy Now
Questions 219

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.

Include security requirements in the contract.

B.

Update the risk register.

C.

Consult with the business owner.

D.

Restrict application network access temporarily.

Buy Now
Questions 220

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

Options:

A.

To ensure industry best practices for enterprise security are followed

B.

To establish the minimum level of controls needed

C.

To determine the desired state of enterprise security

D.

To satisfy auditors' recommendations for enterprise security

Buy Now
Questions 221

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Options:

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party's service level agreement (SLA) does not include guarantees of uptime.

Buy Now
Questions 222

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

Options:

A.

Providing evidence that resources are performing as expected

B.

Verifying security costs do not exceed the budget

C.

Demonstrating risk is managed at the desired level

D.

Confirming the organization complies with security policies

Buy Now
Questions 223

Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?

Options:

A.

Ensuring the continued resilience and security of IT services

B.

Decreasing the percentage of security deployments that cause failures in production

C.

Reducing the number of control assessments to optimize resources

D.

Identifying and addressing security team performance issues

Buy Now
Questions 224

Senior management is concerned about data exposure through the use of public Al services. Which of the following is the information security manager's BEST course of action?

Options:

A.

Train all employees on the appropriate use of public Al services and confidential data.

B.

Disable access to public Al from company devices.

C.

Perform a risk assessment of public Al with appropriate recommendations for senior management.

D.

Perform a business impact analysis (BIA) of public Al.

Buy Now
Questions 225

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Buy Now
Questions 226

After a server has been attacked, which of the following is the BEST course of action?

Options:

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Buy Now
Questions 227

Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?

Options:

A.

Establishing the root cause of the incident

B.

Identifying attack vectors utilized in the incident

C.

When business operations were restored after the incident

D.

How incident management processes were executed

Buy Now
Questions 228

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

Options:

A.

Feedback from affected departments

B.

Historical data from past incidents

C.

Technical capabilities of the team

D.

Procedures for incident triage

Buy Now
Questions 229

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Buy Now
Questions 230

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Buy Now
Questions 231

Which of the following defines the triggers within a business continuity plan (BCP)? @

Options:

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Buy Now
Questions 232

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Buy Now
Questions 233

Which of the following BEST enables an organization to maintain an appropriate security control environment?

Options:

A.

Alignment to an industry security framework

B.

Budgetary support for security

C.

Periodic employee security training

D.

Monitoring of the threat landscape

Buy Now
Questions 234

The PRIMARY goal of the eradication phase in an incident response process is to:

Options:

A.

maintain a strict chain of custody.

B.

provide effective triage and containment of the incident.

C.

remove the threat and restore affected systems

D.

obtain forensic evidence from the affected system.

Buy Now
Questions 235

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Ensure a risk assessment is performed to evaluate the findings

B.

Ensure vulnerabilities found are resolved within acceptable timeframes

C.

Request funding needed to resolve the top vulnerabilities

D.

Report findings to senior management

Buy Now
Questions 236

Which of the following should be the PRIMARY basis for an information security strategy?

Options:

A.

The organization's vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Buy Now
Questions 237

Which of the following is the BEST approach for data owners to use when defining access privileges for users?

Define access privileges based on user roles.

Adopt user account settings recommended by the vendor.

Perform a risk assessment of the users' access privileges.

Options:

A.

Implement an identity and access management (IDM) tool.

Buy Now
Questions 238

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Options:

A.

Improved staff attendance in awareness sessions

B.

Decreased number of phishing emails received

C.

Improved feedback on the anti-phishing campaign

D.

Decreased number of incidents that have occurred

Buy Now
Questions 239

An incident response team has established that an application has been breached. Which of the following should be done NEXT?

Options:

A.

Maintain the affected systems in a forensically acceptable state

B.

Conduct a risk assessment on the affected application

C.

Inform senior management of the breach.

D.

Isolate the impacted systems from the rest of the network

Buy Now
Questions 240

Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?

Options:

A.

To ensure evidence is handled by qualified resources

B.

To validate the incident response process

C.

To provide the response team with expert training on evidence handling

D.

To prevent evidence from being disclosed to any internal staff members

Buy Now
Questions 241

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Options:

A.

Legal

B.

Information security

C.

Help desk

D.

Human resources (HR)

Buy Now
Questions 242

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:

A.

Right of the subscriber to conduct onsite audits of the vendor

B.

Escrow of software code with conditions for code release

C.

Authority of the subscriber to approve access to its data

D.

Commingling of subscribers' data on the same physical server

Buy Now
Questions 243

Which of the following is the MOST important requirement for a successful security program?

Options:

A.

Mapping security processes to baseline security standards

B.

Penetration testing on key systems

C.

Management decision on asset value

D.

Nondisclosure agreements (NDA) with employees

Buy Now
Questions 244

Which of the following BEST protects against emerging advanced persistent threat (APT) actors?

Options:

A.

Honeypot environment

B.

Updated security awareness materials

C.

Ongoing incident response training

D.

Proactive monitoring

Buy Now
Questions 245

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

Options:

A.

IT strategy

B.

Security architecture

C.

Business case

D.

Risk assessment

Buy Now
Questions 246

Which of the following metrics would provide an accurate measure of an information security program's performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Buy Now
Questions 247

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Options:

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Buy Now
Questions 248

Which of the following BEST enables an organization to effectively manage emerging cyber risk?

Options:

A.

Periodic internal and external audits

B.

Clear lines of responsibility

C.

Sufficient cyber budget allocation

D.

Cybersecurity policies

Buy Now
Questions 249

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Buy Now
Questions 250

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Buy Now
Questions 251

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

Options:

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Buy Now
Questions 252

Which of the following would BEST enable the timely execution of an incident response plan?

Options:

A.

The introduction of a decision support tool

B.

Definition of trigger events

C.

Clearly defined data classification process

D.

Centralized service desk

Buy Now
Questions 253

Recovery time objectives (RTOs) are an output of which of the following?

Options:

A.

Business continuity plan (BCP)

B.

Disaster recovery plan (DRP)

C.

Service level agreement (SLA)

D.

Business impact analysis (BIA)

Buy Now
Questions 254

When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided:

Options:

A.

on a need-to-know basis subject to controls.

B.

subject to legal and regulatory requirements.

C.

by the use of a remote access server.

D.

if a robust IT infrastructure exists.

Buy Now
Questions 255

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager's BEST course of action?

Options:

A.

Automate user provisioning activities.

B.

Maintain strict control over user provisioning activities.

C.

Formally document IT administrator activities.

D.

Implement monitoring of IT administrator activities.

Buy Now
Questions 256

Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?

Options:

A.

Labeling of data may help to ensure data is assigned to the correct cloud type.

B.

Laws and regulations of the origin country may not be applicable.

C.

There may be liabilities and penalties in the event of a security breach.

D.

Data may be stored in unknown locations and may not be easily retrievable.

Buy Now
Questions 257

An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?

Options:

A.

Evaluate the alignment with business strategy.

B.

Review technical controls.

C.

Update standards and procedures.

D.

Refresh the security training program.

Buy Now
Questions 258

Which of the following should be the PRIMARY objective of an information security governance framework?

Options:

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization's information security policies.

Buy Now
Questions 259

Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?

Options:

A.

Determine the final root cause of the incident.

B.

Remove all instances of the incident from the network.

C.

Mitigate exploited vulnerabilities to prevent future incidents.

D.

Isolate affected systems to prevent the spread of damage.

Buy Now
Questions 260

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Buy Now
Questions 261

During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?

Options:

A.

The certification includes industry-recognized security controls.

B.

The certification was issued within the last five years.

C.

The certification is issued for the specific scope.

D.

The certification is easily verified.

Buy Now
Questions 262

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Buy Now
Questions 263

Which of the following should be done FIRST when establishing an information security governance framework?

Options:

A.

Evaluate information security tools and skills relevant for the environment.

B.

Gain an understanding of the business and cultural attributes.

C.

Contract a third party to conduct an independent review of the program.

D.

Conduct a cost-benefit analysis of the framework.

Buy Now
Questions 264

An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?

Options:

A.

Information security policies and procedures

B.

Business continuity plan (BCP)

C.

Incident communication plan

D.

Incident response training program

Buy Now
Questions 265

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Options:

A.

incident has been confirmed.

B.

incident has been contained.

C.

potential incident has been logged.

D.

incident has been mitigated.

Buy Now
Questions 266

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

Options:

A.

Inform senior management

B.

Re-evaluate the risk

C.

Implement compensating controls

D.

Ask the business owner for the new remediation plan

Buy Now
Questions 267

Which of the following is MOST critical when creating an incident response plan?

Options:

A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Documenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Buy Now
Questions 268

Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?

Options:

A.

Information security manager

B.

IT risk manager

C.

Internal auditor

D.

Risk owner

Buy Now
Questions 269

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Options:

A.

Demonstrated return on security investment

B.

Reduction in inherent risk

C.

Results of an emerging threat analysis

D.

Review of security metrics trends

Buy Now
Questions 270

Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?

Options:

A.

Limiting the number of KRIs

B.

Comprehensively reporting on KRIs

C.

Aggregating common KRIs

D.

Linking KRIs to specific risks

Buy Now
Questions 271

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Options:

A.

Establish an organization-wide social media policy.

B.

Develop sanctions for misuse of social media sites.

C.

Monitor social media sites visited by employees.

D.

Restrict social media access on corporate devices.

Buy Now
Questions 272

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?

Options:

A.

Enforce the policy.

B.

Modify the policy.

C.

Present the risk to senior management.

D.

Create an exception for the deviation.

Buy Now
Questions 273

Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?

Options:

A.

Risk assessment program

B.

Information security awareness training

C.

Information security governance

D.

Information security metrics

Buy Now
Questions 274

Which of the following is MOST important when responding to a major security incident?

Options:

A.

Contacting forensic investigators

B.

Following the escalation process

C.

Notifying law enforcement

D.

Identifying the indicators of compromise

Buy Now
Questions 275

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Options:

A.

Assess changes in the risk profile.

B.

Activate the disaster recovery plan (DRP).

C.

Invoke the incident response plan.

D.

Conduct security awareness training.

Buy Now
Questions 276

Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

Options:

A.

Stakeholder feedback analysis

B.

Business continuity risk analysis

C.

Incident root cause analysis

D.

Business impact analysis (BIA)

Buy Now
Questions 277

After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?

Options:

A.

To ensure access rights meet classification requirements

B.

To facilitate the analysis of application logs

C.

To ensure web application availability

D.

To support strong two-factor authentication protocols

Buy Now
Questions 278

Which of the following is MOST important in increasing the effectiveness of incident responders?

Options:

A.

Communicating with the management team

B.

Integrating staff with the IT department

C.

Testing response scenarios

D.

Reviewing the incident response plan annually

Buy Now
Questions 279

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Options:

A.

An industry peer experienced a recent breach with a similar application.

B.

The system can be replicated for additional use cases.

C.

The cost of implementing the system is less than the impact of downtime.

D.

The solution is within the organization's risk tolerance.

Buy Now
Questions 280

An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Options:

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Buy Now
Questions 281

Which of the following BEST facilitates the effectiveness of cybersecurity incident response?

Options:

A.

Utilizing a security information and event management (SIEM) tool.

B.

Utilizing industry-leading network penetration testing tools.

C.

Increasing communication with all incident response stakeholders.

D.

Continuously updating signatures of the anti-malware solution.

Buy Now
Questions 282

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

Options:

A.

consistent security.

B.

comprehensive audits

C.

a security-aware culture

D.

compliance with policy

Buy Now
Questions 283

An organization has determined that fixing a security vulnerability in a critical application is too costly to be feasible, but the impact is material to the business. Which of the following is the MOST appropriate risk treatment?

Options:

A.

Purchase cybersecurity insurance.

B.

Accept the risk associated with continued use of the application.

C.

Implement compensating controls for the application.

D.

Discontinue using the application.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 4, 2025
Questions: 954
CISM pdf

CISM PDF

$59.7  $199
CISM Engine

CISM Testing Engine

$67.5  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$74.7  $249