Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?
What should be an information security manager's MOST important consideration when developing a multi-year plan?
Which is MOST important to identify when developing an effective information security strategy?
Once a suite of security controls has been successfully implemented for an organization's business units, it is MOST important for the information security manager to:
Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?
Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
Which of the following BEST enables an organization to continuously assess the information security risk posture?
The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
Which of the following is the MOST effective way to identify changes in an information security environment?
Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes? »
Which of the following BEST indicates misalignment of security policies with business objectives?
Which of the following would BEST ensure that security is integrated during application development?
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:
Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
Which of the following is necessary to ensure consistent protection for an organization's information assets?
An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?
An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?
Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?
Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?
Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?
When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:
Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?
Which of the following is the PRIMARY benefit of implementing an information security governance framework?
Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
An organization's quality process can BEST support security management by providing:
Which of the following should be of GREATEST concern regarding an organization's security controls?
Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?
Following an employee security awareness training program, what should be the expected outcome?
Management decisions concerning information security investments will be MOST effective when they are based on:
An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?
Which of the following will BEST enable an organization to meet incident response requirements when outsourcing its incident response function?
Which of the following is the BEST tool to monitor the effectiveness of information security governance?
Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?
Which of the following is MOST important to ensure incident management readiness?
Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?
Which of the following is the MOST important reason for an information security manager to archive and retain the organization's electronic communication and email data?
Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?
When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?
An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Which of the following should be the NEXT step after a security incident has been reported?
Which of the following has the GREATEST impact on efforts to improve an organization's security posture?
Which of the following is the MOST important consideration when establishing an organization's information security governance committee?
To help ensure that an information security training program is MOST effective its contents should be
Which of the following is MOST important to include in an information security status report management?
Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?
Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?
Which of the following is the MOST important consideration when determining which type of failover site to employ?
Prior to conducting a forensic examination, an information security manager should:
From a business perspective, the GREATEST benefit of an incident response plan is that it:
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
Which of the following BEST indicates that information assets are classified accurately?
Which of the following is the PRIMARY role of an information security manager in a software development project?
Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?
Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?
Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9
Which of the following BEST enables an organization to identify and contain security incidents?
Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?
Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?
Which of the following analyses will BEST identify the external influences to an organization's information security?
Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?
Which of the following is the MOST important function of an information security steering committee?
Which of the following is the MOST critical factor for information security program success?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Network isolation techniques are immediately implemented after a security breach to:
Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?
An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?
When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
Which of the following is MOST helpful to identify whether information security policies have been followed?
An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
Which of the following would BEST justify continued investment in an information security program?
Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?
The PRIMARY advantage of involving end users in continuity planning is that they:
An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:
Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?
Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?
Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?
As part of incident response activities, the BEST time to begin the recovery process is after:
Which of the following has the MOST influence on the information security investment process?
Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?
Which of the following BEST minimizes information security risk in deploying applications to the production environment?
An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?
A new information security reporting requirement will soon become effective. Which of the following should be the information security manager's FIRST action?
A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to:
An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
Which of the following is MOST important to ensure the alignment of an information security program with the organizational strategy?
An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:
An organization is in the process of defining policies for employee use of social media. It is MOST important for the information security manager to:
A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:
Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?
What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?
Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?
Which of the following is the BEST way to obtain organization-wide support for an information security program?
Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
Which of the following is the BEST reason to implement an information security architecture?
Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?
Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?
An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?
Which of the following has the MOST influence on the inherent risk of an information asset?
Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
Which of the following MUST be established to maintain an effective information security governance framework?
Which of the following should be implemented to BEST reduce the likelihood of a security breach?
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?
An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
Which of the following is the BEST course of action for an information security manager to align security and business goals?
What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?
A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?
Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?
When management changes the enterprise business strategy which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?
Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
Which of the following BEST determines the data retention strategy and subsequent policy for an organization?
Which of the following is the MOST important constraint to be considered when developing an information security strategy?
A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?
Which of the following is the BEST strategy when determining an organization's approach to risk treatment?
Which of the following is the MOST important characteristic of an effective information security metric?
Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?
Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?
Which of the following BEST ensures information security governance is aligned with corporate governance?
Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?
Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?
The MOST important element in achieving executive commitment to an information security governance program is:
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Which of the following is the PRIMARY benefit of an information security awareness training program?
Which of the following should be done FIRST when developing a business continuity plan (BCP)?
Which of the following is the PRIMARY reason to assign a risk owner in an organization?
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
Which of the following is MOST important to have in place when conducting a security control assessment of a system?
The categorization of incidents is MOST important for evaluating which of the following?
Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?
Which of the following is the BEST indication of an effective disaster recovery planning process?
Which of the following is the BEST option to lower the cost to implement application security controls?
Which of the following is the BEST course of action when confidential information is inadvertently disseminated outside the organization?
The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:
After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?
Which of the following BEST demonstrates the added value of an information security program?
Which of the following is the BEST source of information to support an organization's information security vision and strategy?
Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?
Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?
Which of the following is the BEST indication ofa successful information security culture?
An organization has identified a large volume of old data that appears to be unused. Which of the following should the information
security manager do NEXT?
Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?
Which of the following provides the MOST useful information for identifying security control gaps on an application server?
Which of the following tools would be MOST helpful to an incident response team?
A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?
A global organization is developing an incident response team. The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events. Which of the following BEST supports these objectives?
After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?
A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?
An organization's information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?
An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''
An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?
Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?
The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:
A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application's security compliance?
Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?
A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?
When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:
Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?
Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?
An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?
Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?
Senior management is concerned about data exposure through the use of public Al services. Which of the following is the information security manager's BEST course of action?
An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
After a server has been attacked, which of the following is the BEST course of action?
Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
Which of the following defines the triggers within a business continuity plan (BCP)? @
Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?
Which of the following BEST enables an organization to maintain an appropriate security control environment?
The PRIMARY goal of the eradication phase in an incident response process is to:
A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?
Which of the following should be the PRIMARY basis for an information security strategy?
Which of the following is the BEST approach for data owners to use when defining access privileges for users?
Define access privileges based on user roles.
Adopt user account settings recommended by the vendor.
Perform a risk assessment of the users' access privileges.
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
An incident response team has established that an application has been breached. Which of the following should be done NEXT?
Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?
Which of the following is the MOST important requirement for a successful security program?
Which of the following BEST protects against emerging advanced persistent threat (APT) actors?
An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?
Which of the following metrics would provide an accurate measure of an information security program's performance?
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Which of the following BEST enables an organization to effectively manage emerging cyber risk?
An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?
Which of the following BEST indicates that an information security governance framework has been successfully implemented?
Which of the following would BEST enable the timely execution of an incident response plan?
When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided:
A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager's BEST course of action?
Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?
An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?
Which of the following should be the PRIMARY objective of an information security governance framework?
Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?
An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?
Which of the following provides the BEST assurance that security policies are applied across business operations?
Which of the following should be done FIRST when establishing an information security governance framework?
An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?
Which of the following is MOST critical when creating an incident response plan?
Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?
Which of the following would provide the BEST evidence to senior management that security control performance has improved?
Which of the following is the GREATEST challenge when developing key risk indicators (KRIs)?
An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?
An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?
Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?
Which of the following is MOST important when responding to a major security incident?
Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?
Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?
After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?
Which of the following is MOST important in increasing the effectiveness of incident responders?
Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?
An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?
Which of the following BEST facilitates the effectiveness of cybersecurity incident response?
For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:
An organization has determined that fixing a security vulnerability in a critical application is too costly to be feasible, but the impact is material to the business. Which of the following is the MOST appropriate risk treatment?