Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

CISM Certified Information Security Manager Questions and Answers

Questions 4

An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

Options:

A.

a directory of approved local media contacts

B.

pre-prepared media statements

C.

procedures to contact law enforcement

D.

a single point of contact within the organization

Buy Now
Questions 5

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

Options:

A.

Obtain an independent audit report.

B.

Require the provider to follow stringent data classification procedures.

C.

Include high penalties for security breaches in the contract.

D.

Review the provider's information security policies.

Buy Now
Questions 6

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Options:

A.

Benchmark the processes with best practice to identify gaps.

B.

Calculate the return on investment (ROI).

C.

Provide security awareness training to HR.

D.

Assess the business objectives of the processes.

Buy Now
Questions 7

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Options:

A.

Access manager

B.

IT director

C.

System administrator

D.

Business owner

Buy Now
Questions 8

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?

Options:

A.

Engage an independent audit of the third party's external provider.

B.

Recommend canceling the contract with the third party.

C.

Evaluate the third party's agreements with its external provider.

D.

Conduct an external audit of the contracted third party.

Buy Now
Questions 9

When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?

Options:

A.

The information available about the vulnerability

B.

The sensitivity of the asset and the data it contains

C.

IT resource availability and constraints

D.

Whether patches have been developed and tested

Buy Now
Questions 10

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Options:

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Buy Now
Questions 11

An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?

Options:

A.

Operations manager

B.

Service owner

C.

Information security manager

D.

Incident response team

Buy Now
Questions 12

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Options:

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Buy Now
Questions 13

An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?

Options:

A.

Prepare an executive summary for senior management

B.

Gather feedback on business impact

C.

Conduct a meeting to capture lessons learned.

D.

Secure and preserve digital evidence for analysis.

Buy Now
Questions 14

When establishing an information security governance framework, it is MOST important for an information security manager to understand:

Options:

A.

information security best practices.

B.

risk management techniques.

C.

the threat environment.

D.

the corporate culture.

Buy Now
Questions 15

Application data integrity risk is MOST directly addressed by a design that includes:

Options:

A.

reconciliation routines such as checksums, hash totals, and record counts.

B.

strict application of an authorized data dictionary.

C.

application log requirements such as field-level audit trails and user activity logs.

D.

access control technologies such as role-based entitlements.

Buy Now
Questions 16

The PRIMARY benefit of integrating information security activities into change management processes is to:

Options:

A.

protect the organization from unauthorized changes.

B.

ensure required controls are included in changes.

C.

provide greater accountability for security-related changes in the business.

D.

protect the business from collusion and compliance threats.

Buy Now
Questions 17

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

Options:

A.

Implementing automated vulnerability scanning in the help desk workflow

B.

Changing the default setting for all security incidents to the highest priority

C.

Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

D.

Integrating incident response workflow into the help desk ticketing system

Buy Now
Questions 18

Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization’s security program?

Options:

A.

Management review policy

B.

Business continuity management policy

C.

Information security training policy

D.

Security incident management policy

Buy Now
Questions 19

An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:

• A bad actor broke into a business-critical FTP server by brute forcing an administrative password

• The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored

• The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server

• After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail

Which of the following could have been prevented by conducting regular incident response testing?

Options:

A.

Ignored alert messages

B.

The server being compromised

C.

The brute force attack

D.

Stolen data

Buy Now
Questions 20

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Buy Now
Questions 21

A business continuity plan (BCP) should contain:

Options:

A.

information about eradication activities.

B.

hardware and software inventories.

C.

data restoration procedures.

D.

criteria for activation.

Buy Now
Questions 22

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?

Options:

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Buy Now
Questions 23

Which of the following BEST ensures timely and reliable access to services?

Options:

A.

Nonrepudiation

B.

Authenticity

C.

Availability

D.

Recovery time objective (RTO)

Buy Now
Questions 24

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Options:

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Buy Now
Questions 25

Which of the following is PRIMARILY determined by asset classification?

Options:

A.

Insurance coverage required for assets

B.

Level of protection required for assets

C.

Priority for asset replacement

D.

Replacement cost of assets

Buy Now
Questions 26

Which of the following is the BEST approach for governing noncompliance with security requirements?

Options:

A.

Base mandatory review and exception approvals on residual risk,

B.

Require users to acknowledge the acceptable use policy.

C.

Require the steering committee to review exception requests.

D.

Base mandatory review and exception approvals on inherent risk.

Buy Now
Questions 27

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The total cost of the investment

B.

The cost and associated risk reduction

C.

The number and severity of ransomware incidents

D.

Benchmarks of industry peers impacted by ransomware

Buy Now
Questions 28

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Buy Now
Questions 29

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Options:

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Buy Now
Questions 30

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Buy Now
Questions 31

Which of the following is a desired outcome of information security governance?

Options:

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Buy Now
Questions 32

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Buy Now
Questions 33

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Options:

A.

Documentation of control procedures

B.

Standardization of compliance requirements

C.

Automation of controls

D.

Integration of assurance efforts

Buy Now
Questions 34

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Buy Now
Questions 35

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Options:

A.

Involving information security at each stage of project management

B.

Identifying responsibilities during the project business case analysis

C.

Creating a data classification framework and providing it to stakeholders

D.

Providing stakeholders with minimum information security requirements

Buy Now
Questions 36

The MOST important reason for having an information security manager serve on the change management committee is to:

Options:

A.

identify changes to the information security policy.

B.

ensure that changes are tested.

C.

ensure changes are properly documented.

D.

advise on change-related risk.

Buy Now
Questions 37

The MOST appropriate time to conduct a disaster recovery test would be after:

Options:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Buy Now
Questions 38

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Buy Now
Questions 39

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Buy Now
Questions 40

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Options:

A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Buy Now
Questions 41

Which of the following is the BEST indication ofa successful information security culture?

Options:

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Buy Now
Questions 42

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Options:

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Buy Now
Questions 43

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Options:

A.

Internal security audit

B.

External security audit

C.

Organizational risk appetite

D.

Business impact analysis (BIA)

Buy Now
Questions 44

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Buy Now
Questions 45

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Buy Now
Questions 46

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Buy Now
Questions 47

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Buy Now
Questions 48

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Options:

A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Buy Now
Questions 49

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Buy Now
Questions 50

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:

A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Buy Now
Questions 51

Which of the following would be MOST helpful to identify worst-case disruption scenarios?

Options:

A.

Business impact analysis (BIA)

B.

Business process analysis

C.

SWOT analysis

D.

Cast-benefit analysis

Buy Now
Questions 52

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Options:

A.

The security strategy is promoted.

B.

Fewer security incidents are reported.

C.

Security behavior is improved.

D.

More security incidents are detected.

Buy Now
Questions 53

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:

A.

Conduct an impact assessment.

B.

Isolate the affected systems.

C.

Rebuild the affected systems.

D.

Initiate incident response.

Buy Now
Questions 54

Management decisions concerning information security investments will be MOST effective when they are based on:

Options:

A.

a process for identifying and analyzing threats and vulnerabilities.

B.

an annual loss expectancy (ALE) determined from the history of security events,

C.

the reporting of consistent and periodic assessments of risks.

D.

the formalized acceptance of risk analysis by management,

Buy Now
Questions 55

What is the BEST way to reduce the impact of a successful ransomware attack?

Options:

A.

Perform frequent backups and store them offline.

B.

Purchase or renew cyber insurance policies.

C.

Include provisions to pay ransoms ih the information security budget.

D.

Monitor the network and provide alerts on intrusions.

Buy Now
Questions 56

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Options:

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization's incident response process.

Buy Now
Questions 57

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Options:

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Buy Now
Questions 58

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Buy Now
Questions 59

Which of the following is MOST important when conducting a forensic investigation?

Options:

A.

Analyzing system memory

B.

Documenting analysis steps

C.

Capturing full system images

D.

Maintaining a chain of custody

Buy Now
Questions 60

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Options:

A.

Responsible entities

B.

Key risk indicators (KRIS)

C.

Compensating controls

D.

Potential business impact

Buy Now
Questions 61

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Options:

A.

Cost of replacing the asset

B.

Cost of additional mitigation

C.

Annual loss expectancy (ALE)

D.

Annual rate of occurrence

Buy Now
Questions 62

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Buy Now
Questions 63

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

Options:

A.

To facilitate a qualitative risk assessment following the BIA

B.

To increase awareness of information security among key stakeholders

C.

To ensure the stakeholders providing input own the related risk

D.

To obtain input from as many relevant stakeholders as possible

Buy Now
Questions 64

A recovery point objective (RPO) is required in which of the following?

Options:

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Buy Now
Questions 65

Which of the following is MOST important for building 4 robust information security culture within an organization?

Options:

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Buy Now
Questions 66

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Options:

A.

Communicate disciplinary processes for policy violations.

B.

Require staff to participate in information security awareness training.

C.

Require staff to sign confidentiality agreements.

D.

Include information security responsibilities in job descriptions.

Buy Now
Questions 67

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

Options:

A.

Intrusion detection

B.

Log monitoring

C.

Patch management

D.

Antivirus software

Buy Now
Questions 68

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:

A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Buy Now
Questions 69

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Options:

A.

incident has been confirmed.

B.

incident has been contained.

C.

potential incident has been logged.

D.

incident has been mitigated.

Buy Now
Questions 70

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Options:

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Buy Now
Questions 71

Which of the following BEST facilitates effective incident response testing?

Options:

A.

Including all business units in testing

B.

Simulating realistic test scenarios

C.

Reviewing test results quarterly

D.

Testing after major business changes

Buy Now
Questions 72

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Buy Now
Questions 73

What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Options:

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Buy Now
Questions 74

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Buy Now
Questions 75

Which of the following is the PRIMARY reason for granting a security exception?

Options:

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Buy Now
Questions 76

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Buy Now
Questions 77

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Buy Now
Questions 78

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Options:

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Buy Now
Questions 79

Penetration testing is MOST appropriate when a:

Options:

A.

new system is about to go live.

B.

new system is being designed.

C.

security policy is being developed.

D.

security incident has occurred,

Buy Now
Questions 80

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Options:

A.

Root cause analysis

B.

Post-incident review

C.

Chain of custody

D.

Incident logging

Buy Now
Questions 81

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

Options:

A.

To alert on unacceptable risk

B.

To identify residual risk

C.

To reassess risk appetite

D.

To benchmark control performance

Buy Now
Questions 82

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Options:

A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Buy Now
Questions 83

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.

Before relying on this certification, it is MOST important that the information security manager confirms that the:

Options:

A.

current international standard was used to assess security processes.

B.

certification will remain current through the life of the contract.

C.

certification scope is relevant to the service being offered.

D.

certification can be extended to cover the client's business.

Buy Now
Questions 84

Of the following, who is in the BEST position to evaluate business impacts?

Options:

A.

Senior management

B.

Information security manager

C.

IT manager

D.

Process manager

Buy Now
Questions 85

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Buy Now
Questions 86

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

conduct an incident forensic analysis.

B.

fallow the incident response plan

C.

notify the business process owner.

D.

fallow the business continuity plan (BCP).

Buy Now
Questions 87

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Buy Now
Questions 88

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Options:

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Buy Now
Questions 89

Network isolation techniques are immediately implemented after a security breach to:

Options:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Buy Now
Questions 90

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.

Management's business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Buy Now
Questions 91

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Options:

A.

A capability and maturity assessment

B.

Detailed analysis of security program KPIs

C.

An information security dashboard

D.

An information security risk register

Buy Now
Questions 92

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

Options:

A.

To compare emerging trends with the existing organizational security posture

B.

To communicate worst-case scenarios to senior management

C.

To train information security professionals to mitigate new threats

D.

To determine opportunities for expanding organizational information security

Buy Now
Questions 93

Which of the following is MOST effective in monitoring an organization's existing risk?

Options:

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Buy Now
Questions 94

Which of the following will result in the MOST accurate controls assessment?

Options:

A.

Mature change management processes

B.

Senior management support

C.

Well-defined security policies

D.

Unannounced testing

Buy Now
Questions 95

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Options:

A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Buy Now
Questions 96

The BEST way to identify the risk associated with a social engineering attack is to:

Options:

A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Buy Now
Questions 97

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)

B.

Infrastructure as a Service (laaS)

C.

Platform as a Service (PaaS)

D.

Software as a Service (SaaS)

Buy Now
Questions 98

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.

Increase the frequency of system backups.

B.

Review the mitigating security controls.

C.

Notify staff members of the threat.

D.

Assess the risk to the organization.

Buy Now
Questions 99

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Options:

A.

Risk levels may be elevated beyond acceptable limits.

B.

Security audits may report more high-risk findings.

C.

The compensating controls may not be cost efficient.

D.

Noncompliance with industry best practices may result.

Buy Now
Questions 100

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Buy Now
Questions 101

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

Options:

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Buy Now
Questions 102

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Revise the policy.

B.

Perform a root cause analysis.

C.

Conduct a risk assessment,

D.

Communicate the acceptable use policy.

Buy Now
Questions 103

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Options:

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Buy Now
Questions 104

Threat and vulnerability assessments are important PRIMARILY because they are:

Options:

A.

used to establish security investments

B.

the basis for setting control objectives.

C.

elements of the organization's security posture.

D.

needed to estimate risk.

Buy Now
Questions 105

Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?

Options:

A.

Consult with IT staff and assess the risk based on their recommendations

B.

Update the security policy based on the regulatory requirements

C.

Propose relevant controls to ensure the business complies with the regulation

D.

Identify and assess the risk in the context of business objectives

Buy Now
Questions 106

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Options:

A.

Performing penetration tests against the network to demonstrate business vulnerability

B.

Highlighting competitor performance regarding network best security practices

C.

Demonstrating that targeted security controls tie to business objectives

D.

Presenting comparable security implementation estimates from several vendors

Buy Now
Questions 107

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Options:

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Buy Now
Questions 108

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Ensure a risk assessment is performed to evaluate the findings

B.

Ensure vulnerabilities found are resolved within acceptable timeframes

C.

Request funding needed to resolve the top vulnerabilities

D.

Report findings to senior management

Buy Now
Questions 109

Reverse lookups can be used to prevent successful:

Options:

A.

denial of service (DoS) attacks

B.

session hacking

C.

phishing attacks

D.

Internet protocol (IP) spoofing

Buy Now
Questions 110

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Buy Now
Questions 111

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Buy Now
Questions 112

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents

B.

identify vulnerabilities

C.

identify control improvements.

D.

identify the root cause.

Buy Now
Questions 113

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Buy Now
Questions 114

Labeling information according to its security classification:

Options:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Buy Now
Questions 115

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Buy Now
Questions 116

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Buy Now
Questions 117

When collecting admissible evidence, which of the following is the MOST important requirement?

Options:

A.

Need to know

B.

Preserving audit logs

C.

Due diligence

D.

Chain of custody

Buy Now
Questions 118

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

Options:

A.

Adopt the cloud provider's incident response procedures.

B.

Transfer responsibility for incident response to the cloud provider.

C.

Continue using the existing incident response procedures.

D.

Revise incident response procedures to encompass the cloud environment.

Buy Now
Questions 119

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents.

B.

identify vulnerabilities.

C.

identify control improvements.

D.

identify the root cause.

Buy Now
Questions 120

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Buy Now
Questions 121

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:

A.

Storing the plan at an offsite location

B.

Communicating the plan to all stakeholders

C.

Updating the plan periodically

D.

Conducting a walk-through of the plan

Buy Now
Questions 122

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Buy Now
Questions 123

Which of the following BEST enables the integration of information security governance into corporate governance?

Options:

A.

Well-decumented information security policies and standards

B.

An information security steering committee with business representation

C.

Clear lines of authority across the organization

D.

Senior management approval of the information security strategy

Buy Now
Questions 124

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Options:

A.

Install the OS, patches, and application from the original source.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Remove all signs of the intrusion from the OS and application.

Buy Now
Questions 125

Which of the following should be the PRIMARY basis for determining the value of assets?

Options:

A.

Cost of replacing the assets

B.

Business cost when assets are not available

C.

Original cost of the assets minus depreciation

D.

Total cost of ownership (TCO)

Buy Now
Questions 126

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Options:

A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Buy Now
Questions 127

Implementing the principle of least privilege PRIMARILY requires the identification of:

Options:

A.

job duties

B.

data owners

C.

primary risk factors.

D.

authentication controls

Buy Now
Questions 128

Which of the following is the MOST important requirement for a successful security program?

Options:

A.

Mapping security processes to baseline security standards

B.

Penetration testing on key systems

C.

Management decision on asset value

D.

Nondisclosure agreements (NDA) with employees

Buy Now
Questions 129

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Buy Now
Questions 130

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor's independent control reports.

Buy Now
Questions 131

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Options:

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Buy Now
Questions 132

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Options:

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Buy Now
Questions 133

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Options:

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Buy Now
Questions 134

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Options:

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Buy Now
Questions 135

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Options:

A.

Legal and regulatory requirements

B.

Likelihood of a disaster

C.

Organizational tolerance to service interruption

D.

Geographical location of the backup site

Buy Now
Questions 136

Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Options:

A.

A patch management process

B.

Version control

C.

Change management controls

D.

Logical access controls

Buy Now
Questions 137

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

Options:

A.

rely on senior management to enforce security.

B.

promote the relevance and contribution of security.

C.

focus on compliance.

D.

reiterate the necessity of security.

Buy Now
Questions 138

Which of the following should be the PRIMARY basis for an information security strategy?

Options:

A.

The organization's vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Buy Now
Questions 139

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Buy Now
Questions 140

Which of the following is the BEST indication of information security strategy alignment with the “&

Options:

A.

Percentage of information security incidents resolved within defined service level agreements (SLAs)

B.

Percentage of corporate budget allocated to information security initiatives

C.

Number of business executives who have attended information security awareness sessions

D.

Number of business objectives directly supported by information security initiatives

Buy Now
Questions 141

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees' roles

D.

based on recent incidents

Buy Now
Questions 142

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Buy Now
Questions 143

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Buy Now
Questions 144

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Buy Now
Questions 145

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Buy Now
Questions 146

Which of the following events would MOST likely require a revision to the information security program?

Options:

A.

An increase in industry threat level .

B.

A significant increase in reported incidents

C.

A change in IT management

D.

A merger with another organization

Buy Now
Questions 147

To support effective risk decision making, which of the following is MOST important to have in place?

Options:

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Buy Now
Questions 148

Which of the following has the GREATEST influence on an organization's information security strategy?

Options:

A.

The organization's risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Buy Now
Questions 149

Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

Options:

A.

IT system clocks are not synchronized with the centralized logging server.

B.

Operating systems are no longer supported by the vendor.

C.

The patch management system does not deploy patches in a timely manner.

D.

An organization has a decentralized data center that uses cloud services.

Buy Now
Questions 150

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.

Wider range of capabilities

B.

Easier implementation across an organization

C.

Greater ability to focus on core business operations

D.

Lower cost of operations

Buy Now
Questions 151

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Options:

A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Buy Now
Questions 152

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Buy Now
Questions 153

Which of the following documents should contain the INITIAL prioritization of recovery of services?

Options:

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Buy Now
Questions 154

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization's data by the user

D.

Monitoring how often the smartphone is used

Buy Now
Questions 155

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Options:

A.

Review independent security assessment reports for each vendor.

B.

Benchmark each vendor's services with industry best practices.

C.

Analyze the risks and propose mitigating controls.

D.

Define information security requirements and processes.

Buy Now
Questions 156

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

Options:

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Buy Now
Questions 157

A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

Options:

A.

the risk assessment has not defined the likelihood of occurrence

B.

the reported vulnerability has not been validated

C.

executive management is not aware of the impact potential

D.

the cost of implementing controls exceeds the potential financial losses.

Buy Now
Questions 158

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Buy Now
Questions 159

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:

A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset's value is critical to risk management.

D.

The responsibility for security rests with all employees.

Buy Now
Questions 160

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Buy Now
Questions 161

Which of the following BEST enables an organization to transform its culture to support information security?

Options:

A.

Periodic compliance audits

B.

Strong management support

C.

Robust technical security controls

D.

Incentives for security incident reporting

Buy Now
Questions 162

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Buy Now
Questions 163

Which of the following is an example of risk mitigation?

Options:

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Buy Now
Questions 164

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Options:

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Buy Now
Questions 165

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

Which of the following would provide the MOST useful information for planning purposes? »

Options:

A.

Results from a business impact analysis (BIA)

B.

Deadlines and penalties for noncompliance

C.

Results from a gap analysis

D.

An inventory of security controls currently in place

Buy Now
Questions 166

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Buy Now
Questions 167

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Options:

A.

Security incident reporting procedures are followed.

B.

Security staff turnover is reduced.

C.

Information assets are classified appropriately.

D.

Access is granted based on task requirements.

Buy Now
Questions 168

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

Options:

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Buy Now
Questions 169

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Buy Now
Questions 170

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:

A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Buy Now
Questions 171

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Options:

A.

Process owners

B.

End users

C.

Security architects.

D.

Corporate auditors

Buy Now
Questions 172

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Options:

A.

It transfers the risk associated with recovery to a third party.

B.

It lowers the annual cost to the business.

C.

It eliminates the need to maintain offsite facilities.

D.

It eliminates the need for the business to perform testing.

Buy Now
Questions 173

Prior to conducting a forensic examination, an information security manager should:

Options:

A.

boot the original hard disk on a clean system.

B.

create an image of the original data on new media.

C.

duplicate data from the backup media.

D.

shut down and relocate the server.

Buy Now
Questions 174

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Buy Now
Questions 175

An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?

Options:

A.

Conduct user awareness training within the IT function.

B.

Propose that IT update information security policies and procedures.

C.

Determine the risk related to noncompliance with the policy.

D.

Request that internal audit conduct a review of the policy development process,

Buy Now
Questions 176

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.

enhance the organization's antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization's detective controls.

D.

reduce the need for a security awareness program.

Buy Now
Questions 177

Information security controls should be designed PRIMARILY based on:

Options:

A.

a business impact analysis (BIA).

B.

regulatory requirements.

C.

business risk scenarios,

D.

a vulnerability assessment.

Buy Now
Questions 178

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Options:

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Buy Now
Questions 179

Which of the following is the BEST indication of an effective information security awareness training program?

Options:

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Buy Now
Questions 180

Which of the following should be the PRIMARY objective of the information security incident response process?

Options:

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Buy Now
Questions 181

An online bank identifies a successful network attack in progress. The bank should FIRST:

Options:

A.

isolate the affected network segment.

B.

report the root cause to the board of directors.

C.

assess whether personally identifiable information (Pll) is compromised.

D.

shut down the entire network.

Buy Now
Questions 182

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Buy Now
Questions 183

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Buy Now
Questions 184

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Options:

A.

Poor documentation of results and lessons learned

B.

Lack of communication to affected users

C.

Disruption to the production environment

D.

Lack of coordination among departments

Buy Now
Questions 185

Which of the following is the MOST critical factor for information security program success?

Options:

A.

comprehensive risk assessment program for information security

B.

The information security manager's knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Buy Now
Questions 186

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Options:

A.

Balanced scorecard

B.

Risk matrix

C.

Benchmarking

D.

Heat map

Buy Now
Questions 187

When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:

Options:

A.

Review key risk indicators (KRIs)

B.

Perform a gap analysis

C.

Consult process owners

D.

Update key performance indicators (KPIs)

Buy Now
Questions 188

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Buy Now
Questions 189

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Options:

A.

Store disaster recovery documentation in a public cloud.

B.

Maintain an outsourced contact center in another country.

C.

Require disaster recovery documentation be stored with all key decision makers.

D.

Provide annual disaster recovery training to appropriate staff.

Buy Now
Questions 190

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Options:

A.

Preventive

B.

Corrective

C.

Detective

D.

Deterrent

Buy Now
Questions 191

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

Options:

A.

security metrics are included in the service level agreement (SLA).

B.

contract clauses comply with the organization's information security policy.

C.

the information security policy of the third-party service provider is reviewed.

D.

right to audit is included in the service level agreement (SLA).

Buy Now
Questions 192

Which of the following is the BEST approach to make strategic information security decisions?

Options:

A.

Establish regular information security status reporting.

B.

Establish an information security steering committee.

C.

Establish business unit security working groups.

D.

Establish periodic senior management meetings.

Buy Now
Questions 193

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Buy Now
Questions 194

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Options:

A.

Prevent the user from using personal mobile devices.

B.

Report the incident to the police.

C.

Wipe the device remotely.

D.

Remove user's access to corporate data.

Buy Now
Questions 195

Which of the following defines the triggers within a business continuity plan (BCP)? @

Options:

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Buy Now
Questions 196

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Options:

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Buy Now
Questions 197

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.

Decrease in the number of security incidents

B.

Increase in the frequency of security incident escalations

C.

Reduction in the impact of security incidents

D.

Increase in the number of reported security incidents

Buy Now
Questions 198

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Options:

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Buy Now
Questions 199

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Options:

A.

validate the confidentiality during analysis.

B.

reinstate original data when accidental changes occur.

C.

validate the integrity during analysis.

D.

provide backup in case of media failure.

Buy Now
Questions 200

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Options:

A.

Purchase cyber insurance

B.

Encrypt sensitive production data

C.

Perform Integrity checks on backups

D.

Maintain multiple offline backups

Buy Now
Questions 201

Which of the following analyses will BEST identify the external influences to an organization's information security?

Options:

A.

Business impact analysis (BIA)

B.

Gap analysis

C.

Threat analysis

D.

Vulnerability analysis

Buy Now
Questions 202

Which of the following is the MOST effective way to prevent information security incidents?

Options:

A.

Implementing a security information and event management (SIEM) tool

B.

Implementing a security awareness training program for employees

C.

Deploying a consistent incident response approach

D.

Deploying intrusion detection tools in the network environment

Buy Now
Questions 203

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Buy Now
Questions 204

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

Options:

A.

Risk acceptance by the business has been documented

B.

Teams and individuals responsible for recovery have been identified

C.

Copies of recovery and incident response plans are kept offsite

D.

Incident response and recovery plans are documented in simple language

Buy Now
Questions 205

Reevaluation of risk is MOST critical when there is:

Options:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Buy Now
Questions 206

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Buy Now
Questions 207

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Buy Now
Questions 208

An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?

Options:

A.

Perform a manual verification of file counts.

B.

Encrypt and back up the hard drive before copying.

C.

Use the same hardware for the image as the original.

D.

Perform digital hashing of the original and the image.

Buy Now
Questions 209

Which of the following is the BEST indication of a mature information security program?

Options:

A.

Security incidents are managed properly.

B.

Security spending is below budget.

C.

Security resources are optimized.

D.

Security audit findings are reduced.

Buy Now
Questions 210

Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?

Options:

A.

The plan has summarized IT costs for implementation.

B.

The plan resolves all potential threats to business processes.

C.

The plan focuses on meeting industry best practices and industry standards.

D.

The plan is based on a review of threats and vulnerabilities.

Buy Now
Questions 211

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

Options:

A.

Conduct phishing awareness training.

B.

Implement disciplinary procedures.

C.

Establish an acceptable use policy.

D.

Assess and update spam filtering rules.

Buy Now
Questions 212

Which type of backup BEST enables an organization to recover data after a ransomware attack?

Options:

A.

Online backup

B.

Incremental backup

C.

Differential backup

D.

Offline backup

Buy Now
Questions 213

Which type of control is an incident response team?

Options:

A.

Preventive

B.

Detective

C.

Corrective

D.

Directive

Buy Now
Questions 214

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Options:

A.

Review current recovery policies.

B.

Define the organizational strategy.

C.

Prioritize the critical processes.

D.

Review existing cyber insurance coverage.

Buy Now
Questions 215

Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?

Options:

A.

Information security manager

B.

Information security steering committee

C.

Information owner

D.

Senior management

Buy Now
Questions 216

A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

Options:

A.

A rules of engagement form was not signed prior to the penetration test

B.

Vulnerabilities were not found by internal tests

C.

Vulnerabilities were caused by insufficient user acceptance testing (UAT)

D.

Exploit code for one of the vulnerabilities is publicly available

Buy Now
Questions 217

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

Options:

A.

Invoke the incident response plan

B.

Implement role-based access control (RBAC)

C.

Remove access to the information

D.

Delete the information from the file server

Buy Now
Questions 218

An information security program is BEST positioned for success when it is closely aligned with:

Options:

A.

information security best practices.

B.

recognized industry frameworks.

C.

information security policies.

D.

the information security strategy.

Buy Now
Questions 219

The contribution of recovery point objective (RPO) to disaster recovery is to:

Options:

A.

minimize outage periods.

B.

eliminate single points of failure.

C.

define backup strategy

D.

reduce mean time between failures (MTBF).

Buy Now
Questions 220

Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?

Options:

A.

Number of security incidents reported to the help desk

B.

Percentage of employees who regularly attend security training

C.

Percentage of employee computers and devices infected with malware

D.

Number of phishing emails viewed by end users

Buy Now
Questions 221

Which is MOST important to identify when developing an effective information security strategy?

Options:

A.

Security awareness training needs

B.

Potential savings resulting from security governance

C.

Business assets to be secured

D.

Residual risk levels

Buy Now
Questions 222

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Buy Now
Questions 223

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Options:

A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Buy Now
Questions 224

Which or the following is MOST important to consider when determining backup frequency?

Options:

A.

Recovery point objective (RPO)

B.

Recovery time objective (RTO)

C.

Allowable interruption window

D.

Maximum tolerable outage (MTO)

Buy Now
Questions 225

Which of the following BEST supports investments in an information security program?

Options:

A.

Business cases

B.

Business impact analysis (BIA)

C.

Gap analysis results

D.

Risk assessment results

Buy Now
Questions 226

After a ransomware incident an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?

Options:

A.

The service level agreement (SLA) was not met.

B.

The recovery time objective (RTO) was not met.

C.

The root cause was not identified.

D.

Notification to stakeholders was delayed.

Buy Now
Questions 227

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

Options:

A.

Revise the procurement process.

B.

Update the change management process.

C.

Discuss the issue with senior leadership.

D.

Remove the application from production.

Buy Now
Questions 228

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Options:

A.

IT strategy

B.

Recovery strategy

C.

Risk mitigation strategy

D.

Security strategy

Buy Now
Questions 229

Which of the following is MOST important to determine following the discovery and eradication of a malware attack?

Options:

A.

The malware entry path

B.

The creator of the malware

C.

The type of malware involved

D.

The method of detecting the malware

Buy Now
Questions 230

Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?

Options:

A.

The strategy aligns with management’s acceptable level of risk.

B.

The strategy addresses ineffective information security controls.

C.

The strategy aligns with industry benchmarks and standards.

D.

The strategy addresses organizational maturity and the threat environment.

Buy Now
Questions 231

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

Options:

A.

Feedback from affected departments

B.

Historical data from past incidents

C.

Technical capabilities of the team

D.

Procedures for incident triage

Buy Now
Questions 232

The effectiveness of an incident response team will be GREATEST when:

Options:

A.

the incident response team meets on a regular basis to review log files.

B.

the incident response team members are trained security personnel.

C.

the incident response process is updated based on lessons learned.

D.

incidents are identified using a security information and event monitoring {SIEM) system.

Buy Now
Questions 233

Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?

Options:

A.

Enforce the local regulation.

B.

Obtain legal guidance.

C.

Enforce the organization's information security policy.

D.

Obtain an independent assessment of the regulation.

Buy Now
Questions 234

Which of the following should be the PRIMARY outcome of an information security program?

Options:

A.

Strategic alignment

B.

Risk elimination

C.

Cost reduction

D.

Threat reduction

Buy Now
Questions 235

If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?

Options:

A.

Initiate the escalation process.

B.

Continue the investigation.

C.

Invoke the business continuity plan (BCP).

D.

Engage the crisis management team.

Buy Now
Questions 236

The PRIMARY goal to a post-incident review should be to:

Options:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Buy Now
Questions 237

When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?

Options:

A.

Gap analysis

B.

Project plans

C.

Vulnerability assessment

D.

Business impact analysis (BIA)

Buy Now
Questions 238

Which type of recovery site is MOST reliable and can support stringent recovery requirements?

Options:

A.

Cold site

B.

Warm site

C.

Hot site

D.

Mobile site

Buy Now
Questions 239

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

Options:

A.

Limited liability clause

B.

Explanation of information usage

C.

Information encryption requirements

D.

Access control requirements

Buy Now
Questions 240

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Options:

A.

Demonstrated return on security investment

B.

Reduction in inherent risk

C.

Results of an emerging threat analysis

D.

Review of security metrics trends

Buy Now
Questions 241

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Options:

A.

Compartmentalization

B.

Overlapping redundancy

C.

Continuous monitoring

D.

Multi-factor authentication

Buy Now
Questions 242

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Options:

A.

Temporarily suspend wire transfers for the organization.

B.

Provide awareness training to the CEO for this type of phishing attack.

C.

Provide awareness training to staff responsible for wire transfers.

D.

Disable emails for staff responsible for wire transfers.

Buy Now
Questions 243

Which of the following is MOST helpful in determining the criticality of an organization's business functions?

Options:

A.

Disaster recovery plan (DRP)

B.

Business impact analysis (BIA)

C.

Business continuity plan (BCP)

D.

Security assessment report (SAR)

Buy Now
Questions 244

Which of the following is the GREATEST benefit of using AI tools in security operations?

Options:

A.

Defined risk tolerance

B.

Reduced time and effort required to patch systems

C.

Prioritized vulnerabilities

D.

Rapid detection and response to threats

Buy Now
Questions 245

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

Options:

A.

Assess the residual risk.

B.

Share lessons learned with the organization.

C.

Update the system's documentation.

D.

Allocate budget for penetration testing.

Buy Now
Questions 246

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Buy Now
Questions 247

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Implement a SIEM solution.

B.

Perform a threat analysis.

C.

Establish performance metrics for the team.

D.

Perform a post-incident review.

Buy Now
Questions 248

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Options:

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Buy Now
Questions 249

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Create a security exception.

B.

Perform a gap analysis to determine needed resources.

C.

Perform a vulnerability assessment.

D.

Assess the risk to business operations.

Buy Now
Questions 250

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Options:

A.

Evaluate the security posture of the organization.

B.

Identify unmitigated risk.

C.

Prevent incident recurrence.

D.

Support business investments in security.

Buy Now
Questions 251

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Options:

A.

Data owner

B.

Business owner

C.

Information security manager

D.

Compliance manager

Buy Now
Questions 252

Identifying which of the following BEST enables a cyberattack to be contained?

Options:

A.

The vulnerability exploited by the attack

B.

The segment targeted by the attack

C.

The IP address of the computer that launched the attack

D.

The threat actor that initiated the attack

Buy Now
Questions 253

Which of the following is MOST important for the successful implementation of an incident response plan?

Options:

A.

Ensuring response staff are appropriately trained

B.

Developing metrics for incident response reporting

C.

Establishing an escalation process for the help desk

D.

Developing a RACI chart of response staff functions

Buy Now
Questions 254

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.

Administering information security awareness training

B.

Defining security strategies to support organizational programs

C.

Ensuring adequate support for solutions using emerging technologies

D.

Advising senior management on optimal levels of risk appetite and tolerance

Buy Now
Questions 255

Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

Options:

A.

The solution contributes to business strategy.

B.

The solution improves business risk tolerance levels.

C.

The solution improves business resiliency.

D.

The solution reduces the cost of noncompliance with regulations.

Buy Now
Questions 256

An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?

Options:

A.

The vendor's data centers are in the same geographic region.

B.

The encryption keys are not provisled to the vendor.

C.

The vendor's controls are in line with the organization's security standards.

D.

Independent audits of the vendor's operations are regularly conducted.

Buy Now
Questions 257

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

EradicationB Recovery

B.

Lessons learned review

C.

Incident declaration

Buy Now
Questions 258

Which of the following is the MOST important consideration when determining which type of failover site to employ?

Options:

A.

Reciprocal agreements

B.

Disaster recovery test results

C.

Recovery time objectives (RTOs)

D.

Data retention requirements

Buy Now
Questions 259

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

Options:

A.

Ensure security is involved in the procurement process.

B.

Review the third-party contract with the organization's legal department.

C.

Conduct an information security audit on the third-party vendor.

D.

Communicate security policy with the third-party vendor.

Buy Now
Questions 260

A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?

Options:

A.

Include binding corporate rules into the global agreement

B.

Review the agreement for each country separately

C.

Set up a governance organization for each country

D.

Set up companion agreements for each country

Buy Now
Questions 261

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?

Options:

A.

Suspend the data exchange with the provider

B.

Notify appropriate regulatory authorities of the breach.

C.

Initiate the business continuity plan (BCP)

D.

Validate the breach with the provider

Buy Now
Questions 262

An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Reinforce security awareness practices for end users.

B.

Temporarily outsource the email system to a cloud provider.

C.

Develop a business case to replace the system.

D.

Monitor outgoing traffic on the firewall.

Buy Now
Questions 263

Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Penetration test results

D.

Vulnerability scan results

Buy Now
Questions 264

Which of the following BEST determines an information asset's classification?

Options:

A.

Value of the information asset in the marketplace

B.

Criticality to a business process

C.

Risk assessment from the data owner

D.

Cost of producing the information asset

Buy Now
Questions 265

Which of the following should be done FIRST when establishing an information security governance framework?

Options:

A.

Evaluate information security tools and skills relevant for the environment.

B.

Gain an understanding of the business and cultural attributes.

C.

Contract a third party to conduct an independent review of the program.

D.

Conduct a cost-benefit analysis of the framework.

Buy Now
Questions 266

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Options:

A.

Improved staff attendance in awareness sessions

B.

Decreased number of phishing emails received

C.

Improved feedback on the anti-phishing campaign

D.

Decreased number of incidents that have occurred

Buy Now
Questions 267

What is the role of the information security manager in finalizing contract negotiations with service providers?

Options:

A.

To perform a risk analysis on the outsourcing process

B.

To obtain a security standard certification from the provider

C.

To update security standards for the outsourced process

D.

To ensure that clauses for periodic audits are included

Buy Now
Questions 268

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?

Options:

A.

Protection of business value and assets

B.

Identification of core business strategiesC, Easier entrance into new businesses and technologies

C.

Improved regulatory compliance posture

Buy Now
Questions 269

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Buy Now
Questions 270

Which of the following is MOST helpful to identify whether information security policies have been followed?

Options:

A.

Preventive controls

B.

Detective controls

C.

Directive controls

D.

Corrective controls

Buy Now
Questions 271

Which of the following is the BEST reason to implement a comprehensive information security management system?

    To ensure continuous alignment with the organizational strategy

    To gain senior management support for the information security program

    To support identification of key risk indicators (KRIs)

Options:

A.

To facilitate compliance with external regulatory requirements

Buy Now
Questions 272

The PRIMARY objective of timely declaration of a disaster is to:

Options:

A.

ensure engagement of business management in the recovery process.

B.

assess and correct disaster recovery process deficiencies.

C.

protect critical physical assets from further loss.

D.

ensure the continuity of the organization's essential services.

Buy Now
Questions 273

Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?

Options:

A.

Demonstrate the effectiveness of business continuity plans (BCPs).

B.

Report key performance indicator (KPI) trends.

C.

Demonstrate that the program enables business activities.

D.

Provide evidence of increased security events at peer organizations.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jun 12, 2025
Questions: 910
CISM pdf

CISM PDF

$69.65  $199
CISM Engine

CISM Testing Engine

$78.75  $225
CISM PDF + Engine

CISM PDF + Testing Engine

$87.15  $249