An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:
Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?
An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?
When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?
Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?
An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?
Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?
An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?
When establishing an information security governance framework, it is MOST important for an information security manager to understand:
Application data integrity risk is MOST directly addressed by a design that includes:
The PRIMARY benefit of integrating information security activities into change management processes is to:
An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?
Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization’s security program?
An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
• A bad actor broke into a business-critical FTP server by brute forcing an administrative password
• The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
• The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
• After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail
Which of the following could have been prevented by conducting regular incident response testing?
Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?
Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
Which of the following is the BEST approach for governing noncompliance with security requirements?
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
Which of the following is the BEST indicator of an organization's information security status?
Which of the following is a desired outcome of information security governance?
An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
An information security manager developing an incident response plan MUST ensure it includes:
IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?
The MOST important reason for having an information security manager serve on the change management committee is to:
Which of the following is the PRIMARY role of an information security manager in a software development project?
Which of the following BEST indicates that information assets are classified accurately?
Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
Which of the following is the BEST indication ofa successful information security culture?
Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?
Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?
Which of the following activities MUST be performed by an information security manager for change requests?
Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
Which of the following is MOST important to include in a post-incident review following a data breach?
Which of the following should be the MOST important consideration when establishing information security policies for an organization?
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?
Which of the following would be MOST helpful to identify worst-case disruption scenarios?
Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
Management decisions concerning information security investments will be MOST effective when they are based on:
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?
How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?
Which of the following is MOST important when conducting a forensic investigation?
An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
Which of the following would BEST ensure that security is integrated during application development?
Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?
Which of the following is MOST important for building 4 robust information security culture within an organization?
Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?
An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?
Which of the following is the PRIMARY reason for granting a security exception?
An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
Which of the following processes BEST supports the evaluation of incident response effectiveness?
Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?
Security administration efforts will be greatly reduced following the deployment of which of the following techniques?
In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:
Which of the following MUST happen immediately following the identification of a malware incident?
An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?
Network isolation techniques are immediately implemented after a security breach to:
Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?
Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?
Which of the following is MOST effective in monitoring an organization's existing risk?
Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?
The BEST way to identify the risk associated with a social engineering attack is to:
In which cloud model does the cloud service buyer assume the MOST security responsibility?
Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?
In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?
Which of the following BEST indicates that information security governance and corporate governance are integrated?
Threat and vulnerability assessments are important PRIMARILY because they are:
Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?
Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?
Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?
An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?
An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
Which of the following roles is BEST able to influence the security culture within an organization?
When collecting admissible evidence, which of the following is the MOST important requirement?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
Which of the following BEST enables the integration of information security governance into corporate governance?
An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
Which of the following should be the PRIMARY basis for determining the value of assets?
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
Implementing the principle of least privilege PRIMARILY requires the identification of:
Which of the following is the MOST important requirement for a successful security program?
A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:
Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?
When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?
Which of the following is the BEST way to obtain support for a new organization-wide information security program?
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?
Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?
Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
Which of the following should be the PRIMARY basis for an information security strategy?
Which of the following BEST determines the allocation of resources during a security incident response?
Which of the following is the BEST indication of information security strategy alignment with the “&
To help ensure that an information security training program is MOST effective its contents should be
When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:
Which of the following events would MOST likely require a revision to the information security program?
To support effective risk decision making, which of the following is MOST important to have in place?
Which of the following has the GREATEST influence on an organization's information security strategy?
Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?
An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
Which of the following documents should contain the INITIAL prioritization of recovery of services?
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?
Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?
A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is
Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
Which of the following is MOST important to convey to employees in building a security risk-aware culture?
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following BEST enables an organization to transform its culture to support information security?
Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?
Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?
An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes? »
An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?
What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?
A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
Which of the following is the BEST method to ensure compliance with password standards?
Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?
Of the following, whose input is of GREATEST importance in the development of an information security strategy?
Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?
Prior to conducting a forensic examination, an information security manager should:
Which of the following is MOST important to consider when determining asset valuation?
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?
Which of the following is the BEST indication of an effective information security awareness training program?
Which of the following should be the PRIMARY objective of the information security incident response process?
An online bank identifies a successful network attack in progress. The bank should FIRST:
Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?
Which of the following BEST enables staff acceptance of information security policies?
Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?
Which of the following is the MOST critical factor for information security program success?
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?
To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:
Which of the following is the BEST approach to make strategic information security decisions?
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
Which of the following defines the triggers within a business continuity plan (BCP)? @
Which of the following is the BEST tool to monitor the effectiveness of information security governance?
Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:
Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?
Which of the following analyses will BEST identify the external influences to an organization's information security?
Which of the following is the MOST effective way to prevent information security incidents?
Which of the following would BEST justify continued investment in an information security program?
Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?
Which of the following MUST be established to maintain an effective information security governance framework?
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
Which of the following is the BEST indication of a mature information security program?
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?
Which type of backup BEST enables an organization to recover data after a ransomware attack?
Which of the following should be done FIRST when developing a business continuity plan (BCP)?
Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?
A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?
A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?
An information security program is BEST positioned for success when it is closely aligned with:
The contribution of recovery point objective (RPO) to disaster recovery is to:
Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?
Which is MOST important to identify when developing an effective information security strategy?
Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?
Which or the following is MOST important to consider when determining backup frequency?
Which of the following BEST supports investments in an information security program?
After a ransomware incident an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?
Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
Which of the following is MOST important to determine following the discovery and eradication of a malware attack?
Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?
Which of the following should be the PRIMARY outcome of an information security program?
If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?
When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?
Which type of recovery site is MOST reliable and can support stringent recovery requirements?
When drafting the corporate privacy statement for a public website, which of the following MUST be included?
Which of the following would provide the BEST evidence to senior management that security control performance has improved?
Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?
An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?
Which of the following is MOST helpful in determining the criticality of an organization's business functions?
Which of the following is the GREATEST benefit of using AI tools in security operations?
An organization has remediated a security flaw in a system. Which of the following should be done NEXT?
Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
Which of the following processes is MOST important for the success of a business continuity plan (BCP)?
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?
Identifying which of the following BEST enables a cyberattack to be contained?
Which of the following is MOST important for the successful implementation of an incident response plan?
Which of the following is a PRIMARY responsibility of the information security goxernance function?
Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?
An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?
After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?
Which of the following is the MOST important consideration when determining which type of failover site to employ?
Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?
A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?
Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?
An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?
Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Which of the following should be done FIRST when establishing an information security governance framework?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
What is the role of the information security manager in finalizing contract negotiations with service providers?
Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
Which of the following is MOST helpful to identify whether information security policies have been followed?
Which of the following is the BEST reason to implement a comprehensive information security management system?
To ensure continuous alignment with the organizational strategy
To gain senior management support for the information security program
To support identification of key risk indicators (KRIs)
Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?