CISO-Topic-2
Question #: 35
Topic #: 1
If your organization operates under a model of “assumption of breach”, you should:
A. Establish active firewall monitoring protocols
B. Purchase insurance for your compliance liability
C. Focus your security efforts on high value assets
D. Protect all information resource assets equally
Selected Answer: B
Question #: 30
Topic #: 1
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen, and the database server was disconnected.
Who must be informed of this incident?
A. Internal audit
B. The data owner
C. All executive staff
D. Government regulators
Selected Answer: C
Question #: 9
Topic #: 1
Why is it vitally important that senior management endorse a security policy?
A. So that employees will follow the policy directives.
B. So that they can be held legally accountable.
C. So that external bodies will recognize the organizations commitment to security.
D. So that they will accept ownership for security within the organization.
Selected Answer: D
Question #: 426
Topic #: 1
XYZ is a publicly-traded software development company.
Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?
A. Chief Financial Officer (CFO)
B. Chief Software Architect (CIO)
C. CISO
D. Chief Executive Officer (CEO)
Selected Answer: D
Question #: 419
Topic #: 1
Who should be involved in the development of an internal campaign to address email phishing?
A. Business unit leaders, CIO, CEO
B. Business Unite Leaders, CISO, CIO and CEO
C. All employees
D. CFO, CEO, CIO
Selected Answer: C
Question #: 414
Topic #: 1
A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).
In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?
A. Recovery Point Objective (RPO)
B. Mean Time to Delivery (MTD)
C. Recovery Time Objective (RTO)
D. Maximum Tolerable Downtime (MTD)
Selected Answer: A
Question #: 410
Topic #: 1
During a cyber incident, which non-security personnel might be needed to assist the security team?
A. Threat analyst, IT auditor, forensic analyst
B. Network engineer, help desk technician, system administrator
C. CIO, CFO, CSO
D. Financial analyst, payroll clerk, HR manager
Selected Answer: B
Question #: 389
Topic #: 1
Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?
A. Segmentation controls.
B. Shadow applications.
C. Deception technology.
D. Vulnerability management.
Selected Answer: C
Question #: 73
Topic #: 1
The Information Security Governance program MUST:
A. integrate with other organizational governance processes
B. show a return on investment for the organization
C. integrate with other organizational governance processes
D. support user choice for Bring Your Own Device (BYOD)
Selected Answer: A
Question #: 331
Topic #: 1
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
A. Never
B. Quarterly
C. Annually
D. Semi-annually
Selected Answer: C
Question #: 358
Topic #: 1
Which of the following is a primary method of applying consistent configurations to IT systems?
A. Audits
B. Administration
C. Patching
D. Templates
Selected Answer: D
Question #: 352
Topic #: 1
A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?
A. Effective use of existing technologies
B. Create a comprehensive security awareness program and provide success metrics to business units
C. Proper budget management
D. Leveraging existing implementations
Selected Answer: D
Question #: 374
Topic #: 1
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company’s website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?
A. They need to use Nessus.
B. They can implement Wireshark.
C. Snort is the best tool for their situation.
D. They could use Tripwire.
Selected Answer: D
Question #: 141
Topic #: 1
A new CISO just started with a company and on the CISO’s desk is the last complete Information Security Management audit report. The audit report is over two years old.
After reading it, what should be your first priority?
A. Review the recommendations and follow up to see if audit implemented the changes
B. Meet with audit team to determine a timeline for corrections
C. Have internal audit conduct another audit to see what has changed.
D. Contract with an external audit company to conduct an unbiased audit
Selected Answer: A
Question #: 274
Topic #: 1
Physical security measures typically include which of the following components?
A. Strong password, Biometric, Common Access Card
B. Technical, Strong Password, Operational
C. Operational, Biometric, Physical
D. Physical, Technical, Operational
Selected Answer: D
Question #: 306
Topic #: 1
Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.
Which of the following is the MOST logical next step?
A. Create detailed remediation funding and staffing plans
B. Report the audit findings and remediation status to business stake holders
C. Validate the effectiveness of current controls
D. Review security procedures to determine if they need modified according to findings
Selected Answer: C
Question #: 143
Topic #: 1
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
A. Plan-Check-Do-Act
B. Plan-Select-Implement-Evaluate
C. Plan-Do-Check-Act
D. SCORE (Security Consensus Operational Readiness Evaluation)
Selected Answer: D
Question #: 37
Topic #: 1
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
A. Relative likelihood of event
B. Controlled mitigation effort
C. Risk impact comparison
D. Comparative threat analysis
Selected Answer: A
Question #: 24
Topic #: 1
Regulatory requirements typically force organizations to implement ____________.
A. Financial controls
B. Mandatory controls
C. Discretionary controls
D. Optional controls
Selected Answer: B
Question #: 182
Topic #: 1
Your incident response plan should include which of the following?
A. Procedures for classification
B. Procedures for charge-back
C. Procedures for reclamation
D. Procedures for litigation
Selected Answer: C
Question #: 397
Topic #: 1
What are the three hierarchically related aspects of strategic planning and in which order should they be done?
A. 1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity or information security strategic planning
B. 1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3) Information technology strategic planning
C. 1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning
D. 1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3) Information technology strategic planning
Selected Answer: C
Question #: 94
Topic #: 1
Which of the following tests is performed by an Information Systems (IS) auditor when a sample of programs is selected to determine if the source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of the program compiler controls
C. A compliance test of program library controls
D. A substantive test of the program compiler controls
Selected Answer: C
Question #: 423
Topic #: 1
Which of the following strategies provides the BEST response to a ransomware attack?
A. Real-time off-site replication
B. Daily incremental backup
C. Daily full backup
D. Daily differential backup
Selected Answer: B
Question #: 409
Topic #: 1
What is a Statement of Objectives (SOA)?
A. A section of a contract that defines tasks to be performed under said contract
B. An outline of what the military will do during war
C. A document that outlines specific desired outcomes as part of a request for proposal
D. Business guidance provided by the CEO
Selected Answer: A
Question #: 281
Topic #: 1
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
A. Deep-Packet inspection
B. Traffic Analysis
C. Heuristic analysis
D. Packet sampling
Selected Answer: B
Question #: 207
Topic #: 1
An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application.
Which of the following is MOST likely the reason for this recurring issue?
A. Lack of version/source controls
B. Lack of change management controls
C. Ineffective configuration management controls
D. High turnover in the application development department
Selected Answer: A
Question #: 106
Topic #: 1
The success of the Chief Information Security Officer is MOST dependent upon:
A. following the recommendations of consultants and contractors
B. raising awareness of security issues with end users
C. favorable audit findings
D. development of relationships with organization executives
Selected Answer: D
Question #: 101
Topic #: 1
Which of the following activities results in change requests?
A. Corrective actions
B. Defect repair
C. Preventive actions
D. Inspection
Selected Answer: C
Question #: 84
Topic #: 1
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?
A. Data owner
B. Data center manager
C. Network architect
D. System administrator
Selected Answer: A
Question #: 15
Topic #: 1
What is the relationship between information protection and regulatory compliance?
A. That all information in an organization must be protected equally.
B. The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.
C. There is no relationship between the two.
D. That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.
Selected Answer: D
Question #: 14
Topic #: 1
When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?
A. Eradication
B. Escalation
C. Containment
D. Recovery
Selected Answer: D
Question #: 12
Topic #: 1
Which of the following is MOST likely to be discretionary?
A. Policies
B. Procedures
C. Guidelines
D. Standards
Selected Answer: A
Question #: 129
Topic #: 1
The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s
A. Risk Management Program
B. Anti-Spam controls
C. Identity and Access Management Program
D. Security Awareness Program
Selected Answer: D
Question #: 364
Topic #: 1
The primary purpose of a risk register is to:
A. Maintain a log of discovered risks
B. Track individual risk assessments
C. Develop plans for mitigating identified risks
D. Coordinate the timing of scheduled risk assessments
Selected Answer: D
Question #: 122
Topic #: 1
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture.
What would be the BEST choice of security metrics to present to the BOD?
A. All vulnerabilities found on servers and desktops
B. Only critical and high vulnerabilities servers
C. Only critical and high vulnerabilities on servers and desktops
D. All vulnerabilities that impact important production servers
Selected Answer: C
Question #: 387
Topic #: 1
As the CISO, you have been tasked with the execution of the company’s key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?
A. Dual Control
B. Separation of Duties
C. Split Knowledge
D. Least Privilege
Selected Answer: C
Question #: 184
Topic #: 1
You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll.
Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff?
A. Employ an assumption of breach protocol and defend only essential information resources.
B. Deploy a SEIM solution and have your staff review incidents first thing in the morning
C. Configure your syslog to send SMS messages to current staff when target events are triggered.
D. Engage a managed security provider and have current staff on call for incident response
Selected Answer: C
Question #: 69
Topic #: 1
Risk is defined as:
A. Quantitative plus qualitative impact
B. Asset loss times likelihood of event
C. Advisory plus capability plus vulnerability
D. Threat times vulnerability divided by control
Selected Answer: B
Question #: 67
Topic #: 1
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.
A. Technical control
B. Management control
C. Procedural control
D. Administrative control
Selected Answer: D
Question #: 23
Topic #: 1
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy.
This policy, however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?
A. Lack of a formal risk management policy
B. Lack of a formal security policy governance process
C. Lack of formal definition of roles and responsibilities
D. Lack of a formal security awareness program
Selected Answer: B
Question #: 4
Topic #: 1
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.
Which of the following standards and guidelines can BEST address this organization’s need?
A. International Organization for Standardizations ג€” 22301 (ISO-22301)
B. Information Technology Infrastructure Library (ITIL)
C. Payment Card Industry Data Security Standards (PCI-DSS)
D. International Organization for Standardizations ג€” 27005 (ISO-27005)
Selected Answer: C
Question #: 3
Topic #: 1
Which of the following is the MOST important benefit of an effective security governance process?
A. Senior management participation in the incident response process
B. Better vendor management
C. Reduction of security breaches
D. Reduction of liability and overall risk to the organization
Selected Answer: D
Question #: 466
Topic #: 1
What is the THIRD state of the Tuchman Stages of Group Development?
A. Norming
B. Forming
C. Storming
D. Performing
Selected Answer: A
Question #: 53
Topic #: 1
What is the definition of Risk in Information Security?
A. Risk = Probability x Impact
B. Risk = Impact x Threat
C. Risk = Threat x Probability
D. Risk = Financial Impact x Probability
Selected Answer: A
Question #: 57
Topic #: 1
Which of the following is MOST important when dealing with an Information Security Steering committee?
A. Ensure that security policies and procedures have been vetted and approved.
B. Review all past audit and compliance reports.
C. Include a mix of members from different departments and staff levels.
D. Be briefed about new trends and products at each meeting by a vendor.
Selected Answer: D
Question #: 378
Topic #: 1
What are the three stages of an identity and access management system?
A. Authentication, Authorize, Validation
B. Provision, Administration, Enforcement
C. Administration, Validation, Protect
D. Provision, Administration, Authentication
Selected Answer: D
Question #: 145
Topic #: 1
When you develop your audit remediation plan what is the MOST important criteria?
A. To validate the remediation process with the auditor.
B. To validate that the cost of the remediation is less than risk of the finding.
C. To remediate half of the findings before the next audit.
D. To remediate all of the findings before the next audit.
Selected Answer: C
Question #: 117
Topic #: 1
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?
A. Conduct a Disaster Recovery (DR) exercise every year to test the plan
B. Conduct periodic tabletop exercises to refine the BC plan
C. Test every three years to ensure that the BC plan is valid
D. Define the Recovery Point Objective (RPO)
Selected Answer: A
Question #: 434
Topic #: 1
A bastion host should be placed:
A. Inside the DMZ
B. In-line with the data center firewall
C. Beyond the outer perimeter firewall
D. As the gatekeeper to the organization’s honeynet
Selected Answer: A
Question #: 433
Topic #: 1
A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets.
What is the MAIN goal of threat hunting to the SecOps Manager?
A. Improve discovery of valid detected events
B. Enhance tuning of automated tools to detect and prevent attacks
C. Replace existing threat detection strategies
D. Validate patterns of behavior related to an attack
Selected Answer: D
Question #: 418
Topic #: 1
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.
Which of the following is NOT documented in the SSP?
A. The controls in place to secure the system
B. Name of the connected system
C. The results of a third-party audits and recommendations
D. Type of information used in the system
Selected Answer: D
Question #: 372
Topic #: 1
A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?
A. Poorly configured firewalls
B. Malware
C. Advanced Persistent Threat (APT)
D. An insider
Selected Answer: A
Question #: 388
Topic #: 1
What is one key difference between Capital expenditures and Operating expenditures?
A. Operating expense cannot be written off while Capital expense can
B. Operating expenses can be depreciated over time and Capital expenses cannot
C. Capital expenses cannot include salaries and Operating expenses can
D. Capital expenditures allow for the cost to be depreciated over time and Operating does not
Selected Answer: D
Question #: 171
Topic #: 1
Which of the following are primary concerns for management with regard to assessing internal control objectives?
A. Confidentiality, Availability, Integrity
B. Compliance, Effectiveness, Efficiency
C. Communication, Reliability, Cost
D. Confidentiality, Compliance, Cost
Selected Answer: B
Question #: 5
Topic #: 1
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.
This activity BEST demonstrates what part of a security program?
A. Compliance management
B. Audit validation
C. Physical control testing
D. Security awareness training
Selected Answer: A
Question #: 192
Topic #: 1
Your company has a `no right to privacy` notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account.
What should you do?
A. Deny the request citing national privacy laws
B. None
C. Grant her access, the employee has been adequately warned through the AUP.
D. Assist her with the request, but only after her supervisor signs off on the action.
E. Reset the employee’s password and give it to the supervisor.
Selected Answer: C
Question #: 396
Topic #: 1
As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster.
Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?
A. Recovery Point Objective (RPO)
B. Disaster Recovery Plan
C. Recovery Time Objective (RTO)
D. Business Continuity Plan
Selected Answer: C
Question #: 99
Topic #: 1
The patching and monitoring of systems on a consistent schedule is required by?
A. Industry best practices
B. Audit best practices
C. Risk Management framework
D. Local privacy laws
Selected Answer: A
Question #: 394
Topic #: 1
Which technology can provide a computing environment without requiring a dedicated hardware backend?
A. Mainframe server
B. Virtual Desktop
C. Thin client
D. Virtual Local Area Network
Selected Answer: D
