CISM Topic 1
Question #: 1
Topic #: 1
An information security risk analysis BEST assists an organization in ensuring that:
A. the infrastructure has the appropriate level of access control.
B. cost-effective decisions are made with regard to which assets need protection
C. an appropriate level of funding is applied to security processes.
D. the organization implements appropriate security technologies
Selected Answer: B
Question #: 1099
Topic #: 1
Which of the following is MOST important for effective cybersecurity incident management?
A. Early detection and response
B. Regular tabletop exercises
C. Root cause analysis
D. Investigation and forensics
Selected Answer: B
Question #: 420
Topic #: 1
Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?
A. Senior management
B. Application owner
C. Legal representative
D. Information security manager
Selected Answer: A
Question #: 676
Topic #: 1
An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?
A. Identification of risk
B. Selection of risk treatment options
C. Analysis of control gaps
D. Design of key risk indicators (KRIs)
Selected Answer: A
Question #: 674
Topic #: 1
Which of the following is the BEST tool to monitor the effectiveness of information security governance?
A. Balanced scorecard
B. Risk profile
C. Business impact analysis (BIA)
D. Key performance indicators (KPIs)
Selected Answer: A
Question #: 2
Topic #: 1
In a multinational organization, local security regulations should be implemented over global security policy because:
A. business objectives are defined by local business unit managers.
B. deploying awareness of local regulations is more practical than of global policy.
C. global security policies include unnecessary controls for local businesses.
D. requirements of local regulations take precedence.
Selected Answer: D
Question #: 667
Topic #: 1
Of the following, who is in the BEST position to evaluate business impacts?
A. Senior management
B. Information security manager
C. Process manager
D. IT manager
Selected Answer: C
Question #: 655
Topic #: 1
Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
A. Recommend risk acceptance.
B. Perform a cost-benefit analysis.
C. Escalate to senior management.
D. Revisit the business objective.
Selected Answer: B
Question #: 653
Topic #: 1
A recovery point objective (RPO) is required in which of the following?
A. Business continuity plan (BCP)
B. Information security plan
C. Incident response plan
D. Disaster recovery plan (DRP)
Selected Answer: A
Question #: 1
Topic #: 1
An information security risk analysis BEST assists an organization in ensuring that:
A. the infrastructure has the appropriate level of access control.
B. cost-effective decisions are made with regard to which assets need protection
C. an appropriate level of funding is applied to security processes.
D. the organization implements appropriate security technologies
Selected Answer: B
Question #: 1099
Topic #: 1
Which of the following is MOST important for effective cybersecurity incident management?
A. Early detection and response
B. Regular tabletop exercises
C. Root cause analysis
D. Investigation and forensics
Selected Answer: B
Question #: 420
Topic #: 1
Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?
A. Senior management
B. Application owner
C. Legal representative
D. Information security manager
Selected Answer: A
Question #: 1113
Topic #: 1
Which of the following should have the MOST influence on an organization’s response to a new industry regulation?
A. The organization’s risk control baselines
B. The organization’s control objectives
C. The organization’s risk management framework
D. The organization’s risk appetite
Selected Answer: D
Question #: 171
Topic #: 1
An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:
A. transfer the risk to a third party.
B. determine appropriate countermeasures.
C. report to management.
D. quantify the aggregated risk.
Selected Answer: D
Question #: 631
Topic #: 1
Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
A. Support business investments in security.
B. Evaluate the security posture of the organization.
C. Identify unmitigated risk.
D. Prevent incident recurrence.
Selected Answer: D
Question #: 988
Topic #: 1
Which of the following MUST be established to maintain an effective information security governance framework?
A. Security controls automation
B. Change management processes
C. Security policy provisions
D. Defined security metrics
Selected Answer: D
Question #: 908
Topic #: 1
Which of the following is the MOST important consideration when defining an information security framework?
A. Information security budget
B. Industry standards
C. Business strategy
D. Organizational culture
Selected Answer: C
Question #: 654
Topic #: 1
Which of the following provides the BEST assurance that security policies are applied across business operations?
A. Organizational standards are enforced by technical controls.
B. Organizational standards are included in awareness training.
C. Organizational standards are required to be formally accepted.
D. Organizational standards are documented in operational procedures.
Selected Answer: A
Question #: 610
Topic #: 1
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:
A. risk assessment results.
B. international security standards.
C. the most stringent requirements.
D. the security organization structure.
Selected Answer: C
Question #: 609
Topic #: 1
Information security controls should be designed PRIMARILY based on:
A. regulatory requirements.
B. a vulnerability assessment.
C. business risk scenarios.
D. a business impact analysis (BIA).
Selected Answer: C
Question #: 639
Topic #: 1
An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager’s BEST course of action?
A. Present the risk to senior management.
B. Modify the policy.
C. Create an exception for the deviation.
D. Enforce the policy.
Selected Answer: A
Question #: 614
Topic #: 1
An organization has identified a risk scenario that has low impact to the organization but is very costly to mitigate. Which risk treatment option is MOST appropriate in this situation?
A. Transfer
B. Acceptance
C. Mitigation
D. Avoidance
Selected Answer: B
Question #: 527
Topic #: 1
The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:
A. behavior analysis.
B. penetration testing.
C. signature analysis.
D. data packet analysis.
Selected Answer: A
Question #: 30
Topic #: 1
What should be an information security manager’s FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
A. Calculate the total cost of ownership (TCO).
B. Define the issues to be addressed.
C. Perform a cost-benefit analysis.
D. Conduct a feasibility study.
Selected Answer: B
Question #: 588
Topic #: 1
An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
A. The third party has not provided evidence of compliance with local regulations where data is generated.
B. The third party does not have an independent assessment of controls available for review.
C. The third party’s service level agreement (SLA) does not include guarantees of uptime.
D. The third-party contract does not include an indemnity clause for compensation in the event of a breach.
Selected Answer: D
Question #: 580
Topic #: 1
Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?
A. Vulnerability assessment
B. SWOT analysis
C. Business impact analysis (BIA)
D. Risk assessment
Selected Answer: D
Question #: 587
Topic #: 1
Which of the following is the MOST appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification?
A. Guidelines
B. Procedures
C. Standards
D. Policies
Selected Answer: D
Question #: 586
Topic #: 1
Which of the following is the MOST important control to implement when senior managers use smartphones to access sensitive company information?
A. Centralized device administration
B. Remote wipe capability
C. Anti-malware on the devices
D. Strong passwords
Selected Answer: A
Question #: 551
Topic #: 1
Which of the following has the GREATEST impact on the viability of an information security roadmap?
A. Regulatory requirements
B. Management support
C. Threat landscape
D. Resource availability
Selected Answer: C
Question #: 507
Topic #: 1
Which of the following is the MOST effective way to ensure information security policies are understood?
A. Implement a whistle-blower program.
B. Document security procedures.
C. Include security responsibilities in job descriptions.
D. Provide regular security awareness training.
Selected Answer: D
Question #: 574
Topic #: 1
Which of the following is MOST important to ensure when an organization is moving portions of its sensitive database to the cloud?
A. The conversion has been approved by the information security team.
B. A right to audit clause is included in the contract.
C. Input from data owners is included in the requirements definition.
D. Data encryption is used in the cloud hosting solution.
Selected Answer: C
Question #: 571
Topic #: 1
A new law requires an organization to implement specific security controls. Which of the following should the information security manager do FIRST?
A. Integrate the new requirements into the security policy.
B. Perform a gap analysis on the new requirements.
C. Develop a control implementation plan.
D. Assess the risk of noncompliance with the new requirements.
Selected Answer: B
Question #: 548
Topic #: 1
An event occurred that resulted in the activation of the business continuity plan (BCP). All employees were notified during the event, and they followed the plan.
However, two major suppliers missed deadlines because they were not aware of the disruption. What is the BEST way to prevent a similar situation in the future?
A. Ensure service level agreements (SLAs) with suppliers are enforced.
B. Conduct a vulnerability assessment.
C. Perform testing of the BCP communication plan.
D. Provide suppliers with access to the BCP document.
Selected Answer: C
Question #: 547
Topic #: 1
Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?
A. Restrict application network access temporarily.
B. Update the risk register.
C. Consult with the business owner.
D. Include security requirements in the contract.
Selected Answer: C
Question #: 529
Topic #: 1
What is the PRIMARY objective of information security involvement in the change management process?
A. To narrow the threat landscape
B. To ensure changes are not applied without prior authorization
C. To reduce the likelihood of control failure
D. To meet obligations for regulatory and legal compliance
Selected Answer: C
Question #: 502
Topic #: 1
Which of the following is the BEST way to prevent insider threats?
A. Implement strict security policies and password controls.
B. Conduct organization-wide security awareness training.
C. Enforce segregation of duties and least privilege access.
D. Implement logging for all access activities.
Selected Answer: C
Question #: 563
Topic #: 1
Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?
A. Procedures
B. Regulations
C. Baselines
D. Standards
Selected Answer: D
Question #: 404
Topic #: 1
A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What is the BEST next step?
A. To gain an understanding of the current business direction
B. To update in accordance with the best business practices
C. To perform a risk assessment of the current IT environment
D. To assess corporate culture
Selected Answer: D
Question #: 374
Topic #: 1
Which of the following would BEST support an information security manager’s efforts to obtain management approval for an identity and access management
(IAM) system implementation?
A. A recent security incident involving access authorization
B. An established security policy with access management requirements
C. A third-party audit finding based on regulatory requirements
D. A business case proposal for the solution
Selected Answer: D
Question #: 373
Topic #: 1
An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?
A. Follow the outsourcer’s response plan
B. Refer to the organization’s response plan
C. Notify the outsourcer of the privacy breach
D. Alert the appropriate law enforcement authorities
Selected Answer: B
Question #: 549
Topic #: 1
When performing a data classification project, an information security manager should:
A. assign information criticality and sensitivity.
B. identify information custodians.
C. identify information owners.
D. assign information access privileges.
Selected Answer: A
Question #: 414
Topic #: 1
The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?
A. Formally document the decision.
B. Review the regulations.
C. Review the risk monitoring plan.
D. Perform a risk reassessment.
Selected Answer: A
Question #: 538
Topic #: 1
Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?
A. Develop a project plan to implement the strategy
B. Obtain consensus on the strategy from the executive board
C. Define organizational risk tolerance
D. Review alignment with business goals
Selected Answer: A
Question #: 92
Topic #: 1
What is the PRIMARY benefit of effective configuration management?
A. Standardization of system support
B. Reduced frequency of incidents
C. Decreased risk to the organization’s systems
D. Improved vulnerability management
Selected Answer: C
Question #: 86
Topic #: 1
Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?
A. Report the decision to the compliance officer.
B. Reassess the organization’s risk tolerance.
C. Update details within the risk register.
D. Assess the impact of the regulation.
Selected Answer: C
Question #: 61
Topic #: 1
An information security manager wants to improve the ability to identify changes in risk levels affecting the organization’s systems. Which of the following is the
BEST method to achieve this objective?
A. Performing business impact analyses (BIA)
B. Monitoring key goal indicators (KGIs)
C. Monitoring key risk indicators (KRIs)
D. Updating the risk register
Selected Answer: C
Question #: 29
Topic #: 1
Deciding the level of protection a particular asset should be given is BEST determined by:
A. the corporate risk appetite.
B. a risk analysis.
C. a threat assessment.
D. a vulnerability assessment.
Selected Answer: A
Question #: 18
Topic #: 1
Which of the following should be an information security managers PRIMARY focus during the development of a critical system storing highly confidential data?
A. Ensuring the amount of residual risk is acceptable
B. Reducing the number of vulnerabilities detected
C. Avoiding identified system threats
D. Complying with regulatory requirements
Selected Answer: A
Question #: 16
Topic #: 1
The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to:
A. comply with security policy.
B. increase corporate accountability.
C. enforce individual accountability.
D. reinforce the need for training.
Selected Answer: C
Question #: 15
Topic #: 1
Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?
A. Obtain annual sign-off from executive management.
B. Align the policies to the most stringent global regulations.
C. Send the policies to stakeholders for review.
D. Outsource compliance activities.
Selected Answer: C
Question #: 14
Topic #: 1
An organization that uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:
A. the availability of continuous technical support.
B. appropriate service level agreements (SLAs) are in place.
C. a right-to-audit clause is included in contracts.
D. internal security standards are in place.
Selected Answer: B
Question #: 387
Topic #: 1
Reverse lookups can be used to prevent successful:
A. denial of service (DoS) attacks.
B. phishing attacks.
C. session hacking.
D. Internet protocol (IP) spoofing.
Selected Answer: D
Question #: 70
Topic #: 1
An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
A. Publish the standards on the intranet landing page.
B. Deploy a device management solution.
C. Establish an acceptable use policy.
D. Monitor user activities on the network.
Selected Answer: C
Question #: 361
Topic #: 1
During the eradication phase of an incident response, it is MOST important to:
A. identify the root cause
B. restore from the most recent backup
C. notify affected users
D. wipe the affected system
Selected Answer: D
Question #: 353
Topic #: 1
The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:
A. require less IT staff preparation
B. identify more threats
C. simulate real-world attacks
D. cause fewer potential production issues
Selected Answer: A
Question #: 87
Topic #: 1
Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization’s information security requirements?
A. A live demonstration of the third-party supplier’s security capabilities
B. The ability to audit the third-party supplier’s IT systems and processes
C. Third-party security control self-assessment results
D. An independent review report indicating compliance with industry standards
Selected Answer: D
Question #: 84
Topic #: 1
An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. Which of the following should the information security manager do FIRST?
A. Implement mitigating controls.
B. Perform a business impact analysis (BIA).
C. Perform a risk assessment.
D. Notify senior management.
Selected Answer: C
Question #: 496
Topic #: 1
An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
A. Restore the application and data from a forensic copy.
B. Install the OS, patches, and application from the original source.
C. Restore the OS, patches, and application from a backup.
D. Remove all signs of the intrusion from the OS and application.
Selected Answer: B
Question #: 465
Topic #: 1
Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?
A. Percentage of outstanding high-risk audit issues
B. Number of incidents resulting in disruptions
C. Number of successful disaster recovery tests
D. Frequency of updates to system software
Selected Answer: B
Question #: 981
Topic #: 1
When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?
A. Purchase forensic standard operating procedures.
B. Retain a forensics firm prior to experiencing an incident.
C. Ensure the incident response policy allows hiring a forensics firm.
D. Provide forensics training to the information security team.
Selected Answer: B
Question #: 542
Topic #: 1
Which of the following is the MOST effective approach to ensure seamless integration between the business continuity plan (BCP) and the incident response plan?
A. The BCP manager is included in the core incident response team.
B. Criteria for escalating to the BCP manager are in the incident response plan.
C. Both response teams contain the same members.
D. Consistent event classifications are used in both plans.
Selected Answer: D
Question #: 458
Topic #: 1
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
A. Monitoring now often the smartphone is used
B. Developing security awareness training
C. Requiring the backup of the organization s data by the user
D. Establishing the authority to remote wipe
Selected Answer: B
Question #: 1166
Topic #: 1
When engaging an external party to perform a penetration test, it is MOST important to:
A. provide an updated asset inventory.
B. notify employees of the testing.
C. define the project scope.
D. provide network documentation.
Selected Answer: C
Question #: 9
Topic #: 1
Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?
A. Develop a business case for funding remediation efforts.
B. Advise senior management to accept the risk of noncompliance.
C. Notify legal and internal audit of the noncompliant legacy application.
D. Assess the consequences of noncompliance against the cost of remediation.
Selected Answer: D
Question #: 213
Topic #: 1
An information security manager is asked to provide a short presentation on the organization’s current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?
A. Gap analysis results
B. Risk register
C. Threat assessment results
D. Risk heat map
Selected Answer: D
Question #: 190
Topic #: 1
The MOST effective way to continuously monitor an organization’s cybersecurity posture is to evaluate its:
A. compliance with industry regulations.
B. key performance indicators (KPIs).
C. level of support from senior management.
D. timeliness in responding to attacks.
Selected Answer: B
Question #: 181
Topic #: 1
Which of the following is MOST important to include when reporting information security risk to executive leadership?
A. Key performance objectives and budget trends
B. Security awareness training participation and residual risk exposures
C. Risk analysis results and key risk indicators (KRIs)
D. Information security risk management plans and control compliance
Selected Answer: C
Question #: 79
Topic #: 1
Which of the following is the MOST important consideration when selecting members for an information security steering committee?
A. Information security expertise
B. Tenure in the organization
C. Business expertise
D. Cross-functional composition
Selected Answer: D
Question #: 75
Topic #: 1
When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:
A. measure management engagement as part of an incident response team.
B. provide participants with situations to ensure understanding of their roles.
C. give the business a measure of the organization’s overall readiness.
D. challenge the incident response team to solve the problem under pressure.
Selected Answer: B
Question #: 1090
Topic #: 1
When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:
A. expected duration of outage.
B. the root cause of the event.
C. type of security incident.
D. management direction.
Selected Answer: D
Question #: 1068
Topic #: 1
Which of the following is the BEST indication that an information security control is no longer relevant?
A. The control is not cost efficient.
B. The control does not support a specific business function.
C. IT management does not support the control.
D. The technology related to the control is obsolete.
Selected Answer: B
Question #: 1027
Topic #: 1
Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?
A. Baseline controls
B. Audit findings
C. Risk assessment results
D. Key risk indicators (KRIs)
Selected Answer: A
Question #: 994
Topic #: 1
Which of the following BEST indicates senior management support for an information security program?
A. Top-down communication
B. Regular security awareness training
C. Participation in a certification program
D. Steering committee involvement
Selected Answer: D
Question #: 966
Topic #: 1
Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?
A. Including a situational forecast.
B. Using appropriate language for the target audience.
C. Including trend charts for metrics.
D. Using a rating system to demonstrate program effectiveness.
Selected Answer: C
Question #: 952
Topic #: 1
Which of the following is the BEST way to contain an SQL injection attack that has been detected by a web application firewall?
A. Force password changes on the SQL database.
B. Reconfigure the web application firewall to block the attack.
C. Update the detection patterns on the web application firewall.
D. Block the IPs from where the attack originates.
Selected Answer: B
Question #: 945
Topic #: 1
Which of the following would MOST effectively ensure that a new server is appropriately secured?
A. Enforcing technical security standards
B. Performing secure code reviews
C. Initiating security scanning
D. Conducting penetration testing
Selected Answer: D
Question #: 910
Topic #: 1
Which of the following is the BEST way to determine the effectiveness of an incident response plan?
A. Reviewing previous audit reports
B. Benchmarking the plan against best practices
C. Performing a penetration test
D. Conducting a tabletop exercise
Selected Answer: D
Question #: 894
Topic #: 1
Which of the following BEST mitigates the risk or information loss caused by a cloud service provider becoming insolvent?
A. Contractual provisions for the right to audit
B. Effective data loss prevention (DLP) controls
C. Contractual provisions for data repatriation
D. The purchasing of cybersecurity insurance
Selected Answer: C
Question #: 852
Topic #: 1
Which of the following is an information security manager’s MOST important action to mitigate the risk associated with malicious software?
A. Disabling end-user computer peripheral access ports
B. Implementing a multi-layered security program
C. Ensuring antivirus has the latest definition files
D. Strengthening security patch implementation processes
Selected Answer: B
Question #: 777
Topic #: 1
When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?
A. Business process owner
B. Business continuity coordinator
C. Information security manager
D. Senior management
Selected Answer: A
Question #: 769
Topic #: 1
Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?
A. Engaging external experts to provide guidance on changes in compliance requirements
B. Assigning the operations manager accountability for meeting compliance requirements
C. Embedding compliance requirements within operational processes
D. Performing periodic audits for compliance with legal and regulatory requirements
Selected Answer: D
Question #: 147
Topic #: 1
Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization’s information security program?
A. Escalation paths
B. Termination language
C. Key performance indicators (KPIs)
D. Right-to-audit clause
Selected Answer: D
Question #: 763
Topic #: 1
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
A. Cost of replacing the asset
B. Annual loss expectancy (ALE)
C. Cost of additional mitigation
D. Annual rate of occurrence
Selected Answer: C
Question #: 334
Topic #: 1
An organization recently activated its business continuity plan (BCP). All employees were notified during the event, but some did not fully follow the communications plan. What is the BEST way to prevent a recurrence?
A. Perform tabletop testing with appropriate employees
B. Reprimand employees for not following the plan
C. Enhance external communication instructions in the BCP
D. Incorporate BCP communication expectations in job descriptions
Selected Answer: A
Question #: 559
Topic #: 1
A common drawback of email software packages that provide native encryption of messages is that the encryption:
A. has an insufficient key length.
B. cannot interoperate across product domains.
C. cannot encrypt attachments.
D. has no key-recovery mechanism.
Selected Answer: B
Question #: 536
Topic #: 1
Which of the following is the MOST important consideration for a global organization that is designing an information security awareness program?
A. National regulations
B. Program costs
C. Cultural backgrounds
D. Local languages
Selected Answer: C
Question #: 517
Topic #: 1
How does an organization’s information security steering committee facilitate the achievement of information security program objectives?
A. Monitoring information security resources
B. Making decisions on security priorities
C. Enforcing regulatory and policy compliance
D. Evaluating information security metrics
Selected Answer: B
Question #: 1155
Topic #: 1
An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done FIRST?
A. Notify senior management.
B. Prevent access to the application.
C. Invoke the incident response plan.
D. Install additional application controls.
Selected Answer: A
Question #: 1152
Topic #: 1
The resilience requirements of an application are BEST determined by:
A. a cost-benefit analysis.
B. a threat assessment.
C. a business impact analysis (BIA).
D. a risk assessment.
Selected Answer: B
Question #: 682
Topic #: 1
In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:
A. change activities are documented.
B. compliance with the risk acceptance framework.
C. the rationale for acceptance is periodically reviewed.
D. the acceptance is aligned with business strategy.
Selected Answer: C
Question #: 306
Topic #: 1
Senior management has launched an enterprise-wide initiative to streamline internal processes to reduce costs, including security processes. What should the information security manager rely on MOST to allocate resources efficiently?
A. Capability maturity assessment
B. Risk classification
C. Return on investment (ROI)
D. Internal audit reports
Selected Answer: B
Question #: 138
Topic #: 1
The PRIMARY advantage of single sign-on (SSO) is that it will:
A. support multiple authentication mechanisms.
B. strengthen user passwords.
C. increase efficiency of access management.
D. increase the security of related applications.
Selected Answer: C
Question #: 135
Topic #: 1
In an organization that has several independent security tools including intrusion detection systems (IDSs) and firewalls, which of the following is the BEST way to ensure timely detection of incidents?
A. Implement a log aggregation and correlation solution.
B. Ensure that the incident response plan is endorsed by senior management.
C. Ensure staff are cross trained to manage all security tools.
D. Outsource the management of security tools to a service provider.
Selected Answer: A
Question #: 128
Topic #: 1
Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
A. To ensure that the mitigation effort does not exceed the asset value
B. To ensure that benefits are aligned with business strategies
C. To present a realistic information security budget
D. To justify information security program activities
Selected Answer: B
Question #: 114
Topic #: 1
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
A. Help desk
B. Legal
C. Information security
D. Human resources (HR)
Selected Answer: D
Question #: 96
Topic #: 1
An information security manager has identified a major security event with potential noncompliance implications. Who should be notified FIRST?
A. Internal audit
B. Public relations team
C. Senior management
D. Regulatory authorities
Selected Answer: C
Question #: 300
Topic #: 1
An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
A. Verify the provider follows a cloud service framework standard.
B. Review the provider’s information security policies and procedures.
C. Obtain documentation of the encryption management practices.
D. Ensure an audit of the provider is conducted to identify control gaps.
Selected Answer: D
Question #: 299
Topic #: 1
A new regulatory requirement affecting an organization’s information security program is released. Which of the following should be the information security manager’s FIRST course of action?
A. Conduct benchmarking
B. Perform a gap analysis
C. Notify the legal department
D. Determine the disruption to the business
Selected Answer: C
Question #: 71
Topic #: 1
When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?
A. Audit reports
B. Access logs
C. Access lists
D. Threat metrics
Selected Answer: B
Question #: 1167
Topic #: 1
Which of the following is the MOST effective way to convey information security responsibilities across an organization?
A. Implementing security awareness programs
B. Defining information security responsibilities in the security policy
C. Developing a skills matrix
D. Documenting information security responsibilities within job descriptions
Selected Answer: A
Question #: 1162
Topic #: 1
Which of the following presents the GREATEST challenge when assessing the impact of emerging risk?
A. Outdated risk management strategy
B. Insufficient data related to the emerging risk
C. Complexity of the emerging risk
D. Lack of resources to perform risk assessments
Selected Answer: B
Question #: 1161
Topic #: 1
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
A. Benchmarking the expected value of the metrics against industry standards
B. Aligning the metrics with the organizational culture
C. Agreeing on baseline values for the metrics
D. Developing a dashboard for communicating the metrics
Selected Answer: B
Question #: 1159
Topic #: 1
When determining key risk indicators (KRIs) for use in an information security program it is MOST important to select:
A. KRIs that track both short-term and long-term performance.
B. KRIs that align with business processes.
C. KRIs that are quantifiable.
D. as many KRIs as possible to catch risk events from the broadest areas.
Selected Answer: B
Question #: 45
Topic #: 1
Which of the following BEST protects against phishing attacks?
A. Security strategy training
B. Email filtering
C. Network encryption
D. Application whitelisting
Selected Answer: B
Question #: 1055
Topic #: 1
Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?
A. Incident response team training
B. The organization’s risk tolerance
C. The organization’s mission
D. Resource availability
Selected Answer: D
Question #: 263
Topic #: 1
Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?
A. Senior management
B. Affected customers
C. Cloud service provider
D. The incident response team
Selected Answer: D
Question #: 1160
Topic #: 1
Senior management has requested a budget cut for the information security program in the coming fiscal year. Which of the following should be the information security manager’s FIRST course of action?
A. Analyze the impact to the information security program.
B. Advise business unit heads of potential changes to the information security program.
C. Evaluate cost savings within existing implementations.
D. Re-prioritize information security implementation and operations.
Selected Answer: A
Question #: 1132
Topic #: 1
An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?
A. Business impact analysis (BIA)
B. Incident response plan
C. Disaster recovery plan (DRP)
D. Business continuity plan (BCP)
Selected Answer: D
Question #: 1098
Topic #: 1
Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?
A. Place the web server in quarantine.
B. Rebuild the server from the last verified backup.
C. Shut down the server in an organized manner.
D. Rebuild the server with relevant patches from the original media.
Selected Answer: D
Question #: 1119
Topic #: 1
Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (IaaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
A. Reviewing mitigating and compensating controls for each risk scenario
B. Mapping the risk scenarios by likelihood and impact on a chart
C. Performing a risk assessment on the IaaS provider
D. Mapping risk scenarios according to sensitivity of data
Selected Answer: B
Question #: 914
Topic #: 1
Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?
A. Data owner
B. Information security manager
C. Business owner
D. Compliance manager
Selected Answer: C
Question #: 1107
Topic #: 1
Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?
A. Review third-party contracts as part of the vendor management process.
B. Perform an audit on vendors’ security controls and practices.
C. Integrate risk management into the vendor management process.
D. Conduct security reviews on the services and solutions delivered.
Selected Answer: D
Question #: 343
Topic #: 1
Which of the following is the MOST effective way to detect information security incidents?
A. Establishing proper policies for response to threats and vulnerabilities
B. Performing regular testing of the incident response program
C. Providing regular and up-to-date training for the incident response team
D. Educating end users on threat awareness and timely reporting
Selected Answer: D
Question #: 900
Topic #: 1
Which of the following should be done FIRST when developing an information security strategy?
A. Establish information security steering committee.
B. Determine the desired state of information security.
C. Develop security policies and standards.
D. Identity owners of information assets.
Selected Answer: A
Question #: 1041
Topic #: 1
Which of the following approaches to communication with senior management BEST enables an information security manager to maximize the effectiveness of the information security program?
A. Reporting on industry security threats with potential impact to business objectives
B. Conducting periodic one-on-one meetings to align security with business objectives
C. Participating in operational review meetings to discuss daily operations and dependencies
D. Providing regular status of updates to security policies and standards
Selected Answer: A
Question #: 1039
Topic #: 1
Which of the following is MOST important to include in an information security framework?
A. Guidance for designing information security controls
B. Information security organizational structure
C. Industry benchmarks of information security metrics
D. Information security risk assessment
Selected Answer: D
Question #: 1004
Topic #: 1
Which of the following parameters is MOST helpful when designing a disaster recovery strategy?
A. Maximum tolerable downtime (MTD)
B. Mean time between failures (MTBF)
C. Allowable interruption window (AIW)
D. Recovery point objective (RPO)
Selected Answer: A
Question #: 956
Topic #: 1
Which of the following is the FIRST step when conducting a post-incident review?
A. Identify mitigating controls.
B. Assess the costs of the incident.
C. Perform root cause analysis.
D. Assign responsibility for corrective actions.
Selected Answer: C
Question #: 1009
Topic #: 1
Which of the following processes should be done NEXT after completing a business impact analysis (BIA)?
A. Evaluate the disaster recovery plan (DRP).
B. Develop the requirements for the incident response plan.
C. Develop a business continuity plan (BCP).
D. Identify resources for business recovery.
Selected Answer: C
Question #: 984
Topic #: 1
Which of the following would BEST support a business case to implement an anti-ransomware solution?
A. Industry benchmark of anti-ransomware investments
B. A threat and vulnerability assessment
C. Trend analysis of ransomware attacks
D. A reduction in required backups and associated costs
Selected Answer: C
Question #: 963
Topic #: 1
Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP), and disaster recovery plan (DRP)?
A. Asset classification
B. Recovery time objectives (RTOs)
C. Chain of custody
D. Escalation procedures
Selected Answer: D
Question #: 940
Topic #: 1
Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation of a critical monitoring process. Which of the following should be the information security manager’s GREATEST concern with this situation?
A. Deviation from risk management best practices
B. Impact on the risk culture
C. Inability to determine short-term impact
D. Impact on compliance risk
Selected Answer: D
Question #: 933
Topic #: 1
Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?
A. Information security incidents caused due to unauthorized changes
B. Unauthorized changes in the environment
C. Denied changes due to insufficient security details
D. Information security-related changes
Selected Answer: C
Question #: 917
Topic #: 1
Which of the following BEST enables an organization to maintain an appropriate security control environment?
A. Periodic employee security training
B. Budgetary support for security
C. Alignment to an industry security framework
D. Monitoring of the threat landscape
Selected Answer: D
Question #: 303
Topic #: 1
To prevent ransomware attacks, it is MOST important to ensure:
A. adequate backup and restoration processes are in place.
B. regular security awareness training is conducted.
C. the latest security appliances are installed.
D. updated firewall software is installed.
Selected Answer: B
Question #: 792
Topic #: 1
An organization recently purchased data loss prevention (DLP) software but soon discovered the software fails to detect or prevent data loss.
Which of the following should the information security manager do FIRST?
A. Revise the data classification policy.
B. Review the contract.
C. Review the configuration
D. Implement stricter data loss controls.
Selected Answer: C
Question #: 899
Topic #: 1
Which of the following roles is PRIMARILY responsible for developing an information classification framework based on business needs?
A. Information owner
B. Information security steering committee
C. Senior management
D. Information security manager
Selected Answer: C
Question #: 879
Topic #: 1
Which of the following would BEST guide the development and maintenance of an information security program?
A. A business impact assessment
B. The organization’s risk appetite
C. A comprehensive risk register
D. An established risk assessment process
Selected Answer: D
Question #: 855
Topic #: 1
An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?
A. Requirements for regularly testing backups
B. The disaster recovery communication plan
C. Recovery time objectives (RTOs)
D. Definition of when a disaster should be declared
Selected Answer: D
Question #: 198
Topic #: 1
Which of the following is MOST likely to affect an organization’s ability to respond to security incidents in a timely manner?
A. Lack of senior management buy-in
B. Inadequate detective control performance
C. Misconfiguration of security information and event management (SIEM) tool
D. Complexity of network segmentation
Selected Answer: A
Question #: 643
Topic #: 1
An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?
A. Deterrent
B. Detective
C. Preventive
D. Corrective
Selected Answer: D
Question #: 446
Topic #: 1
Which of the following is MOST important to the effectiveness of an information security program?
A. The program is aligned to legal and regulatory requirements
B. The program is aligned to a security control framework
C. Annual audits of the program are conducted
D. Users are trained on security policies and procedures
Selected Answer: B
Question #: 839
Topic #: 1
Which of the following parties should be responsible for determining access levels to an application that processes client information?
A. The identity and access management team
B. The business client
C. The information security team
D. Business unit management
Selected Answer: A
Question #: 127
Topic #: 1
Which of the following is the MOST important objective of testing a security incident response plan?
A. Ensure the thoroughness of the response plan.
B. Verify the response assumptions are valid.
C. Confirm that systems are recovered in the proper order.
D. Validate the business impact analysis (BIA).
Selected Answer: A
Question #: 422
Topic #: 1
Which of the following is the BEST way to reduce the risk associated with a successful social engineering attack targeting help desk staff?
A. Conduct security awareness training
B. Implement two-factor authentication
C. Block access to social media sites
D. Enforce role based access to help desk systems
Selected Answer: B
Question #: 247
Topic #: 1
Which of the following is an information security manager’s FIRST priority after a high-profile system has been compromised?
A. Implement improvements to prevent recurrence.
B. Identify the malware that compromised the system.
C. Restore the compromised system.
D. Preserve incident-related data.
Selected Answer: D
Question #: 242
Topic #: 1
An organization has decided to outsource its disaster recovery function. Which of the following is the MOST important consideration when drafting the service level agreement (SLA)?
A. Testing requirements
B. Authorization chain
C. Recovery time objectives (RTOs)
D. Recovery point objectives (RPOs)
Selected Answer: A
Question #: 237
Topic #: 1
Which type of control is an incident response team?
A. Detective
B. Directive
C. Corrective
D. Preventive
Selected Answer: A
Question #: 106
Topic #: 1
Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?
A. Establish and present appropriate metrics that track performance.
B. Perform industry research annually and document the overall ranking of the IPS.
C. Perform a penetration test to demonstrate the ability to protect.
D. Provide yearly competitive pricing to illustrate the value of the IPS.
Selected Answer: C
Question #: 105
Topic #: 1
Which of the following is MOST important when selecting an information security metric?
A. Ensuring the metric is repeatable
B. Aligning the metric to the IT strategy
C. Defining the metric in qualitative terms
D. Defining the metric in quantitative terms
Selected Answer: B
