CISM Topic 2
Question #: 3
Topic #: 1
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
A. conduct a cost-benefit analysis.
B. conduct a risk assessment.
C. interview senior management.
D. perform a gap analysis.
Selected Answer: B
Question #: 782
Topic #: 1
While classifying information assets, an information security manager notices that several production databases do not have owners assigned to them. What the information security manager address this situation?
A. Assign the highest classification level to those databases.
B. Assign responsibility to the database administrator (DBA).
C. Prepare a report of the databases for senior management.
D. Review the databases for sensitive content.
Selected Answer: C
Question #: 776
Topic #: 1
In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager’s FIRST course of action?
A. Revise the policy.
B. Conduct a risk assessment.
C. Communicate the acceptable use policy.
D. Perform a root cause analysis.
Selected Answer: C
Question #: 743
Topic #: 1
Which of the following is BEST suited to provide regular reporting to the board regarding the status of compliance to a global security standard?
A. Legal counsel
B. Quality assurance (QA)
C. Information security
D. Internal audit
Selected Answer: C
Question #: 738
Topic #: 1
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
A. Business impact analysis (BIA)
B. Security operations program
C. Information security policy
D. Security risk assessment
Selected Answer: C
Question #: 720
Topic #: 1
Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?
A. Purchase cyber insurance
B. Encrypt sensitive production data
C. Maintain multiple offline backups
D. Perform integrity checks on backups
Selected Answer: C
Question #: 719
Topic #: 1
An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is MOST important for the security manager to:
A. follow the incident response plan
B. follow the business continuity plan (BCP)
C. conduct an incident forensic analysis
D. notify the business process owner
Selected Answer: A
Question #: 718
Topic #: 1
Which of the following is the MOST important consideration when establishing an organization’s information security governance committee?
A. Members represent functions across the organization
B. Members have knowledge of information security controls
C. Members are rotated periodically
D. Members are business risk owners
Selected Answer: A
Question #: 696
Topic #: 1
Which of the following is the FIRST step to establishing an effective information security program?
A. Assign accountability
B. Perform a business impact analysis (BIA)
C. Create a business case
D. Conduct a compliance review
Selected Answer: C
Question #: 301
Topic #: 1
The BEST indication of a change in risk that may negatively impact an organization is an increase in the number of:
A. security incidents reported by staff to the information security team.
B. malware infections detected by the organization’s anti-virus software.
C. alerts triggered by the security information and event management (SIEM) solution.
D. events logged by the intrusion detection system (IDS).
Selected Answer: A
Question #: 623
Topic #: 1
Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
A. Document a security exception.
B. Reduce security hardening settings.
C. Perform a risk assessment.
D. Inform business management of the risk.
Selected Answer: C
Question #: 604
Topic #: 1
Which of the following information security activities is MOST helpful to support compliance with information security policy?
A. Conducting information security awareness programs
B. Creating monthly trend metrics
C. Performing periodic IT reviews on new system acquisitions
D. Obtaining management commitment
Selected Answer: D
Question #: 560
Topic #: 1
Which of the following is the MOST important outcome of effective risk treatment?
A. Implementation of corrective actions
B. Elimination of risk
C. Timely reporting of incidents
D. Reduced cost of acquiring controls
Selected Answer: A
Question #: 275
Topic #: 1
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
A. Improved staff attendance in awareness sessions
B. Decreased number of incidents that have occurred
C. Decreased number of phishing emails received
D. Improved feedback on the anti-phishing campaign
Selected Answer: B
Question #: 222
Topic #: 1
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
A. Initiate incident response.
B. Initiate a device reset.
C. Conduct a risk assessment.
D. Disable remote access.
Selected Answer: A
Question #: 221
Topic #: 1
Which of the following would BEST help an organization’s ability to manage advanced persistent threats (APT)?
A. Having a skilled information security team
B. Increasing the information security budget
C. Using multiple security vendors
D. Having network detection tools in place
Selected Answer: A
Question #: 215
Topic #: 1
An organization’s senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager s FIRST step to support this strategy?
A. Incorporate social media into the security awareness program.
B. Develop a guideline on the acceptable use of social media.
C. Employ the use of a web content filtering solution.
D. Develop a business case for a data loss prevention (DLP) solution.
Selected Answer: B
Question #: 520
Topic #: 1
A business unit handles sensitive personally identifiable information (PII), which presents a significant financial liability to the organization should a breach occur.
Which of the following is the BEST way to mitigate the risk to the organization?
A. Implementing audit logging on systems
B. Including indemnification into customer contracts
C. Contracting the process to a third party
D. Purchasing insurance
Selected Answer: D
Question #: 262
Topic #: 1
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
A. Establish performance metrics for the team.
B. Perform a post-incident review.
C. Perform a threat analysis.
D. Implement a SIEM solution.
Selected Answer: B
Question #: 192
Topic #: 1
Which of the following is MOST important to the successful implementation of an information security program?
A. Establishing key performance indicators (KPIs)
B. Obtaining stakeholder input
C. Understanding current and emerging technologies
D. Conducting periodic risk assessments
Selected Answer: D
Question #: 189
Topic #: 1
An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?
A. Identify information security risk associated with the processes
B. Assess the business objectives of the processes
C. Evaluate the cost of information security integration
D. Benchmark the processes with best practice to identify gaps
Selected Answer: B
Question #: 183
Topic #: 1
An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy.
Which of the following should be the information security manager’s FIRST course of action?
A. Block access to the cloud storage service
B. Determine the classification level of the information
C. Seek business justification from the employee
D. Inform higher management of a security breach
Selected Answer: B
Question #: 179
Topic #: 1
Which of the following is the MOST important function of an information security steering committee?
A. Evaluating the effectiveness of information security controls on a periodic basis
B. Defining the objectives of the information security framework
C. Conducting regular independent reviews of the state of security in the business
D. Approving security awareness content prior to publication
Selected Answer: B
Question #: 173
Topic #: 1
Which of the following provides the MOST useful information for identifying security control gaps on an application server?
A. Risk assessments
B. Penetration testing
C. Threat models
D. Internal audit reports
Selected Answer: B
Question #: 167
Topic #: 1
Which of the following should be the MOST important consideration when prioritizing risk remediation?
A. Evaluation of risk
B. Duration of exposure
C. Comparison to risk appetite
D. Impact of compliance
Selected Answer: C
Question #: 164
Topic #: 1
Which is the MOST important requirement when establishing a process for responding to zero-day vulnerabilities?
A. The IT team updates antivirus signatures on user systems.
B. The IT team implements an emergency patch deployment process.
C. Business users stop using the impacted application until a patch is released.
D. The information security team implements recommended workarounds.
Selected Answer: D
Question #: 153
Topic #: 1
An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?
A. The business owner
B. Key customers
C. Executive management
D. System administrator
Selected Answer: A
Question #: 152
Topic #: 1
Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way for the information security manager to respond to this situation?
A. Update roles and responsibilities of the incident response team.
B. Train the incident response team on escalation procedures.
C. Implement a monitoring solution for incident response activities.
D. Validate that the information security strategy maps to corporate objectives.
Selected Answer: A
Question #: 149
Topic #: 1
Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?
A. Create a data classification policy.
B. Implement role-based access controls.
C. Require the use of login credentials and passwords.
D. Conduct information security awareness training.
Selected Answer: B
Question #: 148
Topic #: 1
Which of the following is the BEST way to determine if a recent investment in access control software was successful?
A. Senior management acceptance of the access control software
B. A comparison of security incidents before and after software installation
C. A business impact analysis (BIA) of the systems protected by the software
D. A review of the number of key risk indicators (KRIs) implemented for the software
Selected Answer: C
Question #: 146
Topic #: 1
Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management’s understanding of impact to the organization?
A. Detailed assessment of the security risk profile
B. Risks inherent in new security technologies
C. Findings from recent penetration testing
D. Status of identified key security risks
Selected Answer: D
Question #: 143
Topic #: 1
During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:
A. a consolidated event timeline.
B. logs from systems involved.
C. interviews with personnel.
D. documents created during the incident.
Selected Answer: A
Question #: 139
Topic #: 1
Which of the following is BEST determined by using technical metrics?
A. Whether controls are operating effectively
B. How well security risk is being managed
C. Whether security resources are adequately allocated
D. How well the security strategy is aligned with organizational objectives
Selected Answer: A
Question #: 130
Topic #: 1
Which of the following information BEST supports risk management decision making?
A. Results of a vulnerability assessment
B. Estimated savings resulting from reduced risk exposure
C. Average cost of risk events
D. Quantification of threats through threat modeling
Selected Answer: D
Question #: 122
Topic #: 1
An information security manager discovers that the organization’s new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?
A. Business unit management has not emphasized the importance of the new policy.
B. Different communication methods may be required for each business unit.
C. The wording of the policy is not tailored to the audience.
D. The corresponding controls are viewed as prohibitive to business operations.
Selected Answer: D
Question #: 120
Topic #: 1
Which of the following BEST indicates an effective vulnerability management program?
A. Security incidents are reported in a timely manner.
B. Threats are identified accurately.
C. Controls are managed proactively.
D. Risks are managed within acceptable limits.
Selected Answer: D
Question #: 108
Topic #: 1
An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager’s FIRST step?
A. Notify internal legal counsel.
B. Isolate the impacted endpoints.
C. Wipe the affected system.
D. Notify senior management.
Selected Answer: B
Question #: 103
Topic #: 1
In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?
A. Non-standard event logs
B. Access to the hardware
C. Data encryption
D. Compressed customer data
Selected Answer: B
Question #: 338
Topic #: 1
What should an information security manager do FIRST to establish a roadmap for security investments?
A. Perform cost-benefit analyses of the investments
B. Gain a thorough understanding of the organization’s operating processes
C. Establish business cases for proposed security investments
D. Ensure investments are strategically aligned with business objectives
Selected Answer: D
Question #: 188
Topic #: 1
A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager’s NEXT course of action?
A. Document and schedule a date to revisit the issue.
B. Document and escalate to senior management.
C. Shut down the business application.
D. Determine a lower-cost approach to remediation.
Selected Answer: B
Question #: 100
Topic #: 1
Which of the following would BEST enable effective decision-making?
A. Annualized loss estimates determined from past security events
B. A universally applied list of generic threats, impacts, and vulnerabilities
C. A consistent process to analyze new and historical information risk
D. Formalized acceptance of risk analysis by business management
Selected Answer: C
Question #: 97
Topic #: 1
Which of the following is the PRIMARY purpose of establishing an information security governance framework?
A. To proactively address security objectives
B. To reduce security audit issues
C. To enhance business continuity planning
D. To minimize security risks
Selected Answer: A
Question #: 95
Topic #: 1
A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?
A. Escrow of software code with conditions for code release
B. Right of the subscriber to conduct onsite audits of the vendor
C. Authority of the subscriber to approve access to its data
D. Commingling of subscribers’ data on the same physical server
Selected Answer: C
Question #: 88
Topic #: 1
Which of the following is the MOST essential element of an information security program?
A. Prioritizing program deliverables based on available resources
B. Benchmarking the program with global standards for relevance
C. Involving functional managers in program development
D. Applying project management practices used by the business
Selected Answer: C
Question #: 85
Topic #: 1
Which of the following is MOST relevant for an information security manager to communicate to the board of directors?
A. The level of exposure
B. Vulnerability assessments
C. The level of inherent risk
D. Threat assessments
Selected Answer: A
Question #: 157
Topic #: 1
Which of the following should be of MOST concern to an information security manager reviewing an organization’s data classification program?
A. The classifications do not follow industry best practices.
B. Labeling is not consistent throughout the organization.
C. The program allows exceptions to be granted.
D. Data retention requirements are not defined.
Selected Answer: B
Question #: 224
Topic #: 1
Which of the following is MOST important for an information security manager to communicate to stakeholders when approving exceptions to the information security policy?
A. Impact on the risk profile
B. Need for compensating controls
C. Time period for review
D. Requirements for senior management reporting
Selected Answer: A
Question #: 212
Topic #: 1
Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
A. Regular audits of access controls
B. Strong background checks when hiring staff
C. Prompt termination procedures
D. Role-based access control
Selected Answer: B
Question #: 746
Topic #: 1
Which of the following is a PRIMARY objective of an information security governance framework?
A. To provide the basis for action plans to achieve information security objectives organization-wide
B. To achieve the desired information security state as defined by business unit management
C. To align the relationships of stakeholders involved in developing and executing an information security strategy
D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk
Selected Answer: A
Question #: 227
Topic #: 1
An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?
A. The information security strategy
B. The organization’s risk appetite
C. The cost of noncompliance
D. The information security policy
Selected Answer: C
Question #: 1151
Topic #: 1
An enterprise has decided to procure security services from a third-party vendor to support its information security program. Which of the following is MOST important to include in the vendor selection criteria?
A. The maturity of the vendor’s internal control environment
B. Feedback from the vendor’s previous clients
C. Alignment of the vendor’s business objectives with enterprise security goals
D. Penetration testing against the vendor’s network
Selected Answer: C
Question #: 1150
Topic #: 1
Which of the following BEST enables an information security manager to identify changes in the threat landscape due to emerging technologies?
A. Input from external experts
B. Annual security assessments
C. Periodic risk assessments
D. Benchmarking against industry peers
Selected Answer: C
Question #: 1149
Topic #: 1
Which of the following is MOST important to consider when planning the eradication of a cyberattack?
A. The skills and competencies of the eradication team
B. The cost of tools and efforts required for the process
C. Obtain a clean backup of the operating system
D. Knowledge about the type and source of the threat
Selected Answer: D
Question #: 1140
Topic #: 1
Which of the following BEST helps to ensure the effective execution of an organization’s disaster recovery plan (DRP)?
A. The plan is based on industry best practices.
B. The plan is reviewed by senior and IT operational management.
C. Procedures are available at the primary and failover location.
D. Process steps are documented by the disaster recovery team.
Selected Answer: C
Question #: 904
Topic #: 1
Which of the following would BEST justify spending for a compensating control?
A. Root cause analysis
B. Emerging risk trends
C. Vulnerability assessment
D. Risk analysis
Selected Answer: B
Question #: 1070
Topic #: 1
Which of the following is the MOST important outcome of a post-incident review?
A. The system affected by the incident is restored to its prior state.
B. The root cause of the incident is determined.
C. The person responsible for the incident is identified.
D. The impact of the incident is reported to senior management.
Selected Answer: B
Question #: 1128
Topic #: 1
An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?
A. Employees are trained on the acceptable use policy.
B. Employees use smartphone tethering when accessing from remote locations.
C. Employees use the VPN when accessing the organization’s online resources.
D. Employees physically lock PCs when leaving the immediate area.
Selected Answer: A
Question #: 1077
Topic #: 1
Which of the following would be MOST useful when determining the business continuity strategy for a large organization’s data center?
A. Business impact analysis (BIA)
B. Incident root cause analysis
C. Stakeholder feedback analysis
D. Business continuity risk analysis
Selected Answer: A
Question #: 1050
Topic #: 1
A situation where an organization has unpatched IT systems in violation of the patching policy should be treated as:
A. an increased threat profile.
B. a vulnerability management failure.
C. an increased risk profile.
D. a security control failure.
Selected Answer: C
Question #: 1047
Topic #: 1
Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
A. Business impact analysis (BIA)
B. Vulnerability scan results
C. Risk assessment
D. Penetration test results
Selected Answer: C
Question #: 1001
Topic #: 1
Which of the following is the GREATEST benefit of effective information security governance?
A. Treatment priorities are based on risk exposure.
B. Information security standards are communicated to primary stakeholders.
C. The information security budget is aligned to the organization.
D. Executive management’s strategy is aligned to the information security strategy.
Selected Answer: A
Question #: 200
Topic #: 1
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
A. Business impact analysis (BIA) results
B. Recommendations from senior management
C. The business continuity plan (BCP)
D. Vulnerability assessment results
Selected Answer: A
Question #: 199
Topic #: 1
After a server has been attacked, which of the following is the BEST course of action?
A. Isolate the system.
B. Initiate incident response.
C. Conduct a security audit.
D. Review vulnerability assessment.
Selected Answer: B
Question #: 1080
Topic #: 1
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
A. The data custodian
B. The data owner
C. Internal IT audit
D. The information security manager
Selected Answer: A
Question #: 1065
Topic #: 1
Which of the following BEST determines an information asset’s classification?
A. Criticality to a business process
B. Value of the information asset in the marketplace
D. Risk assessment from the data owner
E. Cost of producing the information asset
Selected Answer: A
Question #: 1062
Topic #: 1
Which of the following is MOST important when developing an information security governance framework?
A. Ensuring alignment with the organization’s risk management framework
B. Integrating security within the system development life cycle (SDLC) process
C. Developing policies and procedures to support the framework
D. Developing security incident response measures
Selected Answer: A
Question #: 1061
Topic #: 1
Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?
A. The system can be replicated for additional use cases.
B. An industry peer experienced a recent breach with a similar application.
C. The cost of implementing the system is less than the impact of downtime.
D. The solution is within the organization’s risk tolerance.
Selected Answer: C
Question #: 1060
Topic #: 1
An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager’s MAIN concern?
A. Data backup strategy
B. Organizational reporting structure
C. Local regulations
D. Consistency in awareness programs
Selected Answer: C
Question #: 1058
Topic #: 1
The business value of an information asset is derived from:
A. its replacement cost.
B. its criticality.
C. the threat profile.
D. the risk assessment.
Selected Answer: D
Question #: 1053
Topic #: 1
Which of the following is the MOST important driver when developing an effective information security strategy?
A. Benchmarking reports
B. Information security standards
C. Business requirements
D. Security audit reports
Selected Answer: C
Question #: 1051
Topic #: 1
How does data discovery assist with data classification?
A. It provides assurance of data integrity.
B. It shows where specific data is stored.
C. It automatically classifies data by keywords.
D. It helps to identify the data owner.
Selected Answer: D
Question #: 1049
Topic #: 1
A KEY consideration in the use of quantitative risk analysis is that it:
A. applies commonly used labels to information assets.
B. assigns numeric values to exposures of information assets.
C. is based on criticality analysis of information assets.
D. aligns with best practice for risk analysis of information assets.
Selected Answer: B
Question #: 1046
Topic #: 1
Which of the following BEST facilitates the development of information security procedures that effectively support the information security policy?
A. Aligning procedures with industry best practices
B. Classifying the information assets to be protected
C. Considering the impact of systemic risk events
D. Conducting an external benchmarking exercise
Selected Answer: B
Question #: 1034
Topic #: 1
Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?
A. Information security audits
B. Security risk assessments
C. Lessons learned analysis
D. Key performance indicators (KPIs)
Selected Answer: C
Question #: 1033
Topic #: 1
An organization’s information security strategy should be the PRIMARY input to which of the following?
A. Security governance framework design
B. Enterprise risk scenario development
C. Security program metrics
D. Organizational risk appetite
Selected Answer: D
Question #: 996
Topic #: 1
A business continuity plan (BCP) should contain:
A. criteria for activation.
B. hardware and software inventories.
C. data restoration procedures.
D. information about eradication activities.
Selected Answer: C
Question #: 1045
Topic #: 1
Which of the following should the information security manager do FIRST upon learning that a business department wants to use blockchain technology for a new payment process?
A. Include the new requirements in the system development life cycle (SDLC) pipeline.
B. Update the business case to include security budget and resource needs for the new process.
C. Perform a risk assessment to identify emerging risks.
D. Benchmark blockchain solutions to determine which one is most secure.
Selected Answer: C
Question #: 155
Topic #: 1
Which of the following should be an information security manager’s MOST important criterion for determining when to review the incident response plan?
A. When recovery time objectives (RTOs) are not met
B. When missing information impacts recovery from an incident
C. Before an internal audit of the incident response process
D. At intervals indicated by industry best practice
Selected Answer: D
Question #: 957
Topic #: 1
Which of the following BEST facilitates the effectiveness of cybersecurity incident response?
A. Utilizing a security information and event management (SIEM) tool
B. Utilizing industry-leading network penetration testing tools
C. Increasing communication with all incident response stakeholders
D. Continuously updating signatures of the anti-malware solution
Selected Answer: A
Question #: 937
Topic #: 1
Of the following, who should be assigned as the owner of a newly identified risk related to an organization’s new payroll system?
A. Head of IT department
B. Head of human resources (HR)
C. Information security manager
D. Data privacy officer
Selected Answer: B
Question #: 519
Topic #: 1
The business value of an information asset is derived from:
A. its replacement cost.
B. the risk assessment.
C. its criticality.
D. the threat profile.
Selected Answer: C
Question #: 513
Topic #: 1
Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization’s existing security posture?
A. Performing a business impact analysis (BIA)
B. Reviewing policies and procedures
C. Performing a risk assessment
D. Interviewing business managers and employees
Selected Answer: C
Question #: 158
Topic #: 1
Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
A. Recovery strategy
B. Risk mitigation strategy
C. Security strategy
D. IT strategy
Selected Answer: A
Question #: 1118
Topic #: 1
Which of the following trends would be of GREATEST concern when reviewing the performance of an organization’s intrusion detection systems (IDSs)?
A. Increase in false negatives
B. Increase in false positives
C. Decrease in false positives
D. Decrease in false negatives
Selected Answer: C
Question #: 357
Topic #: 1
Which of the following is MOST important to the effectiveness of an information security program?
A. Organizational culture
B. Risk management
C. IT governance
D. Security metrics
Selected Answer: B
Question #: 355
Topic #: 1
Inadvertent disclosure of internal business information on social media is BEST minimized by which of the following?
A. Implementing data loss prevention (DLP) solutions
B. Limiting access to social media sites
C. Developing social media guidelines
D. Educating users on social media risks
Selected Answer: B
Question #: 1105
Topic #: 1
Which of the following should be the PRIMARY objective for creating a culture of security within an organization?
A. To obtain resources for information security initiatives
B. To reduce risk to acceptable levels
C. To prioritize security within the organization
D. To demonstrate control effectiveness to senior management
Selected Answer: A
Question #: 780
Topic #: 1
Which of the following is the MOST important detail to capture in an organization’s risk register?
A. Risk acceptance criteria
B. Risk severity level
C. Risk ownership
D. Risk appetite
Selected Answer: C
Question #: 644
Topic #: 1
Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization’s information security strategy?
A. Internal security audit
B. Organizational risk appetite
C. External security audit
D. Business impact analysis (BIA)
Selected Answer: B
Question #: 348
Topic #: 1
Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?
A. Mapping the risks to existing controls
B. Illustrating risk on a heat map
C. Providing a technical risk assessment report
D. Mapping the risks to the security classification scheme
Selected Answer: B
Question #: 1026
Topic #: 1
An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?
A. Secure and preserve digital evidence for analysis.
B. Gather feedback on business impact.
C. Conduct a meeting to capture lessons learned.
D. Prepare an executive summary for senior management.
Selected Answer: C
Question #: 161
Topic #: 1
What is the FIRST line of defense against criminal insider activities?
A. Signing security agreements by critical personnel
B. Stringent and enforced access controls
C. Validating the integrity of personnel
D. Monitoring employee activities
Selected Answer: C
Question #: 98
Topic #: 1
An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?
A. Implement remote wipe capability.
B. Create an acceptable use policy.
C. Conduct a mobile device risk assessment.
D. Deploy mobile device management (MDM).
Selected Answer: D
Question #: 495
Topic #: 1
Which of the following would BEST demonstrate the status of an organization’s information security program to the board of directors?
A. The information security operations matrix
B. Changes to information security risks
C. Information security program metrics
D. Results of a recent external audit
Selected Answer: C
Question #: 829
Topic #: 1
Which of the following is MOST critical when creating an incident response plan?
A. Identifying what constitutes an incident
B. Identifying vulnerable data assets
C. Documenting incident notification and escalation processes
D. Aligning with the risk assessment process
Selected Answer: B
Question #: 65
Topic #: 1
An information security manager MUST have an understanding of the organization’s business goals to:
A. relate information security to change management.
B. develop an information security strategy.
C. develop operational procedures
D. define key performance indicators (KPIs).
Selected Answer: B
Question #: 48
Topic #: 1
An information security team plans to increase password complexity requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager’s BEST course of action?
A. Evaluate business compensating controls.
B. Quantify the security risk to the business.
C. Assess business impact against security risk.
D. Conduct industry benchmarking.
Selected Answer: C
Question #: 837
Topic #: 1
Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
A. Conducting periodic vulnerability assessments
B. Defining the organization’s risk management framework
C. Communicating business impact analysis (BIA) results
D. Establishing effective stakeholder relationships
Selected Answer: C
Question #: 814
Topic #: 1
Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?
A. It transfers the risk associated with recovery to a third party.
B. It eliminates the need for the business to perform testing.
C. It eliminates the need to maintain offsite facilities.
D. It lowers the annual cost to the business.
Selected Answer: C
Question #: 595
Topic #: 1
Which type of incident response test is the MOST efficient way to verify that backup power generators are functioning?
A. Operational full test
B. Simulation failure test
C. Parallel recovery test
D. Full interruption test
Selected Answer: B
Question #: 762
Topic #: 1
An organization’s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated risk?
A. The data owner
B. The information security manager
C. The security engineer
D. The application owner
Selected Answer: B
Question #: 758
Topic #: 1
Which of the following is the BEST indicator of an emerging incident?
A. A weakness identified within an organization’s information systems
B. Attempted patching of systems resulting in errors
C. Customer complaints about lack of website availability
D. A recent security incident at an industry competitor
Selected Answer: A
Question #: 754
Topic #: 1
Due to changes in an organization’s environment, security controls may no longer be adequate. What is the information security manager’s BEST course of action?
A. Perform a new risk assessment.
B. Review the previous risk assessment and countermeasures.
C. Transfer the new risk to a third party.
D. Evaluate countermeasures to mitigate new risks.
Selected Answer: A
Question #: 735
Topic #: 1
An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?
A. Review the business unit’s function against the policy
B. Revise the policy to accommodate the business unit
C. Report the business unit for policy noncompliance
D. Enforce sanctions on the business unit
Selected Answer: C
Question #: 671
Topic #: 1
Which of the following is MOST important to include in a post-incident review following a data breach?
A. An evaluation of the effectiveness of the information security strategy
B. Documentation of regulatory reporting requirements
C. A review of the forensics chain of custody
D. Evaluations of the adequacy of existing controls
Selected Answer: D
Question #: 1136
Topic #: 1
Which of the following should be the FIRST step when performing triage of a malware incident?
A. Preserving the forensic image
B. Containing the affected system
C. Comparing backup against production
D. Removing the malware
Selected Answer: D
Question #: 1129
Topic #: 1
To improve an organization’s information security culture, it is MOST important for senior management to:
A. participate in security training.
B. review security budget and resources.
C. demonstrate good security practices.
D. approve security policies.
Selected Answer: C
Question #: 1124
Topic #: 1
The categorization of incidents is MOST important for evaluating which of the following?
A. Appropriate communication channels
B. Risk severity and incident priority
C. Allocation of needed resources
D. Response and containment requirements
Selected Answer: B
Question #: 752
Topic #: 1
When an organization decides to accept a risk, it should mean the cost to mitigate:
A. exceeds budget allocation.
B. is higher than the cost to transfer risk.
C. is less than the residual risk.
D. is greater than the residual risk.
Selected Answer: D
Question #: 27
Topic #: 1
Which of the following BEST enables effective information security governance?
A. Security-aware corporate culture
B. Advanced security technologies
C. Periodic vulnerability assessments
D. Established information security metrics
Selected Answer: A
Question #: 1109
Topic #: 1
Which of the following is MOST important for guiding the development and management of a comprehensive information security program?
A. Adopting information security program management best practices
B. Aligning the organization’s business objectives with IT objectives
C. Establishing and maintaining an information security governance framework
D. Implementing policies and procedures to address the information security strategy
Selected Answer: C
Question #: 1097
Topic #: 1
An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
A. Calculate the return on investment (ROI).
B. Provide security awareness training to HR.
C. Assess the business objectives of the processes.
D. Benchmark the processes with best practice to identify gaps.
Selected Answer: D
Question #: 1091
Topic #: 1
Which of the following controls would BEST help to detect a targeted attack exploiting a zero-day vulnerability?
A. Intrusion prevention system (IPS)
B. Vulnerability scanning
C. Endpoint detection and response (EDR)
D. Extended detection and response (XDR)
Selected Answer: B
Question #: 1086
Topic #: 1
While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?
A. The test involves IT members in the test process.
B. The test simulates actual prime-time processing conditions.
C. The test is scheduled to reduce operational impact.
D. The test addresses the critical components.
Selected Answer: A
Question #: 1074
Topic #: 1
Which of the following is the MOST effective way to demonstrate improvement in security performance?
A. Report the results of a security control self-assessment (CSA).
B. Present trends in a validated metrics dashboard.
C. Provide a summary of security project return on investments (ROIs).
D. Present vulnerability testing results.
Selected Answer: C
Question #: 1073
Topic #: 1
Which of the following BEST facilitates the development of a comprehensive information security policy?
A. Alignment with an established information security framework
B. Security key performance indicators (KPIs)
C. A review of recent information security incidents
D. An established internal audit program
Selected Answer: A
Question #: 1069
Topic #: 1
Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?
A. It offers the organization flexible deployment options using cloud infrastructure.
B. It allows the organization to prioritize its core operations.
C. It is more secure than traditional data backup architecture.
D. It allows the use of a professional response team at a lower cost.
Selected Answer: A
Question #: 1057
Topic #: 1
An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?
A. Assess and update spam filtering rules.
B. Establish an acceptable use policy.
C. Implement disciplinary procedures.
D. Conduct phishing awareness training.
Selected Answer: C
Question #: 1056
Topic #: 1
A financial institution has identified a high risk of fraud within its credit department. Which of the following information security controls will BEST reduce the risk of fraud?
A. Mandatory time off
B. Segregation of duties
C. Acceptable use policy
D. Periodic risk assessments
Selected Answer: D
Question #: 1054
Topic #: 1
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
A. Implementing an IT resilience solution
B. Implementing management reviews
C. Documenting critical business processes
D. Incorporating lessons learned
Selected Answer: C
Question #: 1048
Topic #: 1
Which of the following is MOST helpful for determining priorities when creating a long-term information security roadmap?
A. The organization’s information security framework
B. Information security steering committee input
C. Enterprise architecture (EA)
D. Industry best practices
Selected Answer: B
Question #: 341
Topic #: 1
Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?
A. Standardize secure web development practices
B. Integrate security into the early phases of the development life cycle
C. Incorporate security requirements into job descriptions
D. Implement a tailored security awareness training program
Selected Answer: D
Question #: 1044
Topic #: 1
Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?
A. Penetration testing
B. Root cause analysis
C. Continuous log monitoring
D. Computer forensics
Selected Answer: C
Question #: 1043
Topic #: 1
An organization’s information security team presented the risk register at a recent information security steering committee meeting. Which of the following should be of MOST concern to the committee?
A. No owners were identified for some risks.
B. Business applications had the highest number of risks.
C. Risk mitigation action plans had no timelines.
D. Risk mitigation action plan milestones were delayed.
Selected Answer: B
Question #: 1035
Topic #: 1
Which of the following is BEST used to determine the maturity of an information security program?
A. Organizational risk appetite
B. Risk assessment results
C. Security metrics
D. Security budget allocation
Selected Answer: C
Question #: 1016
Topic #: 1
Which of the following is the BEST way to improve an organization’s ability to detect and respond to incidents?
A. Conduct a business impact analysis (BIA).
B. Conduct periodic awareness training.
C. Perform a security gap analysis.
D. Perform network penetration testing.
Selected Answer: C
Question #: 1015
Topic #: 1
During an internal compliance review, the review team discovers that a critical legacy application is unable to meet the organization’s mandatory security requirements. Which of the following should be done FIRST?
A. Update the risk register.
B. Recommend taking the application out of service.
C. Implement compensating controls.
D. Monitor the application until it can be replaced.
Selected Answer: A
Question #: 656
Topic #: 1
A business unit is not complying with a control implemented to mitigate risk because doing so impacts the ability to achieve business goals. When reporting the noncompliance to senior management, what would be the information security manager’s BEST recommendation?
A. Accept the noncompliance.
B. Conduct a control assessment.
C. Implement compensating controls.
D. Educate the noncompliant users.
Selected Answer: C
Question #: 244
Topic #: 1
Which of the following is MOST important to ensure when considering exceptions to an information security policy?
A. Exceptions are approved by executive management.
B. Exceptions undergo regular review.
C. Exceptions reflect the organizational risk appetite.
D. Exceptions are based on data classification.
Selected Answer: C
Question #: 632
Topic #: 1
Which of the following is MOST important for building a robust information security culture within an organization?
A. Mature information security awareness training across the organization
B. Security controls embedded within the development and operation of the IT environment
C. Senior management approval of information security policies
D. Strict enforcement of employee compliance with organizational security policies
Selected Answer: C
Question #: 612
Topic #: 1
Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
A. Require staff to sign confidentiality agreements.
B. Require staff to participate in information security awareness training.
C. Communicate disciplinary processes for policy violations.
D. Include information security responsibilities in job descriptions.
Selected Answer: B
Question #: 608
Topic #: 1
In order to understand an organization’s security posture, it is MOST important for an organization’s senior leadership to:
A. review the number of reported security incidents.
B. evaluate results of the most recent incident response test.
C. ensure established security metrics are reported.
D. assess progress of risk mitigation efforts.
Selected Answer: C
Question #: 606
Topic #: 1
Which of the following is MOST helpful in ensuring an information security governance framework continues to support business objectives?
A. A consistent risk assessment methodology
B. A monitoring strategy
C. An effective organizational structure
D. Stakeholder buy-in
Selected Answer: D
Question #: 605
Topic #: 1
Which of the following is MOST important to determine following the discovery and eradication of a malware attack?
A. The creator of the malware
B. The malware entry path
C. The type of malware involved
D. The method of detecting the malware
Selected Answer: B
Question #: 602
Topic #: 1
Which of the following is MOST important to ensure ongoing senior management commitment to an organization’s information security strategy?
A. Effective and reliable security reporting
B. A well-defined information security control framework
C. A detailed and documented business impact analysis (BIA)
D. Strategic alignment to an industry framework
Selected Answer: C
Question #: 350
Topic #: 1
An organization’s human resources (HR) department is planning to migrate a legacy application to a new application in the cloud. What is the BEST way for the information security manager to support this effort?
A. Encrypt the data to the cloud so that the data is secure.
B. Conduct vulnerability scans on the cloud provider.
C. Update the policies to add controls for protecting the data.
D. Conduct a security assessment on the cloud provider.
Selected Answer: D
Question #: 545
Topic #: 1
Which of the following is an information security manager’s BEST recommendation to senior management following a breach at the organization’s Software as a
Service (SaaS) vendor?
A. Engage legal counsel
B. Terminate the relationship with the vendor
C. Renegotiate the vendor contract
D. Update the vendor risk assessment
Selected Answer: A
Question #: 515
Topic #: 1
Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?
A. Minimizing the cost of security controls
B. Reducing organizational security risk
C. Improving the protection of information
D. Achieving organizational objectives
Selected Answer: B
Question #: 509
Topic #: 1
A penetration test was conducted by an accredited third party. Which of the following should be the information security manager’s FIRST course of action?
A. Request funding needed to resolve the top vulnerabilities.
B. Ensure a risk assessment is performed to evaluate the findings.
C. Report findings to senior management.
D. Ensure vulnerabilities found are resolved within acceptable timeframes.
Selected Answer: C
Question #: 255
Topic #: 1
Which of the following would MOST effectively communicate the benefits of an information security program to executive management?
A. Key performance indicators (KPIs)
B. Threat models
C. Key risk indicators (KRIs)
D. Industry benchmarks
Selected Answer: C
Question #: 443
Topic #: 1
Which of the following should be the FIRST step of incident response procedures?
A. Classify the event depending on severity and type
B. Perform a risk assessment to determine the business impact
C. Evaluate the cause of the control failure
D. Identify if there is a need for additional technical assistance
Selected Answer: B
Question #: 451
Topic #: 1
In a call center, the BEST reason to conduct a social engineering exercise is to:
A. gain funding for information security initiatives
B. identify candidates for additional security training
C. improve password policy
D. minimize the likelihood of successful attacks
Selected Answer: B
Question #: 482
Topic #: 1
An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?
A. Update the organization’s risk register.
B. Develop a policy exception process.
C. Communicate the changes to stakeholders.
D. Conduct a risk assessment.
Selected Answer: D
Question #: 117
Topic #: 1
Which of the following should an information security manager perform FIRST when an organization’s residual risk has increased?
A. Implement security measures to reduce the risk.
B. Assess the business impact.
C. Transfer the risk to third parties.
D. Communicate the information to senior management.
Selected Answer: D
Question #: 476
Topic #: 1
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
A. web surfing controls
B. packet filtering
C. application awareness
D. log monitoring
Selected Answer: D
Question #: 469
Topic #: 1
Which of the following is the BEST approach to identify new security issues associated with IT systems and applications in a timely manner?
A. Requiring periodic security audits of IT systems and applications
B. Comparing current state to established industry benchmarks
C. Performing a vulnerability assessment for each change to IT systems
D. Integrating risk assessments into the change management process
Selected Answer: D
Question #: 463
Topic #: 1
Which of the following would BEST mitigate accidental data loss events?
A. Enforce a data hard drive encryption policy
B. Conduct a data loss prevention audit
C. Conduct periodic user awareness training
D. Obtain senior management support for the information security strategy
Selected Answer: C
Question #: 442
Topic #: 1
Which of the following should be the MOST important consideration of business continuity management?
A. Ensuring human safety
B. Securing critical information assets
C. Ensuring the reliability of backup data
D. Identifying critical business processes
Selected Answer: A
Question #: 400
Topic #: 1
An employee of an organization has reported losing a smartphone that contains sensitive information. The BEST step to address this situation is to:
A. remotely wipe the device.
B. terminate the device connectivity.
C. disable the user’s access to corporate resources.
D. escalate to the user’s management.
Selected Answer: A
Question #: 457
Topic #: 1
Which of the following provides the MOST assurance that a third-party hosting provider will be able to meet availability requirements?
A. The third party’s business continuity plan (BCP)
B. The third party’s incident response plan
C. Right-to-audit clause
D. Service level agreement (SLA)
Selected Answer: D
Question #: 272
Topic #: 1
Which of the following should be the MOST important consideration when reviewing an information security strategy?
A. Changes to the security budget
B. New business initiatives
C. Internal audit findings
D. Recent security incidents
Selected Answer: B
Question #: 271
Topic #: 1
For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?
A. Number of virus infections detected
B. Average recovery time per incident
C. Amount of infection-related downtime
D. Number of downtime-related help desk calls
Selected Answer: B
Question #: 267
Topic #: 1
An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative?
A. Review cloud provider independent assessment reports.
B. Provide cloud security requirements
C. Evaluate service level agreements (SLAs)
D. Calculate security implementation costs
Selected Answer: B
Question #: 264
Topic #: 1
An organization’s operations have been significantly impacted by a cyberattack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?
A. Update the incident response plan.
B. Perform a root cause analysis.
C. Implement compensating controls.
D. Conduct a lessons learned exercise.
Selected Answer: B
