CISM Topic 5
Question #: 797
Topic #: 1
Which of the following is MOST important to include in monthly information security reports to the board?
A. Root cause analysis of security incidents
B. Threat intelligence
C. Risk assessment results
D. Trend analysis of security metrics
Selected Answer: D
Question #: 795
Topic #: 1
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
A. Isolate the affected systems.
B. Conduct an impact assessment.
C. Initiate incident response.
D. Rebuild the affected systems.
Selected Answer: C
Question #: 787
Topic #: 1
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
A. Propose that IT update information security policies and procedures.
B. Request that internal audit conduct a review of the policy development process.
C. Conduct user awareness training within the IT function.
D. Determine the risk related to noncompliance with the policy.
Selected Answer: D
Question #: 784
Topic #: 1
IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant to a project?
A. Involving information security at each stage of project management
B. Creating a data classification framework and providing it to stakeholders
C. Identifying responsibilities during the project business case analysis
D. Providing stakeholders with minimum information security requirements
Selected Answer: A
Question #: 783
Topic #: 1
An organization’s research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?
A. Accept the risk, as the benefits exceed the potential consequences.
B. Mitigate the risk by applying anonymization on the data set.
C. Transfer the risk by purchasing insurance.
D. Mitigate the risk by encrypting the customer names in the data set.
Selected Answer: B
Question #: 734
Topic #: 1
Which of the following is the BEST way to rigorously test a disaster recovery plan (DRP) for a mission-critical system without disrupting business operations?
A. Parallel testing
B. Simulation testing
C. Checklist review
D. Structured walk-through
Selected Answer: A
Question #: 177
Topic #: 1
An information security manager’s PRIMARY objective for presenting key risks to the board of directors is to:
A. ensure appropriate information security governance.
B. quantify reputational risks.
C. meet information security compliance requirements.
D. re-evaluate the risk appetite.
Selected Answer: A
Question #: 165
Topic #: 1
An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would BEST enable the information security manager to address this concern?
A. Incident classification
B. Incident response
C. Forensic analysis
D. Vulnerability assessment
Selected Answer: A
Question #: 725
Topic #: 1
Which of the following will BEST enable an effective information asset classification process?
A. Reviewing the recovery time objective (RTO) requirements of the asset
B. Assigning ownership
C. Including security requirements in the classification process
D. Analyzing audit findings
Selected Answer: B
Question #: 1038
Topic #: 1
Which of the following is the PRIMARY objective of developing an information security program that aligns with the information security strategy?
A. To define the resources required to achieve information security goals
B. To define a bottom-up approach for implementing information security policies
C. To define standards to be implemented
D. To define risk mitigation plans for security technologies
Selected Answer: A
Question #: 713
Topic #: 1
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
A. Key performance indicators (KPIs)
B. Systems inventory
C. Recovery procedures
D. Business impact analysis (BIA) results
Selected Answer: D
Question #: 707
Topic #: 1
The PRIMARY advantage of involving end users in continuity planning is that they:
A. can see the overall impact to the business
B. are more objective than information security management
C. can balance the technical and business risks
D. have a better understanding of specific business needs
Selected Answer: D
Question #: 706
Topic #: 1
When investigating an information security incident details of the incident should be shared:
A. widely to demonstrate positive intent
B. only as needed
C. only with management
D. only with internal audit
Selected Answer: B
Question #: 699
Topic #: 1
Which of the following is MOST useful to an information security manager when conducting a post-incident review of an attack?
A. Cost of the attack to the organization
B. Location of the attacker
C. Details from intrusion detection system (IDS) logs
D. Method of operation used by the attacker
Selected Answer: D
Question #: 13
Topic #: 1
An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the BEST information for the information security manager to draw a conclusion?
A. Initiating a cost-benefit analysis of the implemented controls
B. Performing a risk assessment
C. Reviewing the risk register
D. Conducting a business impact analysis (BIA)
Selected Answer: B
Question #: 688
Topic #: 1
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
A. Incident response plan
B. Disaster recovery plan (DRP)
C. Business contingency plan
D. Business continuity plan (BCP)
Selected Answer: D
Question #: 683
Topic #: 1
Which of the following is the BEST course of action for an information security manager to align security and business goals?
A. Reviewing the business strategy
B. Conducting a business impact analysis (BIA)
C. Actively engaging with stakeholders
D. Defining key performance indicators (KPIs)
Selected Answer: C
Question #: 678
Topic #: 1
Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?
A. Full interruption test
B. Tabletop test
C. Parallel test
D. Simulation test
Selected Answer: C
Question #: 525
Topic #: 1
Which of the following is the PRIMARY purpose of implementing information security standards?
A. To provide a basis for developing information security policies
B. To provide step-by-step instructions for performing security-related tasks
C. To provide management direction with a specific security objective
D. To establish a minimum acceptable security baseline
Selected Answer: D
Question #: 115
Topic #: 1
The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:
A. escalation procedures.
B. information security manager.
C. chain of custody.
D. disaster recovery plan (DRP).
Selected Answer: A
Question #: 102
Topic #: 1
Which of the following is the BEST strategy to implement an effective operational security posture?
A. Increased security awareness
B. Defense in depth
C. Threat management
D. Vulnerability management
Selected Answer: B
Question #: 99
Topic #: 1
When scoping a risk assessment, assets need to be classified by:
A. sensitivity and criticality.
B. likelihood and impact.
C. threats and opportunities.
D. redundancy and recoverability.
Selected Answer: A
Question #: 622
Topic #: 1
Which of the following BEST enables an organization to appropriately prioritize information security-focused projects?
A. Return on investment (ROI)
B. Privacy compliance requirements
C. Organizational risk appetite
D. Historical security incidents
Selected Answer: C
Question #: 618
Topic #: 1
An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?
A. Review independent security assessment reports for each vendor.
B. Benchmark each vendor’s services with industry best practices.
C. Define information security requirements and processes.
D. Analyze the risks and propose mitigating controls.
Selected Answer: A
Question #: 617
Topic #: 1
Which of the following presents the GREATEST challenge to a security operations center’s timely identification of potential security breaches?
A. An organization has a decentralized data center that uses cloud services.
B. Operating systems are no longer supported by the vendor.
C. IT system clocks are not synchronized with the centralized logging server.
D. The patch management system does not deploy patches in a timely manner.
Selected Answer: C
Question #: 599
Topic #: 1
When creating an incident response plan, which of the following is MOST important to include during the preparation phase of the plan’s life cycle?
A. Communication plan
B. Response procedures
C. Risk management plan
D. Forensic analysis procedures
Selected Answer: A
Question #: 722
Topic #: 1
An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager’s FIRST course of action?
A. Conduct an information security audit
B. Perform a gap analysis
C. Validate the relevance of the information
D. Inform senior management
Selected Answer: C
Question #: 591
Topic #: 1
An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?
A. Notify the CISO of the security policy violation.
B. Perform a system access review.
C. Perform a full review of all system transactions over the past 90 days.
D. Immediately suspend the executives’ access privileges.
Selected Answer: B
Question #: 589
Topic #: 1
The PRIMARY objective of timely declaration of a disaster is to:
A. ensure the continuity of the organization’s essential services.
B. protect critical physical assets from further loss.
C. ensure engagement of business management in the recovery process.
D. assess and correct disaster recovery process deficiencies.
Selected Answer: A
Question #: 585
Topic #: 1
When preparing an information security policy for a global organization, how should an information security manager BEST address local legislation in multiple countries?
A. Rely on local interpretation of the global policy to comply with local legislation.
B. Create a policy exception process for each country.
C. Enforce the same global policy in every country.
D. Establish local policies for each country that supplement the global policy.
Selected Answer: D
Question #: 573
Topic #: 1
Which of the following activities provides the GREATEST insight into the level of threat exposure within an IT environment?
A. Executing an organization-wide security audit
B. Performing penetration testing
C. Performing technical vulnerability assessments
D. Conducting a red team exercise
Selected Answer: D
Question #: 572
Topic #: 1
Which of the following BEST demonstrates that security controls are effective?
A. Audit report
B. Tabletop simulation
C. Risk and control self-assessment
D. Business impact analysis (BIA) results
Selected Answer: A
Question #: 570
Topic #: 1
Which of the following is necessary to ensure consistent protection for an organization’s information assets?
A. Control assessment
B. Data ownership
C. Regulatory requirements
D. Classification mode
Selected Answer: D
Question #: 555
Topic #: 1
What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?
A. Local laws and regulations
B. Backup and restoration of data
C. Vendor service level agreements (SLAs)
D. Independent review of the vendor
Selected Answer: A
Question #: 539
Topic #: 1
An organization has just updated its backup capability to a new cloud-based solution. Which of the following tests will MOST effectively verify this change is working as intended?
A. Simulation testing
B. Tabletop testing
C. Parallel testing
D. Black box testing
Selected Answer: C
Question #: 810
Topic #: 1
An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
A. Postpone the implementation until the vulnerability has been fixed.
B. Commission further penetration tests to validate initial test results.
C. Assess whether the vulnerability is within the organization’s risk tolerance levels.
D. Implement the application and request the cloud service provider to fix the vulnerability.
Selected Answer: A
Question #: 881
Topic #: 1
The MOST useful technique for maintaining management support for the information security program is:
A. informing management about the security of business operations.
B. identifying the risks and consequences of failure to comply with standards.
C. benchmarking the security programs of comparable organizations.
D. implementing a comprehensive security awareness and training program.
Selected Answer: A
Question #: 497
Topic #: 1
Which of the following should an information security manager do FIRST when informed that customer data has been breached within a third-party vendor’s environment?
A. Communicate the breach to leadership.
B. Request and verify evidence of the breach.
C. Notify the incident response team.
D. Review vendor obligations in the contract.
Selected Answer: B
Question #: 491
Topic #: 1
Which of the following clauses would represent the MOST significant potential exposure if included in a contract with a third-party service provider?
A. Provider responsibility in a disaster limited to best reasonable efforts
B. Provider liability for loss of data limited to cost of physical media
C. Audit rights limited to customer data and supporting infrastructure
D. Access to escrowed software restricted to specific conditions
Selected Answer: B
Question #: 487
Topic #: 1
A serious vulnerability was detected in a business application that can be exploited by external attackers to compromise the system. What is the information security manager’s BEST course of action?
A. Implement temporary remediation.
B. Request an immediate shutdown of the application.
C. Report the risk to the business application owner.
D. Ask the business application owner to apply the fix immediately.
Selected Answer: C
Question #: 477
Topic #: 1
Which of the following BEST enables successful identification of a potential IT security incident?
A. Configuration management standards
B. Event correlation
C. Network intrusion detection systems (NIDS)
D. File integrity monitoring
Selected Answer: B
Question #: 474
Topic #: 1
When a critical system incident is reported, the FIRST step of the incident handler should be to:
A. power off the system.
B. determine the scope of the incident.
C. validate the incident.
D. notify the appropriate parties.
Selected Answer: C
Question #: 472
Topic #: 1
Which of the following is the MOST important issue in a penetration test?
A. Performing the test without the benefit of any insider knowledge
B. Having an independent group perform the test
C. Having a defined goal as well as success and failure criteria
D. Obtaining permission from audit
Selected Answer: C
Question #: 436
Topic #: 1
Which of the following is the MOST important requirement for a successful security program?
A. Management decision on asset value
B. Penetration testing on key systems
C. Nondisclosure agreements (NDA) with employees
D. Mapping security processes to baseline security standards
Selected Answer: A
Question #: 690
Topic #: 1
Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
A. Requiring multifactor authentication
B. Requiring challenge/response information
C. Enforcing frequent password changes
D. Enforcing complex password formats
Selected Answer: A
Question #: 454
Topic #: 1
Which of the following needs to be established FIRST in order to categorize data properly?
A. A data protection policy
B. A data flow diagram
C. A data classification framework
D. A data custodian
Selected Answer: C
Question #: 444
Topic #: 1
Which of the following is the BEST method for reducing the risk of data loss due to phishing attacks?
A. Changing passwords frequently
B. Implementing data loss prevention
C. Using spam filtering solutions
D. Educating users
Selected Answer: D
Question #: 423
Topic #: 1
During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption unauthorized alterations and errors?
A. Password management
B. Version management
C. Change management
D. Configuration management
Selected Answer: C
Question #: 419
Topic #: 1
An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization’s FIRST action?
A. Implement additional controls.
B. Report to senior management.
C. Initiate incident response processes.
D. Conduct an impact analysis.
Selected Answer: D
Question #: 416
Topic #: 1
When integrating security risk management into an organization it is MOST important to ensure:
A. the risk management methodology follows an established framework.
B. business units approve the risk management methodology.
C. the risk treatment process is defined.
D. information security policies are documented and understood.
Selected Answer: A
Question #: 415
Topic #: 1
A company has a remote office located in a different country. The company’s chief information security officer (CISO) has just learned of a new regulatory requirement mandated by the country of the remote office. Which of the following should be the NEXT step?
A. Integrate new requirements into the corporate policies
B. Evaluate whether the new regulation impacts information security
C. Create separate security policies and procedures for the new regulation
D. Implement the requirement at the remote office location
Selected Answer: B
Question #: 402
Topic #: 1
During the response to a serious security breach, who is the BEST organizational staff member to communicate with external entities?
A. The resource designated by senior management
B. The incident response team leader
C. The resource specified in the incident response plan
D. A dedicated public relations spokesperson
Selected Answer: C
Question #: 399
Topic #: 1
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
A. Balanced scorecard
B. Benchmarking
C. Heat map
D. Risk matrix
Selected Answer: A
Question #: 394
Topic #: 1
When making decisions on prioritizing risk mitigation activities, which of the following would provide senior management with the MOST comprehensive information?
A. Risk assessment report
B. Risk action plan
C. Risk register
D. Internal audit report
Selected Answer: C
Question #: 354
Topic #: 1
Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?
A. Lack of communication to affected users
B. Poor documentation of results and lessons learned
C. Lack of coordination among departments
D. Disruption to the production environment
Selected Answer: D
Question #: 344
Topic #: 1
During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:
A. review the state of security awareness
B. review information security policies
C. perform a risk assessment
D. perform a gap analysis
Selected Answer: C
Question #: 335
Topic #: 1
Which of the following is MOST helpful in determining an organization’s current capacity to mitigate risks?
A. Capability maturity model
B. Vulnerability assessment
C. Business impact analysis (BIA)
D. IT security risk and exposure
Selected Answer: A
Question #: 333
Topic #: 1
What would be the MAIN purpose of an immediate post-incident review after a comprehensive test of the incident response plan?
A. To reduce costs associated with incident response efforts
B. To determine ways to improve incident response plan processes
C. To document weaknesses for the next incident response plan test
D. To revalidate incident response plan activities
Selected Answer: B
Question #: 332
Topic #: 1
A modification to a critical system was not detected until the system was compromised. Which of the following will BEST help to prevent future occurrences?
A. Conducting continuous network monitoring
B. Improving the change control process
C. Conducting continuous risk assessments
D. Baselining server configurations
Selected Answer: B
Question #: 320
Topic #: 1
To ensure that a new application complies with information security policy, the BEST approach is to:
A. perform a vulnerability analysis
B. review the security of the application before implementation
C. integrate security functionality during the development stage
D. periodically audit the security of the application
Selected Answer: C
Question #: 305
Topic #: 1
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:
A. explain the organization’s preferred practices for security.
B. ensure that all business units have the same strategic security goals.
C. ensure that all business units implement identical security procedures.
D. provide evidence for auditors that security practices are adequate.
Selected Answer: A
Question #: 235
Topic #: 1
The PRIMARY goal of a post-incident review should be to:
A. identify policy changes to prevent a recurrence.
B. establish the cost of the incident to the business.
C. determine why the incident occurred.
D. determine how to improve the incident handling process.
Selected Answer: D
Question #: 118
Topic #: 1
Which of the following is the PRIMARY reason for an information security manager to present the business case for an information security initiative to senior management?
A. To aid management in the decision-making process for purchasing the solution
B. To represent stakeholders who will benefit from enhancements in information security
C. To provide management with the status of the information security program
D. To demonstrate to management the due diligence involved with selecting the solution
Selected Answer: A
Question #: 223
Topic #: 1
An organization has fallen victim to a spear-phishing attack that compromised the multi-factor authentication code. What is the information security manager’s
MOST important follow-up action?
A. Communicate the threat to users.
B. Install client anti-malware solutions.
C. Implement firewall blocking of known attack signatures.
D. Implement an advanced email filtering system.
Selected Answer: A
Question #: 201
Topic #: 1
What is the PRIMARY responsibility of the security steering committee?
A. Implement information security control.
B. Develop information security policy.
C. Set direction and monitor performance.
D. Provide information security training to employees.
Selected Answer: C
Question #: 182
Topic #: 1
During which of the following development phases is it MOST challenging to implement security controls?
A. Implementation phase
B. Post-implementation phase
C. Design phase
D. Development phase
Selected Answer: B
Question #: 174
Topic #: 1
Which of the following components of an information security risk assessment is MOST valuable to senior management?
A. Residual risk
B. Return on investment (ROI)
C. Mitigation actions
D. Threat profile
Selected Answer: A
Question #: 172
Topic #: 1
Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?
A. The URL of the e-commerce server
B. The certificate of the e-commerce server
C. The IP address of the e-commerce server
D. The browser’s indication of SSL use
Selected Answer: B
Question #: 55
Topic #: 1
Which of the following is MOST likely to be a component of a security incident escalation policy?
A. Names and telephone numbers of key management personnel
B. A severity-ranking mechanism tied only to the duration of the outage
C. Sample scripts and press releases for statements to media
D. Decision criteria for when to alert various groups
Selected Answer: D
Question #: 1037
Topic #: 1
A business impact analysis (BIA) BEST enables an organization to establish:
A. annualized loss expectancy (ALE).
B. recovery methods.
C. restoration priorities.
D. total cost of ownership (TCO).
Selected Answer: C
Question #: 686
Topic #: 1
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager’s BEST course of action?
A. Instruct the vendor to conduct penetration testing.
B. Suspend the connection to the application in the firewall.
C. Initiate the organization’s incident response process.
D. Report the situation to the business owner of the application.
Selected Answer: C
Question #: 123
Topic #: 1
Which of the following is the BEST defense against a brute force attack?
A. Intruder detection lockout
B. Time-of-day restrictions
C. Discretionary access control
D. Mandatory access control
Selected Answer: A
Question #: 110
Topic #: 1
Which of the following metrics is the BEST measure of the effectiveness of an information security program?
A. Reduction in the amount of risk exposure in an organization
B. Reduction in the number of threats to an organization
C. Reduction in the cost of risk remediation for an organization
D. Reduction in the number of vulnerabilities in an organization
Selected Answer: A
Question #: 107
Topic #: 1
An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?
A. Install biometric access control.
B. Develop an incident response plan.
C. Define data retention criteria.
D. Enable activity logging.
Selected Answer: D
Question #: 225
Topic #: 1
To implement effective continuous monitoring of IT controls, an information security manager needs to FIRST ensure:
A. security alerts are centralized.
B. periodic scanning of IT systems is in place.
C. metrics are communicated to senior management.
D. information assets have been classified.
Selected Answer: D
Question #: 63
Topic #: 1
Which of the following should be an information security managers MOST important consideration when determining if an information asset has been classified appropriately?
A. Value to the business
B. Security policy requirements
C. Ownership of information
D. Level of protection
Selected Answer: A
Question #: 620
Topic #: 1
Which of the following provides an information security manager with the MOST accurate indication of the organization’s ability to respond to a cyber attack?
A. Walk-through of the incident response plan
B. Black box penetration test
C. Simulated phishing exercise
D. Red team exercise
Selected Answer: D
Question #: 38
Topic #: 1
Labeling information according to its security classification:
A. reduces the need to identify baseline controls for each classification.
B. reduces the number and type of countermeasures required.
C. enhances the likelihood of people handling information securely.
D. affects the consequences if information is handled insecurely.
Selected Answer: C
Question #: 421
Topic #: 1
During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
A. baseline security controls
B. security objectives
C. cost-benefit analyses
D. benchmarking security metrics
Selected Answer: A
Question #: 884
Topic #: 1
Which of the following is the FIRST step in developing a business impact analysis (BIA)?
A. Identifying interdependencies among critical functions within the business
B. Determining the minimum resources needed for recovery
C. Identifying which business functions are critical to the organization
D. Determining the required recovery time objective (RTO) of business operations
Selected Answer: C
Question #: 874
Topic #: 1
Which of the following provides the BEST evidence that a recently established information security program is effective?
A. The number of reported incidents has increased.
B. Regular IT balanced scorecards are communicated.
C. The number of tickets associated with IT incidents have stayed consistent.
D. Senior management has reported fewer junk emails.
Selected Answer: B
Question #: 366
Topic #: 1
A health care organization’s information security manager is notified of a possible breach of critical patient data involving a large volume of records. What should the information security manager do FIRST?
A. Notify health care regulators
B. Escalate the breach to senior management
C. Validate whether the breach occurred
D. Assess the possible impact of the breach.
Selected Answer: C
Question #: 447
Topic #: 1
Conducting a business impact analysis (BIA) BEST helps to identify:
A. asset inventory
B. mitigation costs
C. residual risk
D. system criticality
Selected Answer: D
Question #: 630
Topic #: 1
The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:
A. reduces unauthorized access to systems.
B. promotes efficiency in control of the environment.
C. prevents inconsistencies in information in the distributed environment.
D. allows administrative staff to make management decisions.
Selected Answer: B
Question #: 709
Topic #: 1
Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
A. Capability to take a snapshot of virtual machines
B. Capability of online virtual machine analysis
C. Availability of web application firewall logs
D. Availability of current infrastructure documentation
Selected Answer: A
Question #: 1012
Topic #: 1
Which of the following would be the MOST effective use of findings from a post-incident review?
A. Providing input for updates to the incident response plan
B. Developing cost reports regarding the incident
C. Providing justification for an increase in the incident response plan budget
D. Incorporating the results into information security awareness training materials
Selected Answer: A
Question #: 17
Topic #: 1
Threat and vulnerability assessments are important PRIMARILY because they are:
A. used to establish security investments.
B. needed to estimate risk.
C. the basis for setting control objectives.
D. elements of the organization’s security posture.
Selected Answer: B
Question #: 375
Topic #: 1
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
A. Create a security exception
B. Assess the risk to business operations
C. Perform a vulnerability assessment
D. Perform a gap analysis to determine needed resources
Selected Answer: B
Question #: 358
Topic #: 1
An information security manager has been asked to provide contract guidance from a security perspective for outsourcing the organization’s payroll processing
Which of the following is MOST important to address?
A. Vendor compliance with the most stringent data security regulations
B. Vendor compliance with the organization’s information security policies
C. Vendor compliance with organizational service level agreement (SLA) requirements
D. Vendor compliance with recognized industry security standards
Selected Answer: B
Question #: 470
Topic #: 1
Which of the following is MOST important to include in an information security strategy?
A. Industry benchmarks
B. Stakeholder requirements
C. Risk register
D. Regulatory requirements
Selected Answer: B
Question #: 39
Topic #: 1
Which of the following is the MOST effective approach for determining whether an organization’s information security program supports the information security strategy?
A. Ensure resources meet information security program needs
B. Audit the information security program to identify deficiencies
C. Identify gaps impacting information security strategy
D. Develop key performance indicators (KPIs) of information security
Selected Answer: D
Question #: 473
Topic #: 1
An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:
A. evaluate the impact.
B. prepare for criminal prosecution.
C. document lessons learned.
D. update information security policies.
Selected Answer: A
Question #: 276
Topic #: 1
The GREATEST benefit resulting from well-documented information security procedures is that they:
A. facilitate security training of new staff.
B. ensure that security policies are consistently applied.
C. provide a basis for auditing security practices.
D. ensure processes can be followed by temporary staff.
Selected Answer: B
Question #: 253
Topic #: 1
Which of the following should be determined FIRST when preparing a risk communication plan?
A. Reporting content
B. Communication channel
C. Target audience
D. Reporting frequency
Selected Answer: C
Question #: 60
Topic #: 1
Which of the following is the BEST way to enhance training for incident response teams?
A. Conduct interviews with organizational units.
B. Establish incident key performance indicators (KPIs).
C. Participate in emergency response activities.
D. Perform post-incident reviews.
Selected Answer: D
Question #: 232
Topic #: 1
Which of the following is MOST appropriate to add to a dashboard for the purpose of illustrating an organization’s risk level to senior management?
A. Results of risk and control testing
B. Number of reported incidents
C. Budget variance for information security
D. Risk heat map
Selected Answer: D
Question #: 241
Topic #: 1
Which of the following is the PRIMARY reason that an information security manager would contract with an external provider to perform penetration testing?
A. To obtain an independent network security certification
B. To mitigate gaps in technical skills
C. To obtain an independent view of vulnerabilities
D. To obtain the full list of system vulnerabilities
Selected Answer: C
Question #: 902
Topic #: 1
While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?
A. While responding to the incident
B. During post-incident review
C. During a tabletop exercise
D. After a risk reassessment
Selected Answer: B
Question #: 1000
Topic #: 1
Which of the following is the BEST option to lower the cost to implement application security controls?
A. Include standard application security requirements.
B. Perform security tests in the development environment.
C. Perform a risk analysis after project completion.
D. Integrate security activities within the development process.
Selected Answer: D
Question #: 992
Topic #: 1
For which of the following is it MOST important that system administrators be restricted to read-only access?
A. User access log files
B. Administrator user profiles
C. System logging options
D. Administrator log files
Selected Answer: D
Question #: 975
Topic #: 1
Which of the following is MOST helpful to identify whether information security policies have been followed?
A. Corrective controls
B. Directive controls
C. Detective controls
D. Preventive controls
Selected Answer: C
Question #: 101
Topic #: 1
Which of the following has the GREATEST impact on efforts to improve an organization’s security posture?
A. Well-documented security policies and procedures
B. Supportive tone at the top regarding security
C. Regular reporting to senior management
D. Automation of security controls
Selected Answer: B
Question #: 80
Topic #: 1
Which of the following BEST validates that security controls are implemented in a new business process?
A. Verify the use of a recognized control framework
B. Review the process for conformance with information security best practices
C. Benchmark the process against industry practices
D. Assess the process according to information security policy
Selected Answer: D
Question #: 848
Topic #: 1
Which of the following MOST effectively identifies issues related to noncompliance with legal, regulatory, and contractual requirements?
A. Compliance maturity assessment
B. Compliance benchmarking data
C. Compliance gap analysis
D. Independent compliance audit
Selected Answer: D
Question #: 56
Topic #: 1
Which of the following would be an information security manager’s PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
A. Configuration management
B. Mobile application control
C. Inconsistent device security
D. End user acceptance
Selected Answer: C
Question #: 744
Topic #: 1
Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?
A. Performing penetration tests against the network to demonstrate business vulnerability
B. Highlighting competitor performance regarding network best security practices
C. Presenting comparable security implementation estimates from several vendors
D. Demonstrating that targeted security controls tie to business objectives
Selected Answer: D
Question #: 624
Topic #: 1
Which of the following activities MUST be performed by an information security manager for change requests?
A. Assess impact on information security risk.
B. Perform penetration testing on affected systems.
C. Scan IT systems for operating system vulnerabilities.
D. Review change in business requirements for information security.
Selected Answer: A
Question #: 371
Topic #: 1
An information security manager has received confirmation that the organization’s e-commerce website was breached, exposing customer information. What should be done FIRST?
A. Inform affected customers
B. Perform a vulnerability assessment
C. Execute the incident response plan
D. Take the affected systems offline
Selected Answer: C
Question #: 369
Topic #: 1
Recommendations for enterprise investment in security technology should be PRIMARILY based on:
A. availability of financial resources
B. alignment with business needs
C. the organization’s risk tolerance
D. adherence to international standards
Selected Answer: B
Question #: 250
Topic #: 1
Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
A. inform senior management.
B. update the risk assessment.
C. validate the user acceptance testing (UAT).
D. modify key risk indicators (KRIs).
Selected Answer: B
Question #: 243
Topic #: 1
What is the PRIMARY objective of implementing standard security configurations?
A. Maintain a flexible approach to mitigate potential risk to unsupported systems.
B. Minimize the operational burden of managing and monitoring unsupported systems.
C. Compare configurations between supported and unsupported systems.
D. Control vulnerabilities and reduce threats from changed configurations.
Selected Answer: D
Question #: 76
Topic #: 1
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
A. Availability of potential resources
B. Information security incidents
C. Current resourcing levels
D. Information security strategy
Selected Answer: A
Question #: 916
Topic #: 1
An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?
A. Implement countermeasures to mitigate risk.
B. Classify all identified risks.
C. Conduct an evaluation of controls.
D. Determine if the risk is within the risk appetite.
Selected Answer: D
Question #: 717
Topic #: 1
Which of the following events would MOST likely require a revision to the information security program?
A. A change in IT management
B. A merger with another organization
C. A significant increase in reported incidents
D. An increase in industry threat level
Selected Answer: B
Question #: 240
Topic #: 1
An organization has decided to store production data in a cloud environment. What should be the FIRST consideration?
A. Data transfer
B. Data classification
C. Data backup
D. Data isolation
Selected Answer: B
Question #: 500
Topic #: 1
An empowered security steering committee has decided to accept a critical risk. Which of the following is the information security manager’s BEST course of action?
A. Notify the chief risk officer (CRO) and internal audit.
B. Determine the impact to information security objectives.
C. Remove the specific risk item from the risk register.
D. Document the risk acceptance and justification.
Selected Answer: D
Question #: 499
Topic #: 1
Which of the following methods enables the MOST rigorous testing while avoiding the disruption of normal business operations?
A. Walk-through test
B. Full interruption test
C. Parallel test
D. Checklist review test
Selected Answer: C
Question #: 498
Topic #: 1
Which of the following is the GREATEST benefit of using cyber threat intelligence to improve an organization’s patch management program?
A. It allows the organization to define its risk tolerance and appetite.
B. It identifies when to use workarounds to mitigate vulnerabilities rather than patching.
C. It reduces the number of patches the organization needs to apply.
D. It provides information about exploited vulnerabilities to expedite patching.
Selected Answer: D
Question #: 460
Topic #: 1
An information security manager has been asked to provide regular status reports to senior management regarding the information security program. Which of the following would provide the MOST helpful information?
A. A list detailing the latest threats
B. Number of phishing incidents per month
C. Remediation activities performed
D. Key performance indicators (KPIs)
Selected Answer: D
Question #: 459
Topic #: 1
A spear phishing attack was used to trick a user into installing a Trojan onto a workstation. Which of the following would have been MOST effective in preventing this attack from succeeding?
A. Application control
B. Website blocking
C. Internet filtering
D. Network encryption
Selected Answer: A
Question #: 450
Topic #: 1
The PRIMARY objective of performing a post-incident review is to:
A. identify control improvements
B. identify vulnerabilities
C. re-evaluate the impact of incidents
D. identify the root cause
Selected Answer: D
Question #: 46
Topic #: 1
Which of the following is the MOST effective method of preventing deliberate internal security breaches?
A. Well-designed intrusion detection system (IDS)
B. Biometric security access control
C. Well-designed firewall system
D. Screening prospective employees
Selected Answer: D
Question #: 44
Topic #: 1
Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
A. Tabletop exercises
B. Forensics certification
C. Penetration tests
D. Disaster recovery drills
Selected Answer: A
Question #: 41
Topic #: 1
An organization is concerned with the potential for exploitation of vulnerabilities in its server systems. Which of the following is the BEST control to mitigate the associated risk?
A. Enforcing standard system configurations based on secure configuration benchmarks
B. Implementing network and system-based anomaly monitoring software for server systems
C. Enforcing configurations for secure logging and audit trails on server systems
D. Implementing host-based intrusion detection systems (IDS) on server systems
Selected Answer: A
Question #: 66
Topic #: 1
An information security manager MUST have an understanding of an information security program?
A. Understanding current and emerging technologies
B. Establishing key performance indicators (KPIs)
C. Conducting periodic risk assessments
D. Obtaining stakeholder input
Selected Answer: D
Question #: 804
Topic #: 1
Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?
A. Compliance status is improved.
B. Threat management is enhanced.
C. Security metrics are enhanced.
D. Proactive risk management is facilitated.
Selected Answer: D
Question #: 944
Topic #: 1
An organization experienced a data breach that affected many of its clients. Legal counsel found out about this event only after a press release was issued. Which of the following would have been MOST helpful in preventing this situation?
A. A gap analysis of technical controls
B. Regular information security policy reviews
C. Tabletop testing of the incident response plan
D. A comprehensive business continuity plan (BCP)
Selected Answer: C
Question #: 930
Topic #: 1
Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?
A. Reimage the systems.
B. Block access to the impacted systems.
C. Perform malware scanning.
D. Perform a vulnerability assessment.
Selected Answer: A
