CISM Topic 6
Question #: 406
Topic #: 1
Which of the following is MOST helpful in preventing cybersecurity incidents?
A. Testing the backup plan according to a defined schedule
B. Documenting and testing incident response plans
C. Delivering periodic end-user security awareness training
D. Implementing best practice password parameters
Selected Answer: C
Question #: 393
Topic #: 1
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
A. the likelihood of a given threat attempting to exploit a vulnerability.
B. the magnitude of the impact, should a threat exploit a vulnerability.
C. a function of the cost and effectiveness of controls over a vulnerability.
D. a function of the likelihood and impact, should a threat exploit a vulnerability.
Selected Answer: D
Question #: 1032
Topic #: 1
When creating an incident response plan, the triggers for the business continuity plan (BCP) MUST be based on:
A. a threat assessment.
B. recovery time objectives (RTOs).
C. a business impact analysis (BIA).
D. a risk assessment.
Selected Answer: C
Question #: 380
Topic #: 1
Which of the following MUST be performed once risk has been accepted?
A. Reassess the risk on a regular basis.
B. Calculate the business impact of acceptance.
C. Flag the risk to avoid future reassessment.
D. Remove the risk from the risk register.
Selected Answer: A
Question #: 364
Topic #: 1
Which of the following is an information security manager’s BEST course of action to gain approval for investment in a technical control?
A. Calculate the exposure factor
B. Perform a cost-benefit analysis
C. Conduct a risk assessment
D. Conduct a business impact analysis (BIA)
Selected Answer: B
Question #: 913
Topic #: 1
Which of the following should be done FIRST when implementing a security program?
A. Implement data encryption.
B. Perform a risk analysis.
C. Create an information asset inventory.
D. Determine the value of information assets.
Selected Answer: C
Question #: 907
Topic #: 1
An organization’s quality process can BEST support security management by providing:
A. a repository for security systems documentation.
B. assurance that security requirements are met.
C. guidance for security strategy.
D. security configuration controls.
Selected Answer: B
Question #: 896
Topic #: 1
Which of the following is the PRIMARY reason to conduct a post-incident review?
A. To determine whether digital evidence is admissible
B. To notify regulatory authorities
C. To improve the response process
D. To aid in future risk assessments
Selected Answer: C
Question #: 893
Topic #: 1
Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?
A. Security benchmark report
B. Risk heat map
C. Security metrics dashboard
D. Key risk indicators (KRIs)
Selected Answer: C
Question #: 882
Topic #: 1
When remote access is granted to a company’s internal network, the MOST important consideration should be that access is provided:
A. by the use of a remote access server.
B. if a robust IT infrastructure exists.
C. subject to legal and regulatory requirements.
D. on a need-to-know basis subject to controls.
Selected Answer: D
Question #: 872
Topic #: 1
An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?
A. Review the vendor’s security policy.
B. Review controls listed in the vendor contract.
C. Focus the review on the infrastructure with the highest risk.
D. Determine whether the vendor follows the selected security framework rules.
Selected Answer: B
Question #: 858
Topic #: 1
Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization’s business goals?
A. An information security strategy
B. A defined security organizational structure
C. Information security policies
D. Metrics to drive the information security program
Selected Answer: A
Question #: 842
Topic #: 1
Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
A. Digital encryption
B. Multi-factor authentication
C. Digital signatures
D. Data masking
Selected Answer: A
Question #: 888
Topic #: 1
Which of the following BEST enables an organization to measure the total time that operations can be sustained at an alternative site designated in the business continuity plan (BCP)?
A. Recovery point objective (RPO)
B. Allowable interruption window (AIW)
C. Maximum tolerable outage (MTO)
D. Recovery time objective (RTO)
Selected Answer: C
Question #: 791
Topic #: 1
Which of the following is MOST effective for communicating forward-looking trends within security reporting?
A. Key risk indicators (KRIs)
B. Key performance indicators (KPIs)
C. Key control indicators (KCIs)
D. Key goal indicators (KGIs)
Selected Answer: A
Question #: 756
Topic #: 1
When developing an asset classification program, which of the following steps should be completed FIRST?
A. Implement a data loss prevention (DLP) system.
B. Categorize each asset.
C. Create a business case for a digital rights management tool.
D. Create an inventory.
Selected Answer: D
Question #: 514
Topic #: 1
Which of the following is the MOST important consideration when developing incident classification methods?
A. Data classification
B. Data owner input
C. Service level agreements (SLAs)
D. Business impact
Selected Answer: D
Question #: 68
Topic #: 1
When establishing metrics for an information security program, the BEST approach is to identify indicators that:
A. support major information security initiatives.
B. reflect the corporate risk culture.
C. reduce information security program spending.
D. demonstrate the effectiveness of the security program.
Selected Answer: D
Question #: 67
Topic #: 1
An attacker was able to gain access to an organization’s perimeter firewall and made changes to allow wider external access and to steal data. Which of the following would have BEST provided timely identification of this incident?
A. Implementing a data loss prevention (DLP) suite
B. Deploying an intrusion prevention system (IPS)
C. Deploying a security information and event management system (SIEM)
D. Conducting regular system administrator awareness training
Selected Answer: C
Question #: 64
Topic #: 1
The effectiveness of an incident response team will be GREATEST when:
A. the incident response process is updated based on lessons learned.
B. the incident response team members are trained security personnel.
C. the incident response team meets on a regular basis to review log files.
D. incidents are identified using a security information and event monitoring (SIEM) system.
Selected Answer: A
Question #: 7
Topic #: 1
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
A. Controls to be monitored
B. Reporting capabilities
C. The contract with the SIEM vendor
D. Available technical support
Selected Answer: A
Question #: 377
Topic #: 1
When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that:
A. the applications are tested prior to implementation
B. security controls are applied to each device when joining the network
C. users have read and signed acceptable use agreements
D. business leaders have an understanding of security risks
Selected Answer: B
Question #: 94
Topic #: 1
What is the BEST reason to keep information security policies separate from procedures?
A. To keep policies from having to be changed too frequently
B. To ensure that individual documents do not contain conflicting information
C. To keep policy documents from becoming too large
D. To ensure policies receive the appropriate approvals
Selected Answer: A
Question #: 93
Topic #: 1
A large organization is in the process of developing its information security program that involves working with several complex organizational functions. Which of the following will BEST enable the successful implementation of this program?
A. Security governance
B. Security policy
C. Security metrics
D. Security guidelines
Selected Answer: A
Question #: 91
Topic #: 1
Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?
A. Remediation of audit findings
B. Decentralization of security governance
C. Establishment of security governance
D. Maturity of security processes
Selected Answer: C
Question #: 90
Topic #: 1
If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:
A. transfer risk to a third party to avoid cost of impact.
B. recommend that management avoid the business activity.
C. assess the gap between current and acceptable level of risk.
D. implement controls to mitigate the risk to an acceptable level.
Selected Answer: C
Question #: 89
Topic #: 1
Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
A. Projected increase in maturity level
B. Estimated increase in efficiency
C. Projected costs over time
D. Estimated reduction in risk
Selected Answer: D
Question #: 83
Topic #: 1
Which of the following should be done FIRST when establishing security measures for personal data stored and processed on a human resources management system?
A. Conduct a vulnerability assessment.
B. Move the system into a separate network.
C. Conduct a privacy impact assessment (PIA).
D. Evaluate data encryption technologies.
Selected Answer: C
Question #: 78
Topic #: 1
Which of the following BEST describes a buffer overflow?
A. A type of covert channel that captures data
B. A function is carried out with more data than the function can handle
C. Malicious code designed to interfere with normal operations
D. A program contains a hidden and unintended function that presents a security risk
Selected Answer: B
Question #: 77
Topic #: 1
Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?
A. Validation of current capabilities
B. Benchmarking against industry peers
C. Prioritization of action plans
D. Identification of threats and vulnerabilities
Selected Answer: A
Question #: 72
Topic #: 1
Which of the following is the MOST effective way for an information security manager to ensure that security is incorporated into an organization’s project development processes?
A. Develop good communications with the project management office (PMO).
B. Participate in project initiation, approval, and funding.
C. Conduct security reviews during design, testing, and implementation.
D. Integrate organization’s security requirements into project management.
Selected Answer: D
Question #: 59
Topic #: 1
Which of the following BEST determines what information should be shared with different entities during incident response?
A. Escalation procedures
B. Communication plan
C. Disaster recovery policy
D. Business continuity plan (BCP)
Selected Answer: B
Question #: 58
Topic #: 1
Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?
A. Select the data source.
B. Review the confidentiality requirements.
C. Identify the intended audience.
D. Identify the data owner.
Selected Answer: C
Question #: 57
Topic #: 1
Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.
Which of the following should be the PRIMARY focus of Company A’s information security manager?
A. The cost to align to Company A’s security policies
B. The organizational structure of Company B
C. Company B’s security policies
D. Company A’s security architecture
Selected Answer: C
Question #: 54
Topic #: 1
Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?
A. Confirming the organization complies with security policies
B. Verifying security costs do not exceed the budget
C. Demonstrating risk is managed at the desired level
D. Providing evidence that resources are performing as expected
Selected Answer: C
Question #: 53
Topic #: 1
The MOST important reason for an information security manager to be involved in the change management process is to ensure that:
A. security controls drive technology changes.
B. risks have been evaluated.
C. security controls are updated regularly.
D. potential vulnerabilities are identified.
Selected Answer: B
Question #: 47
Topic #: 1
When designing security controls, it is MOST important to:
A. focus on preventive controls.
B. apply controls to confidential information.
C. evaluate the costs associated with the controls.
D. apply a risk-based approach.
Selected Answer: D
Question #: 43
Topic #: 1
Regular vulnerability scanning on an organization’s internal network has identified that many user workstations have unpatched versions of software. What is the
BEST way for the information security manager to help senior management understand the related risk?
A. Include the impact of the risk as part of regular metrics.
B. Send regular notifications directly to senior managers.
C. Recommend the security steering committee conduct a review.
D. Update the risk assessment at regular intervals.
Selected Answer: A
Question #: 42
Topic #: 1
Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization?
A. Identify secure social networking sites
B. Establish disciplinary actions for noncompliance
C. Perform a vulnerability assessment
D. Define acceptable information for posting
Selected Answer: D
Question #: 40
Topic #: 1
When drafting the corporate privacy statement for a public web site, which of the following MUST be included?
A. Limited liability clause
B. Access control requirements
C. Explanation of information usage
D. Information encryption requirements
Selected Answer: C
Question #: 36
Topic #: 1
An organization’s CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?
A. The committee consists of too many senior executives.
B. The committee lacks sufficient business representation.
C. There is a conflict of interest between the business and IT.
D. The CIO is not taking charge of the committee.
Selected Answer: B
Question #: 34
Topic #: 1
When supporting an organization’s privacy officer which of the following is the information security manager’s PRIMARY role regarding privacy requirements?
A. Ensuring appropriate controls are in place
B. Monitoring the transfer of private data
C. Determining data classification
D. Conducting privacy awareness programs
Selected Answer: A
Question #: 33
Topic #: 1
An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization’s critical systems?
A. Increase the frequency of log monitoring and analysis.
B. Implement a security information and event management system (SIEM).
C. Increase the sensitivity of intrusion detection systems.
D. Implement multi-factor authentication.
Selected Answer: D
Question #: 31
Topic #: 1
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?
A. Decision on the classification of cloud-hosted data
B. Expertise of personnel providing incident response
C. Implementation of a SIEM in the organization
D. An agreement on the definition of a security incident
Selected Answer: D
Question #: 327
Topic #: 1
When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager?
A. Identifying unacceptable risk levels
B. Assessing vulnerabilities
C. Evaluating potential threats
D. Managing the impact
Selected Answer: D
Question #: 28
Topic #: 1
Application data integrity risk is MOST directly addressed by a design that includes.
A. strict application of an authorized data dictionary.
B. reconciliation routines such as checksums, hash totals, and record counts.
C. application log requirements such as field-level audit trails and user activity logs.
D. access control technologies such as role-based entitlements.
Selected Answer: B
Question #: 26
Topic #: 1
A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?
A. Assess the business impact to the organization.
B. Present the noncompliance risk to senior management.
C. Investigate alternative options to remediate the noncompliance.
D. Determine the cost to remediate the noncompliance.
Selected Answer: A
Question #: 25
Topic #: 1
Which of the following is the MOST important consideration when developing information security objectives?
A. They are regularly reassessed and reported to stakeholders
B. They are approved by the IT governance function
C. They are clear and can be understood by stakeholders
D. They are identified using global security frameworks and standards
Selected Answer: C
Question #: 24
Topic #: 1
Risk scenarios simplify the risk assessment process by:
A. covering the full range of possible risk.
B. ensuring business risk is mitigated.
C. reducing the need for subsequent risk evaluation.
D. focusing on important and relevant risk.
Selected Answer: D
Question #: 20
Topic #: 1
An information security team is investigating an alleged breach of an organization’s network. Which of the following would be the BEST single source of evidence to review?
A. File integrity monitoring (FIM) software
B. Security information and event management (SIEM) tool
C. Intrusion detection system (IDS)
D. Antivirus software
Selected Answer: B
Question #: 11
Topic #: 1
Which of the following is the BEST method to protect consumer private information for an online public website?
A. Apply strong authentication to online accounts
B. Encrypt consumer data in transit and at rest
C. Use secure encrypted transport layer
D. Apply a masking policy to the consumer data
Selected Answer: B
Question #: 6
Topic #: 1
What would be an information security manager’s BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization’s critical data?
A. Cancel the outsourcing contract.
B. Transfer the risk to the provider.
C. Create an addendum to the existing contract.
D. Initiate an external audit of the provider’s data center.
Selected Answer: C
Question #: 1028
Topic #: 1
Which of the following information security practices would BEST prevent a SQL injection attack?
A. Adopting agile development
B. Enhancing the patching program
C. Training developers on secure coding practices to reduce vulnerabilities
D. Performing vulnerability testing before each version release
Selected Answer: C
Question #: 1022
Topic #: 1
Which of the following MOST effectively supports an organization’s security culture?
A. Business unit security metrics
B. An information governance framework
C. Stakeholder involvement
D. A security mission statement
Selected Answer: C
Question #: 1020
Topic #: 1
Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?
A. Conduct awareness training across the organization.
B. Require acknowledgment of the acceptable use policy.
C. Disable all incoming cloud mail services.
D. Implement a data loss prevention (DLP) system.
Selected Answer: A
Question #: 1019
Topic #: 1
Which of the following actions by senior management would BEST enable a successful implementation of an information security governance framework?
A. Demonstrating support for the business and information security governance functions
B. Delegating the implementation of the framework to information security management
C. Promoting the use of an internationally recognized governance framework
D. Engaging a consulting firm specializing in information security governance and standards
Selected Answer: A
Question #: 1018
Topic #: 1
Which of the following is the PRIMARY role of the information security manager in application development?
A. To ensure control procedures address business risk
B. To ensure enterprise security controls are implemented
C. To ensure compliance with industry best practice
D. To ensure security is integrated into the system development life cycle (SDLC)
Selected Answer: D
Question #: 292
Topic #: 1
Which of the following should be the PRIMARY driver for delaying the delivery of an information security awareness program?
A. Change in senior management
B. High employee turnover
C. Employee acceptance
D. Risk appetite
Selected Answer: B
Question #: 175
Topic #: 1
Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?
A. Gaps between current and desirable levels will be addressed.
B. Information security management costs will be optimized.
C. Information security strategy will be in line with industry best practice.
D. Staff awareness of information security compliance will be promoted.
Selected Answer: A
Question #: 126
Topic #: 1
Who should determine data access requirements for an application hosted at an organization’s data center?
A. Information security manager
B. Business owner
C. Data custodian
D. Systems administrator
Selected Answer: B
Question #: 741
Topic #: 1
Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
A. Impact on information security program
B. Cost of controls
C. Impact to business function
D. Cost to replace
Selected Answer: C
Question #: 197
Topic #: 1
The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:
A. the board of directors.
B. the information security officer.
C. the steering committee.
D. the internal audit manager.
Selected Answer: A
Question #: 178
Topic #: 1
Which of the following should be the PRIMARY consideration when implementing a data loss prevention (DLP) solution?
A. Data ownership
B. Data storage capabilities
C. Data classification
D. Selection of tools
Selected Answer: C
Question #: 991
Topic #: 1
Which of the following should be done FIRST to ensure information security is integrated in system development projects?
A. Assign resources based on the business impact.
B. Define security requirements.
C. Review the security policy.
D. Embed a security representative in each project team.
Selected Answer: B
Question #: 974
Topic #: 1
Which of the following should be the PRIMARY basis for determining the value of assets?
A. Cost of replacing the assets
B. Total cost of ownership (TCO)
C. Business cost when assets are not available
D. Original cost of the assets minus depreciation
Selected Answer: C
Question #: 1005
Topic #: 1
An IT service desk was not adequately prepared for a recent ransomware attack on user workstations. Which of the following should be given HIGHEST priority by the information security team when creating an action plan to improve service desk readiness?
A. Investing in threat intelligence capability
B. Implementing key risk indicators (KRIs) for ransomware attacks
C. Updating the information security incident response manual
D. Strengthening the organization’s data backup capability
Selected Answer: C
Question #: 993
Topic #: 1
Which of the following business units should own the data that populates an identity management system?
A. Legal
B. Human resources (HR)
C. Information security
D. Information technology
Selected Answer: B
Question #: 979
Topic #: 1
Which of the following would BEST enable the help desk to recognize an information security incident?
A. Provide the help desk with criteria for security incidents.
B. Include members of the help desk on the security incident response team.
C. Require the help desk to participate in past-incident reviews.
D. Train the help desk to review the call logs.
Selected Answer: A
Question #: 960
Topic #: 1
An email digital signature will:
A. automatically correct unauthorized modification of an email message.
B. verify to recipients the integrity of an email message.
C. protect the confidentiality of an email message.
D. prevent unauthorized modification of an email message.
Selected Answer: B
Question #: 1011
Topic #: 1
Which of the following should an information security manager do FIRST when creating an organization’s disaster recovery plan (DRP)?
A. Develop response and recovery strategies.
B. Identify the response and recovery teams.
C. Review the communications plan.
D. Conduct a business impact analysis (BIA).
Selected Answer: D
Question #: 1008
Topic #: 1
Which of the following MOST effectively communicates the current risk profile to senior management after controls are applied?
A. Residual risk
B. Impact of loss events
C. Inherent risk
D. Number of risks avoided
Selected Answer: A
Question #: 1007
Topic #: 1
Which of the following will BEST facilitate timely and effective incident response?
A. Including penetration test results in incident response planning
B. Assessing the risk of compromised assets
C. Notifying stakeholders when invoking the incident response plan
D. Classifying the severity of an incident
Selected Answer: D
Question #: 1002
Topic #: 1
The ability to integrate information security governance into corporate governance is PRIMARILY driven by:
A. the percentage of corporate budget allocated to the information security program.
B. how often information security metrics are presented to senior management.
C. how often the information security steering committee reviews and updates security policies.
D. how well the information security program supports business objectives.
Selected Answer: D
Question #: 998
Topic #: 1
What type of control is being implemented when a security information and event management (SIEM) system is installed?
A. Corrective
B. Preventive
C. Deterrent
D. Detective
Selected Answer: D
Question #: 985
Topic #: 1
When responding to an incident involving malware on a server, which of the following should be done FIRST?
A. Isolate the server from the network.
B. Identify the owner of the server.
C. Locate the most recent backups.
D. Investigate the source of the malware.
Selected Answer: A
Question #: 982
Topic #: 1
Which of the following is MOST important for the effective implementation of an information security governance program?
A. Information security roles and responsibilities are documented
B. The program budget is approved and monitored by senior management
C. Employees receive customized information security training
D. The program goals are communicated and understood by the organization
Selected Answer: D
Question #: 977
Topic #: 1
Which of the following principles BEST addresses the protection of data from unauthorized modification?
A. Nonrepudiation
B. Integrity
C. Availability
D. Authenticity
Selected Answer: B
Question #: 976
Topic #: 1
Which of the following is the MOST important reason to classify an incident after detection?
A. To assign appropriate prioritization levels
B. To obtain funds for external forensic support
C. To approve data breach notifications
D. To ensure management is accurately informed
Selected Answer: A
Question #: 971
Topic #: 1
Which of the following MUST happen immediately following the identification of a malware incident?
A. Eradication
B. Containment
C. Preparation
D. Recovery
Selected Answer: B
Question #: 970
Topic #: 1
Which of the following practices is MOST effective for determining the adequacy of incident management operations?
A. Conducting unannounced external vulnerability testing
B. Testing current incident response plans with relevant stakeholders
C. Assessing incident response team members’ incident response skills
D. Reviewing incident response procedures against best practices
Selected Answer: B
Question #: 969
Topic #: 1
Which of the following is the BEST indicator of an organization’s information security status?
A. Threat analysis
B. Controls audit
C. Penetration test
D. Intrusion detection log analysis
Selected Answer: B
Question #: 964
Topic #: 1
An information security program is BEST positioned for success when it is closely aligned with:
A. information security best practices.
B. recognized industry frameworks.
C. information security policies.
D. the information security strategy.
Selected Answer: D
Question #: 962
Topic #: 1
Which of the following BEST facilitates effective strategic alignment of security initiatives?
A. Procedures and standards are approved by department heads.
B. Organizational units contribute to and agree on priorities.
C. Periodic security audits are conducted by a third-party.
D. The business strategy is periodically updated.
Selected Answer: B
Question #: 961
Topic #: 1
An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?
A. Establish an organization-wide social media policy.
B. Develop sanctions for misuse of social media sites.
C. Monitor social media sites visited by employees.
D. Restrict social media access on corporate devices.
Selected Answer: A
Question #: 959
Topic #: 1
An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
A. Escalate to the chief risk officer (CRO).
B. Conduct a vulnerability analysis.
C. Conduct a risk analysis.
D. Determine compensating controls.
Selected Answer: C
Question #: 958
Topic #: 1
A business requires a legacy version of an application to operate, but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?
A. Accept
B. Transfer
C. Mitigate
D. Avoid
Selected Answer: C
Question #: 955
Topic #: 1
Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?
A. Network address translation (NAT)
B. Message hashing
C. Transport Layer Security (TLS)
D. Multi-factor authentication
Selected Answer: C
Question #: 925
Topic #: 1
Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
A. Update the change management process.
B. Revise the procurement process.
C. Discuss the issue with senior leadership.
D. Remove the application from production.
Selected Answer: C
Question #: 677
Topic #: 1
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
A. Users are not notified of scheduled system changes.
B. Fallback processes are tested the weekend before changes are made.
C. The development manager migrates programs into production.
D. A manual rather than an automated process is used to compare program versions.
Selected Answer: C
Question #: 903
Topic #: 1
Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?
A. Updated risk assessments
B. Audit reports
C. Counts of information security incidents
D. Monthly metrics
Selected Answer: B
Question #: 901
Topic #: 1
A business impact analysis (BIA) should be periodically executed PRIMARILY to:
A. verify the effectiveness of controls.
B. check compliance with regulations.
C. validate vulnerabilities on environmental changes.
D. analyze the importance of assets.
Selected Answer: D
Question #: 954
Topic #: 1
Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?
A. Protection of business value and assets
B. Identification of core business strategies
C. Easier entrance into new businesses and technologies
D. Improved regulatory compliance posture
Selected Answer: A
Question #: 953
Topic #: 1
Who is accountable for approving an information security governance framework?
A. The board of directors
B. The chief information security officer (CISO)
C. The enterprise risk committee
D. The chief information officer (CIO)
Selected Answer: A
Question #: 951
Topic #: 1
Which of the following would provide the MOST effective security outcome in an organization’s contract management process?
A. Extending security assessment to cover asset disposal on contract termination
B. Ensuring security requirements are defined at the request-for-proposal (RFP) stage
C. Extending security assessment to include random penetration testing
D. Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage
Selected Answer: B
Question #: 950
Topic #: 1
To improve the efficiency of the development of a new software application, security requirements should be defined:
A. based on code review.
B. based on available security assessment tools.
C. after functional requirements.
D. concurrently with other requirements.
Selected Answer: D
Question #: 949
Topic #: 1
After a ransomware incident, an organization’s systems were restored. Which of the following should be of MOST concern to the information security manager?
A. The service level agreement (SLA) was not met.
B. The recovery time objective (RTO) was not met.
C. The root cause was not identified.
D. Notification to stakeholders was delayed.
Selected Answer: C
Question #: 948
Topic #: 1
When assigning a risk owner, the MOST important consideration is to ensure the owner has:
A. adequate knowledge of risk treatment and related control activities.
B. decision-making authority and the ability to allocate resources for risk.
C. sufficient time for monitoring and managing the risk effectively.
D. risk communication and reporting skills to enable decision-making.
Selected Answer: B
Question #: 947
Topic #: 1
Which of the following is MOST important to have in place for an organization’s information security program to be effective?
A. Senior management support
B. A comprehensive IT strategy
C. Defined and allocated budget
D. Documented information security processes
Selected Answer: A
Question #: 946
Topic #: 1
Spoofing should be prevented because it may be used to:
A. assemble information, track traffic, and identify network vulnerabilities.
B. predict which way a program will branch when an option is presented.
C. capture information such as passwords traveling through the network.
D. gain illegal entry to a secure system by faking the sender’s address.
Selected Answer: D
Question #: 942
Topic #: 1
Which of the following is the BEST approach for an information security manager to develop an organization’s information security strategy?
A. Budget training costs and contingencies for unexpected events.
B. Determine desired outcomes and perform a gap analysis.
C. Evaluate the security posture in comparison with competitors.
D. Estimate operational costs and perform reliability checks.
Selected Answer: B
