8ract Media

1. Which of the following should include contact information for representatives of equipment and software vendors?

Service level agreements (SLAs)

Information security program charter

Business continuity plan (BCP)

Business impact analysis (BIA)

2. Which of the following is a PRIMARY function of an incident response team?

To provide a risk assessment for zero-day vulnerabilities

To provide effective incident mitigation

To provide a single point of contact for critical incidents

To provide a business impact analysis (BIA)

3. An organization’s information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail Which of the following could have been prevented by conducting regular incident response testing?

A. Ignored alert messages

B. The server being compromised

C. The brute force attack

D. Stolen data

4. Who is BEST suited to determine how the information in a database should be classified?

Database analyst

Information security analyst

Database administrator (DBA)

Data owner

5. Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

A ping test from an external source

A validation of the current firewall rule set

A simulated denial of service (DoS) attack against the firewall

A port scan of the firewall from an internal source

6. Which of the following is a PRIMARY benefit of managed security solutions?

Lower cost of operations

Greater ability to focus on core business operations

Easier implementation across an organization

Wider range of capabilities

7. An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

The third party does not have an independent assessment of controls available for review.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

The third party has not provided evidence of compliance with local regulations where data is generated.

The third party’s service level agreement (SLA) does not include guarantees of uptime.

8. Which of the following BEST facilitates effective strategic alignment of security initiatives?

Organizational units contribute to and agree on priorities

Periodic security audits are conducted by a third-party.

The business strategy is periodically updated

Procedures and standards are approved by department heads.

9. Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

It helps in assessing the availability of compatible backup hardware.

It allows for greater participation and planning from the business side.

It identifies appropriate follow-up work to address shortcomings in the plan.

It provides a low-cost method of assessing the BCP’s completeness.

10. Which of the following presents the GREATEST challenge to a security operations center’s wna GY of potential security breaches?

IT system clocks are not synchronized with the centralized logging server.

An organization has a decentralized data center that uses cloud services.

Operating systems are no longer supported by the vendor.

The patch management system does not deploy patches in a timely manner.

11. A department has reported that a security control is no longer effective. Which of the following is the information security manager’s BEST course of action?

Check for defense in depth

Report the failure to management

Replace the control

Assess the control state

12. When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Information security manager

External consultant

Information owners

Business continuity coordinator

13. An employee who is a remote user has copied financial data from the corporate server to a laptop using virtual private network (VPN) connectivity. Which of the following is the MOST important factor to determine if it should be classified as a data leakage incident?

Employee’s job role

Valid use case

Ownership of the data

Review of the audit logs

14. Which of the following has the MOST influence on the inherent risk of an information asset?

Risk tolerance

Net present value (NPV)

Return on investment (ROI)

Business criticality

15. To improve the efficiency of the development of a new software application, security requirements should be defined:

based on code review.

based on available security assessment tools.

concurrently with other requirements.

after functional requirements.

16. An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?

Obtaining industry references

Establishing mutual non-disclosure agreements (NDAs)

Using secure communication channels

Requiring third-party privacy policies

17. Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Threat management is enhanced.

Security metrics are enhanced.

Compliance status is improved.

Proactive risk management is facilitated.

18. Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

Security metrics

Security incident details

Security risk exposure

Security baselines

19. Which of the following is the PRIMARY benefit of implementing an information security governance framework?

The framework is able to confirm the validity of business goals and strategies.

The framework defines managerial responsibilities for risk impacts to business goals.

The framework provides direction to meet business goals while balancing risks and controls.

The framework provides a roadmap to maximize revenue through the secure use of technology.

20. Which of the following is MOST important to include in an information security policy?

Baselines

Best practices

Maturity levels

Management objectives

21. Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?

Incident response plan can be activated in a timely manner.

Incident metrics can be communicated.

Incident classification times can be improved.

Risk response options can be identified quickly.

22. An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Perform a threat analysis

Perform a post-incident review

Implement a SIEM solution

Establish performance metrics for the team

23. Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

escalate concerns for conflicting access rights to management.

review access rights as the acquisition integration occurs.

perform a risk assessment of the access rights.

implement consistent access control standards.

24. Recovery time objectives (RTOs) are an output of which of the following?

Disaster recovery plan (DRP)

Business impact analysis (BIA)

Business continuity plan (BCP)

Service level agreement (SLA)

25. Which type of backup BEST enables an organization to recover data after a ransomware attack?

Offline backup

Incremental backup

Differential backup

Online backup

26. The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:

behavior analysis.

signature analysis.

data packet analysis.

penetration testing.

27. Which of the following provides the BEST input to determine the level of protection needed for an IT system?

Vulnerability assessment

Threat analysis

Internal audit findings

Asset classification

28. A business impact analysis (BIA) BEST enables an organization to establish:

annualized loss expectancy (ALE).

total cost of ownership (TCO).

restoration priorities.

recovery methods.

29. Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Disaster recovery plan (DRP)

Incident notification plan

Risk response scenarios

Security procedures

30. Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

Defacement of website content

Execution of unauthorized commands

Unauthorized access to resources

Prevention of authorized access

31. Which of the following is the MOST important consideration when developing key performance indicators (KPIs) for the information security program?

Alignment with risk appetite

Alignment with industry frameworks

Alignment with business initiatives

Alignment with financial reporting

32. Which of the following is PRIMARILY determined by asset classification?

Level of protection required for assets

Priority for asset replacement

Replacement cost of assets

Insurance coverage required for assets

33. An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Security audits may report more high-risk findings.

The compensating controls may not be cost efficient.

Risk levels may be elevated beyond acceptable limits.

Noncompliance with industry best practices may result.

34. The PRIMARY reason to properly classify information assets is to determine:

appropriate encryption strength using a risk-based approach.

the appropriate protection based on sensitivity.

the business impact if assets are compromised.

user access levels based on the need to know.

35. Which of the following is MOST important to include in security incident escalation procedures?

Notification criteria

Key objectives of the security program

Recovery procedures

Containment procedures

36. Which of the following is the BEST way to prevent insider threats?

Implement logging for all access activities.

Enforce separation of duties and least privilege access.

Conduct organization-wide security awareness training.

Implement strict security policies and password controls.

37. The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

scope of the business continuity program.

recovery time objective (RTO).

scope of the incident response plan.

resources needed for business recovery.

38. Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Security management processes

Security policies

Organizational culture

Control effectiveness

39. Which of the following MUST be established to maintain an effective information security governance framework?

Change management processes

Security controls automation

Security policy provisions

Defined security metrics

40. Which of the following is the MOST important consideration when updating procedures for managing security devices?

Review and approval of procedures by management

Updates based on changes m risk technology and process

Notification to management of the procedural changes

Updates based on the organization’s security framework

41. The BEST way to report to the board on the effectiveness of the information security program is to present:

a summary of the most recent audit findings.

a report of cost savings from process improvements.

peer-group industry benchmarks.

a dashboard illustrating key performance metrics.

42. An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?

Consult with senior management on the best course of action.

Understand the cost of noncompliance.

Implement a program of work to comply with the new legislation.

Perform a gap analysis.

43. A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Evidence of previous incidents caused by the user

The underlying reason for the user error

The time and location that the breach occurred

Appropriate disciplinary procedures for user error

44. Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise’s security management framework?

To satisfy auditors’ recommendations for enterprise security

To determine the desired state of enterprise security

To ensure industry best practices for enterprise security are followed

To establish the minimum level of controls needed

45. Which of the following BEST facilitates recovery of data lost as a result of a cybersecurity incident?

Removable storage media

Disaster recovery plan (DRP)

Encrypted data drives

Offsite data backups

46. Reverse lookups can be used to prevent successful:

session hacking

denial of service (DoS) attacks

Internet protocol (IP) spoofing

phishing attacks

47. When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to:

identify the program’s risk and compensating controls.

leverage industry benchmarks.

consider the organizations business strategy.

consider the strategic objectives of the program.

48. Which of the following should be the MOST important consideration when reviewing an information security strategy?

Internal audit findings

Industry security standards

Recent security incidents

New business initiatives

49. Which of the following is the MOST important consideration when defining control objectives?

Senior management support

Risk appetite

Budget allocation

Threat environment

50. Which of the following change management procedures is MOST likely to cause concern to the information security manager?

A manual rather than an automated process is used to compare program versions.

Users are not notified of scheduled system changes

The development manager migrates programs into production

Fallback processes are tested the weekend before changes are made

51. Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Chain of custody

Recovery time objectives (RTOs)

Escalation procedures

Asset classification

52. Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

Control matrix

Risk register

Business impact analysis (BIA)

Information security policy

53. Which of the following should be done FIRST to prioritize response to incidents?

Analysis

Containment

Triage

Escalation

54. Which of the following is ESSENTIAL to ensuring effective incident response?

Senior management support

Business continuity plan (BCP)

Cost-benefit analysis

Classification scheme

55. An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

The hosting contract has a termination clause.

The cloud provider’s service level agreement (SLA) includes availability requirements.

The cloud provider adheres to applicable regulations.

The cloud provider can meet recovery point objectives (RPOs).

56. Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

To gain acceptance of the policy across the organization

To reduce the overall cost of policy development

To share responsibility for addressing security breaches

To decrease the workload of the IT department

57. While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Review the databases for sensitive content.

Assign the highest classification level to those databases.

Assign responsibility to the database administrator (DBA).

Prepare a report of the databases for senior management.

58. A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager’s BEST course of action?

Maintain strict control over user provisioning activities.

Automate user provisioning activities.

Formally document IT administrator activities.

Implement monitoring of IT administrator activities.

59. Which of the following is the BEST reason to implement an information security architecture?

Assess the cost-effectiveness of the integration.

Serve as a post-deployment information security road map.

Facilitate consistent implementation of security requirements.

Fast-track the deployment of information security components.

60. A startup company deployed several new applications with vulnerabilities into production because security reviews were not conducted. What will BEST help to ensure effective application risk management going forward?

Create a new governance council for application security.

Conduct automated scans on applications before deployment.

Supplement existing development teams with security engineers.

Integrate information security into existing change management.

61. Which of the following is the PRIMARY objective of a cyber resilience strategy?

Employee awareness

Business continuity

Executive support

Regulatory compliance

62. An organization successfully responded to an information security incident. However, the information security manager learned that some of the steps specified in the incident management procedures were not taken by the response team. What should be the information security manager’s FIRST step?

Review the incident management procedures.

Provide additional training to the incident response team.

Interview the incident response team.

Remove the steps from the incident management procedures.

63. Which of the following roles has the PRIMARY responsibility to ensure the operating effectiveness of IT controls?

IT compliance leader

Information security manager

Control tester

Risk owner

64. Which of the following is the PRIMARY objective of information asset classification?

Threat minimization

Risk management

Compliance management

Vulnerability reduction

65. Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

Prompt termination procedures

Role-based access control (RBAC)

Strong background checks when hiring staff

Regular audits of access controls

66. When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

The business continuity plan (BCP)

Business impact analysis (BIA) results

Recommendations from senior management

Vulnerability assessment results

67. Which of the following is the MOST likely reason for a vulnerability scanner to return incomplete results?

Unauthenticated vulnerability scans are being performed.

Scan results are not ingested into a security information and event management (SIEM) tool.

Host names have not been fully enumerated.

Zero-day vulnerability signatures have not been ingested.

68. Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Estimated reduction in risk

Estimated increase in efficiency

Projected Increase in maturity level

Projected costs over time

69. Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Training on risk management procedures

Assigning a risk owner

Reporting on documented deficiencies

Establishing risk metrics

70. Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

the magnitude of the impact, should a threat exploit a vulnerability.

the likelihood of a given threat attempting to exploit a vulnerability

a function of the cost and effectiveness of controls over a vulnerability.

a function of the likelihood and impact, should a threat exploit a vulnerability.

71. Which of the following BEST helps to ensure a third-party backup site continues to meet the organization’s information security standards?

Disaster recovery plan (DRP)

Memorandum of understanding (MoU)

Business continuity plan (BCP)

Service level agreement (SLA)

72. Which of the following provides an information security manager with the MOST accurate indication of the organization’s ability to respond to a cyber attack?

Red team exercise

Black box penetration test

Walk-through of the incident response plan

Simulated phishing exercise

73. An organization is implementing an information security governance framework. To communicate the program’s effectiveness to stakeholders, it is MOST important to establish:

metrics for each milestone.

a control self-assessment (CSA) process.

a monitoring process for the security policy.

automated reporting to stakeholders.

74. The PRIMARY objective of performing a post-incident review is to:

re-evaluate the impact of incidents

identify the root cause.

identify vulnerabilities

identify control improvements.

75. An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Wipe the affected system.

Isolate the impacted endpoints.

Notify senior management.

Notify internal legal counsel.

76. Which of the following BEST minimizes information security risk in deploying applications to the production environment?

Conducting penetration testing post implementation

Verifying security during the testing process

Having a well-defined change process

Integrating security controls in each phase of the life cycle

77. Once a suite of security controls has been successfully implemented for an organization’s business units, it is MOST important for the information security manager to:

perform testing to compare control performance against industry levels.

prepare to adapt the controls for future system upgrades.

ensure the controls are regularly tested for ongoing effectiveness.

hand over the controls to the relevant business owners.

78. Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?

How incident management processes were executed

When business operations were restored after the incident

Establishing the root cause of the incident

Identifying attack vectors utilized in the incident

79. Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Obtaining industry certifications for the response team

Conducting tabletop exercises appropriate for the organization

Providing training from third-party forensics firms

Documenting multiple scenarios for the organization and response steps

80. Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Standardization of compliance requirements

Integration of assurance efforts

Documentation of control procedures

Automation of controls

81. Which of the following BEST ensures timely and reliable access to services?

Nonrepudiation

Availability

Recovery time objective (RTO)

Authenticity

82. Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?

To prioritize security initiatives

To address end-user control complaints

To align with emerging risk

To avoid redundant controls

83. An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?

Propose that IT update information security policies and procedures.

Request that internal audit conduct a review of the policy development process,

Determine the risk related to noncompliance with the policy.

Conduct user awareness training within the IT function.

84. Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Begin due diligence on the outsourcing company.

Perform a cost-benefit analysis.

Collect additional metrics.

Submit funding request to senior management.

85. Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Verify that information security requirements are included in the contract.

Request customer references from the vendor.

Review the results of the vendor’s independent control reports.

Require vendors to complete information security questionnaires.

86. For which of the following is it MOST important that system administrators be restricted to read-only access?

User access log files

Administrator log files

System logging options

Administrator user profiles

87. Which of the following is the MOST important issue in a penetration test?

Obtaining permission from audit

Having an independent group perform the test

Having a defined goal as well as success and failure criteria

Performing the test without the benefit of any insider knowledge

88. Which of the following is the PRIMARY benefit of an information security awareness training program?

Defining risk accountability

Evaluating organizational security culture

Enforcing security policy

Influencing human behavior

89. An organization plans to implement a new e-commerce operation in a highly regulated market. Which of the following is MOST important to consider when updating the risk management strategy?

Outsourcing needs

Business culture

Compliance requirements

Strategy of industry peers

90. Which of the following metrics would provide an accurate measure of an information security program’s performance?

A collection of quantitative indicators that are compared against industry benchmarks

A combination of qualitative and quantitative trends that enable decision making

A single numeric score derived from various measures assigned to the security program

A collection of qualitative indicators that accurately measure security exceptions

91. Which of the following should be an information security manager’s FIRST course of action when one of the organization’s critical third-party providers experiences a data breach?

Invoke the incident response plan.

Inform customers of the breach.

Monitor the third party’s response.

Inform the public relations officer.

92. Which of the following is the PRIMARY purpose of an acceptable use policy?

To provide steps for carrying out security-related procedures

To protect the organization from misuse of information assets

To provide minimum security baselines for information assets

To facilitate enforcement of security process workflows

93. Management decisions concerning information security investments will be MOST effective when they are based on:

an annual loss expectancy (ALE) determined from the history of security events,

the formalized acceptance of risk analysis by management,

a process for identifying and analyzing threats and vulnerabilities.

the reporting of consistent and periodic assessments of risks.

94. Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization’s security program?

Security incident management policy

Information security training policy

Business continuity management policy

Management review policy

95. Which of the following BEST enables an organization to maintain an appropriate security control environment?

Monitoring of the threat landscape

Budgetary support for security

Alignment to an industry security framework

Periodic employee security training

96. Which of the following components of an information security risk assessment is MOST valuable to senior management?

Residual risk

Mitigation actions

Threat profile

Return on investment (ROI)

97. An organization’s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Require disaster recovery documentation be stored with all key decision makers.

Provide annual disaster recovery training to appropriate staff.

Store disaster recovery documentation in a public cloud.

Maintain an outsourced contact center in another country.

98. An information security team has started work to mitigate findings from a recent penetration test. Which of the following presents the GREATEST risk to the organization?

Some findings were reclassified to low risk after evaluation

Not all findings from the penetration test report were fixed

The penetration testing report did not contain any high-risk findings

99. The PRIMARY objective of timely declaration of a disaster is to:

ensure engagement of business management in the recovery process.

protect critical physical assets from further loss.

ensure the continuity of the organization’s essential services.

assess and correct disaster recovery process deficiencies.

100. Which of the following is MOST important to the effectiveness of an information security steering committee?

The committee is comprised of representatives from senior management.

The committee uses a risk management framework.

The committee has cross-organizational representation.

The committee has strong regulatory knowledge.

101. During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?

Password management

Configuration management

Version management

Change management

102. Which of the following is the MOST important reason to ensure information security is aligned with the organization’s strategy?

To identify the organization’s risk tolerance

To align security roles and responsibilities

To optimize security risk management

To improve security processes

103. Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

Threat assessments

The level of exposure

Vulnerability assessments

The level of inherent risk

104. Which of the following is the MOST effective way to increase security awareness in an organization?

Conduct periodic simulated phishing exercises.

Implement regularly scheduled information security audits.

Require signed acknowledgment of information security policies.

Include information security requirements in job descriptions.

105. During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

cost-benefit analyses.

baseline security controls.

security objectives.

benchmarking security metrics.

106. Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Adhere to a unique corporate privacy and security standard

Establish baseline standards for all locations and add supplemental standards as required

Require that all locations comply with a generally accepted set of industry

Incorporate policy statements derived from third-party standards and benchmarks.

107. Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

End user acceptance

Configuration management

Mobile application control

Inconsistent device security

108. Which of the following is the BEST justification for making a revision to a password policy?

A risk assessment

Industry best practice

Vendor recommendation

Audit recommendation

109. An organization’s marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

business senior management.

the information security manager.

the compliance officer.

the chief risk officer (CRO).

Get a Quote