CISM – 8ract Media

Question 1 of 150

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

A.Analyze the identified risk.

B.Implement compensating controls.

C.Prepare a risk mitigation plan.

D.Add the risk to the risk register.

Question 1 of 150

Question 2 of 150

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

A.Host patching

B.Infrastructure hardening

C.Penetration testing

D.Data classification

Question 2 of 150

Question 3 of 150

Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a public-facing web server?

A.Prevention of authorized access

B.Execution of unauthorized commands

C.Unauthorized access to resources

D.Defacement of website content

Question 3 of 150

Question 4 of 150

When properly implemented, secure transmission protocols protect transactions:

A.on the client desktop.

B.from eavesdropping.

C.in the server's database.

D.from denial of service (DoS) attacks.

Question 4 of 150

Question 5 of 150

Which of the following is the BEST course of action after management has reviewed an identified risk and determines the risk is below the defined risk appetite?

A.Transfer

B.Mitigate

C.Accept

D.Avoid

Question 5 of 150

Question 6 of 150

Which of the following should be an information security manager's PRIMARY concern when an organization is expanding business to a new country?

A.Changes in IT infrastructure

B.Ability to gather customer data

C.Compliance with local regulations

D.Cultural differences in the new country

Question 6 of 150

Question 7 of 150

A recent application security assessment identified a number of low- and medium-level vulnerabilities. Which of the following stakeholders is responsible for deciding the appropriate risk treatment option?

A.System administrator

B.Business owner

C.Security manager

D.Chief information security officer (CISO)

Question 7 of 150

Question 8 of 150

Which of the following is the PRIMARY benefit of training service desk staff to recognize incidents?

A.Incident response plan can be activated in a timely manner.

B.Incident classification times can be improved.

C.Risk response options can be identified quickly.

D.Incident metrics can be communicated.

Question 8 of 150

Question 9 of 150

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

A.consistent security.

B.a security-aware culture

C.comprehensive audits

D.compliance with policy

Question 9 of 150

Question 10 of 150

10.

Which of the following is the PRIMARY purpose of an acceptable use policy?

A.To facilitate enforcement of security process workflows

B.To provide steps for carrying out security-related procedures

C.To protect the organization from misuse of information assets

D.To provide minimum security baselines for information assets

Question 10 of 150

Question 11 of 150

11.

Which of the following is the BEST justification for making a revision to a password policy?

A.Vendor recommendation

B.A risk assessment

C.Industry best practice

D.Audit recommendation

Question 11 of 150

Question 12 of 150

12.

Which of the following is the MOST important consideration when determining which type of failover site to employ?

A.Data retention requirements

B.Recovery time objectives (RTOs)

C.Disaster recovery test results

D.Reciprocal agreements

Question 12 of 150

Question 13 of 150

13.

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

A.Provide annual disaster recovery training to appropriate staff.

B.Require disaster recovery documentation be stored with all key decision makers.

C.Maintain an outsourced contact center in another country.

D.Store disaster recovery documentation in a public cloud.

Question 13 of 150

Question 14 of 150

14.

An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager's BEST course of action?

A.Quantify the security risk to the business.

B.Assess business impact against security risk.

C.Refer to industry best practices.

D.Provide security awareness training to customers.

Question 14 of 150

Question 15 of 150

15.

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?

A.Performing a risk assessment

B.Performing a business impact analysis (BIA)

C.Interviewing business managers and employees

D.Reviewing policies and procedures

Question 15 of 150

Question 16 of 150

16.

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

A.reinstate original data when accidental changes occur.

B.provide backup in case of media failure.

C.validate the confidentiality during analysis.

D.validate the integrity during analysis.

Question 16 of 150

Question 17 of 150

17.

While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

A.Assign responsibility to the database administrator (DBA).

B.Prepare a report of the databases for senior management.

C.Assign the highest classification level to those databases.

D.Review the databases for sensitive content.

Question 17 of 150

Question 18 of 150

18.

Prior to conducting a forensic examination, an information security manager should:

A.boot the original hard disk on a clean system.

B.duplicate data from the backup media.

C.shut down and relocate the server.

D.create an image of the original data on new media.

Question 18 of 150

Question 19 of 150

19.

Senior management is concerned about data exposure through the use of public Al services. Which of the following is the information security manager's BEST course of action?

A.Perform a business impact analysis (BIA) of public Al.

B.Disable access to public Al from company devices.

C.Train all employees on the appropriate use of public Al services and confidential data.

D.Perform a risk assessment of public Al with appropriate recommendations for senior management.

Question 19 of 150

Question 20 of 150

20.

Which of the following components of an information security risk assessment is MOST valuable to senior management?

A.Threat profile

B.Residual risk

C.Mitigation actions

D.Return on investment (ROI)

Question 20 of 150

Question 21 of 150

21.

Which of the following should be the PRIMARY basis for an information security strategy?

A.Audit and regulatory requirements

B.Information security policies

C.Results of a comprehensive gap analysis

D.The organization's vision and mission

Question 21 of 150

Question 22 of 150

22.

A security incident has been reported within an organization When should an information security manager contact the information owner?

A.After the incident has been confirmed.

B.After the incident has been contained

C.After the potential incident has been togged

D.After the incident has been mitigated

Question 22 of 150

Question 23 of 150

23.

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

A.Validate the risk to the organization.

B.Perform a business impact analysis (BIA).

C.Activate the incident response program.

D.Notify local law enforcement agencies of a breach.

Question 23 of 150

Question 24 of 150

24.

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

A.A reputable managed security services provider has been engaged.

B.Management support and approval has been obtained.

C.An incident response maturity assessment has been conducted.

D.The incident response team has the appropriate training.

Question 24 of 150

Question 25 of 150

25.

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

A.type of confirmed incident.

B.number of impacted users.

C.capability of incident handlers.

D.predicted incident duration.

Question 25 of 150

Question 26 of 150

26.

An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?

A.Initiate the crisis communication plan to notify stakeholders of the incidents

B.Engage external incident response consultants to conduct an independent investigation

C.Prioritize the incidents based on data classification standards

D.Assemble the incident response team to evaluate the incidents

Question 26 of 150

Question 27 of 150

27.

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

A.Changing the default setting for all security incidents to the highest priority

B.Integrating incident response workflow into the help desk ticketing system

C.Implementing automated vulnerability scanning in the help desk workflow

D.Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

Question 27 of 150

Question 28 of 150

28.

The PRIMARY objective of a post-incident review of an information security incident is to:

A.minimize impact

B.prevent recurrence.

C.determine the impact

D.update the risk profile

Question 28 of 150

Question 29 of 150

29.

Which of the following should be the FIRST step when performing triage of a malware incident?

A.Removing the malware

B.Comparing backup against production

C.Preserving the forensic image

D.Containing the affected system

Question 29 of 150

Question 30 of 150

30.

Relationships between critical systems are BEST understood by

A.performing a business impact analysis (BIA)

B.developing a system classification scheme

C.evaluating the recovery time objectives (RTOs)

D.evaluating key performance indicators (KPIs)

Question 30 of 150

Question 31 of 150

31.

Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?

A.Controls analysis

B.Penetration testing

C.Emerging risk review

D.Traffic monitoring

Question 31 of 150

Question 32 of 150

32.

Which of the following is MOST important to include in an information security status report to senior management?

A.Key risk indicators (KRIs)

B.Review of information security policies

C.Information security budget requests

D.List of recent security events

Question 32 of 150

Question 33 of 150

33.

Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?

A.Head of IT department

B.Information security manager

C.Head of human resources (HR)

D.Data privacy officer

Question 33 of 150

Question 34 of 150

34.

Which of the following is MOST important when designing security controls for new cloud-based services?

A.Evaluating different types of deployment models according to the associated risks

B.Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies

C.Understanding the business and IT strategy for moving resources to the cloud

D.Defining an incident response policy to protect data moving between onsite and cloud applications

Question 34 of 150

Question 35 of 150

35.

Which of the following activities is designed to handle a control failure that leads to a breach?

A.Risk assessment

B.Vulnerability management

C.Incident management

D.Root cause analysis

Question 35 of 150

Question 36 of 150

36.

Which of the following should be the FIRST consideration when developing a strategy for protecting an organization's data?

A.Access monitoring

B.Classification

C.Encryption

D.Access rights

Question 36 of 150

Question 37 of 150

37.

Which of the following is the MOST effective way to detect information security incidents?

A.Threshold settings on key risk indicators (KRIs)

B.Implementation of regular security awareness programs

C.Real-time monitoring of network activity

D.Periodic analysis of security event log records

Question 37 of 150

Question 38 of 150

38.

A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

A.Conduct a business impact analysis (BIA).

B.Continue to enforce the policy.

C.Escalate to senior management.

D.Provide end-user training.

Question 38 of 150

Question 39 of 150

39.

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

A.Access control requirements

B.Information encryption requirements

C.Explanation of information usage

D.Limited liability clause

Question 39 of 150

Question 40 of 150

40.

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

A.To ensure system audit trails are not bypassed

B.To prevent accountability issues

C.To ensure separation of duties is maintained

D.To prevent unauthorized user access

Question 40 of 150

Question 41 of 150

41.

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

A.The organization's mission statement and roadmap

B.The organization's information technology (IT) strategy

C.The capabilities and expertise of the information security team

D.A prior successful information security strategy

Question 41 of 150

Question 42 of 150

42.

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A.Data encryption

B.Access to the hardware

C.Compressed customer data

D.Non-standard event logs

Question 42 of 150

Question 43 of 150

43.

Which of the following activities MUST be performed by an information security manager for change requests?

A.Scan IT systems for operating system vulnerabilities.

B.Perform penetration testing on affected systems.

C.Review change in business requirements for information security.

D.Assess impact on information security risk.

Question 43 of 150

Question 44 of 150

44.

When determining an acceptable risk level which of the following is the MOST important consideration?

A.Risk matrices

B.Vulnerability scores

C.Threat profiles

D.System criticalities

Question 44 of 150

Question 45 of 150

45.

The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:

A.behavior analysis.

B.penetration testing.

C.signature analysis.

D.data packet analysis.

Question 45 of 150

Question 46 of 150

46.

A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?

A.Remove access to the information

B.Implement role-based access control (RBAC)

C.Invoke the incident response plan

D.Delete the information from the file server

Question 46 of 150

Question 47 of 150

47.

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

A.Security audits may report more high-risk findings.

B.Risk levels may be elevated beyond acceptable limits.

C.Noncompliance with industry best practices may result.

D.The compensating controls may not be cost efficient.

Question 47 of 150

Question 48 of 150

48.

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

A.Determine whether critical success factors (CSFs) have been defined.

B.Conduct a capability maturity model evaluation.

C.Review and update current operational procedures.

D.Perform a risk analysis for critical applications.

Question 48 of 150

Question 49 of 150

49.

Which of the following is MOST helpful to identify whether information security policies have been followed?

A.Directive controls

B.Preventive controls

C.Corrective controls

D.Detective controls

Question 49 of 150

Question 50 of 150

50.

Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

A.Statistical reports will be incorrect.

B.Escalation procedures will be ineffective.

C.The service desk will be staffed incorrectly.

D.Timely detection of attacks will be impossible.

Question 50 of 150

Question 51 of 150

51.

An organization successfully responded to an information security incident. However, the information security manager learned that some of the steps specified in the incident management procedures were not taken by the response team. What should be the information security manager's FIRST step?

A.Interview the incident response team.

B.Remove the steps from the incident management procedures.

C.Provide additional training to the incident response team.

D.Review the incident management procedures.

Question 51 of 150

Question 52 of 150

52.

Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?

A.Availability of security budget

B.Results of business impact analyses (BIAs)

C.Possibility of reputational loss due to incidents

D.Alignment with industry benchmarks

Question 52 of 150

Question 53 of 150

53.

A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

A.the risk assessment has not defined the likelihood of occurrence

B.the reported vulnerability has not been validated

C.the cost of implementing controls exceeds the potential financial losses.

D.executive management is not aware of the impact potential

Question 53 of 150

Question 54 of 150

54.

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

A.organizational alignment

B.threats to the organization

C.IT strategy alignment

D.existing control costs

Question 54 of 150

Question 55 of 150

55.

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

A.Perform a post-incident review

B.Establish performance metrics for the team

C.Perform a threat analysis

D.Implement a SIEM solution

Question 55 of 150

Question 56 of 150

56.

Which of the following is the BEST reason to implement an information security architecture?

A.Serve as a post-deployment information security road map.

B.Facilitate consistent implementation of security requirements.

C.Fast-track the deployment of information security components.

D.Assess the cost-effectiveness of the integration.

Question 56 of 150

Question 57 of 150

57.

Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

A.Operating systems are no longer supported by the vendor.

B.An organization has a decentralized data center that uses cloud services.

C.IT system clocks are not synchronized with the centralized logging server.

D.The patch management system does not deploy patches in a timely manner.

Question 57 of 150

Question 58 of 150

58.

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

A.attack pattern signatures from historical data

B.normal network behavior and using it as a baseline lor measuring abnormal activity

C.abnormal network behavior and using it as a baseline for measuring normal activity

D.abnormal network behavior and issuing instructions to the firewall to drop rogue connections

Question 58 of 150

Question 59 of 150

59.

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

A.Organizational risk appetite

B.Internal security audit

C.External security audit

D.Business impact analysis (BIA)

Question 59 of 150

Question 60 of 150

60.

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

A.results of exit interviews.

B.responses to security questionnaires.

C.previous training sessions.

D.examples of help desk requests.

Question 60 of 150

Question 61 of 150

61.

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

A.Business impact analysis (BIA)

B.Industry best practices

C.Vulnerability assessment

D.Risk assessment

Question 61 of 150

Question 62 of 150

62.

Which of the following is the BEST way to determine the effectiveness of an incident response plan?

A.Benchmarking the plan against best practices

B.Conducting a tabletop exercise

C.Reviewing previous audit reports

D.Performing a penetration test

Question 62 of 150

Question 63 of 150

63.

Which of the following is MOST important for guiding the development and management of a comprehensive information security program?

A.Implementing policies and procedures to address the information security strategy

B.Adopting information security program management best practices

C.Establishing and maintaining an information security governance framework

D.Aligning the organization's business objectives with IT objectives

Question 63 of 150

Question 64 of 150

64.

The PRIMARY reason to properly classify information assets is to determine:

A.appropriate encryption strength using a risk-based approach.

B.the appropriate protection based on sensitivity.

C.user access levels based on the need to know.

D.the business impact if assets are compromised.

Question 64 of 150

Question 65 of 150

65.

Which of the following is the MOST important issue in a penetration test?

A.Obtaining permission from audit

B.Having a defined goal as well as success and failure criteria

C.Performing the test without the benefit of any insider knowledge

D.Having an independent group perform the test

Question 65 of 150

Question 66 of 150

66.

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

A.Verify that information security requirements are included in the contract.

B.Require vendors to complete information security questionnaires.

C.Request customer references from the vendor.

D.Review the results of the vendor's independent control reports.

Question 66 of 150

Question 67 of 150

67.

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

A.Rebuild the server from the last verified backup.

B.Shut down the server in an organized manner.

C.Place the web server in quarantine.

D.Rebuild the server with relevant patches from the original media.

Question 67 of 150

Question 68 of 150

68.

When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to:

A.consider the strategic objectives of the program.

B.identify the program's risk and compensating controls.

C.leverage industry benchmarks.

D.consider the organizations business strategy.

Question 68 of 150

Question 69 of 150

69.

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

A.Activate the disaster recovery plan (DRP).

B.Invoke the incident response plan.

C.Conduct security awareness training.

D.Assess changes in the risk profile.

Question 69 of 150

Question 70 of 150

70.

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

A.Benchmarking against industry peers

B.Developing policy standards

C.Categorizing information assets

D.Enforcing data retention

Question 70 of 150

Question 71 of 150

71.

Which of the following provides the MOST assurance that a third-party hosting provider will be able to meet availability requirements?

A.The third party's incident response plan

B.The third party's business continuity plan (BCP)

C.Service level agreement (SLA)

D.Right-to-audit clause

Question 71 of 150

Question 72 of 150

72.

Which of the following is the PRIMARY objective of information asset classification?

A.Compliance management

B.Vulnerability reduction

C.Threat minimization

D.Risk management

Question 72 of 150

Question 73 of 150

73.

Which of the following BEST facilitates recovery of data lost as a result of a cybersecurity incident?

A.Removable storage media

B.Encrypted data drives

C.Disaster recovery plan (DRP)

D.Offsite data backups

Question 73 of 150

Question 74 of 150

74.

Which of the following should include contact information for representatives of equipment and software vendors?

A.Business impact analysis (BIA)

B.Information security program charter

C.Business continuity plan (BCP)

D.Service level agreements (SLAs)

Question 74 of 150

Question 75 of 150

75.

Which of the following is MOST important to include in an information security policy?

A.Maturity levels

B.Baselines

C.Management objectives

D.Best practices

Question 75 of 150

Question 76 of 150

76.

An organization's automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

A.Change reporting thresholds.

B.Reconfigure log recording.

C.Report only critical alerts.

D.Monitor incidents in a specific time frame.

Question 76 of 150

Question 77 of 150

77.

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

A.Prompt termination procedures

B.Strong background checks when hiring staff

C.Role-based access control (RBAC)

D.Regular audits of access controls

Question 77 of 150

Question 78 of 150

78.

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

A.Inform customers of the breach.

B.Monitor the third party's response.

C.Invoke the incident response plan.

D.Inform the public relations officer.

Question 78 of 150

Question 79 of 150

79.

Which of the following is MOST important to include in an information security strategy?

A.Regulatory requirements

B.Risk register

C.Stakeholder requirements

D.Industry benchmarks

Question 79 of 150

Question 80 of 150

80.

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

A.The vendor's proposal requires the provider to have a business continuity plan (BCP).

B.The vendor's proposal allows for contract modification during technology refresh cycles.

C.The vendor's proposal aligns with the objectives of the organization.

D.The vendor's proposal allows for escrow in the event the third party goes out of business.

Question 80 of 150

Question 81 of 150

81.

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A.Incorporate policy statements derived from third-party standards and benchmarks.

B.Require that all locations comply with a generally accepted set of industry

C.Establish baseline standards for all locations and add supplemental standards as required

D.Adhere to a unique corporate privacy and security standard

Question 81 of 150

Question 82 of 150

82.

An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail Which of the following could have been prevented by conducting regular incident response testing?

A.Stolen data

B.The server being compromised

C.Ignored alert messages

D.The brute force attack

Question 82 of 150

Question 83 of 150

83.

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

A.A properly configured firewall

B.A continual server replication process

C.A properly tested offline backup system

D.Employee training on ransomware

Question 83 of 150

Question 84 of 150

84.

Which of the following is PRIMARILY determined by asset classification?

A.Replacement cost of assets

B.Level of protection required for assets

C.Priority for asset replacement

D.Insurance coverage required for assets

Question 84 of 150

Question 85 of 150

85.

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

A.It provides a low-cost method of assessing the BCP's completeness.

B.It identifies appropriate follow-up work to address shortcomings in the plan.

C.It allows for greater participation and planning from the business side.

D.It helps in assessing the availability of compatible backup hardware.

Question 85 of 150

Question 86 of 150

86.

When deciding to move to a cloud-based model, the FIRST consideration should be:

A.physical location of the data.

B.data classification.

C.storage in a shared environment.

D.availability of the data.

Question 86 of 150

Question 87 of 150

87.

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

A.Internal compliance requirements are being met.

B.Regulatory requirements are being met.

C.Business needs are being met.

D.Risk management objectives are being met.

Question 87 of 150

Question 88 of 150

88.

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

A.Loss of customers due to unavailability of products

B.Compromise of critical assets via third-party resources

C.Unavailability of services provided by a supplier

D.Unreliable delivery of hardware and software resources by a supplier

Question 88 of 150

Question 89 of 150

89.

Which of the following BEST facilitates effective strategic alignment of security initiatives?

A.Procedures and standards are approved by department heads.

B.The business strategy is periodically updated

C.Periodic security audits are conducted by a third-party.

D.Organizational units contribute to and agree on priorities

Question 89 of 150

Question 90 of 150

90.

Which of the following should be the FIRST step in developing an information security strategy?

A.Create a roadmap to identify security baselines and controls

B.Determine acceptable levels of information security risk

C.Identify key stakeholders to champion information security

D.Perform a gap analysis based on the current state

Question 90 of 150

Question 91 of 150

91.

Which of the following should an information security manager do FIRST when developing an organization's disaster recovery plan (DRP)?

A.Document disaster recovery procedures.

B.Identify business requirements.

C.Conduct a risk assessment.

D.Perform a business impact analysis (BIA).

Question 91 of 150

Question 92 of 150

92.

Which of the following is MOST important to the effectiveness of an information security steering committee?

A.The committee is comprised of representatives from senior management.

B.The committee has cross-organizational representation.

C.The committee uses a risk management framework.

D.The committee has strong regulatory knowledge.

Question 92 of 150

Question 93 of 150

93.

Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?

A.To validate the payload signature

B.To devise the incident response strategy

C.To review network configurations

D.To validate the incident

Question 93 of 150

Question 94 of 150

94.

Which of the following is the MOST likely reason for a vulnerability scanner to return incomplete results?

A.Scan results are not ingested into a security information and event management (SIEM) tool.

B.Host names have not been fully enumerated.

C.Unauthenticated vulnerability scans are being performed.

D.Zero-day vulnerability signatures have not been ingested.

Question 94 of 150

Question 95 of 150

95.

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

A.Threat analysis

B.Asset classification

C.Internal audit findings

D.Vulnerability assessment

Question 95 of 150

Question 96 of 150

96.

Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

A.To share responsibility for addressing security breaches

B.To gain acceptance of the policy across the organization

C.To reduce the overall cost of policy development

D.To decrease the workload of the IT department

Question 96 of 150

Question 97 of 150

97.

A department has reported that a security control is no longer effective. Which of the following is the information security manager's BEST course of action?

A.Replace the control

B.Check for defense in depth

C.Report the failure to management

D.Assess the control state

Question 97 of 150

Question 98 of 150

98.

Which of the following should be done NEXT following senior management's decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

A.Encrypt data in transit and at rest.

B.Complete a return on investment (ROI) analysis.

C.Conduct a gap analysis.

D.Create and implement a data minimization plan.

Question 98 of 150

Question 99 of 150

99.

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

A.An inventory of security controls currently in place

B.Deadlines and penalties for noncompliance

C.Results from a gap analysis

D.Results from a business impact analysis (BIA)

Question 99 of 150

Question 100 of 150

100.

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

A.Security risk assessments

B.Lessons learned analysis

C.Key performance indicators (KPIs)

D.Information security audits

Question 100 of 150

Question 101 of 150

101.

Which of the following would be MOST important to include in a proposal justifying investments for an organization's information security program?

A.Competitor benchmark analysis

B.Vulnerability scan results

C.Previous security budget

D.Business requirements

Question 101 of 150

Question 102 of 150

102.

Which of the following BEST enables an organization to maintain an appropriate security control environment?

A.Monitoring of the threat landscape

B.Alignment to an industry security framework

C.Periodic employee security training

D.Budgetary support for security

Question 102 of 150

Question 103 of 150

103.

Reevaluation of risk is MOST critical when there is:

A.resistance to the implementation of mitigating controls.

B.a change in the threat landscape.

C.a management request for updated security reports.

D.a change in security policy.

Question 103 of 150

Question 104 of 150

104.

Management decisions concerning information security investments will be MOST effective when they are based on:

A.an annual loss expectancy (ALE) determined from the history of security events,

B.the formalized acceptance of risk analysis by management,

C.a process for identifying and analyzing threats and vulnerabilities.

D.the reporting of consistent and periodic assessments of risks.

Question 104 of 150

Question 105 of 150

105.

An organization has identified IT failures in a call center application. Of the following, who should own this risk?

A.Chief executive officer (CEO)

B.Head of the IT department

C.Information security manager

D.Head of the call center

Question 105 of 150

Question 106 of 150

106.

When developing a categorization method for security incidents, the categories MUST:

A.have agreed-upon definitions.

B.align with industry standards.

C.be created by the incident handler.

D.align with reporting requirements.

Question 106 of 150

Question 107 of 150

107.

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

A.Independent review of the vendor

B.Local laws and regulations

C.Vendor service level agreements (SLAs)

D.Backup and restoration of data

Question 107 of 150

Question 108 of 150

108.

An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Which of the following controls would MOST effectively manage risk to the organization?

A.Including penalty clauses for noncompliance in the vendor contract

B.Disabling vendor access and only re-enabling when access is needed

C.Monitoring key risk indicators (KRIs)

D.Implementing separation of duties between systems and data

Question 108 of 150

Question 109 of 150

109.

When defining a security baseline, it is MOST important that the baseline:

A.is uniform for all assets of the same type.

B.is developed based on stakeholder consensus.

C.can vary depending on the security classification of systems.

D.aligns to key risk indicators (KRIs).

Question 109 of 150

Question 110 of 150

110.

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

A.Perform a privacy impact assessment (PIA).

B.Perform a vulnerability assessment.

C.Perform a gap analysis.

D.Perform a business impact analysis (BIA).

Question 110 of 150

Question 111 of 150

111.

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

A.Service level agreements (SLAs) meet operational standards.

B.External security audit results are reviewed.

C.Business continuity contingency planning is provided

D.Security requirements are included in the vendor contract

Question 111 of 150

Question 112 of 150

112.

Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

A.Communicating the residual risk

B.Presenting compliance requirements

C.Presenting evidence of inherent risk

D.Reporting the security maturity level

Question 112 of 150

Question 113 of 150

113.

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

A.Presence of known vulnerabilities

B.Ineffective security controls

C.Incomplete identification of threats

D.Lack of a risk framework

Question 113 of 150

Question 114 of 150

114.

An information security manager has recently been notified of potential security risks associated with a third- party service provider. What should be done NEXT to address this concern?

A.Conduct a risk analysis.

B.Determine compensating controls.

C.Escalate to the chief risk officer (CRO).

D.Conduct a vulnerability analysis.

Question 114 of 150

Question 115 of 150

115.

An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

A.The cloud provider's service level agreement (SLA) includes availability requirements.

B.The cloud provider can meet recovery point objectives (RPOs).

C.The cloud provider adheres to applicable regulations.

D.The hosting contract has a termination clause.

Question 115 of 150

Question 116 of 150

116.

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

A.Control effectiveness

B.Security management processes

C.Security policies

D.Organizational culture

Question 116 of 150

Question 117 of 150

117.

The effectiveness of an incident response team will be GREATEST when:

A.incidents are identified using a security information and event monitoring {SIEM) system.

B.the incident response team meets on a regular basis to review log files.

C.the incident response process is updated based on lessons learned.

D.the incident response team members are trained security personnel.

Question 117 of 150

Question 118 of 150

118.

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

A.business senior management.

B.the chief risk officer (CRO).

C.the compliance officer.

D.the information security manager.

Question 118 of 150

Question 119 of 150

119.

Which of the following BEST helps to enable the desired information security culture within an organization?

A.Effective information security policies and procedures

B.Information security awareness training and campaigns

C.Delegation of information security roles and responsibilities

D.Incentives for appropriate information security-related behavior

Question 119 of 150

Question 120 of 150

120.

Which of the following is a PRIMARY function of an incident response team?

A.To provide a single point of contact for critical incidents

B.To provide effective incident mitigation

C.To provide a risk assessment for zero-day vulnerabilities

D.To provide a business impact analysis (BIA)

Question 120 of 150

Question 121 of 150

121.

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?

A.Backups are maintained offline and regularly tested.

B.Production data is continuously replicated between primary and secondary sites.

C.Impacted networks can be detached at the network switch level.

D.Backups are maintained on multiple sites and regularly reviewed.

Question 121 of 150

Question 122 of 150

122.

Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

A.Indemnification clause

B.Compliance status reporting

C.Breach detection and notification

D.Physical access to service provider premises

Question 122 of 150

Question 123 of 150

123.

Which of the following factors would have the MOST significant impact on an organization's information security governance mode?

A.Security budget

B.Number of employees

C.Corporate culture

D.Outsourced processes

Question 123 of 150

Question 124 of 150

124.

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

A.Communicating the plan to all stakeholders

B.Updating the plan periodically

C.Storing the plan at an offsite location

D.Conducting a walk-through of the plan

Question 124 of 150

Question 125 of 150

125.

Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?

A.Information owner

B.Information security manager

C.Business manager

D.Senior management

Question 125 of 150

Question 126 of 150

126.

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

A.Procedures for incident triage

B.Technical capabilities of the team

C.Feedback from affected departments

D.Historical data from past incidents

Question 126 of 150

Question 127 of 150

127.

An organization is transitioning to a Zero Trust architecture. Which of the following is the information security manager's BEST approach for communicating the implications of this transition to the board of directors?

A.Prepare a report on the Zero Trust implementation that includes a status dashboard and timeline

B.Provide an outline of the business impact in terms of risk reduction and changes in user experience

C.Summarize the training plan and end user feedback in an internal portal and send the link to the board

D.Present a diagram of core Zero Trust logical components to help visualize the architectural changes

Question 127 of 150

Question 128 of 150

128.

An information security manager learns that an existing supplier plans to begin using its recently developed generative AI technology for the same scope of service. A risk assessment was performed on the supplier three months ago with no outstanding findings. Which of the following is the BEST course of action to address the associated risk?

A.Suspend the use of the supplier until a risk assessment of the AI technology has been performed

B.Review the results of the previous risk assessment

C.Report the change in risk to senior management

D.Add an indemnity clause in the contractual agreement at the renewal stage

Question 128 of 150

Question 129 of 150

129.

Which of the following has the MOST influence on the inherent risk of an information asset?

A.Return on investment (ROI)

B.Business criticality

C.Net present value (NPV)

D.Risk tolerance

Question 129 of 150

Question 130 of 150

130.

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

A.Installing new firewalls

B.Performing penetration testing

C.Updating security policies

D.Improving user awareness

Question 130 of 150

Question 131 of 150

131.

When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:

A.management direction.

B.the root cause of the event.

C.type of security incident.

D.expected duration of outage.

Question 131 of 150

Question 132 of 150

132.

Which of the following is the BEST indication that an organization has a mature information security culture?

A.The chief information security officer (CISO) regularly interacts with the board.

B.Information security training is mandatory for all staff.

C.The organization's information security policy is documented and communicated.

D.Staff consistently consider risk in making decisions.

Question 132 of 150

Question 133 of 150

133.

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:

A.evaluate results of the most recent incident response test.

B.assess progress of risk mitigation efforts.

C.ensure established security metrics are reported.

D.review the number of reported security incidents.

Question 133 of 150

Question 134 of 150

134.

Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?

A.Disaster recovery plan (DRP)

B.Security awareness plan

C.Business continuity plan (BCP)

D.Incident response plan

Question 134 of 150

Question 135 of 150

135.

The PRIMARY consideration when responding to a ransomware attack should be to ensure:

A.the business can operate

B.the ransomware attack is contained

C.the most recent patches have been applied.

D.backups are available.

Question 135 of 150

Question 136 of 150

136.

The PRIMARY objective of timely declaration of a disaster is to:

A.protect critical physical assets from further loss.

B.ensure the continuity of the organization's essential services.

C.ensure engagement of business management in the recovery process.

D.assess and correct disaster recovery process deficiencies.

Question 136 of 150

Question 137 of 150

137.

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

A.Ask the business owner for the new remediation plan

B.Implement compensating controls

C.Re-evaluate the risk

D.Inform senior management

Question 137 of 150

Question 138 of 150

138.

A PRIMARY benefit of adopting an information security framework is that it provides:

A.security and vulnerability reporting guidelines.

B.common exploitability indices.

C.credible emerging threat intelligence.

D.standardized security controls.

Question 138 of 150

Question 139 of 150

139.

The PRIMARY advantage of involving end users in continuity planning is that they:

A.can see the overall impact to the business.

B.are more objective than information security management.

C.can balance the technical and business risks.

D.have a better understanding of specific business needs.

Question 139 of 150

Question 140 of 150

140.

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

A.Perform a risk assessment of the current IT environment.

B.Update in accordance with the best business practices.

C.Gain an understanding of the current business direction.

D.Inventory and review current security policies.

Question 140 of 150

Question 141 of 150

141.

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

A.Power off the endpoint device.

B.Run a virus scan on the endpoint device.

C.Wipe and reset the endpoint device.

D.Isolate the endpoint device.

Question 141 of 150

Question 142 of 150

142.

An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?

A.Conduct an internal audit.

B.Conduct penetration testing.

C.Perform a vulnerability assessment.

D.Prepare compensating controls.

Question 142 of 150

Question 143 of 150

143.

Who is BEST suited to determine how the information in a database should be classified?

A.Database analyst

B.Database administrator (DBA)

C.Information security analyst

D.Data owner

Question 143 of 150

Question 144 of 150

144.

Which of the following events is MOST likely to require an organization to revisit its information security framework?

A.A new technology implemented

B.Changes to the risk landscape

C.A recent cybersecurity attack

D.New services offered by IT

Question 144 of 150

Question 145 of 150

145.

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

A.Automation of controls

B.Documentation of control procedures

C.Integration of assurance efforts

D.Standardization of compliance requirements

Question 145 of 150

Question 146 of 150

146.

Which of the following is the MOST important reason for an information security manager to archive and retain the organization's electronic communication and email data?

A.To meet the requirements of global security standards

B.To identify and scan attachments for malware

C.To provide as evidence in legal proceedings when required

D.To track personal use of electronic communication by users

Question 146 of 150

Question 147 of 150

147.

An information security manager has identified that security risks are not being treated in a timely manner.

A.Create mitigating controls to manage the risks.

B.Assign a risk owner to each risk

C.Re-perform risk analysis at regular intervals.

D.Provide regular updates about the current state of the risks.

Question 147 of 150

Question 148 of 150

148.

Which of the following should be established FIRST when implementing an information security governance framework?

A.Security architecture

B.Security awareness training program

C.Security incident management team

D.Security policies

Question 148 of 150

Question 149 of 150

149.

Which of the following BEST indicates that information assets are classified accurately?

A.An accurate and complete information asset catalog

B.Increased compliance with information security policy

C.Appropriate prioritization of information risk treatment

D.Appropriate assignment of information asset owners

Question 149 of 150

Question 150 of 150

150.

Which of the following is the BEST way to evaluate the effectiveness of physical and environmental security controls implemented for fire-related disasters?

A.Review emergency management team procedures

B.Conduct awareness sessions

C.Review the disaster recovery plan (DRP)

D.Conduct evacuation exercises

Question 150 of 150

Get a Quote