New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Isaca CISM Dumps Questions Answers

Page: 1 / 59
Total 793 questions

Certified Information Security Manager Questions and Answers

Question 1

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Buy Now
Question 2

Which of the following is an example of risk mitigation?

Options:

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Question 3

Which of the following should be the PRIMARY basis for determining the value of assets?

Options:

A.

Cost of replacing the assets

B.

Business cost when assets are not available

C.

Original cost of the assets minus depreciation

D.

Total cost of ownership (TCO)

Question 4

Relationships between critical systems are BEST understood by

Options:

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Question 5

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Options:

A.

Security risk assessment

B.

Security operations program

C.

Information security policy

D.

Business impact analysis (BIA)

Question 6

To support effective risk decision making, which of the following is MOST important to have in place?

Options:

A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Question 7

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Options:

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Question 8

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Question 9

Which of the following is the MOST effective way to prevent information security incidents?

Options:

A.

Implementing a security information and event management (SIEM) tool

B.

Implementing a security awareness training program for employees

C.

Deploying a consistent incident response approach

D.

Deploying intrusion detection tools in the network environment

Question 10

Prior to conducting a forensic examination, an information security manager should:

Options:

A.

boot the original hard disk on a clean system.

B.

create an image of the original data on new media.

C.

duplicate data from the backup media.

D.

shut down and relocate the server.

Question 11

Which of the following backup methods requires the MOST time to restore data for an application?

Options:

A.

Full backup

B.

Incremental

C.

Differential

D.

Disk mirroring

Question 12

Which of the following BEST demonstrates the added value of an information security program?

Options:

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Question 13

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Options:

A.

Document risk acceptances.

B.

Revise the organization's security policy.

C.

Assess the consequences of noncompliance.

D.

Conduct an information security audit.

Question 14

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Question 15

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Options:

A.

Poor documentation of results and lessons learned

B.

Lack of communication to affected users

C.

Disruption to the production environment

D.

Lack of coordination among departments

Question 16

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents.

B.

identify vulnerabilities.

C.

identify control improvements.

D.

identify the root cause.

Question 17

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Options:

A.

Process owners

B.

End users

C.

Security architects.

D.

Corporate auditors

Question 18

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Options:

A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Question 19

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Options:

A.

Impact on information security program

B.

Cost of controls

C.

Impact to business function

D.

Cost to replace

Question 20

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Options:

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Question 21

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

Options:

A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Question 22

Which of the following should be given the HIGHEST priority during an information security post-incident review?

Options:

A.

Documenting actions taken in sufficient detail

B.

Updating key risk indicators (KRIs)

C.

Evaluating the performance of incident response team members

D.

Evaluating incident response effectiveness

Question 23

Which of the following documents should contain the INITIAL prioritization of recovery of services?

Options:

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Question 24

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Question 25

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Question 26

Implementing the principle of least privilege PRIMARILY requires the identification of:

Options:

A.

job duties

B.

data owners

C.

primary risk factors.

D.

authentication controls

Question 27

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:

A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Question 28

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization's data by the user

D.

Monitoring how often the smartphone is used

Question 29

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Question 30

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Question 31

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Options:

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Question 32

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Options:

A.

Review independent security assessment reports for each vendor.

B.

Benchmark each vendor's services with industry best practices.

C.

Analyze the risks and propose mitigating controls.

D.

Define information security requirements and processes.

Question 33

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Options:

A.

results of exit interviews.

B.

previous training sessions.

C.

examples of help desk requests.

D.

responses to security questionnaires.

Question 34

Which of the following is the MOST important detail to capture in an organization's risk register?

Options:

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Question 35

An organization's quality process can BEST support security management by providing:

Options:

A.

security configuration controls.

B.

assurance that security requirements are met.

C.

guidance for security strategy.

D.

a repository for security systems documentation.

Question 36

A Seat a-hosting organization's data center houses servers, appli

BEST approach for developing a physical access control policy for the organization?

Options:

A.

Review customers’ security policies.

B.

Conduct a risk assessment to determine security risks and mitigating controls.

C.

Develop access control requirements for each system and application.

D.

Design single sign-on (SSO) or federated access.

Question 37

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Question 38

Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

Options:

A.

IT system clocks are not synchronized with the centralized logging server.

B.

Operating systems are no longer supported by the vendor.

C.

The patch management system does not deploy patches in a timely manner.

D.

An organization has a decentralized data center that uses cloud services.

Question 39

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.

Decrease in the number of security incidents

B.

Increase in the frequency of security incident escalations

C.

Reduction in the impact of security incidents

D.

Increase in the number of reported security incidents

Question 40

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:

A.

Storing the plan at an offsite location

B.

Communicating the plan to all stakeholders

C.

Updating the plan periodically

D.

Conducting a walk-through of the plan

Question 41

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Question 42

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Question 43

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Question 44

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

Options:

A.

Monitor the effectiveness of controls

B.

Update the risk assessment framework

C.

Review the inherent risk level

D.

Review the risk probability and impact

Question 45

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Options:

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Question 46

A common drawback of email software packages that provide native encryption of messages is that the encryption:

Options:

A.

cannot encrypt attachments

B.

cannot interoperate across product domains.

C.

has an insufficient key length.

D.

has no key-recovery mechanism.

Question 47

What should be an information security manager's MOST important consideration when developing a multi-year plan?

Options:

A.

Ensuring contingency plans are in place for potential information security risks

B.

Ensuring alignment with the plans of other business units

C.

Allowing the information security program to expand its capabilities

D.

Demonstrating projected budget increases year after year

Question 48

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees' roles

D.

based on recent incidents

Question 49

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Question 50

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.

control gaps are minimized.

B.

system availability.

C.

effectiveness of controls.

D.

alignment with compliance requirements.

Question 51

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Options:

A.

Prevent the user from using personal mobile devices.

B.

Report the incident to the police.

C.

Wipe the device remotely.

D.

Remove user's access to corporate data.

Question 52

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Options:

A.

Install the OS, patches, and application from the original source.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Remove all signs of the intrusion from the OS and application.

Question 53

Which of the following BEST enables the integration of information security governance into corporate governance?

Options:

A.

Well-decumented information security policies and standards

B.

An information security steering committee with business representation

C.

Clear lines of authority across the organization

D.

Senior management approval of the information security strategy

Question 54

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Question 55

A balanced scorecard MOST effectively enables information security:

Options:

A.

project management

B.

governance.

C.

performance.

D.

risk management.

Question 56

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Question 57

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Options:

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Question 58

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?

Options:

A.

Identify the skill set of the provider's incident response team.

B.

Evaluate the provider's audit logging and monitoring controls.

C.

Review the provider’s incident definitions and notification criteria.

D.

Update the incident escalation process.

Question 59

Which of the following is the BEST indication of information security strategy alignment with the “&

Options:

A.

Percentage of information security incidents resolved within defined service level agreements (SLAs)

B.

Percentage of corporate budget allocated to information security initiatives

C.

Number of business executives who have attended information security awareness sessions

D.

Number of business objectives directly supported by information security initiatives

Question 60

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Options:

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Question 61

The PRIMARY objective of a post-incident review of an information security incident is to:

Options:

A.

update the risk profile

B.

minimize impact

C.

prevent recurrence.

D.

determine the impact

Question 62

Which of the following BEST enables an organization to transform its culture to support information security?

Options:

A.

Periodic compliance audits

B.

Strong management support

C.

Robust technical security controls

D.

Incentives for security incident reporting

Question 63

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Question 64

What is the PRIMARY benefit to an organization that maintains an information security governance framework?

Options:

A.

Resources are prioritized to maximize return on investment (ROI)

B.

Information security guidelines are communicated across the enterprise_

C.

The organization remains compliant with regulatory requirements.

D.

Business risks are managed to an acceptable level.

Question 65

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Question 66

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Options:

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Question 67

Reverse lookups can be used to prevent successful:

Options:

A.

denial of service (DoS) attacks

B.

session hacking

C.

phishing attacks

D.

Internet protocol (IP) spoofing

Question 68

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

Options:

A.

Inform senior management

B.

Re-evaluate the risk

C.

Implement compensating controls

D.

Ask the business owner for the new remediation plan

Question 69

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

Options:

A.

Clearer segregation of duties

B.

Increased user productivity

C.

Increased accountability

D.

Fewer security incidents

Question 70

Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

Options:

A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Question 71

Which of the following defines the triggers within a business continuity plan (BCP)? @

Options:

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Question 72

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents

B.

identify vulnerabilities

C.

identify control improvements.

D.

identify the root cause.

Question 73

Which of the following sources is MOST useful when planning a business-aligned information security program?

Options:

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Question 74

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

Options:

A.

Security metrics

B.

Security baselines

C.

Security incident details

D.

Security risk exposure

Question 75

Reevaluation of risk is MOST critical when there is:

Options:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Question 76

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Question 77

Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?

Options:

A.

To reduce risk mitigation costs

B.

To resolve vulnerabilities in enterprise architecture (EA)

C.

To manage the risk to an acceptable level

D.

To eliminate threats impacting the business

Question 78

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

Options:

A.

Adopt the cloud provider's incident response procedures.

B.

Transfer responsibility for incident response to the cloud provider.

C.

Continue using the existing incident response procedures.

D.

Revise incident response procedures to encompass the cloud environment.

Question 79

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Question 80

Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?

Options:

A.

Controls analysis

B.

Emerging risk review

C.

Penetration testing

D.

Traffic monitoring

Question 81

An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Options:

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Question 82

Which of the following is MOST important to include in security incident escalation procedures?

Options:

A.

Key objectives of the security program

B.

Recovery procedures

C.

Notification criteria

D.

Containment procedures

Question 83

Which of the following would BEST mitigate accidental data loss events?

Options:

A.

Conduct periodic user awareness training.

B.

Obtain senior management support for the information security strategy.

C.

Conduct a data loss prevention (DLP) audit.

D.

Enforce a data hard drive encryption policy.

Question 84

Which of the following should be the PRIMARY basis for establishing metrics that measure the effectiveness of an information security program?

Options:

A.

Residual risk

B.

Regulatory requirements

C.

Risk tolerance

D.

Control objectives

Question 85

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Perform a vulnerability assessment

B.

Perform a gap analysis to determine needed resources

C.

Create a security exception

D.

Assess the risk to business operations

Question 86

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

Options:

A.

A validation of the current firewall rule set

B.

A port scan of the firewall from an internal source

C.

A ping test from an external source

D.

A simulated denial of service (DoS) attack against the firewall

Question 87

Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?

Options:

A.

Mapping the risks to the security classification scheme

B.

Illustrating risk on a heat map

C.

Mapping the risks to existing controls

D.

Providing a technical risk assessment report

Question 88

Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

Options:

A.

Stakeholder feedback analysis

B.

Business continuity risk analysis

C.

Incident root cause analysis

D.

Business impact analysis (BIA)

Question 89

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Options:

A.

Legal

B.

Information security

C.

Help desk

D.

Human resources (HR)

Question 90

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Options:

A.

organizational alignment

B.

IT strategy alignment

C.

threats to the organization

D.

existing control costs

Question 91

The MOST important information for influencing management’s support of information security is:

Options:

A.

an demonstration of alignment with the business strategy.

B.

An identification of the overall threat landscape.

C.

A report of a successful attack on a competitor.

D.

An identification of organizational risks.

Question 92

A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

Options:

A.

Ability to test the patch prior to deployment

B.

Documentation of patching procedures

C.

Adequacy of the incident response plan

D.

Availability of resources to implement controls

Question 93

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Options:

A.

Eliminate privileged accounts.

B.

Perform periodic certification of access to privileged accounts.

C.

Frequently monitor activities on privileged accounts.

D.

Provide privileged account access only to users who need it.

Question 94

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Options:

A.

Obtain consensus on the strategy from the executive board.

B.

Review alignment with business goals.

C.

Define organizational risk tolerance.

D.

Develop a project plan to implement the strategy.

Question 95

Which of the following is MOST helpful in determining whether a phishing email is malicious?

Options:

A.

Security awareness training

B.

Reverse engineering

C.

Threat intelligence

D.

Sandboxing

Question 96

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

Options:

A.

Inform the public relations officer.

B.

Inform customers of the breach.

C.

Invoke the incident response plan.

D.

Monitor the third party's response.

Question 97

To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?

Options:

A.

Data storage procedures

B.

Data classification policy

C.

Results of penetration testing

D.

Features of data protection products

Question 98

Which of the following is ESSENTIAL to ensuring effective incident response?

Options:

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Question 99

The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of

action?

Options:

A.

Recommend additional network segmentation.

B.

Seek an independent opinion to confirm the findings.

C.

Determine alignment with existing regulations.

D.

Report findings to key stakeholders.

Question 100

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

Options:

A.

Ensure a plan with milestones is developed.

B.

Implement a distributed denial of service (DDoS) control.

C.

Engage the incident response team.

D.

Define new key performance indicators (KPIs).

Question 101

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

Options:

A.

Implement compensating controls.

B.

Analyze the identified risk.

C.

Prepare a risk mitigation plan.

D.

Add the risk to the risk register.

Question 102

To effectively manage an organization's information security risk, it is MOST important to:

Options:

A.

assign risk management responsibility to an experienced consultant.

B.

periodically identify and correct new systems vulnerabilities.

C.

establish and communicate risk tolerance.

D.

benchmark risk scenarios against peer organizations.

Question 103

Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?

Options:

A.

Information security manager

B.

Chief risk officer (CRO)

C.

Information security steering committee

D.

Risk owner

Question 104

Which of the following is necessary to ensure consistent protection for an organization's information assets?

Options:

A.

Classification model

B.

Control assessment

C.

Data ownership

D.

Regulatory requirements

Question 105

Which of the following is the MOST effective way to increase security awareness in an organization?

Options:

A.

Implement regularly scheduled information security audits.

B.

Require signed acknowledgment of information security policies.

C.

Conduct periodic simulated phishing exercises.

D.

Include information security requirements in job descriptions.

Question 106

Which of the following is MOST important when developing an information security strategy?

Options:

A.

Engage stakeholders.

B.

Assign data ownership.

C.

Determine information types.

D.

Classify information assets.

Question 107

Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?

Options:

A.

Impose state limits on servers.

B.

Spread a site across multiple ISPs.

C.

Block the attack at the source.

D.

Harden network security.

Question 108

Which of the following BEST enables an organization to maintain an appropriate security control environment?

Options:

A.

Alignment to an industry security framework

B.

Budgetary support for security

C.

Periodic employee security training

D.

Monitoring of the threat landscape

Question 109

Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Options:

A.

Incident management procedures

B.

Incident management policy

C.

System risk assessment

D.

Organizational risk register

Question 110

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Options:

A.

Network address translation (NAT)

B.

Message hashing

C.

Transport Layer Security (TLS)

D.

Multi-factor authentication

Question 111

An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?

Options:

A.

Conduct a risk assessment and share the result with senior management.

B.

Revise the incident response plan-to align with business processes.

C.

Provide incident response training to data custodians.

D.

Provide incident response training to data owners.

Question 112

Which of the following should be the PRIMARY objective when establishing a new information security program?

Options:

A.

Executing the security strategy

B.

Minimizing organizational risk

C.

Optimizing resources

D.

Facilitating operational security

Question 113

Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

Options:

A.

The organization's risk tolerance

B.

Resource availability

C.

The organization's mission

D.

Incident response team training

Question 114

Which of the following is the MOST important function of an information security steering committee?

Options:

A.

Assigning data classifications to organizational assets

B.

Developing organizational risk assessment processes

C.

Obtaining multiple perspectives from the business

D.

Defining security standards for logical access controls

Question 115

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Options:

A.

IT strategy

B.

Recovery strategy

C.

Risk mitigation strategy

D.

Security strategy

Question 116

Following an employee security awareness training program, what should be the expected outcome?

Options:

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Question 117

An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Reinforce security awareness practices for end users.

B.

Temporarily outsource the email system to a cloud provider.

C.

Develop a business case to replace the system.

D.

Monitor outgoing traffic on the firewall.

Question 118

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Options:

A.

adherence to international standards

B.

availability of financial resources

C.

the organization s risk tolerance

D.

alignment with business needs

Question 119

The PRIMARY goal of a post-incident review should be to:

Options:

A.

establish the cost of the incident to the business.

B.

determine why the incident occurred.

C.

identify policy changes to prevent a recurrence.

D.

determine how to improve the incident handling process.

Question 120

An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?

Options:

A.

Using secure communication channels

B.

Establishing mutual non-disclosure agreements (NDAs)

C.

Requiring third-party privacy policies

D.

Obtaining industry references

Question 121

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

Options:

A.

Feedback from affected departments

B.

Historical data from past incidents

C.

Technical capabilities of the team

D.

Procedures for incident triage

Question 122

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

Options:

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Question 123

An organization has been penalized by regulatory authorities for failing to notify them of a major security breach that may have compromised customer data. Which of the following is MOST likely in need of review and updating to prevent similar penalties in the future?

Options:

A.

Information security policies and procedures

B.

Business continuity plan (BCP)

C.

Incident communication plan

D.

Incident response training program

Question 124

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

The information security manager

B.

The data custodian

C.

Internal IT audit

D.

The data owner

Question 125

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Question 126

When assigning a risk owner, the MOST important consideration is to ensure the owner has:

Options:

A.

adequate knowledge of risk treatment and related control activities.

B.

decision-making authority and the ability to allocate resources for risk.

C.

sufficient time for monitoring and managing the risk effectively.

D.

risk communication and reporting skills to enable decision-making.

Question 127

The PRIMARY reason for creating a business case when proposing an information security project is to:

Options:

A.

articulate inherent risks.

B.

provide demonstrated return on investment (ROI).

C.

establish the value of the project in relation to business objectives.

D.

gain key business stakeholder engagement.

Question 128

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

Options:

A.

Limited liability clause

B.

Explanation of information usage

C.

Information encryption requirements

D.

Access control requirements

Question 129

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

Options:

A.

Control matrix

B.

Business impact analysis (BIA)

C.

Risk register

D.

Information security policy

Question 130

Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?

Options:

A.

Reliable image backups

B.

Impact assessment

C.

Documented eradication procedures

D.

Root cause analysis

Question 131

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

Options:

A.

Automated controls

B.

Security policies

C.

Guidelines

D.

Standards

Question 132

When building support for an information security program, which of the following elements is MOST important?

Options:

A.

Identification of existing vulnerabilities

B.

Information risk assessment

C.

Business impact analysis (BIA)

D.

Threat analysis

Question 133

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

Options:

A.

Recovery

B.

Identification

C.

Containment

D.

Preparation

Question 134

Capacity planning would prevent:

Options:

A.

file system overload arising from distributed denial of service (DDoS) attacks.

B.

system downtime for scheduled security maintenance.

C.

application failures arising from insufficient hardware resources.

D.

software failures arising from exploitation of buffer capacity vulnerabilities.

Question 135

An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:

• A bad actor broke into a business-critical FTP server by brute forcing an administrative password

• The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored

• The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server

• After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail

Which of the following could have been prevented by conducting regular incident response testing?

Options:

A.

Ignored alert messages

B.

The server being compromised

C.

The brute force attack

D.

Stolen data

Question 136

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Options:

A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Question 137

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.

Administering information security awareness training

B.

Defining security strategies to support organizational programs

C.

Ensuring adequate support for solutions using emerging technologies

D.

Advising senior management on optimal levels of risk appetite and tolerance

Question 138

To help ensure that an information security training program is MOST effective, its contents should be:

Options:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Question 139

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

Options:

A.

Conduct a threat analysis.

B.

Implement an information security awareness training program.

C.

Establish an audit committee.

D.

Create an information security steering committee.

Question 140

When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

Options:

A.

strong encryption

B.

regulatory compliance.

C.

data availability.

D.

security awareness training

Question 141

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Options:

A.

Perform a full data backup.

B.

Conduct ransomware awareness training for all staff.

C.

Update indicators of compromise in the security systems.

D.

Review the current risk assessment.

Question 142

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.

Update the risk register.

B.

Consult with the business owner.

C.

Restrict application network access temporarily.

D.

Include security requirements in the contract.

Question 143

Which of the following is the PRIMARY benefit achieved when an information security governance framework is aligned with corporate governance?

Options:

A.

Protection of business value and assets

B.

Identification of core business strategies

C, Easier entrance into new businesses and technologies

C.

Improved regulatory compliance posture

Question 144

Which of the following is the BEST way to build a risk-aware culture?

Options:

A.

Periodically change risk awareness messages.

B.

Ensure that threats are documented and communicated in a timely manner.

C.

Establish a channel for staff to report risks.

D.

Periodically test compliance with security controls.

Question 145

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Options:

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Question 146

Which of the following should be the FIRST step when performing triage of a malware incident?

Options:

A.

Containing the affected system

B.

Preserving the forensic image

C.

Comparing backup against production

D.

Removing the malware

Question 147

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

Eradication

B Recovery

B.

Lessons learned review

C.

Incident declaration

Question 148

Which of the following is the BEST source of information to support an organization's information security vision and strategy?

Options:

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Question 149

Which of the following is BEST used to determine the maturity of an information security program?

Options:

A.

Security budget allocation

B.

Organizational risk appetite

C.

Risk assessment results

D.

Security metrics

Question 150

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Options:

A.

Update in accordance with the best business practices.

B.

Perform a risk assessment of the current IT environment.

C.

Gain an understanding of the current business direction.

D.

Inventory and review current security policies.

Question 151

To improve the efficiency of the development of a new software application, security requirements should be defined:

Options:

A.

based on code review.

B.

based on available security assessment tools.

C.

after functional requirements.

D.

concurrently with other requirements.

Question 152

Which of the following is the FIRST step when conducting a post-incident review?

Options:

A.

Identify mitigating controls.

B.

Assess the costs of the incident.

C.

Perform root cause analysis.

D.

Assign responsibility for corrective actions.

Question 153

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

Options:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Question 154

Which of the following is the BEST way to determine if an information security profile is aligned with business requirements?

Options:

A.

Review the key performance indicator (KPI) dashboard

B.

Review security-related key risk indicators (KRIs)

C.

Review control self-assessment (CSA) results

D.

Review periodic security audits

Question 155

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.

Define the issues to be addressed.

B.

Perform a cost-benefit analysis.

C.

Calculate the total cost of ownership (TCO).

D.

Conduct a feasibility study.

Question 156

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST

important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The cost and associated risk reduction

B.

Benchmarks of industry peers impacted by ransomware

C.

The number and severity of ransomware incidents

D.

The total cost of the investment

Question 157

Which of the following is the PRIMARY reason to conduct a post-incident review?

Options:

A.

To aid in future risk assessments

B.

To improve the response process

C.

To determine whether digital evidence is admissible

D.

To notify regulatory authorities

Question 158

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Perform a gap analysis based on the current state

B.

Create a roadmap to identify security baselines and controls.

C.

Identify key stakeholders to champion information security.

D.

Determine acceptable levels of information security risk.

Question 159

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.

enhance the organization's antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization's detective controls.

D.

reduce the need for a security awareness program.

Question 160

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Options:

A.

Integrate information security risk assessments into the procurement process.

B.

Provide regular information security training to the procurement team.

C.

Invite IT members into regular procurement team meetings to influence best practice.

D.

Enforce the right to audit in procurement contracts with SaaS vendors.

Question 161

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)

B.

Infrastructure as a Service (laaS)

C.

Platform as a Service (PaaS)

D.

Software as a Service (SaaS)

Question 162

Which of the following is the PRIMARY reason for granting a security exception?

Options:

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Question 163

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:

A.

Conduct an impact assessment.

B.

Isolate the affected systems.

C.

Rebuild the affected systems.

D.

Initiate incident response.

Question 164

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

Options:

A.

To facilitate a qualitative risk assessment following the BIA

B.

To increase awareness of information security among key stakeholders

C.

To ensure the stakeholders providing input own the related risk

D.

To obtain input from as many relevant stakeholders as possible

Question 165

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:

A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Question 166

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Question 167

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Options:

A.

Involving information security at each stage of project management

B.

Identifying responsibilities during the project business case analysis

C.

Creating a data classification framework and providing it to stakeholders

D.

Providing stakeholders with minimum information security requirements

Question 168

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Question 169

An online bank identifies a successful network attack in progress. The bank should FIRST:

Options:

A.

isolate the affected network segment.

B.

report the root cause to the board of directors.

C.

assess whether personally identifiable information (Pll) is compromised.

D.

shut down the entire network.

Question 170

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Options:

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Question 171

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Question 172

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Options:

A.

Risk levels may be elevated beyond acceptable limits.

B.

Security audits may report more high-risk findings.

C.

The compensating controls may not be cost efficient.

D.

Noncompliance with industry best practices may result.

Question 173

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Options:

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Question 174

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Options:

A.

Responsible entities

B.

Key risk indicators (KRIS)

C.

Compensating controls

D.

Potential business impact

Question 175

Of the following, who is in the BEST position to evaluate business impacts?

Options:

A.

Senior management

B.

Information security manager

C.

IT manager

D.

Process manager

Question 176

A recovery point objective (RPO) is required in which of the following?

Options:

A.

Disaster recovery plan (DRP)

B.

Information security plan

C.

Incident response plan

D.

Business continuity plan (BCP)

Question 177

A PRIMARY purpose of creating security policies is to:

Options:

A.

define allowable security boundaries.

B.

communicate management's security expectations.

C.

establish the way security tasks should be executed.

D.

implement management's security governance strategy.

Question 178

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Options:

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Question 179

Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Options:

A.

Updated security policies

B.

Defined security standards

C.

Threat intelligence

D.

Regular antivirus updates

Question 180

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Question 181

Management decisions concerning information security investments will be MOST effective when they are based on:

Options:

A.

a process for identifying and analyzing threats and vulnerabilities.

B.

an annual loss expectancy (ALE) determined from the history of security events,

C.

the reporting of consistent and periodic assessments of risks.

D.

the formalized acceptance of risk analysis by management,

Question 182

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Options:

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Question 183

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Question 184

When deciding to move to a cloud-based model, the FIRST consideration should be:

Options:

A.

storage in a shared environment.

B.

availability of the data.

C.

data classification.

D.

physical location of the data.

Question 185

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:

A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Question 186

Which of the following parties should be responsible for determining access levels to an application that processes client information?

Options:

A.

The business client

B.

The information security tear

C.

The identity and access management team

D.

Business unit management

Question 187

Which of the following is MOST important when conducting a forensic investigation?

Options:

A.

Analyzing system memory

B.

Documenting analysis steps

C.

Capturing full system images

D.

Maintaining a chain of custody

Question 188

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Question 189

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

notify the business process owner.

B.

follow the business continuity plan (BCP).

C.

conduct an incident forensic analysis.

D.

follow the incident response plan.

Question 190

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Options:

A.

Instruct IT to deploy controls based on urgent business needs.

B.

Present a business case for additional controls to senior management.

C.

Solicit bids for compensating control products.

D.

Recommend a different application.

Question 191

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Options:

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Question 192

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:

A.

The capabilities and expertise of the information security team

B.

The organization's mission statement and roadmap

C.

A prior successful information security strategy

D.

The organization's information technology (IT) strategy

Question 193

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Options:

A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Question 194

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Options:

A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Question 195

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Question 196

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Options:

A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Question 197

Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?

Options:

A.

Capability maturity model

B.

Vulnerability assessment

C.

IT security risk and exposure

D.

Business impact analysis (BIA)

Question 198

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Question 199

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.

Management's business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Question 200

Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

Options:

A.

Follow the escalation process.

B.

Identify the indicators of compromise.

C.

Notify law enforcement.

D.

Contact forensic investigators.

Question 201

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Question 202

Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?

Options:

A.

To identify the organization's risk tolerance

B.

To improve security processes

C.

To align security roles and responsibilities

D.

To optimize security risk management

Question 203

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Options:

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Question 204

Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?

Options:

A.

Review the previous risk assessment and countermeasures.

B.

Perform a new risk assessment,

C.

Evaluate countermeasures to mitigate new risks.

D.

Transfer the new risk to a third party.

Question 205

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Question 206

Who is BEST suited to determine how the information in a database should be classified?

Options:

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Question 207

Which of the following is the BEST indication of an effective information security awareness training program?

Options:

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Question 208

The MOST appropriate time to conduct a disaster recovery test would be after:

Options:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Question 209

Which of the following is the BEST course of action for an information security manager to align security and business goals?

Options:

A.

Conducting a business impact analysis (BIA)

B.

Reviewing the business strategy

C.

Defining key performance indicators (KPIs)

D.

Actively engaging with stakeholders

Question 210

Which of the following should be the PRIMARY objective of the information security incident response process?

Options:

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Question 211

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Question 212

When developing an asset classification program, which of the following steps should be completed FIRST?

Options:

A.

Categorize each asset.

B.

Create an inventory. &

C.

Create a business case for a digital rights management tool.

D.

Implement a data loss prevention (OLP) system.

Question 213

Which of the following BEST ensures timely and reliable access to services?

Options:

A.

Nonrepudiation

B.

Authenticity

C.

Availability

D.

Recovery time objective (RTO)

Question 214

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Question 215

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Question 216

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

Options:

A.

change activities are documented.

B.

the rationale for acceptance is periodically reviewed.

C.

the acceptance is aligned with business strategy.

D.

compliance with the risk acceptance framework.

Question 217

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Question 218

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

Options:

A.

Cost of the attack to the organization

B.

Location of the attacker

C.

Method of operation used by the attacker

D.

Details from intrusion detection system (IDS) logs

Question 219

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Question 220

When investigating an information security incident, details of the incident should be shared:

Options:

A.

widely to demonstrate positive intent.

B.

only with management.

C.

only as needed,

D.

only with internal audit.

Question 221

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

Options:

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Question 222

The MOST important reason for having an information security manager serve on the change management committee is to:

Options:

A.

identify changes to the information security policy.

B.

ensure that changes are tested.

C.

ensure changes are properly documented.

D.

advise on change-related risk.

Question 223

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Options:

A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Question 224

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

Options:

A.

To alert on unacceptable risk

B.

To identify residual risk

C.

To reassess risk appetite

D.

To benchmark control performance

Question 225

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Options:

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Question 226

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Question 227

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

conduct an incident forensic analysis.

B.

fallow the incident response plan

C.

notify the business process owner.

D.

fallow the business continuity plan (BCP).

Question 228

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Question 229

Which of the following is the BEST approach for governing noncompliance with security requirements?

Options:

A.

Base mandatory review and exception approvals on residual risk,

B.

Require users to acknowledge the acceptable use policy.

C.

Require the steering committee to review exception requests.

D.

Base mandatory review and exception approvals on inherent risk.

Question 230

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Question 231

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Options:

A.

Communicate disciplinary processes for policy violations.

B.

Require staff to participate in information security awareness training.

C.

Require staff to sign confidentiality agreements.

D.

Include information security responsibilities in job descriptions.

Question 232

Information security controls should be designed PRIMARILY based on:

Options:

A.

a business impact analysis (BIA).

B.

regulatory requirements.

C.

business risk scenarios,

D.

a vulnerability assessment.

Question 233

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Question 234

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Options:

A.

reduces unauthorized access to systems.

B.

promotes efficiency in control of the environment.

C.

prevents inconsistencies in information in the distributed environment.

D.

allows administrative staff to make management decisions.

Question 235

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Question 236

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Options:

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization's incident response process.

Question 237

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Exam Detail
Vendor: Isaca
Certification: Isaca Certification
Exam Code: CISM
Last Update: Dec 22, 2024
CISM Question Answers
Page: 1 / 59
Total 793 questions