New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

CISM Certified Information Security Manager Questions and Answers

Questions 4

Which of the following factors would have the MOST significant impact on an organization's information security governance mode?

Options:

A.

Outsourced processes

B.

Security budget

C.

Number of employees

D.

Corporate culture

Buy Now
Questions 5

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?

Options:

A.

Local regulatory requirements

B.

Global framework standards

C.

Cross-border data mobility

D.

Training requirements of the framework

Buy Now
Questions 6

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

Options:

A.

Clearer segregation of duties

B.

Increased user productivity

C.

Increased accountability

D.

Fewer security incidents

Buy Now
Questions 7

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

Options:

A.

security metrics are included in the service level agreement (SLA).

B.

contract clauses comply with the organization's information security policy.

C.

the information security policy of the third-party service provider is reviewed.

D.

right to audit is included in the service level agreement (SLA).

Buy Now
Questions 8

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Options:

A.

Responsible entities

B.

Key risk indicators (KRIS)

C.

Compensating controls

D.

Potential business impact

Buy Now
Questions 9

An email digital signature will:

Options:

A.

protect the confidentiality of an email message.

B.

verify to recipient the integrity of an email message.

C.

automatically correct unauthorized modification of an email message.

D.

prevent unauthorized modification of an email message.

Buy Now
Questions 10

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Options:

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Buy Now
Questions 11

Which of the following is the MOST essential element of an information security program?

Options:

A.

Benchmarking the program with global standards for relevance

B.

Prioritizing program deliverables based on available resources

C.

Involving functional managers in program development

D.

Applying project management practices used by the business

Buy Now
Questions 12

Which of the following is the MOST important outcome of effective risk treatment?

Options:

A.

Elimination of risk

B.

Timely reporting of incidents

C.

Reduced cost of acquiring controls

D.

Implementation of corrective actions

Buy Now
Questions 13

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Options:

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Buy Now
Questions 14

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Options:

A.

Document risk acceptances.

B.

Revise the organization's security policy.

C.

Assess the consequences of noncompliance.

D.

Conduct an information security audit.

Buy Now
Questions 15

Which risk is introduced when using only sanitized data for the testing of applications?

Options:

A.

Data loss may occur during the testing phase.

B.

Data disclosure may occur during the migration event

C.

Unexpected outcomes may arise in production

D.

Breaches of compliance obligations will occur.

Buy Now
Questions 16

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Options:

A.

Threat management is enhanced.

B.

Compliance status is improved.

C.

Security metrics are enhanced.

D.

Proactive risk management is facilitated.

Buy Now
Questions 17

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Options:

A.

Metrics to drive the information security program

B.

Information security policies

C.

A defined security organizational structure

D.

An information security strategy

Buy Now
Questions 18

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Buy Now
Questions 19

Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?

Options:

A.

Consult with IT staff and assess the risk based on their recommendations

B.

Update the security policy based on the regulatory requirements

C.

Propose relevant controls to ensure the business complies with the regulation

D.

Identify and assess the risk in the context of business objectives

Buy Now
Questions 20

Which of the following should be the PRIMARY objective of an information security governance framework?

Options:

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization's information security policies.

Buy Now
Questions 21

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.

Wider range of capabilities

B.

Easier implementation across an organization

C.

Greater ability to focus on core business operations

D.

Lower cost of operations

Buy Now
Questions 22

Which of the following is the BEST justification for making a revision to a password policy?

Options:

A.

Industry best practice

B.

A risk assessment

C.

Audit recommendation

D.

Vendor recommendation

Buy Now
Questions 23

Which of the following documents should contain the INITIAL prioritization of recovery of services?

Options:

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Buy Now
Questions 24

Which of the following is the PRIMARY objective of incident triage?

Options:

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Buy Now
Questions 25

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Buy Now
Questions 26

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Options:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Buy Now
Questions 27

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Buy Now
Questions 28

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Buy Now
Questions 29

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Buy Now
Questions 30

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Options:

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Buy Now
Questions 31

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Options:

A.

Preventive

B.

Corrective

C.

Detective

D.

Deterrent

Buy Now
Questions 32

Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

Options:

A.

IT system clocks are not synchronized with the centralized logging server.

B.

Operating systems are no longer supported by the vendor.

C.

The patch management system does not deploy patches in a timely manner.

D.

An organization has a decentralized data center that uses cloud services.

Buy Now
Questions 33

A balanced scorecard MOST effectively enables information security:

Options:

A.

project management

B.

governance.

C.

performance.

D.

risk management.

Buy Now
Questions 34

Which of the following is the BEST indication that an organization has a mature information security culture?

Options:

A.

Information security training is mandatory for all staff.

B.

The organization's information security policy is documented and communicated.

C.

The chief information security officer (CISO) regularly interacts with the board.

D.

Staff consistently consider risk in making decisions.

Buy Now
Questions 35

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:

A.

Storing the plan at an offsite location

B.

Communicating the plan to all stakeholders

C.

Updating the plan periodically

D.

Conducting a walk-through of the plan

Buy Now
Questions 36

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Options:

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Buy Now
Questions 37

An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?

Options:

A.

Focus the review on the infrastructure with the highest risk

B.

Review controls listed in the vendor contract

C.

Determine whether the vendor follows the selected security framework rules

D.

Review the vendor's security policy

Buy Now
Questions 38

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

Options:

A.

Perform a risk analysis for critical applications.

B.

Determine whether critical success factors (CSFs) have been defined.

C.

Conduct a capability maturity model evaluation.

D.

Review and update current operational procedures.

Buy Now
Questions 39

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Options:

A.

reduces unauthorized access to systems.

B.

promotes efficiency in control of the environment.

C.

prevents inconsistencies in information in the distributed environment.

D.

allows administrative staff to make management decisions.

Buy Now
Questions 40

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

Options:

A.

Inform the public relations officer.

B.

Monitor the third party's response.

C.

Invoke the incident response plan.

D.

Inform customers of the breach.

Buy Now
Questions 41

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Options:

A.

Instruct IT to deploy controls based on urgent business needs.

B.

Present a business case for additional controls to senior management.

C.

Solicit bids for compensating control products.

D.

Recommend a different application.

Buy Now
Questions 42

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

Options:

A.

service level agreements (SLAs)

B.

security requirements for the process being outsourced.

C.

risk-reporting methodologies.

D.

security metrics

Buy Now
Questions 43

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Options:

A.

Integrity

B.

Authenticity

C.

Confidentiality

D.

Nonrepudiation

Buy Now
Questions 44

Which of the following BEST facilitates the effectiveness of cybersecurity incident response?

Options:

A.

Utilizing a security information and event management (SIEM) tool.

B.

Utilizing industry-leading network penetration testing tools.

C.

Increasing communication with all incident response stakeholders.

D.

Continuously updating signatures of the anti-malware solution.

Buy Now
Questions 45

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

Options:

A.

Decrease in false positives

B.

Increase in false positives

C.

Increase in false negatives

D.

Decrease in false negatives

Buy Now
Questions 46

Who is BEST suited to determine how the information in a database should be classified?

Options:

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Buy Now
Questions 47

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Options:

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Buy Now
Questions 48

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Buy Now
Questions 49

Which of the following is the MOST important factor of a successful information security program?

Options:

A.

The program follows industry best practices.

B.

The program is based on a well-developed strategy.

C.

The program is cost-efficient and within budget,

D.

The program is focused on risk management.

Buy Now
Questions 50

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.

Which of the following should be given immediate focus?

Options:

A.

Moving to a zero trust access model

B.

Enabling network-level authentication

C.

Enhancing cyber response capability

D.

Strengthening endpoint security

Buy Now
Questions 51

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Options:

A.

a control self-assessment (CSA) process.

B.

automated reporting to stakeholders.

C.

a monitoring process for the security policy.

D.

metrics for each milestone.

Buy Now
Questions 52

A PRIMARY purpose of creating security policies is to:

Options:

A.

define allowable security boundaries.

B.

communicate management's security expectations.

C.

establish the way security tasks should be executed.

D.

implement management's security governance strategy.

Buy Now
Questions 53

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Options:

A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Buy Now
Questions 54

When properly implemented, secure transmission protocols protect transactions:

Options:

A.

from eavesdropping.

B.

from denial of service (DoS) attacks.

C.

on the client desktop.

D.

in the server's database.

Buy Now
Questions 55

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Buy Now
Questions 56

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

Options:

A.

change activities are documented.

B.

the rationale for acceptance is periodically reviewed.

C.

the acceptance is aligned with business strategy.

D.

compliance with the risk acceptance framework.

Buy Now
Questions 57

Which of the following should be the PRIMARY consideration when developing an incident response plan?

Options:

A.

The definition of an incident

B.

Compliance with regulations

C.

Management support

D.

Previously reported incidents

Buy Now
Questions 58

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Options:

A.

Internal security audit

B.

External security audit

C.

Organizational risk appetite

D.

Business impact analysis (BIA)

Buy Now
Questions 59

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Buy Now
Questions 60

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Buy Now
Questions 61

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

Options:

A.

Obtain an independent audit report.

B.

Require the provider to follow stringent data classification procedures.

C.

Include high penalties for security breaches in the contract.

D.

Review the provider's information security policies.

Buy Now
Questions 62

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

)the information security officer.

B.

the steering committee.

C.

the board of directors.

D.

the internal audit manager.

Buy Now
Questions 63

Which of the following is MOST important to the effectiveness of an information security steering committee?

Options:

A.

The committee has strong regulatory knowledge.

B.

The committee is comprised of representatives from senior management.

C.

The committee has cross-organizational representation.

D.

The committee uses a risk management framework.

Buy Now
Questions 64

An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?

Options:

A.

Prepare an executive summary for senior management

B.

Gather feedback on business impact

C.

Conduct a meeting to capture lessons learned.

D.

Secure and preserve digital evidence for analysis.

Buy Now
Questions 65

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Options:

A.

Gain an understanding of the current business direction.

B.

Perform a risk assessment of the current IT environment.

C.

Inventory and review current security policies.

D.

Update in accordance with the best business practices.

Buy Now
Questions 66

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Options:

A.

organizational alignment

B.

IT strategy alignment

C.

threats to the organization

D.

existing control costs

Buy Now
Questions 67

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

notify the business process owner.

B.

follow the business continuity plan (BCP).

C.

conduct an incident forensic analysis.

D.

follow the incident response plan.

Buy Now
Questions 68

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Options:

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Buy Now
Questions 69

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Buy Now
Questions 70

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Options:

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Buy Now
Questions 71

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Buy Now
Questions 72

What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Options:

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Buy Now
Questions 73

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Options:

A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Buy Now
Questions 74

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

Options:

A.

To facilitate a qualitative risk assessment following the BIA

B.

To increase awareness of information security among key stakeholders

C.

To ensure the stakeholders providing input own the related risk

D.

To obtain input from as many relevant stakeholders as possible

Buy Now
Questions 75

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Options:

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Buy Now
Questions 76

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Buy Now
Questions 77

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Buy Now
Questions 78

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Options:

A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Buy Now
Questions 79

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Buy Now
Questions 80

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Options:

A.

Legal and regulatory requirements

B.

Likelihood of a disaster

C.

Organizational tolerance to service interruption

D.

Geographical location of the backup site

Buy Now
Questions 81

Which of the following analyses will BEST identify the external influences to an organization's information security?

Options:

A.

Business impact analysis (BIA)

B.

Gap analysis

C.

Threat analysis

D.

Vulnerability analysis

Buy Now
Questions 82

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:

A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Buy Now
Questions 83

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Options:

A.

Store disaster recovery documentation in a public cloud.

B.

Maintain an outsourced contact center in another country.

C.

Require disaster recovery documentation be stored with all key decision makers.

D.

Provide annual disaster recovery training to appropriate staff.

Buy Now
Questions 84

A common drawback of email software packages that provide native encryption of messages is that the encryption:

Options:

A.

cannot encrypt attachments

B.

cannot interoperate across product domains.

C.

has an insufficient key length.

D.

has no key-recovery mechanism.

Buy Now
Questions 85

Threat and vulnerability assessments are important PRIMARILY because they are:

Options:

A.

used to establish security investments

B.

the basis for setting control objectives.

C.

elements of the organization's security posture.

D.

needed to estimate risk.

Buy Now
Questions 86

Which of the following events would MOST likely require a revision to the information security program?

Options:

A.

An increase in industry threat level .

B.

A significant increase in reported incidents

C.

A change in IT management

D.

A merger with another organization

Buy Now
Questions 87

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Buy Now
Questions 88

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:

A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Buy Now
Questions 89

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Options:

A.

Prevent the user from using personal mobile devices.

B.

Report the incident to the police.

C.

Wipe the device remotely.

D.

Remove user's access to corporate data.

Buy Now
Questions 90

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Options:

A.

Security incident reporting procedures are followed.

B.

Security staff turnover is reduced.

C.

Information assets are classified appropriately.

D.

Access is granted based on task requirements.

Buy Now
Questions 91

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Buy Now
Questions 92

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Buy Now
Questions 93

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Buy Now
Questions 94

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Options:

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Buy Now
Questions 95

Which of the following BEST demonstrates the added value of an information security program?

Options:

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Buy Now
Questions 96

Which of the following is the MOST effective way to prevent information security incidents?

Options:

A.

Implementing a security information and event management (SIEM) tool

B.

Implementing a security awareness training program for employees

C.

Deploying a consistent incident response approach

D.

Deploying intrusion detection tools in the network environment

Buy Now
Questions 97

Which of the following would BEST help to ensure appropriate security controls are built into software?

Options:

A.

Integrating security throughout the development process

B.

Performing security testing prior to deployment

C.

Providing standards for implementation during development activities

D.

Providing security training to the software development team

Buy Now
Questions 98

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:

A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset's value is critical to risk management.

D.

The responsibility for security rests with all employees.

Buy Now
Questions 99

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Buy Now
Questions 100

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Buy Now
Questions 101

Which of the following should be given the HIGHEST priority during an information security post-incident review?

Options:

A.

Documenting actions taken in sufficient detail

B.

Updating key risk indicators (KRIs)

C.

Evaluating the performance of incident response team members

D.

Evaluating incident response effectiveness

Buy Now
Questions 102

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Options:

A.

Skills required for the incident response team

B.

A list of external resources to assist with incidents

C.

Service level agreements (SLAs)

D.

A detailed incident notification process

Buy Now
Questions 103

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Options:

A.

It transfers the risk associated with recovery to a third party.

B.

It lowers the annual cost to the business.

C.

It eliminates the need to maintain offsite facilities.

D.

It eliminates the need for the business to perform testing.

Buy Now
Questions 104

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

Options:

A.

Review independent security assessment reports for each vendor.

B.

Benchmark each vendor's services with industry best practices.

C.

Analyze the risks and propose mitigating controls.

D.

Define information security requirements and processes.

Buy Now
Questions 105

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Buy Now
Questions 106

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

Options:

A.

review access rights as the acquisition integration occurs.

B.

perform a risk assessment of the access rights.

C.

escalate concerns for conflicting access rights to management.

D.

implement consistent access control standards.

Buy Now
Questions 107

Reverse lookups can be used to prevent successful:

Options:

A.

denial of service (DoS) attacks

B.

session hacking

C.

phishing attacks

D.

Internet protocol (IP) spoofing

Buy Now
Questions 108

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Buy Now
Questions 109

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Buy Now
Questions 110

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Options:

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Buy Now
Questions 111

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Buy Now
Questions 112

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.

control gaps are minimized.

B.

system availability.

C.

effectiveness of controls.

D.

alignment with compliance requirements.

Buy Now
Questions 113

Which of the following is the MOST critical factor for information security program success?

Options:

A.

comprehensive risk assessment program for information security

B.

The information security manager's knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Buy Now
Questions 114

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

Options:

A.

Inform senior management

B.

Re-evaluate the risk

C.

Implement compensating controls

D.

Ask the business owner for the new remediation plan

Buy Now
Questions 115

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Buy Now
Questions 116

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Options:

A.

Process owners

B.

End users

C.

Security architects.

D.

Corporate auditors

Buy Now
Questions 117

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?

Options:

A.

Identify the skill set of the provider's incident response team.

B.

Evaluate the provider's audit logging and monitoring controls.

C.

Review the provider’s incident definitions and notification criteria.

D.

Update the incident escalation process.

Buy Now
Questions 118

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Options:

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Buy Now
Questions 119

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Buy Now
Questions 120

Prior to conducting a forensic examination, an information security manager should:

Options:

A.

boot the original hard disk on a clean system.

B.

create an image of the original data on new media.

C.

duplicate data from the backup media.

D.

shut down and relocate the server.

Buy Now
Questions 121

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Buy Now
Questions 122

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Options:

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Buy Now
Questions 123

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Buy Now
Questions 124

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Options:

A.

Verify that information security requirements are included in the contract.

B.

Request customer references from the vendor.

C.

Require vendors to complete information security questionnaires.

D.

Review the results of the vendor's independent control reports.

Buy Now
Questions 125

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization's data by the user

D.

Monitoring how often the smartphone is used

Buy Now
Questions 126

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Conduct a penetration test of the vendor.

B.

Review the vendor's technical security controls

C.

Review the vendor contract

D.

Disconnect the real-time access

Buy Now
Questions 127

The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Options:

A.

validate the confidentiality during analysis.

B.

reinstate original data when accidental changes occur.

C.

validate the integrity during analysis.

D.

provide backup in case of media failure.

Buy Now
Questions 128

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Buy Now
Questions 129

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees' roles

D.

based on recent incidents

Buy Now
Questions 130

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

Options:

A.

Business process owner

B.

Business continuity coordinator

C.

Senior management

D.

Information security manager

Buy Now
Questions 131

Which of the following is an example of risk mitigation?

Options:

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Buy Now
Questions 132

Which of the following is the BEST approach to make strategic information security decisions?

Options:

A.

Establish regular information security status reporting.

B.

Establish an information security steering committee.

C.

Establish business unit security working groups.

D.

Establish periodic senior management meetings.

Buy Now
Questions 133

Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

Options:

A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Buy Now
Questions 134

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Buy Now
Questions 135

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Buy Now
Questions 136

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Options:

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Buy Now
Questions 137

Which of the following is PRIMARILY determined by asset classification?

Options:

A.

Insurance coverage required for assets

B.

Level of protection required for assets

C.

Priority for asset replacement

D.

Replacement cost of assets

Buy Now
Questions 138

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

Options:

A.

Implement the application and request the cloud service provider to fix the vulnerability.

B.

Assess whether the vulnerability is within the organization's risk tolerance levels.

C.

Commission further penetration tests to validate initial test results,

D.

Postpone the implementation until the vulnerability has been fixed.

Buy Now
Questions 139

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Buy Now
Questions 140

Which of the following is MOST critical when creating an incident response plan?

Options:

A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Documenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Buy Now
Questions 141

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Options:

A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Buy Now
Questions 142

Which of the following is a desired outcome of information security governance?

Options:

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Buy Now
Questions 143

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Buy Now
Questions 144

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Buy Now
Questions 145

Which of the following is MOST effective in monitoring an organization's existing risk?

Options:

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Buy Now
Questions 146

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Options:

A.

Providing ongoing training to the incident response team

B.

Implementing proactive systems monitoring

C.

Implementing a honeypot environment

D.

Updating information security awareness materials

Buy Now
Questions 147

The effectiveness of an information security governance framework will BEST be enhanced if:

Options:

A.

consultants review the information security governance framework.

B.

a culture of legal and regulatory compliance is promoted by management.

C.

risk management is built into operational and strategic activities.

D.

IS auditors are empowered to evaluate governance activities

Buy Now
Questions 148

Which of the following BEST enables staff acceptance of information security policies?

Options:

A.

Strong senior management support

B.

Gomputer-based training

C.

Arobust incident response program

D.

Adequate security funding

Buy Now
Questions 149

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Buy Now
Questions 150

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Options:

A.

Integrate information security risk assessments into the procurement process.

B.

Provide regular information security training to the procurement team.

C.

Invite IT members into regular procurement team meetings to influence best practice.

D.

Enforce the right to audit in procurement contracts with SaaS vendors.

Buy Now
Questions 151

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Buy Now
Questions 152

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.

Management's business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Buy Now
Questions 153

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Buy Now
Questions 154

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Buy Now
Questions 155

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Options:

A.

Including service level agreements (SLAs) in vendor contracts

B.

Establishing communication paths with vendors

C.

Requiring security awareness training for vendor staff

D.

Performing integration testing with vendor systems

Buy Now
Questions 156

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Options:

A.

The security strategy is promoted.

B.

Fewer security incidents are reported.

C.

Security behavior is improved.

D.

More security incidents are detected.

Buy Now
Questions 157

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Options:

A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization's incident response process.

Buy Now
Questions 158

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Options:

A.

Involving information security at each stage of project management

B.

Identifying responsibilities during the project business case analysis

C.

Creating a data classification framework and providing it to stakeholders

D.

Providing stakeholders with minimum information security requirements

Buy Now
Questions 159

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Options:

A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Buy Now
Questions 160

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:

A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Buy Now
Questions 161

What is the BEST way to reduce the impact of a successful ransomware attack?

Options:

A.

Perform frequent backups and store them offline.

B.

Purchase or renew cyber insurance policies.

C.

Include provisions to pay ransoms ih the information security budget.

D.

Monitor the network and provide alerts on intrusions.

Buy Now
Questions 162

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

Options:

A.

To compare emerging trends with the existing organizational security posture

B.

To communicate worst-case scenarios to senior management

C.

To train information security professionals to mitigate new threats

D.

To determine opportunities for expanding organizational information security

Buy Now
Questions 163

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

conduct an incident forensic analysis.

B.

fallow the incident response plan

C.

notify the business process owner.

D.

fallow the business continuity plan (BCP).

Buy Now
Questions 164

Network isolation techniques are immediately implemented after a security breach to:

Options:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Buy Now
Questions 165

When investigating an information security incident, details of the incident should be shared:

Options:

A.

widely to demonstrate positive intent.

B.

only with management.

C.

only as needed,

D.

only with internal audit.

Buy Now
Questions 166

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Options:

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Buy Now
Questions 167

Which of the following is MOST important when conducting a forensic investigation?

Options:

A.

Analyzing system memory

B.

Documenting analysis steps

C.

Capturing full system images

D.

Maintaining a chain of custody

Buy Now
Questions 168

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Options:

A.

the chief risk officer (CRO).

B.

business senior management.

C.

the information security manager.

D.

the compliance officer.

Buy Now
Questions 169

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Options:

A.

Documentation of control procedures

B.

Standardization of compliance requirements

C.

Automation of controls

D.

Integration of assurance efforts

Buy Now
Questions 170

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

Options:

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Buy Now
Questions 171

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:

A.

The capabilities and expertise of the information security team

B.

The organization's mission statement and roadmap

C.

A prior successful information security strategy

D.

The organization's information technology (IT) strategy

Buy Now
Questions 172

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Buy Now
Questions 173

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)

B.

Infrastructure as a Service (laaS)

C.

Platform as a Service (PaaS)

D.

Software as a Service (SaaS)

Buy Now
Questions 174

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Options:

A.

Communicate disciplinary processes for policy violations.

B.

Require staff to participate in information security awareness training.

C.

Require staff to sign confidentiality agreements.

D.

Include information security responsibilities in job descriptions.

Buy Now
Questions 175

Which of the following is the FIRST step to establishing an effective information security program?

Options:

A.

Conduct a compliance review.

B.

Assign accountability.

C.

Perform a business impact analysis (BIA).

D.

Create a business case.

Buy Now
Questions 176

Information security controls should be designed PRIMARILY based on:

Options:

A.

a business impact analysis (BIA).

B.

regulatory requirements.

C.

business risk scenarios,

D.

a vulnerability assessment.

Buy Now
Questions 177

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Buy Now
Questions 178

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:

A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Buy Now
Questions 179

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Options:

A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Buy Now
Questions 180

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Options:

A.

Obtain consensus on the strategy from the executive board.

B.

Review alignment with business goals.

C.

Define organizational risk tolerance.

D.

Develop a project plan to implement the strategy.

Buy Now
Questions 181

Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident notification plan

C.

Risk response scenarios

D.

Security procedures

Buy Now
Questions 182

An enterprise has decided to procure security services from a third-party vendor to support its information security program. Which of the following is MOST important to include in the vendor selection criteria?

Options:

A.

Feedback from the vendor's previous clients

B.

Alignment of the vendor's business objectives with enterprise security goals

C.

The maturity of the vendor's internal control environment

D.

Penetration testing against the vendor's network

Buy Now
Questions 183

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

Options:

A.

cause fewer potential production issues.

B.

require less IT staff preparation.

C.

simulate real-world attacks.

D.

identify more threats.

Buy Now
Questions 184

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

Options:

A.

Assessing how peer organizations using the same technologies have been impacted

B.

Understanding the impact on existing resources

C.

Reviewing vendor contracts and service level agreements (SLAs)

D.

Developing training for end users to familiarize them with the new technology

Buy Now
Questions 185

Which of the following is a PRIMARY function of an incident response team?

Options:

A.

To provide effective incident mitigation

B.

To provide a risk assessment for zero-day vulnerabilities

C.

To provide a single point of contact for critical incidents

D.

To provide a business impact analysis (BIA)

Buy Now
Questions 186

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

Options:

A.

A data forensics program

B.

A configuration management program

C.

A layered security program

D.

An incident response program

Buy Now
Questions 187

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Buy Now
Questions 188

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.

Update the risk register.

B.

Consult with the business owner.

C.

Restrict application network access temporarily.

D.

Include security requirements in the contract.

Buy Now
Questions 189

Which of the following is MOST important to include in an information security status report management?

Options:

A.

List of recent security events

B.

Key risk indication (KRIs)

C.

Review of information security policies

D.

information security budget requests

Buy Now
Questions 190

The MOST useful technique for maintaining management support for the information security program is:

Options:

A.

informing management about the security of business operations.

B.

implementing a comprehensive security awareness and training program.

C.

identifying the risks and consequences of failure to comply with standards.

D.

benchmarking the security programs of comparable organizations.

Buy Now
Questions 191

Which of the following is the MOST important consideration when updating procedures for managing security devices?

Options:

A.

Updates based on the organization's security framework

B.

Notification to management of the procedural changes

C.

Updates based on changes m risk technology and process

D.

Review and approval of procedures by management

Buy Now
Questions 192

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Buy Now
Questions 193

Which of the following is the MOST important function of an information security steering committee?

Options:

A.

Assigning data classifications to organizational assets

B.

Developing organizational risk assessment processes

C.

Obtaining multiple perspectives from the business

D.

Defining security standards for logical access controls

Buy Now
Questions 194

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

Options:

A.

Eliminate privileged accounts.

B.

Perform periodic certification of access to privileged accounts.

C.

Frequently monitor activities on privileged accounts.

D.

Provide privileged account access only to users who need it.

Buy Now
Questions 195

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

Options:

A.

consistent security.

B.

comprehensive audits

C.

a security-aware culture

D.

compliance with policy

Buy Now
Questions 196

Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

Options:

A.

The solution contributes to business strategy.

B.

The solution improves business risk tolerance levels.

C.

The solution improves business resiliency.

D.

The solution reduces the cost of noncompliance with regulations.

Buy Now
Questions 197

Which of the following is the BEST indicator of an emerging incident?

Options:

A.

A weakness identified within an organization's information systems

B.

Customer complaints about lack of website availability

C.

A recent security incident at an industry competitor

D.

Attempted patching of systems resulting in errors

Buy Now
Questions 198

When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager?

Options:

A.

Managing the impact

B.

Identifying unacceptable risk levels

C.

Assessing vulnerabilities

D.

Evaluating potential threats

Buy Now
Questions 199

Which of the following is necessary to ensure consistent protection for an organization's information assets?

Options:

A.

Classification model

B.

Control assessment

C.

Data ownership

D.

Regulatory requirements

Buy Now
Questions 200

Recovery time objectives (RTOs) are an output of which of the following?

Options:

A.

Business continuity plan (BCP)

B.

Disaster recovery plan (DRP)

C.

Service level agreement (SLA)

D.

Business impact analysis (BIA)

Buy Now
Questions 201

Spoofing should be prevented because it may be used to:

Options:

A.

gain illegal entry to a secure system by faking the sender's address,

B.

predict which way a program will branch when an option is presented

C.

assemble information, track traffic, and identify network vulnerabilities.

D.

capture information such as passwords traveling through the network

Buy Now
Questions 202

Which of the following BEST helps to enable the desired information security culture within an organization?

Options:

A.

Information security awareness training and campaigns

B.

Effective information security policies and procedures

C.

Delegation of information security roles and responsibilities

D.

Incentives for appropriate information security-related behavior

Buy Now
Questions 203

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Options:

A.

Block IP addresses used by the attacker

B.

Redirect the attacker's traffic

C.

Disable firewall ports exploited by the attacker.

D.

Power off affected servers

Buy Now
Questions 204

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

Options:

A.

Ownership of security

B.

Compliance with policies

C.

Auditability of systems

D.

Allocation of training resources

Buy Now
Questions 205

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

Eradication

B Recovery

B.

Lessons learned review

C.

Incident declaration

Buy Now
Questions 206

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Options:

A.

Average total cost of downtime per reported incident

B.

Elapsed time between response and resolution

C.

Average number of incidents per reporting period

D.

Elapsed time between detection, reporting, and response

Buy Now
Questions 207

To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?

Options:

A.

Gap analysis results

B.

Level of residual risk

C.

Level of risk treatment

D.

Configuration parameters

Buy Now
Questions 208

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Options:

A.

Implement compensating controls.

B.

Communicate consequences for future instances.

C.

Enhance the data loss prevention (DLP) solution.

D.

Improve the security awareness training program.

Buy Now
Questions 209

Which of the following is the MOST important outcome of a post-incident review?

Options:

A.

The impact of the incident is reported to senior management.

B.

The system affected by the incident is restored to its prior state.

C.

The person responsible for the incident is identified.

D.

The root cause of the incident is determined.

Buy Now
Questions 210

Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

Options:

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Buy Now
Questions 211

Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Options:

A.

Risk assessments

B.

Threat models

C.

Penetration testing

D.

Internal audit reports

Buy Now
Questions 212

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Options:

A.

Update in accordance with the best business practices.

B.

Perform a risk assessment of the current IT environment.

C.

Gain an understanding of the current business direction.

D.

Inventory and review current security policies.

Buy Now
Questions 213

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

Options:

A.

Notify the regulatory agency of the incident.

B.

Implement mitigating controls.

C.

Evaluate the impact to the business.

D.

Examine firewall logs to identify the attacker.

Buy Now
Questions 214

Which of the following should be done NEXT following senior management's decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

Options:

A.

Encrypt data in transit and at rest.

B.

Complete a return on investment (ROI) analysis.

C.

Create and implement a data minimization plan.

D.

Conduct a gap analysis.

Buy Now
Questions 215

Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?

Options:

A.

Business impact analysis (BIA)

B.

Risk register

C.

Penetration testing

D.

Vulnerability assessment

Buy Now
Questions 216

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Options:

A.

Compartmentalization

B.

Overlapping redundancy

C.

Continuous monitoring

D.

Multi-factor authentication

Buy Now
Questions 217

Which of the following BEST enables the restoration of operations after a limited ransomware incident occurs?

Options:

A.

Reliable image backups

B.

Impact assessment

C.

Documented eradication procedures

D.

Root cause analysis

Buy Now
Questions 218

Which of the following is the MOST important characteristic of an effective information security metric?

Options:

A.

The metric expresses residual risk relative to risk tolerance.

B.

The metric is frequently reported to senior management.

C.

The metric directly maps to an industry risk management framework.

D.

The metric compares the organization's inherent risk against its risk appetite.

Buy Now
Questions 219

Which of the following is the MOST effective way to detect security incidents?

Options:

A.

Analyze recent security risk assessments.

B.

Analyze security anomalies.

C.

Analyze penetration test results.

D.

Analyze vulnerability assessments.

Buy Now
Questions 220

Identifying which of the following BEST enables a cyberattack to be contained?

Options:

A.

The vulnerability exploited by the attack

B.

The segment targeted by the attack

C.

The IP address of the computer that launched the attack

D.

The threat actor that initiated the attack

Buy Now
Questions 221

After a server has been attacked, which of the following is the BEST course of action?

Options:

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Buy Now
Questions 222

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

Options:

A.

Assess the residual risk.

B.

Share lessons learned with the organization.

C.

Update the system's documentation.

D.

Allocate budget for penetration testing.

Buy Now
Questions 223

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Perform a vulnerability assessment

B.

Perform a gap analysis to determine needed resources

C.

Create a security exception

D.

Assess the risk to business operations

Buy Now
Questions 224

Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

Options:

A.

Indemnification clause

B.

Breach detection and notification

C.

Compliance status reporting

D.

Physical access to service provider premises

Buy Now
Questions 225

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager's BEST course of action?

Options:

A.

Automate user provisioning activities.

B.

Maintain strict control over user provisioning activities.

C.

Formally document IT administrator activities.

D.

Implement monitoring of IT administrator activities.

Buy Now
Questions 226

Which of the following control types should be considered FIRST for aligning employee behavior with an organization's information security objectives?

Options:

A.

Administrative security controls

B.

Technical security controls

C.

Physical security controls

D.

Access security controls

Buy Now
Questions 227

The categorization of incidents is MOST important for evaluating which of the following?

Options:

A.

Appropriate communication channels

B.

Allocation of needed resources

C.

Risk severity and incident priority

D.

Response and containment requirements

Buy Now
Questions 228

Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

Options:

A.

Risk assessment results

B.

Audit findings

C.

Key risk indicators (KRIs)

D.

Baseline controls

Buy Now
Questions 229

An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

Options:

A.

a directory of approved local media contacts

B.

pre-prepared media statements

C.

procedures to contact law enforcement

D.

a single point of contact within the organization

Buy Now
Questions 230

Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

Options:

A.

select mobile device management (MDM) software.

B.

survey employees for requested applications.

C.

develop an acceptable use policy.

D.

review currently utilized applications.

Buy Now
Questions 231

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Options:

A.

adherence to international standards

B.

availability of financial resources

C.

the organization s risk tolerance

D.

alignment with business needs

Buy Now
Questions 232

Which of the following would be MOST helpful when creating information security policies?

Options:

A.

The information security framework

B.

Business impact analysis (BIA)

C.

Information security metrics

D.

Risk assessment results

Buy Now
Questions 233

When building support for an information security program, which of the following elements is MOST important?

Options:

A.

Identification of existing vulnerabilities

B.

Information risk assessment

C.

Business impact analysis (BIA)

D.

Threat analysis

Buy Now
Questions 234

Which of the following is the PRIMARY reason to conduct a post-incident review?

Options:

A.

To aid in future risk assessments

B.

To improve the response process

C.

To determine whether digital evidence is admissible

D.

To notify regulatory authorities

Buy Now
Questions 235

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Options:

A.

Assess changes in the risk profile.

B.

Activate the disaster recovery plan (DRP).

C.

Invoke the incident response plan.

D.

Conduct security awareness training.

Buy Now
Questions 236

An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?

Options:

A.

To facilitate the continuous improvement of the IT organization

B.

To ensure controls align with security needs

C.

To create and document required IT capabilities

D.

To prioritize security risks on a longer scale than the one-year plan

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 22, 2024
Questions: 793

PDF + Testing Engine

$249

Testing Engine

$225

PDF (Q&A)

$199