Dumpsbuddy logo
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?
You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?
When you develop your audit remediation plan what is the MOST important criteria?
At which point should the identity access management team be notified of the termination of an employee?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
To have accurate and effective information security policies how often should the CISO review the organization policies?
Control Objectives for Information and Related Technology (COBIT) is which of the following?
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because
An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?
When managing the critical path of an IT security project, which of the following is MOST important?
Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?
This occurs when the quantity or quality of project deliverables is expanded from the original project plan.
A recommended method to document the respective roles of groups and individuals for a given process is to:
A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?
The single most important consideration to make when developing your security program, policies, and processes is:
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?
Which of the following has the GREATEST impact on the implementation of an information security governance model?
A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?
Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?
The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?
As the CISO for your company you are accountable for the protection of information resources commensurate with:
When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):
In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?
You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):
When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?
As the CISO, you have been tasked with the execution of the company’s key management program. You
MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key
control will ensure no single individual can constitute or re-constitute a key?
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his
assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for
an employee to pass through the main access gate, then the consultant follows the employee behind to get into
the restricted area. Which type of attack did the consultant perform?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?
The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?
A newly-hired CISO needs to understand the organization’s financial management standards for business units
and operations. Which of the following would be the best source of this information?
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
The process of creating a system which divides documents based on their security level to manage access to private data is known as
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
TESTED 21 Nov 2024
