CISM Certified Information Security Manager Questions and Answers
Which of the following should have the MOST influence on an organization ' s response to a new industry regulation?
An organization ' s security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?
Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?
Which of the following is MOST important when defining how an information security budget should be allocated?
An organization is in the process of selecting a third party to process customer information. Which of the following provides the BEST evidence that the third party’s controls will operate as required?
An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:
Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?
Which of the following provides the MOST comprehensive understanding of an organization ' s information security posture?
Which of the following should be the NEXT step after a security incident has been reported?
Which of the following is MOST important to have in place for an organization ' s information security program to be effective?
Which of the following MUST be established to maintain an effective information security governance framework?
What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?
For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?
When developing security processes for handling credit card data on the business unit ' s information system, the information security manager should FIRST:
Which of the following activities MUST be performed by an information security manager for change requests?
Which of the following is MOST helpful in determining the criticality of an organization ' s business functions?
Which of the following should be the PRIMARY objective when establishing a new information security program?
An organization has identified IT failures in a call center application. Of the following, who should own this risk?
Which of the following BEST protects against emerging advanced persistent threat (APT) actors?
Which of the following BEST indicates misalignment of security policies with business objectives?
Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?
Which of the following is the MOST important factor in successfully implementing Zero Trust?
An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:
Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?
Which of the following is MOST likely to be the cause of systems and applications missing critical patches?
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
Which of the following is the PRIMARY objective of a cyber resilience strategy?
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Which of the following BEST facilitates effective strategic alignment of security initiatives?
Which of the following BEST determines the data retention strategy and subsequent policy for an organization?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
A recent audit found that an organization ' s new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?
Which of the following BEST facilitates an information security manager ' s efforts to obtain senior management commitment for an information security program?
Which of the following should review and approve the objectives within an organization’s information security framework?
Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Which of the following would be MOST important to include in communications to customers impacted by an information security incident?
Which of the following is the BEST way for the organization to ensure server backups at a warm site are properly maintained and usable during a disaster?
Recommendations for enterprise investment in security technology should be PRIMARILY based on:
If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?
After a ransomware incident an organization ' s systems were restored. Which of the following should be of MOST concern to the information security manager?
Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?
During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
Which of the following is the GREATEST concern with implementing all controls recommended by a security framework?
Which of the following should be of GREATEST concern regarding an organization ' s security controls?
Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?
Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?
Which of the following is the BEST reason to implement a comprehensive information security management system?
To ensure continuous alignment with the organizational strategy
To gain senior management support for the information security program
To support identification of key risk indicators (KRIs)
An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?
An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?
The use of a business case to obtain funding for an information security investment is MOST effective when the business case:
Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?
An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk ' '
An information security manager has been asked to provide contract guidance from a security perspective for outsourcing the organization’s payroll processing. Which of the following is MOST important to address?
Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?
Which of the following trends would be of GREATEST concern when reviewing the performance of an organization ' s intrusion detection systems (IDSs)?
Which of the following is the BEST course of action when using a web application that has known vulnerabilities?
Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?
Which of the following is an example of a change to the external threat landscape?
Which of the following events is MOST likely to require an organization to revisit its information security framework?
When an information security manager presents an information security program status report to senior management, the MAIN focus should be:
Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?
Which of the following should be done FIRST when establishing an information security governance framework?
An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?
Which of the following BEST facilitates the effectiveness of cybersecurity incident response?
Which of the following BEST determines an information asset ' s classification?
Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?
An incident response team has established that an application has been breached. Which of the following should be done NEXT?
Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?
An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?
Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?
Which of the following should be the FIRST consideration when developing a strategy for protecting an organization ' s data?
What is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?
Which of the following is the MOST effective way to align an organization’s information security risk management process with business objectives?
Which of the following is the BEST indication of information security strategy alignment with the “ &
Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
Which of the following should an information security manager do FIRST when developing an organization ' s disaster recovery plan (DRP)?
Which of the following roles is MOST appropriate to determine access rights for specific users of an application?
A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application ' s security compliance?
Which of the following is MOST effective in monitoring an organization ' s existing risk?
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
Which of the following is MOST important to emphasize when presenting information to gain senior management support for control enhancements?
Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:
Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?
Which of the following is MOST important to ensuring that incident management plans are executed effectively?
To inform a risk treatment decision, which of the following should the information security manager compare with the organization ' s risk appetite?
Which of the following is the BEST method to ensure compliance with password standards?
Which of the following should an information security manager do FIRST when developing an organization ' s disaster recovery plan (DRP)?
Which of the following will BEST enable an organization to meet incident response requirements when outsourcing its incident response function?
Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?
After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?
Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?
Which of the following is a PRIMARY responsibility of the information security goxernance function?
Which of the following is the PRIMARY benefit of implementing an information security governance framework?
Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?
Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?
Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?
An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software security?
A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?
When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?
Of the following, who is responsible for ensuring security controls are aligned with business objectives and regulatory requirements?
Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of
confidentiality?
An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager ' s BEST action?
What should an information security manager verify FIRST when reviewing an information asset management program?
An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
Which of the following would BEST justify spending for a compensating control?
Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?
Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?
An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:
Which of the following sources is MOST useful when planning a business-aligned information security program?
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?
Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
Which of the following should be done FIRST to ensure information security is integrated into system development projects?
Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?
An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?
Which of the following should be done FIRST once a cybersecurity attack has been confirmed?
Which of the following is MOST important for the effective implementation of an information security governance program?
Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?
When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:
Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?
Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
Which of the following BEST enables an organization to evaluate the security posture of a cloud service?
Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
A penetration test was conducted by an accredited third party. Which of the following should be the information security manager ' s FIRST course of action?
Which of the following is MOST important to include in a post-incident review following a data breach?
Which of the following should be the PRIMARY basis for determining the value of assets?
Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?
What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
In an organization that has an established social media policy, which of the following is the BEST way to reduce the risk associated with personally identifiable information disclosure?
Which of the following would BEST enable the help desk to recognize an information security incident?
Which of the following would BEST help to ensure appropriate security controls are built into software?
Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?
An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?
Which of the following is the PRIMARY reason to use a phased incident recovery approach?
Application data integrity risk is MOST directly addressed by a design that includes:
Which of the following is an information security manager ' s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
Which of the following would BEST justify continued investment in an information security program?
Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?
An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?
Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:
Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?
Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?
During a tabletop exercise, a security operations center team identifies a lack of resources to contain a security incident within an acceptable time frame. Which of the following is MOST likely to reduce containment time?
An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
Which of the following is the BEST course of action when an online company discovers a network attack in progress?
Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?
In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or
Of the following, who is BEST suited to own the risk discovered in an application?
Which of the following teams is BEST suited to prepare a disaster recovery plan?
After a server has been attacked, which of the following is the BEST course of action?
Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?
From a business perspective, the GREATEST benefit of an incident response plan is that it:
Which of the following is the MOST effective way to ensure information security policies are understood?
An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?
Which of the following is MOST important to determine following the discovery and eradication of a malware attack?
The MOST important element in achieving executive commitment to an information security governance program is:
The PRIMARY reason for creating a business case when proposing an information security project is to:
Which of the following BEST informs the design of an information security framework?
Which of the following is MOST important to consider when determining asset valuation?
Which of the following is the BEST approach to make strategic information security decisions?
A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
A software vendor has announced a zero-day vulnerability that exposes an organization ' s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?
Which of the following would BEST support the business case for an increase in the information security budget?
Which of the following is the MOST important input to the development of an effective information security strategy?
Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?
When integrating security risk management into an organization it is MOST important to ensure:
An information security manager has confirmed the organization ' s cloud provider has unintentionally published some of the organization ' s business data. Which of the following should be done NEXT?
Which of the following should be the PRIMARY basis for establishing metrics that measure the effectiveness of an information security program?
An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
The PRIMARY benefit of integrating information security activities into change management processes is to:
Which of the following would pose the GREATEST risk to the preparedness of an incident response team?
Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
Which of the following is the BEST indication that an organization has a mature information security culture?
To help ensure that an information security training program is MOST effective its contents should be
Which of the following is the BEST reason to implement an information security architecture?
The PRIMARY purpose for continuous monitoring of security controls is to ensure:
Which of the following BEST helps to ensure the effective execution of an organization ' s disaster recovery plan (DRP)?
Which of the following would BEST help to ensure compliance with an organization ' s information security requirements by an IT service provider?
An information security manager has identified that security risks are not being treated in a timely manner. Which of the following
Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.
Which of the following should be the PRIMARY focus of Company A ' s information security manager?
Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
Which of the following BEST indicates that an information security governance framework has been successfully implemented?
Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?
Which of the following would BEST ensure that security is integrated during application development?
Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization ' s information security strategy?
Which of the following is the BEST source of information to support an organization ' s information security vision and strategy?
An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:
Which of the following BEST indicates that information security governance and corporate governance are integrated?
An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?
Senior management has just accepted the risk of noncompliance with a new regulation What should the information security manager do NEXT?
Which of the following provides the MOST useful information for identifying security control gaps on an application server?
Which of the following provides the BEST input to determine the level of protection needed for an IT system?
An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
Which of the following metrics would provide an accurate measure of an information security program ' s performance?
Which of the following is the MOST effective control to prevent proliferation of shadow IT?
An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?
Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?
Which of the following should be an information security manager ' s FIRST course of action when a potential business breach is discovered in a critical business system?
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
Who is BEST positioned to take ownership of critical IT security risks identified in an application?
A new type of ransomware has infected an organization ' s network. Which of the following would have BEST enabled the organization to detect this situation?
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:
Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization ' s IT asset inventory?
A hacking group has posted an organization’s employee data on social media. What should the information security manager do FIRST?
Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?
Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?
Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
Which of the following is the MOST important consideration when evaluating the performance of existing security controls?
What should be the information security manager’s FIRST step when updating an information security program?
Which of the following is the PRIMARY objective of information asset classification?
Which of the following is a PRIMARY reason for senior management to review reports on information security?
Which of the following should an information security manager do FIRST upon confirming a privileged user ' s unauthorized modifications to a security application?
Which of the following is the FIRST step to establishing an effective information security program?
A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:
Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?
Which of the following would be MOST useful when determining the business continuity strategy for a large organization ' s data center?
A new information security reporting requirement will soon become effective. Which of the following should be the information security manager ' s FIRST action?
Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
An outsourced vendor handles an organization’s business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor’s security practices?
Which of the following would BEST enable the timely execution of an incident response plan?
Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?
Which of the following is the MOST critical activity for an information security manager to perform periodically throughout the term of a contract with an outsourced third party?
A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?
Which of the following should be established FIRST when implementing an information security governance framework?
When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?
Which of the following should be the PRIMARY basis for an information security strategy?
A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?
Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?
Which of the following is MOST important to convey to employees in building a security risk-aware culture?
Which of the following will BEST enable an effective information asset classification process?
The executive management of a domestic organization has announced plans to expand operations to multiple international locations. Which of the following should be the information security manager ' s FIRST step upon learning of these plans?
Which of the following BEST indicates the effectiveness of the vendor risk management process?
Which of the following is the MOST important factor of a successful information security program?
An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.
Which of the following should be given immediate focus?
When is the BEST time to verify that a production system ' s security mechanisms meet control objectives?
An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?
Which of the following should be the PRIMARY objective of the information security incident response process?
Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?
An organization ' s HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?
Which of the following is MOST effective for communicating forward-looking trends within security reporting?
Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?
Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?
Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?
Which of the following should be done FIRST when developing a business continuity plan (BCP)?
When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:
Who is BEST suited to determine how the information in a database should be classified?
Which of the following is the BEST way to align security and business strategies?
Which of the following is MOST difficult to measure following an information security breach?
Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?
Which of the following is the MOST effective defense against malicious insiders compromising confidential information?
The PRIMARY purpose of implementing information security governance metrics is to:
Which of the following is the MOST important consideration when establishing an organization ' s information security governance committee?
Which of the following has the GREATEST influence on an organization ' s information security strategy?
Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?
Which of the following provides the BEST indication of the return on information security investment?
Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?
Which of the following backup methods requires the MOST time to restore data for an application?
An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?
Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?
Which of the following is the PRIMARY benefit of a vulnerability scanning tool to an organization?
Which of the following BEST indicates the organizational benefit of an information security solution?
When assigning a risk owner, the MOST important consideration is to ensure the owner has:
Due to changes in an organization ' s environment, security controls may no longer be adequate. What is the information security manager ' s BEST course of action?
Which of the following is an information security manager ' s BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?
Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?
An organization that has recently suffered a cyberattack is considering engaging law enforcement. Which of the following is the MOST important course of action for the incident response team?
An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:
Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
Which of the following BEST encourages staff to report issues related to information security?
Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?
Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?
A small organization needs to use a solution that is out of support in order to meet business objectives. Which of the following is the information security manager’s BEST course of action to manage the associated risk?
Which of the following business units should own the data that populates an identity management system?
Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
Which of the following BEST contributes to establishing an information security culture within an organization?
Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?
Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?
Who should be responsible for determining the level of data classification required for an application related to a new line of business?
When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?