Weekend Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

CISM Certified Information Security Manager Questions and Answers

Questions 4

Which of the following should have the MOST influence on an organization ' s response to a new industry regulation?

Options:

A.

The organization ' s control objectives

B.

The organization ' s risk management framework

C.

The organization ' s risk appetite

D.

The organization ' s risk control baselines

Buy Now
Questions 5

An organization ' s security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Buy Now
Questions 6

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Options:

A.

IT strategy

B.

Recovery strategy

C.

Risk mitigation strategy

D.

Security strategy

Buy Now
Questions 7

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Buy Now
Questions 8

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Options:

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party ' s service level agreement (SLA) does not include guarantees of uptime.

Buy Now
Questions 9

Which of the following is the MOST effective way to detect security incidents?

Options:

A.

Analyze recent security risk assessments.

B.

Analyze security anomalies.

C.

Analyze penetration test results.

D.

Analyze vulnerability assessments.

Buy Now
Questions 10

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Create a security exception.

B.

Perform a gap analysis to determine needed resources.

C.

Perform a vulnerability assessment.

D.

Assess the risk to business operations.

Buy Now
Questions 11

Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?

Options:

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Buy Now
Questions 12

Which of the following is MOST important when defining how an information security budget should be allocated?

Options:

A.

Regulatory compliance standards

B.

Information security strategy

C.

Information security policy

D.

Business impact assessment

Buy Now
Questions 13

An organization is in the process of selecting a third party to process customer information. Which of the following provides the BEST evidence that the third party’s controls will operate as required?

Options:

A.

Results of incident response tests

B.

An independent assessment

C.

An external vulnerability assessment

D.

An information security questionnaire

Buy Now
Questions 14

An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager

B.

The data owner

C.

The application owner

D.

The security engineer

Buy Now
Questions 15

An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:

Options:

A.

the business users.

B.

the information owners.

C.

the system administrators.

D.

senior management.

Buy Now
Questions 16

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Options:

A.

Compartmentalization

B.

Overlapping redundancy

C.

Continuous monitoring

D.

Multi-factor authentication

Buy Now
Questions 17

Which of the following provides the MOST comprehensive understanding of an organization ' s information security posture?

Options:

A.

Security maturity assessment results

B.

Threat analysis of the organization ' s environment

C.

Results of vulnerability assessments

D.

External penetration test findings

Buy Now
Questions 18

Which of the following should be the NEXT step after a security incident has been reported?

Options:

A.

Recovery

B.

Investigation

C.

Escalation

D.

Containment

Buy Now
Questions 19

Which of the following is MOST important to have in place for an organization ' s information security program to be effective?

Options:

A.

Documented information security processes

B.

A comprehensive IT strategy

C.

Senior management support

D.

Defined and allocated budget

Buy Now
Questions 20

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Buy Now
Questions 21

What should be the FIRST step when an Internet of Things (loT) device in an organization ' s network is confirmed to have been hacked?

Options:

A.

Monitor the network.

B.

Perform forensic analysis.

C.

Disconnect the device from the network,

D.

Escalate to the incident response team

Buy Now
Questions 22

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

Options:

A.

Centralized logging

B.

Time clock synchronization

C.

Available forensic tools

D.

Administrator log access

Buy Now
Questions 23

When developing security processes for handling credit card data on the business unit ' s information system, the information security manager should FIRST:

Options:

A.

ensure alignment with industry encryption standards.

B.

ensure that systems that handle credit card data are segmented.

C.

review industry best practices for handling secure payments.

D.

review corporate policies regarding credit card information.

Buy Now
Questions 24

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Buy Now
Questions 25

Which of the following is MOST helpful in determining the criticality of an organization ' s business functions?

Options:

A.

Disaster recovery plan (DRP)

B.

Business impact analysis (BIA)

C.

Business continuity plan (BCP)

D.

Security assessment report (SAR)

Buy Now
Questions 26

Which of the following should be the PRIMARY objective when establishing a new information security program?

Options:

A.

Executing the security strategy

B.

Minimizing organizational risk

C.

Optimizing resources

D.

Facilitating operational security

Buy Now
Questions 27

An organization has identified IT failures in a call center application. Of the following, who should own this risk?

Options:

A.

Information security manager

B.

Head of the call center

C.

Chief executive officer (CEO)

D.

Head of the IT department

Buy Now
Questions 28

Detailed business continuity plans (BCPs) should be PRIMARILY based on:

Options:

A.

strategies validated by senior management.

B.

capabilities of available local vendors.

C.

strategies that cover all applications.

D.

cost and resources needed to execute.

Buy Now
Questions 29

Which of the following BEST protects against emerging advanced persistent threat (APT) actors?

Options:

A.

Honeypot environment

B.

Updated security awareness materials

C.

Ongoing incident response training

D.

Proactive monitoring

Buy Now
Questions 30

Which of the following BEST indicates misalignment of security policies with business objectives?

Options:

A.

Low completion rate of employee awareness training

B.

Lack of adequate funding for the security program

C.

A large number of long-term policy exceptions

D.

A large number of user noncompliance incidents

Buy Now
Questions 31

Which of the following is the BEST starting point for a newly hired information security manager who has been tasked with identifying and addressing network vulnerabilities?

Options:

A.

Controls analysis

B.

Emerging risk review

C.

Penetration testing

D.

Traffic monitoring

Buy Now
Questions 32

Which of the following is the MOST important factor in successfully implementing Zero Trust?

Options:

A.

Preferring networks that have undergone penetration testing

B.

Focusing on logging and monitoring of user behavior

C.

Authenticating and authorizing strategic points of the architecture

D.

Understanding each component of the network

Buy Now
Questions 33

An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

Options:

A.

a directory of approved local media contacts

B.

pre-prepared media statements

C.

procedures to contact law enforcement

D.

a single point of contact within the organization

Buy Now
Questions 34

Which of the following is MOST important to consider when aligning a security awareness program with the organization ' s business strategy?

Options:

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Buy Now
Questions 35

Which of the following is MOST likely to be the cause of systems and applications missing critical patches?

Options:

A.

Insufficient management oversight

B.

Inadequate reporting on damaged hardware

C.

Lack of a release and deployment policy

D.

Outdated configuration management database (CMDB)

Buy Now
Questions 36

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Buy Now
Questions 37

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Buy Now
Questions 38

Which of the following is the PRIMARY objective of a cyber resilience strategy?

Options:

A.

Employee awareness

B.

Business continuity

C.

Executive support

D.

Regulatory compliance

Buy Now
Questions 39

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Options:

A.

Incorporating lessons learned

B.

Implementing an IT resilience solution

C.

Implementing management reviews

D.

Documenting critical business processes

Buy Now
Questions 40

Which of the following BEST facilitates effective strategic alignment of security initiatives?

Options:

A.

The business strategy is periodically updated

B.

Procedures and standards are approved by department heads.

C.

Periodic security audits are conducted by a third-party.

D.

Organizational units contribute to and agree on priorities

Buy Now
Questions 41

Which of the following BEST determines the data retention strategy and subsequent policy for an organization?

Options:

A.

Business impact analysis (BIA)

B.

Business requirements

C.

Supplier requirements

D.

Risk appetite

Buy Now
Questions 42

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Options:

A.

Improved staff attendance in awareness sessions

B.

Decreased number of phishing emails received

C.

Improved feedback on the anti-phishing campaign

D.

Decreased number of incidents that have occurred

Buy Now
Questions 43

A recent audit found that an organization ' s new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

Options:

A.

Automated controls

B.

Security policies

C.

Guidelines

D.

Standards

Buy Now
Questions 44

Which of the following BEST facilitates an information security manager ' s efforts to obtain senior management commitment for an information security program?

Options:

A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Buy Now
Questions 45

Which of the following should review and approve the objectives within an organization’s information security framework?

Options:

A.

Information security steering committee

B.

Chief information security officer

C.

Chief information officer

D.

Information security manager

Buy Now
Questions 46

Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?

Options:

A.

Incorporate security requirements into job descriptions

B.

Integrate security into the early phases of the development life cycle

C.

Implement a tailored security awareness training program

D.

Standardize secure web development practices

Buy Now
Questions 47

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Perform a vulnerability assessment

B.

Perform a gap analysis to determine needed resources

C.

Create a security exception

D.

Assess the risk to business operations

Buy Now
Questions 48

Which of the following would be MOST important to include in communications to customers impacted by an information security incident?

Options:

A.

Details of the type of data exposed

B.

Identities of the attackers

C.

Costs of the incident to the organization

D.

Technical information related to the incident

Buy Now
Questions 49

Which of the following is the BEST way for the organization to ensure server backups at a warm site are properly maintained and usable during a disaster?

Options:

A.

Review the backup media storage facilities at the warm site

B.

Have duplicate equipment available at the warm site

C.

Use the equipment at the warm site facility to read the backups

D.

Inspect the facility and inventory the backups on a quarterly basis

Buy Now
Questions 50

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Options:

A.

adherence to international standards

B.

availability of financial resources

C.

the organization s risk tolerance

D.

alignment with business needs

Buy Now
Questions 51

If the investigation of an incident is not completed within the time allocated in the incident response plan, which of the following actions should be taken by the incident response team?

Options:

A.

Initiate the escalation process.

B.

Continue the investigation.

C.

Invoke the business continuity plan (BCP).

D.

Engage the crisis management team.

Buy Now
Questions 52

After a ransomware incident an organization ' s systems were restored. Which of the following should be of MOST concern to the information security manager?

Options:

A.

The service level agreement (SLA) was not met.

B.

The recovery time objective (RTO) was not met.

C.

The root cause was not identified.

D.

Notification to stakeholders was delayed.

Buy Now
Questions 53

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

Options:

A.

Providing evidence that resources are performing as expected

B.

Verifying security costs do not exceed the budget

C.

Demonstrating risk is managed at the desired level

D.

Confirming the organization complies with security policies

Buy Now
Questions 54

During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?

Options:

A.

Providing annual information security awareness training

B.

Conducting periodic vulnerability scanning

C.

Implementing a strict change control process

D.

Updating configuration baselines

Buy Now
Questions 55

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Buy Now
Questions 56

Which of the following is the GREATEST concern with implementing all controls recommended by a security framework?

Options:

A.

Increased time for implementation

B.

Lack of approval from senior management

C.

Negative return on investment

D.

Increased risk levels

Buy Now
Questions 57

Which of the following should be of GREATEST concern regarding an organization ' s security controls?

Options:

A.

Some controls are performing outside of an acceptable range.

B.

No key control indicators (KCIs) have been implemented.

C.

Control ownership has not been updated.

D.

Control gap analysis is outdated.

Buy Now
Questions 58

Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?

Options:

A.

The incident response plan is aligned with the disaster recovery strategy

B.

The incident response process is regularly tested

C.

Incident response processes are documented and available to staff

D.

The incident response plan clearly outlines roles and responsibilities

Buy Now
Questions 59

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Options:

A.

Maintaining a repository base of security policies

B.

Measuring impact of exploits on business processes

C.

Facilitating the monitoring of risk occurrences

D.

Redirecting event logs to an alternate location for business continuity plan

Buy Now
Questions 60

Which of the following is the BEST reason to implement a comprehensive information security management system?

To ensure continuous alignment with the organizational strategy

To gain senior management support for the information security program

To support identification of key risk indicators (KRIs)

Options:

A.

To facilitate compliance with external regulatory requirements

Buy Now
Questions 61

An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?

Options:

A.

Perform a gap analysis.

B.

Consult with senior management on the best course of action.

C.

Implement a program of work to comply with the new legislation.

D.

Understand the cost of noncompliance.

Buy Now
Questions 62

An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Options:

A.

Wipe the affected system.

B.

Notify internal legal counsel.

C.

Notify senior management.

D.

Isolate the impacted endpoints.

Buy Now
Questions 63

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Options:

A.

relates the investment to the organization ' s strategic plan.

B.

translates information security policies and standards into business requirements.

C.

articulates management ' s intent and information security directives in clear language.

D.

realigns information security objectives to organizational strategy.

Buy Now
Questions 64

Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?

Options:

A.

Reviewing and updating access controls in response to changes in organizational structure

B.

Implementing strong password policies and enforcing regular password changes

C.

Ensuring access is granted to only those individuals whose job functions require it

D.

Implementing strong encryption protocols to protect sensitive data

Buy Now
Questions 65

An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk ' '

Options:

A.

Deploy mobile device management (MDM)

B.

Implement remote wipe capability.

C.

Create an acceptable use policy.

D.

Conduct a mobile device risk assessment

Buy Now
Questions 66

An information security manager has been asked to provide contract guidance from a security perspective for outsourcing the organization’s payroll processing. Which of the following is MOST important to address?

Options:

A.

Vendor compliance with the most stringent data security regulations

B.

Vendor compliance with recognized industry security standards

C.

Vendor compliance with the organization’s information security policies

D.

Vendor compliance with organizational service level agreement requirements

Buy Now
Questions 67

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

Options:

A.

Updated risk assessments

B.

Counts of information security incidents

C.

Audit reports

D.

Monthly metrics

Buy Now
Questions 68

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization ' s intrusion detection systems (IDSs)?

Options:

A.

Decrease in false positives

B.

Increase in false positives

C.

Increase in false negatives

D.

Decrease in false negatives

Buy Now
Questions 69

Which of the following is the BEST course of action when using a web application that has known vulnerabilities?

Options:

A.

Monitor application level logs.

B.

Deploy host-based intrusion detection.

C.

Deploy an application firewall.

D.

Install anti-spyware software.

Buy Now
Questions 70

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

Options:

A.

The vendor ' s proposal allows for contract modification during technology refresh cycles.

B.

The vendor ' s proposal aligns with the objectives of the organization.

C.

The vendor ' s proposal requires the provider to have a business continuity plan (BCP).

D.

The vendor ' s proposal allows for escrow in the event the third party goes out of business.

Buy Now
Questions 71

Which of the following is an example of a change to the external threat landscape?

Options:

A.

The information security program has been outsourced.

B.

A commonly used encryption algorithm has been compromised.

C.

Industry security standards have been modified.

D.

The organization has been purchased by another entity.

Buy Now
Questions 72

Which of the following events is MOST likely to require an organization to revisit its information security framework?

Options:

A.

New services offered by IT

B.

Changes to the risk landscape

C.

A recent cybersecurity attack

D.

A new technology implemented

Buy Now
Questions 73

When an information security manager presents an information security program status report to senior management, the MAIN focus should be:

Options:

A.

Key controls evaluation

B.

Net present value

C.

Security return on investment

D.

Key performance indicators

Buy Now
Questions 74

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

Options:

A.

Low number of false positives

B.

Low number of false negatives

C.

High number of false positives

D.

High number of false negatives

Buy Now
Questions 75

Which of the following should be done FIRST when establishing an information security governance framework?

Options:

A.

Evaluate information security tools and skills relevant for the environment.

B.

Gain an understanding of the business and cultural attributes.

C.

Contract a third party to conduct an independent review of the program.

D.

Conduct a cost-benefit analysis of the framework.

Buy Now
Questions 76

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

Options:

A.

Implement the application and request the cloud service provider to fix the vulnerability.

B.

Assess whether the vulnerability is within the organization ' s risk tolerance levels.

C.

Commission further penetration tests to validate initial test results,

D.

Postpone the implementation until the vulnerability has been fixed.

Buy Now
Questions 77

Which of the following would be the BEST way to reduce the risk of disruption resulting from an emergency system change?

Options:

A.

Confirm the change implementation is scheduled.

B.

Verify the change request has been approved.

C.

Confirm rollback plans are in place.

D.

Notify users affected by the change.

Buy Now
Questions 78

Which of the following BEST facilitates the effectiveness of cybersecurity incident response?

Options:

A.

Utilizing a security information and event management (SIEM) tool.

B.

Utilizing industry-leading network penetration testing tools.

C.

Increasing communication with all incident response stakeholders.

D.

Continuously updating signatures of the anti-malware solution.

Buy Now
Questions 79

Which of the following BEST determines an information asset ' s classification?

Options:

A.

Value of the information asset in the marketplace

B.

Criticality to a business process

C.

Risk assessment from the data owner

D.

Cost of producing the information asset

Buy Now
Questions 80

Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?

Options:

A.

Vulnerability assessment

B.

Regulatory requirements

C.

Industry best practices

D.

Enterprise goals

Buy Now
Questions 81

An incident response team has established that an application has been breached. Which of the following should be done NEXT?

Options:

A.

Maintain the affected systems in a forensically acceptable state

B.

Conduct a risk assessment on the affected application

C.

Inform senior management of the breach.

D.

Isolate the impacted systems from the rest of the network

Buy Now
Questions 82

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Options:

A.

Define policies and standards for data processing.

B.

Implement applicable privacy principles

C.

Assess local or regional regulations

D.

Research cyber insurance policies

Buy Now
Questions 83

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Buy Now
Questions 84

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Options:

A.

Regulatory requirements

B.

Compliance acceptance

C.

Management support

D.

Budgetary approval

Buy Now
Questions 85

Which of the following should be the FIRST consideration when developing a strategy for protecting an organization ' s data?

Options:

A.

Classification

B.

Encryption

C.

Access monitoring

D.

Access rights

Buy Now
Questions 86

What is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

Options:

A.

To share responsibility for addressing security breaches

B.

To gain acceptance of the policy across the organization

C.

To decrease the workload of the IT department

D.

To reduce the overall cost of policy development

Buy Now
Questions 87

Which of the following is the MOST effective way to align an organization’s information security risk management process with business objectives?

Options:

A.

Mandate that enterprise risk management policies be enforced across organizational departments

B.

Implement multiple layers of technical security controls to manage risk effectively

C.

Establish an information security governance framework that integrates with enterprise risk management

D.

Conduct annual information security awareness and risk management training

Buy Now
Questions 88

Which of the following is the BEST indication of information security strategy alignment with the “ &

Options:

A.

Percentage of information security incidents resolved within defined service level agreements (SLAs)

B.

Percentage of corporate budget allocated to information security initiatives

C.

Number of business executives who have attended information security awareness sessions

D.

Number of business objectives directly supported by information security initiatives

Buy Now
Questions 89

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Options:

A.

Establishing risk metrics

B.

Training on risk management procedures

C.

Reporting on documented deficiencies

D.

Assigning a risk owner

Buy Now
Questions 90

Which of the following should an information security manager do FIRST when developing an organization ' s disaster recovery plan (DRP)?

Options:

A.

Conduct a risk assessment.

B.

Document disaster recovery procedures.

C.

Identify business requirements.

D.

Perform a business impact analysis (BIA).

Buy Now
Questions 91

Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

Options:

A.

Data owner

B.

Data custodian

C.

System administrator

D.

Senior management

Buy Now
Questions 92

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application ' s security compliance?

Options:

A.

During user acceptance testing (UAT)

B.

During the design phase

C.

During static code analysis

D.

During regulatory review

Buy Now
Questions 93

Which of the following is MOST effective in monitoring an organization ' s existing risk?

Options:

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Buy Now
Questions 94

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Options:

A.

Determine recovery priorities.

B.

Define the recovery point objective (RPO).

C.

Confirm control effectiveness.

D.

Analyze vulnerabilities.

Buy Now
Questions 95

Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?

Options:

A.

Senior management supports funding for ongoing awareness training.

B.

Employees from each department have completed the required training.

C.

There has been an increase in the number of phishing attempts reported.

D.

There have been no reported successful phishing attempts since the training started.

Buy Now
Questions 96

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Establish performance metrics for the team

B.

Perform a post-incident review

C.

Implement a SIEM solution

D.

Perform a threat analysis

Buy Now
Questions 97

Which of the following is MOST important to emphasize when presenting information to gain senior management support for control enhancements?

Options:

A.

Residual risk exposure

B.

Threats against internal systems

C.

Control gaps within defense-in-depth architecture

D.

Recent data breaches in the same industry sector

Buy Now
Questions 98

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Options:

A.

number of impacted users.

B.

capability of incident handlers.

C.

type of confirmed incident.

D.

predicted incident duration.

Buy Now
Questions 99

Several critical systems have been compromised with malware. Which of the following is the BEST strategy to eradicate this incident?

Options:

A.

Perform malware scanning

B.

Reimage the systems

C.

Block access to the impacted systems

D.

Perform a vulnerability assessment

Buy Now
Questions 100

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

Options:

A.

Management support and approval has been obtained.

B.

The incident response team has the appropriate training.

C.

An incident response maturity assessment has been conducted.

D.

A reputable managed security services provider has been engaged.

Buy Now
Questions 101

When evaluating cloud storage solutions, the FIRST consideration should be:

Options:

A.

The service level agreement (SLA) for encryption keys

B.

Alignment with the organization’s data classification policy

C.

How the organization’s sensitive data will be transferred

D.

The volume of data to be stored in the cloud

Buy Now
Questions 102

A KEY benefit of effective information security governance is:

Options:

A.

Prioritization of information security projects

B.

Alignment with information security compliance requirements

C.

Informed information security decision-making

D.

Information security risk avoidance

Buy Now
Questions 103

To inform a risk treatment decision, which of the following should the information security manager compare with the organization ' s risk appetite?

Options:

A.

Gap analysis results

B.

Level of residual risk

C.

Level of risk treatment

D.

Configuration parameters

Buy Now
Questions 104

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Buy Now
Questions 105

Which of the following should an information security manager do FIRST when developing an organization ' s disaster recovery plan (DRP)?

Options:

A.

Identify business requirements

B.

Document disaster recovery procedures

C.

Conduct a risk assessment

D.

Perform a business impact analysis (BIA)

Buy Now
Questions 106

Which of the following will BEST enable an organization to meet incident response requirements when outsourcing its incident response function?

Options:

A.

Including response times in service level agreements (SLAs)

B.

Including a right-to-audit clause in service level agreements (SLAs)

C.

Contracting with a well-known incident response provider

D.

Requiring comprehensive response applications and tools

Buy Now
Questions 107

Which of the following is MOST important to have in place to help ensure an organization ' s cybersecurity program meets the needs of the business?

Options:

A.

Risk assessment program

B.

Information security awareness training

C.

Information security governance

D.

Information security metrics

Buy Now
Questions 108

After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?

Options:

A.

Notify affected stakeholders

B.

Conduct a vulnerability analysis

C.

Perform a root cause analysis

D.

Remove the threat

Buy Now
Questions 109

Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?

Options:

A.

Impose state limits on servers.

B.

Spread a site across multiple ISPs.

C.

Block the attack at the source.

D.

Harden network security.

Buy Now
Questions 110

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.

Administering information security awareness training

B.

Defining security strategies to support organizational programs

C.

Ensuring adequate support for solutions using emerging technologies

D.

Advising senior management on optimal levels of risk appetite and tolerance

Buy Now
Questions 111

Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Options:

A.

The framework defines managerial responsibilities for risk impacts to business goals.

B.

The framework provides direction to meet business goals while balancing risks and controls.

C.

The framework provides a roadmap to maximize revenue through the secure use of technology.

D.

The framework is able to confirm the validity of business goals and strategies.

Buy Now
Questions 112

Which of the following is the MOST appropriate action during the containment phase of a cyber incident response?

Options:

A.

Isolate affected systems to prevent the spread of damage

B.

Determine the final root cause of the incident

C.

Mitigate exploited vulnerabilities to prevent future incidents

D.

Remove all instances of the incident from the network

Buy Now
Questions 113

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

Options:

A.

Enforcing data retention

B.

Developing policy standards

C.

Benchmarking against industry peers

D.

Categorizing information assets

Buy Now
Questions 114

Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?

Options:

A.

Heightened awareness of information security strategies

B.

Improved process resiliency in the event of attacks

C.

Promotion of security-by-design principles to the business

D.

Management accountability for information security

Buy Now
Questions 115

An organization is planning to engage a third-party service provider to develop custom software. Which of the following would help to provide the GREATEST assurance of software security?

Options:

A.

Security training for the service provider’s software development staff

B.

Independent assessment against a relevant standard

C.

Verification of certifications held by the individual developers

D.

Review of the service provider’s software development policies

Buy Now
Questions 116

A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 117

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

Options:

A.

Digital currency is immediately available.

B.

Network access requires two-factor authentication.

C.

Data backups are recoverable from an offsite location.

D.

An alternative network link is immediately available.

Buy Now
Questions 118

Of the following, who is responsible for ensuring security controls are aligned with business objectives and regulatory requirements?

Options:

A.

Risk owner

B.

Control owner

C.

Compliance manager

D.

Control assessor

Buy Now
Questions 119

Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of

confidentiality?

Options:

A.

Ensuring hashing of administrator credentials

B.

Enforcing service level agreements (SLAs)

C.

Ensuring encryption for data in transit

D.

Utilizing a formal change management process

Buy Now
Questions 120

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager ' s BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Buy Now
Questions 121

What should an information security manager verify FIRST when reviewing an information asset management program?

Options:

A.

System owners have been identified.

B.

Key applications have been secured.

C.

Information assets have been classified.

D.

Information assets have been inventoried.

Buy Now
Questions 122

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Options:

A.

Benchmark the processes with best practice to identify gaps.

B.

Calculate the return on investment (ROI).

C.

Provide security awareness training to HR.

D.

Assess the business objectives of the processes.

Buy Now
Questions 123

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Options:

A.

Balanced scorecard

B.

Risk matrix

C.

Benchmarking

D.

Heat map

Buy Now
Questions 124

Which of the following would BEST justify spending for a compensating control?

Options:

A.

Root cause analysis

B.

Vulnerability assessment

C.

Emerging risk trends

D.

Risk analysis

Buy Now
Questions 125

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Options:

A.

Assess changes in the risk profile.

B.

Activate the disaster recovery plan (DRP).

C.

Invoke the incident response plan.

D.

Conduct security awareness training.

Buy Now
Questions 126

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Buy Now
Questions 127

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.

Decrease in the number of security incidents

B.

Increase in the frequency of security incident escalations

C.

Reduction in the impact of security incidents

D.

Increase in the number of reported security incidents

Buy Now
Questions 128

Which of the following is the PRIMARY outcome of a business impact analysis (BIA)?

Options:

A.

Streamlining of event triage and implementation of incident response procedures

B.

Allocation of budget for technical security controls and enhancements to security culture

C.

Assurance of compliance with industry-specific regulations and improvement to business processes

D.

Identification of critical business functions and prioritization of recovery efforts

Buy Now
Questions 129

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Options:

A.

The security strategy is promoted.

B.

Fewer security incidents are reported.

C.

Security behavior is improved.

D.

More security incidents are detected.

Buy Now
Questions 130

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

Options:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization ' s risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Buy Now
Questions 131

Which of the following sources is MOST useful when planning a business-aligned information security program?

Options:

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Buy Now
Questions 132

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:

A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Buy Now
Questions 133

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Buy Now
Questions 134

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

Options:

A.

Perform a patch update.

B.

Conduct a risk assessment.

C.

Perform a penetration test.

D.

Conduct an impact assessment.

Buy Now
Questions 135

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Options:

A.

Impact on information security program

B.

Cost of controls

C.

Impact to business function

D.

Cost to replace

Buy Now
Questions 136

Which type of control is an incident response team?

Options:

A.

Preventive

B.

Detective

C.

Corrective

D.

Directive

Buy Now
Questions 137

Which of the following should be done FIRST to ensure information security is integrated into system development projects?

Options:

A.

Define security requirements

B.

Assign resources based on the business impact

C.

Review the security policy

D.

Embed a security representative in each project team

Buy Now
Questions 138

What is the BEST way to reduce the impact of a successful ransomware attack?

Options:

A.

Perform frequent backups and store them offline.

B.

Purchase or renew cyber insurance policies.

C.

Include provisions to pay ransoms ih the information security budget.

D.

Monitor the network and provide alerts on intrusions.

Buy Now
Questions 139

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:

A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Buy Now
Questions 140

An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?

Options:

A.

Definition of when a disaster should be declared

B.

Requirements for regularly testing backups

C.

Recovery time objectives (RTOs)

D.

The disaster recovery communication plan

Buy Now
Questions 141

Which of the following should be done FIRST once a cybersecurity attack has been confirmed?

Options:

A.

Isolate the affected system.

B.

Notify senior management.

C.

Power down the system.

D.

Contact legal authorities.

Buy Now
Questions 142

Which of the following is MOST important for the effective implementation of an information security governance program?

Options:

A.

Employees receive customized information security training

B.

The program budget is approved and monitored by senior management

C.

The program goals are communicated and understood by the organization.

D.

Information security roles and responsibilities are documented.

Buy Now
Questions 143

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

Options:

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Buy Now
Questions 144

When conducting a post-implementation review for a security investment, it is MOST important to determine whether the investment:

Options:

A.

Meets internal requirements

B.

Complies with industry standards

C.

Achieves projected financial benefits

D.

Delivers anticipated risk reduction

Buy Now
Questions 145

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:

A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Buy Now
Questions 146

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

Options:

A.

Mapping risk scenarios according to sensitivity of data

B.

Reviewing mitigating and compensating controls for each risk scenario

C.

Mapping the risk scenarios by likelihood and impact on a chart

D.

Performing a risk assessment on the laaS provider

Buy Now
Questions 147

Which of the following BEST enables an organization to evaluate the security posture of a cloud service?

Options:

A.

Industry peer reviews

B.

Service provider attestations

C.

Penetration testing reports

D.

Third-party audit reports

Buy Now
Questions 148

Which of the following is an input used to calculate system-level risk?

Options:

A.

Key risk indicators

B.

Business impact analysis

C.

System risk appetite

D.

System vulnerabilities

Buy Now
Questions 149

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

Tracked and reported on until their final resolution

B.

Noted and re-examined later if similar weaknesses are found

C.

Documented in security awareness programs

D.

Quickly resolved and eliminated regardless of cost

Buy Now
Questions 150

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager ' s FIRST course of action?

Options:

A.

Ensure a risk assessment is performed to evaluate the findings

B.

Ensure vulnerabilities found are resolved within acceptable timeframes

C.

Request funding needed to resolve the top vulnerabilities

D.

Report findings to senior management

Buy Now
Questions 151

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Buy Now
Questions 152

Which of the following should be the PRIMARY basis for determining the value of assets?

Options:

A.

Cost of replacing the assets

B.

Business cost when assets are not available

C.

Original cost of the assets minus depreciation

D.

Total cost of ownership (TCO)

Buy Now
Questions 153

Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?

Options:

A.

Maturity of incident response activities

B.

Threat environment

C.

Quantity of impacted assets

D.

Incident impact

Buy Now
Questions 154

What should be an information security manager’s FIRST course of action upon learning a business unit is bypassing an existing control in order to increase operational efficiency?

Options:

A.

Report the noncompliance to senior management.

B.

Assess the risk of noncompliance.

C.

Activate the incident response plan.

D.

Evaluate possible compensating controls.

Buy Now
Questions 155

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Options:

A.

Fallback processes are tested the weekend before changes are made

B.

Users are not notified of scheduled system changes

C.

A manual rather than an automated process is used to compare program versions.

D.

The development manager migrates programs into production

Buy Now
Questions 156

In an organization that has an established social media policy, which of the following is the BEST way to reduce the risk associated with personally identifiable information disclosure?

Options:

A.

Delivering regular training to employees about social media usage

B.

Monitoring employees’ social media usage for confidential content

C.

Blocking social media sites on the corporate network

D.

Controlling access to personally identifiable information within the organization

Buy Now
Questions 157

Which of the following is a PRIMARY function of an incident response team?

Options:

A.

To provide effective incident mitigation

B.

To provide a risk assessment for zero-day vulnerabilities

C.

To provide a single point of contact for critical incidents

D.

To provide a business impact analysis (BIA)

Buy Now
Questions 158

Which of the following would BEST enable the help desk to recognize an information security incident?

Options:

A.

Train the help desk to review the call logs.

B.

Require the help desk to participate in post-incident reviews.

C.

Provide the help desk with criteria for security incidents.

D.

Include members of the help desk on the security incident response team.

Buy Now
Questions 159

Which of the following risks is an example of risk transfer?

Options:

A.

Utilizing third-party applications

B.

Moving risk ownership to another department

C.

Conducting off-site backups

D.

Purchasing cybersecurity insurance

Buy Now
Questions 160

Which of the following would BEST help to ensure appropriate security controls are built into software?

Options:

A.

Integrating security throughout the development process

B.

Performing security testing prior to deployment

C.

Providing standards for implementation during development activities

D.

Providing security training to the software development team

Buy Now
Questions 161

The business value of an information asset is derived from:

Options:

A.

the threat profile.

B.

its criticality.

C.

the risk assessment.

D.

its replacement cost.

Buy Now
Questions 162

Which type of system is MOST effective for monitoring cyber incidents based on impact and tracking them until they are closed?

Options:

A.

Endpoint detection and response (EDR)

B.

Network intrusion detection system (NIDS)

C.

Extended detection and response (XDR)

D.

Security information and event management (SIEM)

Buy Now
Questions 163

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Options:

A.

Instruct IT to deploy controls based on urgent business needs.

B.

Present a business case for additional controls to senior management.

C.

Solicit bids for compensating control products.

D.

Recommend a different application.

Buy Now
Questions 164

Which of the following is the PRIMARY reason to use a phased incident recovery approach?

Options:

A.

To gain management buy-in

B.

To give the response team time to analyze incidents

C.

To ensure critical systems are recovered first

D.

To prioritize remediation steps

Buy Now
Questions 165

Application data integrity risk is MOST directly addressed by a design that includes:

Options:

A.

reconciliation routines such as checksums, hash totals, and record counts.

B.

strict application of an authorized data dictionary.

C.

application log requirements such as field-level audit trails and user activity logs.

D.

access control technologies such as role-based entitlements.

Buy Now
Questions 166

Which of the following is an information security manager ' s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.

Increase the frequency of system backups.

B.

Review the mitigating security controls.

C.

Notify staff members of the threat.

D.

Assess the risk to the organization.

Buy Now
Questions 167

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Buy Now
Questions 168

Data classification is PRIMARILY the responsibility of:

Options:

A.

senior management.

B.

the data custodian.

C.

the data owner.

D.

the security manager.

Buy Now
Questions 169

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Options:

A.

Skills required for the incident response team

B.

A list of external resources to assist with incidents

C.

Service level agreements (SLAs)

D.

A detailed incident notification process

Buy Now
Questions 170

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Options:

A.

Identification of risk

B.

Analysis of control gaps

C.

Design of key risk indicators (KRIs)

D.

Selection of risk treatment options

Buy Now
Questions 171

An email digital signature will:

Options:

A.

protect the confidentiality of an email message.

B.

verify to recipient the integrity of an email message.

C.

automatically correct unauthorized modification of an email message.

D.

prevent unauthorized modification of an email message.

Buy Now
Questions 172

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

quickly resolved and eliminated regardless of cost.

B.

tracked and reported on until their final resolution.

C.

documented in security awareness programs.

D.

noted and re-examined later if similar weaknesses are found.

Buy Now
Questions 173

Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?

Options:

A.

Standards

B.

Procedures

C.

Regulations

D.

Baselines

Buy Now
Questions 174

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

Options:

A.

Perform a risk analysis for critical applications.

B.

Determine whether critical success factors (CSFs) have been defined.

C.

Conduct a capability maturity model evaluation.

D.

Review and update current operational procedures.

Buy Now
Questions 175

During a tabletop exercise, a security operations center team identifies a lack of resources to contain a security incident within an acceptable time frame. Which of the following is MOST likely to reduce containment time?

Options:

A.

Security orchestration, automation, and response

B.

Zero Trust Architecture

C.

Security information and event management

D.

Intrusion detection system

Buy Now
Questions 176

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Options:

A.

Install the OS, patches, and application from the original source.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Remove all signs of the intrusion from the OS and application.

Buy Now
Questions 177

Which of the following is the BEST course of action when an online company discovers a network attack in progress?

Options:

A.

Dump all event logs to removable media

B.

Isolate the affected network segment

C.

Enable trace logging on ail events

D.

Shut off all network access points

Buy Now
Questions 178

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Options:

A.

Asset classification

B.

Recovery time objectives (RTOs)

C.

Chain of custody

D.

Escalation procedures

Buy Now
Questions 179

In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or

Options:

A.

Security budget

B.

Risk register

C.

Risk score

D.

Laws and regulations

Buy Now
Questions 180

Of the following, who is BEST suited to own the risk discovered in an application?

Options:

A.

Information security manager

B.

Senior management

C.

System owner

D.

Control owner

Buy Now
Questions 181

Which of the following teams is BEST suited to prepare a disaster recovery plan?

Options:

A.

Incident response

B.

Information technology

C.

Senior management

D.

Information security

Buy Now
Questions 182

After a server has been attacked, which of the following is the BEST course of action?

Options:

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Buy Now
Questions 183

Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?

Options:

A.

Lack of knowledgeable personnel

B.

Lack of communication processes

C.

Lack of process documentation

D.

Lack of alignment with organizational goals

Buy Now
Questions 184

From a business perspective, the GREATEST benefit of an incident response plan is that it:

Options:

A.

Promotes efficiency by providing predefined response procedures

B.

Improves security responsiveness to disruptive events

C.

Limits the negative impact of disruptive events

D.

Ensures compliance with regulatory requirements

Buy Now
Questions 185

Which of the following is the MOST effective way to ensure information security policies are understood?

Options:

A.

Implement a whistle-blower program.

B.

Provide regular security awareness training.

C.

Include security responsibilities in job descriptions.

D.

Document security procedures.

Buy Now
Questions 186

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Options:

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Buy Now
Questions 187

Which of the following is MOST important to determine following the discovery and eradication of a malware attack?

Options:

A.

The malware entry path

B.

The creator of the malware

C.

The type of malware involved

D.

The method of detecting the malware

Buy Now
Questions 188

The MOST important element in achieving executive commitment to an information security governance program is:

Options:

A.

a defined security framework.

B.

a process improvement model

C.

established security strategies.

D.

identified business drivers.

Buy Now
Questions 189

The PRIMARY reason for creating a business case when proposing an information security project is to:

Options:

A.

articulate inherent risks.

B.

provide demonstrated return on investment (ROI).

C.

establish the value of the project in relation to business objectives.

D.

gain key business stakeholder engagement.

Buy Now
Questions 190

Which of the following BEST informs the design of an information security framework?

Options:

A.

Recent audit findings

B.

Implementation cost

C.

Risk appetite

D.

Available skills

Buy Now
Questions 191

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Buy Now
Questions 192

Which of the following is the BEST approach to make strategic information security decisions?

Options:

A.

Establish regular information security status reporting.

B.

Establish an information security steering committee.

C.

Establish business unit security working groups.

D.

Establish periodic senior management meetings.

Buy Now
Questions 193

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Options:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Buy Now
Questions 194

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The total cost of the investment

B.

The cost and associated risk reduction

C.

The number and severity of ransomware incidents

D.

Benchmarks of industry peers impacted by ransomware

Buy Now
Questions 195

A software vendor has announced a zero-day vulnerability that exposes an organization ' s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

Options:

A.

Ability to test the patch prior to deployment

B.

Documentation of patching procedures

C.

Adequacy of the incident response plan

D.

Availability of resources to implement controls

Buy Now
Questions 196

During which phase of an incident response plan is the root cause determined?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Eradication

Buy Now
Questions 197

Which of the following would BEST support the business case for an increase in the information security budget?

Options:

A.

Cost-benefit analysis results

B.

Comparison of information security budgets with peer organizations

C.

Business impact analysis (BIA) results

D.

Frequency of information security incidents

Buy Now
Questions 198

Which of the following is the MOST important input to the development of an effective information security strategy?

Options:

A.

Risk and business impact assessments

B.

Business processes and requirements

C.

Current and desired state of security

D.

Well-defined security policies and procedures

Buy Now
Questions 199

Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?

Options:

A.

Conduct a business impact analysis (BIA).

B.

Conduct periodic awareness training.

C.

Perform a security gap analysis.

D.

Perform network penetration testing.

Buy Now
Questions 200

When integrating security risk management into an organization it is MOST important to ensure:

Options:

A.

business units approve the risk management methodology.

B.

the risk treatment process is defined.

C.

information security policies are documented and understood.

D.

the risk management methodology follows an established framework.

Buy Now
Questions 201

An information security manager has confirmed the organization ' s cloud provider has unintentionally published some of the organization ' s business data. Which of the following should be done NEXT?

Options:

A.

Identify users associated with the exposed data.

B.

Initiate the organization ' s data loss prevention (DLP) processes.

C.

Review the cloud provider ' s service level agreement (SLA).

D.

Invoke the incident response plan.

Buy Now
Questions 202

Which of the following should be the PRIMARY basis for establishing metrics that measure the effectiveness of an information security program?

Options:

A.

Residual risk

B.

Regulatory requirements

C.

Risk tolerance

D.

Control objectives

Buy Now
Questions 203

Which of the following will result in the MOST accurate controls assessment?

Options:

A.

Mature change management processes

B.

Senior management support

C.

Well-defined security policies

D.

Unannounced testing

Buy Now
Questions 204

An information security manager has discovered a new technique that cybercriminals are exploiting. Which of the following has the manager identified?

Options:

A.

A risk

B.

A threat

C.

An incident

D.

An event

Buy Now
Questions 205

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Options:

A.

Access manager

B.

IT director

C.

System administrator

D.

Business owner

Buy Now
Questions 206

The PRIMARY benefit of integrating information security activities into change management processes is to:

Options:

A.

protect the organization from unauthorized changes.

B.

ensure required controls are included in changes.

C.

provide greater accountability for security-related changes in the business.

D.

protect the business from collusion and compliance threats.

Buy Now
Questions 207

Which of the following would pose the GREATEST risk to the preparedness of an incident response team?

Options:

A.

Lack of formal incident response scenarios

B.

A change in information security management

C.

Outdated incident response plans

D.

New attack vectors used by hackers

Buy Now
Questions 208

A business continuity plan (BCP) should contain:

Options:

A.

information about eradication activities.

B.

hardware and software inventories.

C.

data restoration procedures.

D.

criteria for activation.

Buy Now
Questions 209

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

Options:

A.

Lack of a risk framework

B.

Ineffective security controls

C.

Presence of known vulnerabilities

D.

Incomplete identification of threats

Buy Now
Questions 210

Which of the following is the BEST indication that an organization has a mature information security culture?

Options:

A.

Information security training is mandatory for all staff.

B.

The organization ' s information security policy is documented and communicated.

C.

The chief information security officer (CISO) regularly interacts with the board.

D.

Staff consistently consider risk in making decisions.

Buy Now
Questions 211

Which of the following is PRIMARILY determined by asset classification?

Options:

A.

Insurance coverage required for assets

B.

Level of protection required for assets

C.

Priority for asset replacement

D.

Replacement cost of assets

Buy Now
Questions 212

Which of the following is ESSENTIAL to ensuring effective incident response?

Options:

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Buy Now
Questions 213

To help ensure that an information security training program is MOST effective its contents should be

Options:

A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees ' roles

D.

based on recent incidents

Buy Now
Questions 214

Which of the following is the BEST reason to implement an information security architecture?

Options:

A.

Assess the cost-effectiveness of the integration.

B.

Fast-track the deployment of information security components.

C.

Serve as a post-deployment information security road map.

D.

Facilitate consistent implementation of security requirements.

Buy Now
Questions 215

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.

control gaps are minimized.

B.

system availability.

C.

effectiveness of controls.

D.

alignment with compliance requirements.

Buy Now
Questions 216

Which of the following BEST helps to ensure the effective execution of an organization ' s disaster recovery plan (DRP)?

Options:

A.

The plan is reviewed by senior and IT operational management.

B.

The plan is based on industry best practices.

C.

Process steps are documented by the disaster recovery team.

D.

Procedures are available at the primary and failover location.

Buy Now
Questions 217

Which of the following would BEST help to ensure compliance with an organization ' s information security requirements by an IT service provider?

Options:

A.

Requiring an external security audit of the IT service provider

B.

Requiring regular reporting from the IT service provider

C.

Defining information security requirements with internal IT

D.

Defining the business recovery plan with the IT service provider

Buy Now
Questions 218

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

Options:

A.

Provide regular updates about the current state of the risks.

B.

Re-perform risk analysis at regular intervals.

C.

Assign a risk owner to each risk

D.

Create mitigating controls to manage the risks.

Buy Now
Questions 219

Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.

Which of the following should be the PRIMARY focus of Company A ' s information security manager?

Options:

A.

The organizational structure of Company B

B.

The cost to align to Company A ' s security policies

C.

Company A ' s security architecture

D.

Company B ' s security policies

Buy Now
Questions 220

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

Options:

A.

Risk acceptance by the business has been documented

B.

Teams and individuals responsible for recovery have been identified

C.

Copies of recovery and incident response plans are kept offsite

D.

Incident response and recovery plans are documented in simple language

Buy Now
Questions 221

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization ' s data by the user

D.

Monitoring how often the smartphone is used

Buy Now
Questions 222

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

Options:

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Buy Now
Questions 223

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

Options:

A.

An increase in the number of identified security incidents

B.

A decrease in the number of security audit findings

C.

A decrease in the number of security policy exceptions

D.

An increase in the number of compliant business processes

Buy Now
Questions 224

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Buy Now
Questions 225

The PRIMARY purpose for conducting cybersecurity risk assessments is to:

Options:

A.

Assist in security reporting to senior management

B.

Provide metrics to indicate cybersecurity program effectiveness

C.

Verify compliance across multiple sectors

D.

Understand the organization ' s current security posture

Buy Now
Questions 226

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization ' s information security strategy?

Options:

A.

Internal security audit

B.

External security audit

C.

Organizational risk appetite

D.

Business impact analysis (BIA)

Buy Now
Questions 227

A balanced scorecard MOST effectively enables information security:

Options:

A.

project management

B.

governance.

C.

performance.

D.

risk management.

Buy Now
Questions 228

Which of the following is the BEST source of information to support an organization ' s information security vision and strategy?

Options:

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Buy Now
Questions 229

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Options:

A.

organizational alignment

B.

IT strategy alignment

C.

threats to the organization

D.

existing control costs

Buy Now
Questions 230

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Options:

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Buy Now
Questions 231

Recovery time objectives (RTOs) are BEST determined by:

Options:

A.

business managers

B.

business continuity officers

C.

executive management

D.

database administrators (DBAs).

Buy Now
Questions 232

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Options:

A.

Document risk acceptances.

B.

Revise the organization ' s security policy.

C.

Assess the consequences of noncompliance.

D.

Conduct an information security audit.

Buy Now
Questions 233

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Buy Now
Questions 234

An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?

Options:

A.

Assemble the incident response team to evaluate the incidents

B.

Initiate the crisis communication plan to notify stakeholders of the incidents

C.

Engage external incident response consultants to conduct an independent investigation

D.

Prioritize the incidents based on data classification standards

Buy Now
Questions 235

Senior management has just accepted the risk of noncompliance with a new regulation What should the information security manager do NEXT?

Options:

A.

Report the decision to the compliance officer

B.

Update details within the risk register.

C.

Reassess the organization ' s risk tolerance.

D.

Assess the impact of the regulation.

Buy Now
Questions 236

The effectiveness of an incident response team will be GREATEST when:

Options:

A.

the incident response team meets on a regular basis to review log files.

B.

the incident response team members are trained security personnel.

C.

the incident response process is updated based on lessons learned.

D.

incidents are identified using a security information and event monitoring {SIEM) system.

Buy Now
Questions 237

Which of the following BEST illustrates residual risk within an organization?

Options:

A.

Heat map

B.

Risk management framework

C.

Business impact analysis (BIA)

D.

Balanced scorecard

Buy Now
Questions 238

Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Options:

A.

Risk assessments

B.

Threat models

C.

Penetration testing

D.

Internal audit reports

Buy Now
Questions 239

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

Options:

A.

Vulnerability assessment

B.

Asset classification

C.

Threat analysis

D.

Internal audit findings

Buy Now
Questions 240

Which of the following BEST facilitates effective incident response testing?

Options:

A.

Including all business units in testing

B.

Simulating realistic test scenarios

C.

Reviewing test results quarterly

D.

Testing after major business changes

Buy Now
Questions 241

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Options:

A.

Establish an organization-wide social media policy.

B.

Develop sanctions for misuse of social media sites.

C.

Monitor social media sites visited by employees.

D.

Restrict social media access on corporate devices.

Buy Now
Questions 242

What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Options:

A.

Developing a dashboard for communicating the metrics

B.

Agreeing on baseline values for the metrics

C.

Benchmarking the expected value of the metrics against industry standards

D.

Aligning the metrics with the organizational culture

Buy Now
Questions 243

Which of the following metrics would provide an accurate measure of an information security program ' s performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Buy Now
Questions 244

Which of the following is the MOST effective control to prevent proliferation of shadow IT?

Options:

A.

Install a solution to detect unlicensed software.

B.

Conduct software audits.

C.

Implement a software allow list.

D.

Conduct periodic vulnerability scanning.

Buy Now
Questions 245

An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?

Options:

A.

Conduct a risk assessment and share the result with senior management.

B.

Revise the incident response plan-to align with business processes.

C.

Provide incident response training to data custodians.

D.

Provide incident response training to data owners.

Buy Now
Questions 246

Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?

Options:

A.

Contractual provisions for the right to audit

B.

Contractual provisions for data repatriation

C.

Effective data loss prevention (DLP) controls

D.

The purchase of cybersecurity insurance

Buy Now
Questions 247

Which of the following should be an information security manager ' s FIRST course of action when a potential business breach is discovered in a critical business system?

Options:

A.

Implement mitigating actions immediately.

B.

Invoke the incident response plan.

C.

Inform senior management of the breach.

D.

Validate the breach.

Buy Now
Questions 248

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

Options:

A.

a function of the likelihood and impact, should a threat exploit a vulnerability.

B.

the magnitude of the impact, should a threat exploit a vulnerability.

C.

a function of the cost and effectiveness of controls over a vulnerability.

D.

the likelihood of a given threat attempting to exploit a vulnerability

Buy Now
Questions 249

Who is BEST positioned to take ownership of critical IT security risks identified in an application?

Options:

A.

Chief information officer (CIO)

B.

Chief information security officer (CISO)

C.

Business application owner

D.

Lead application developer

Buy Now
Questions 250

A new type of ransomware has infected an organization ' s network. Which of the following would have BEST enabled the organization to detect this situation?

Options:

A.

Regular review of the threat landscape

B.

Periodic information security training for end users

C.

Use of integrated patch deployment tools

D.

Monitoring of anomalies in system behavior

Buy Now
Questions 251

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

Options:

A.

the security organization structure.

B.

international security standards.

C.

risk assessment results.

D.

the most stringent requirements.

Buy Now
Questions 252

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization ' s IT asset inventory?

Options:

A.

Isolate the PC from the network

B.

Perform a vulnerability scan

C.

Determine why the PC is not included in the inventory

D.

Reinforce information security training

Buy Now
Questions 253

A hacking group has posted an organization’s employee data on social media. What should the information security manager do FIRST?

Options:

A.

Inform the impacted employees.

B.

Initiate the incident response process.

C.

Escalate to senior management.

D.

Engage a forensic analysis team.

Buy Now
Questions 254

Spoofing should be prevented because it may be used to:

Options:

A.

gain illegal entry to a secure system by faking the sender ' s address,

B.

predict which way a program will branch when an option is presented

C.

assemble information, track traffic, and identify network vulnerabilities.

D.

capture information such as passwords traveling through the network

Buy Now
Questions 255

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Options:

A.

Patch management files

B.

Network system logs

C.

Configuration management files

D.

Intrusion detection system (IDS) logs

Buy Now
Questions 256

Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?

Options:

A.

Allow temporary use of the site and monitor for data leakage

B.

Report the activity to senior management

C.

Conduct a risk assessment and develop an impact analysis

D.

Update the risk register and review the information security strategy

Buy Now
Questions 257

Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Options:

A.

Increasing false negatives

B.

Decreasing false negatives

C.

Decreasing false positives

D.

Increasing false positives

Buy Now
Questions 258

Which of the following is the MOST important consideration when evaluating the performance of existing security controls?

Options:

A.

Obtaining senior management support to facilitate testing

B.

Interviewing control owners to accurately collect metrics data

C.

Selecting testing methods that match the purpose of the testing

D.

Establishing testing scenarios based on international standards

Buy Now
Questions 259

What should be the information security manager’s FIRST step when updating an information security program?

Options:

A.

Review costs and benchmark them against industry norms

B.

Re-evaluate the organization’s business expectations and objectives

C.

Identify program components that do not align with business objectives

D.

Interview business unit managers and key stakeholders

Buy Now
Questions 260

Which of the following is the PRIMARY objective of information asset classification?

Options:

A.

Vulnerability reduction

B.

Compliance management

C.

Risk management

D.

Threat minimization

Buy Now
Questions 261

Which of the following is a PRIMARY reason for senior management to review reports on information security?

Options:

A.

To assess the effectiveness of the security program

B.

To ensure adequate security resources are available

C.

To confirm security audits are regularly performed

D.

To ensure security risk is managed cost-effectively

Buy Now
Questions 262

Which of the following should an information security manager do FIRST upon confirming a privileged user ' s unauthorized modifications to a security application?

Options:

A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Buy Now
Questions 263

The PRIMARY goal to a post-incident review should be to:

Options:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Buy Now
Questions 264

Which of the following is the FIRST step to establishing an effective information security program?

Options:

A.

Conduct a compliance review.

B.

Assign accountability.

C.

Perform a business impact analysis (BIA).

D.

Create a business case.

Buy Now
Questions 265

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Buy Now
Questions 266

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Options:

A.

Obtain consensus on the strategy from the executive board.

B.

Review alignment with business goals.

C.

Define organizational risk tolerance.

D.

Develop a project plan to implement the strategy.

Buy Now
Questions 267

Which of the following would be MOST useful when determining the business continuity strategy for a large organization ' s data center?

Options:

A.

Stakeholder feedback analysis

B.

Business continuity risk analysis

C.

Incident root cause analysis

D.

Business impact analysis (BIA)

Buy Now
Questions 268

A new information security reporting requirement will soon become effective. Which of the following should be the information security manager ' s FIRST action?

Options:

A.

Conduct a cost-benefit analysis related to noncompliance with the new requirement.

B.

Perform a gap assessment against the new requirement.

C.

Investigate to determine whether the new requirement applies to the business.

D.

Inform senior management of the new requirement.

Buy Now
Questions 269

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.

Downtime due to malware infections

B.

Number of security vulnerabilities uncovered with network scans

C.

Percentage of servers patched

D.

Annualized loss resulting from security incidents

Buy Now
Questions 270

An outsourced vendor handles an organization’s business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor’s security practices?

Options:

A.

Requiring business continuity plans (BCPs) from the vendor

B.

Reviewing recent information security disclosures from the vendor

C.

Requiring periodic independent third-party reviews

D.

Reviewing the vendor service level agreement (SLA)

Buy Now
Questions 271

When designing security controls, it is MOST important to:

Options:

A.

Apply a risk-based approach

B.

Apply technical controls for sensitive data

C.

Consider business impact analysis (BIA) results

D.

Focus on preventive controls

Buy Now
Questions 272

Which of the following would BEST enable the timely execution of an incident response plan?

Options:

A.

The introduction of a decision support tool

B.

Definition of trigger events

C.

Clearly defined data classification process

D.

Centralized service desk

Buy Now
Questions 273

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

Options:

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Buy Now
Questions 274

Which of the following is the MOST critical activity for an information security manager to perform periodically throughout the term of a contract with an outsourced third party?

Options:

A.

Participatory disaster recovery testing

B.

Comprehensive risk assessments

C.

Service level agreement (SLA) updates

D.

Financial alignment reviews

Buy Now
Questions 275

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

Options:

A.

Implement compensating controls.

B.

Analyze the identified risk.

C.

Prepare a risk mitigation plan.

D.

Add the risk to the risk register.

Buy Now
Questions 276

The MOST appropriate time to conduct a disaster recovery test would be after:

Options:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Buy Now
Questions 277

Which of the following should be established FIRST when implementing an information security governance framework?

Options:

A.

Security architecture

B.

Security policies

C.

Security incident management team

D.

Security awareness training program

Buy Now
Questions 278

When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?

Options:

A.

The information available about the vulnerability

B.

The sensitivity of the asset and the data it contains

C.

IT resource availability and constraints

D.

Whether patches have been developed and tested

Buy Now
Questions 279

Which of the following should be the PRIMARY basis for an information security strategy?

Options:

A.

The organization ' s vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Buy Now
Questions 280

A global organization has outsourced security processes to a service provider by means of a global agreement. What is the MOST efficient approach to meet country-specific regulatory requirements?

Options:

A.

Include binding corporate rules into the global agreement

B.

Set up a governance organization for each country

C.

Review the agreement for each country separately

D.

Set up companion agreements for each country

Buy Now
Questions 281

Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?

Options:

A.

Ensuring the continued resilience and security of IT services

B.

Decreasing the percentage of security deployments that cause failures in production

C.

Reducing the number of control assessments to optimize resources

D.

Identifying and addressing security team performance issues

Buy Now
Questions 282

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:

A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset ' s value is critical to risk management.

D.

The responsibility for security rests with all employees.

Buy Now
Questions 283

Which of the following will BEST enable an effective information asset classification process?

Options:

A.

Including security requirements in the classification process

B.

Analyzing audit findings

C.

Reviewing the recovery time objective (RTO) requirements of the asset

D.

Assigning ownership

Buy Now
Questions 284

The executive management of a domestic organization has announced plans to expand operations to multiple international locations. Which of the following should be the information security manager ' s FIRST step upon learning of these plans?

Options:

A.

Perform a gap analysis against international information security standards

B.

Update security training and awareness resources accordingly

C.

Research legal and regulatory requirements impacting the new locations

D.

Prepare localized information security policies for each new location

Buy Now
Questions 285

Which of the following BEST indicates the effectiveness of the vendor risk management process?

Options:

A.

Increase in the percentage of vendors certified to a globally recognized security standard

B.

Increase in the percentage of vendors with a completed due diligence review

C.

Increase in the percentage of vendors conducting mandatory security training

D.

Increase in the percentage of vendors that have reported security breaches

Buy Now
Questions 286

Which of the following is the MOST important factor of a successful information security program?

Options:

A.

The program follows industry best practices.

B.

The program is based on a well-developed strategy.

C.

The program is cost-efficient and within budget,

D.

The program is focused on risk management.

Buy Now
Questions 287

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.

Which of the following should be given immediate focus?

Options:

A.

Moving to a zero trust access model

B.

Enabling network-level authentication

C.

Enhancing cyber response capability

D.

Strengthening endpoint security

Buy Now
Questions 288

The PRIMARY reason to properly classify information assets is to determine:

Options:

A.

appropriate encryption strength using a risk-based approach.

B.

the business impact if assets are compromised.

C.

the appropriate protection based on sensitivity.

D.

user access levels based on the need to know.

Buy Now
Questions 289

When is the BEST time to verify that a production system ' s security mechanisms meet control objectives?

Options:

A.

During quality and acceptance checks

B.

On a continuous basis through monitoring activities and automated tooling

C.

After remediations recommended by penetration tests have been completed

D.

During annual internal and compliance audits

Buy Now
Questions 290

The PRIMARY goal when conducting post-incident reviews is to identify:

Options:

A.

Additional cybersecurity budget needs

B.

Weaknesses in incident response plans

C.

Information to be shared with senior management

D.

Individuals that need additional training

Buy Now
Questions 291

A business impact analysis (BIA) BEST enables an organization to establish:

Options:

A.

annualized loss expectancy (ALE).

B.

recovery methods.

C.

total cost of ownership (TCO).

D.

restoration priorities.

Buy Now
Questions 292

An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?

Options:

A.

The individual who has the most privileges within the application

B.

The individual who manages the process supported by the application

C.

The individual responsible for providing support for the application

D.

The individual who manages users of the application

Buy Now
Questions 293

Which of the following should be the PRIMARY objective of the information security incident response process?

Options:

A.

Conducting incident triage

B.

Communicating with internal and external parties

C.

Minimizing negative impact to critical operations

D.

Classifying incidents

Buy Now
Questions 294

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

Options:

A.

Cost of the attack to the organization

B.

Location of the attacker

C.

Method of operation used by the attacker

D.

Details from intrusion detection system (IDS) logs

Buy Now
Questions 295

Which of the following is the BEST way to build a risk-aware culture?

Options:

A.

Periodically change risk awareness messages.

B.

Ensure that threats are documented and communicated in a timely manner.

C.

Establish a channel for staff to report risks.

D.

Periodically test compliance with security controls.

Buy Now
Questions 296

An organization ' s HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

Options:

A.

Multi-factor authentication (MFA) system

B.

Identity and access management (IAM) system

C.

Privileged access management (PAM) system

D.

Governance, risk, and compliance (GRC) system

Buy Now
Questions 297

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

Options:

A.

packet filtering.

B.

web surfing controls.

C.

log monitoring.

D.

application awareness.

Buy Now
Questions 298

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Options:

A.

Lack of availability

B.

Lack of accountability

C.

Improper authorization

D.

Inadequate authentication

Buy Now
Questions 299

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Options:

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Buy Now
Questions 300

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Buy Now
Questions 301

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

Options:

A.

Monitor the effectiveness of controls

B.

Update the risk assessment framework

C.

Review the inherent risk level

D.

Review the risk probability and impact

Buy Now
Questions 302

Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Penetration test results

D.

Vulnerability scan results

Buy Now
Questions 303

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Options:

A.

Review current recovery policies.

B.

Define the organizational strategy.

C.

Prioritize the critical processes.

D.

Review existing cyber insurance coverage.

Buy Now
Questions 304

When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:

Options:

A.

Review key risk indicators (KRIs)

B.

Perform a gap analysis

C.

Consult process owners

D.

Update key performance indicators (KPIs)

Buy Now
Questions 305

Who is BEST suited to determine how the information in a database should be classified?

Options:

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Buy Now
Questions 306

Which of the following is the BEST way to align security and business strategies?

Options:

A.

Establish key performance indicators for the business

B.

Integrate information security governance into corporate governance

C.

Ensure the information security program conforms to industry standards

D.

Include security risk as part of ongoing metrics reporting

Buy Now
Questions 307

Which of the following is MOST difficult to measure following an information security breach?

Options:

A.

Reputational damage

B.

Human resource costs

C.

Regulatory sanctions

D.

Replacement efforts

Buy Now
Questions 308

Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?

Options:

A.

Program metrics

B.

Key risk indicators (KRIs)

C.

Risk register

D.

Security strategy

Buy Now
Questions 309

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

Options:

A.

Regular audits of access controls

B.

Strong background checks when hiring staff

C.

Prompt termination procedures

D.

Role-based access control (RBAC)

Buy Now
Questions 310

The PRIMARY purpose of implementing information security governance metrics is to:

Options:

A.

measure alignment with best practices.

B.

assess operational and program metrics.

C.

guide security towards the desired state.

D.

refine control operations.

Buy Now
Questions 311

Which of the following is the MOST important consideration when establishing an organization ' s information security governance committee?

Options:

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Buy Now
Questions 312

Which of the following has the GREATEST influence on an organization ' s information security strategy?

Options:

A.

The organization ' s risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Buy Now
Questions 313

Which of the following is the MOST important issue in a penetration test?

Options:

A.

Having an independent group perform the test

B.

Obtaining permission from audit

C.

Performing the test without the benefit of any insider knowledge

D.

Having a defined goal as well as success and failure criteria

Buy Now
Questions 314

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

Options:

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Buy Now
Questions 315

Which of the following provides the BEST indication of the return on information security investment?

Options:

A.

Increased annualized loss expectancy (ALE)

B.

Increased number of reported incidents

C.

Reduced annualized loss expectancy (ALE)

D.

Decreased number of reported incidents

Buy Now
Questions 316

Which of the following is an example of a deterrent control?

Options:

A.

Separation of responsibilities

B.

Periodic data restoration

C.

An intrusion detection system

D.

A warning banner

Buy Now
Questions 317

Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?

Options:

A.

To ensure evidence is handled by qualified resources

B.

To validate the incident response process

C.

To provide the response team with expert training on evidence handling

D.

To prevent evidence from being disclosed to any internal staff members

Buy Now
Questions 318

Which of the following backup methods requires the MOST time to restore data for an application?

Options:

A.

Full backup

B.

Incremental

C.

Differential

D.

Disk mirroring

Buy Now
Questions 319

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Buy Now
Questions 320

When defining a security baseline, it is MOST important that the baseline:

Options:

A.

can vary depending on the security classification of systems.

B.

is uniform for all assets of the same type.

C.

is developed based on stakeholder consensus.

D.

aligns to key risk indicators (KRIs).

Buy Now
Questions 321

Which of the following would BEST demonstrate the status of an organization ' s information security program to the board of directors?

Options:

A.

Information security program metrics

B.

Results of a recent external audit

C.

The information security operations matrix

D.

Changes to information security risks

Buy Now
Questions 322

Which of the following is the PRIMARY benefit of a vulnerability scanning tool to an organization?

Options:

A.

Identifying vulnerabilities within organizational processes

B.

Identifying potential risks posed by devices on the network

C.

Automating the information security risk analysis program

D.

Ensuring complex vulnerabilities are not missed

Buy Now
Questions 323

Which of the following BEST indicates the organizational benefit of an information security solution?

Options:

A.

Cost savings the solution brings to the information security department

B.

Reduced security training requirements

C.

Alignment to security threats and risks

D.

Costs and benefits of the solution calculated over time

Buy Now
Questions 324

When assigning a risk owner, the MOST important consideration is to ensure the owner has:

Options:

A.

adequate knowledge of risk treatment and related control activities.

B.

decision-making authority and the ability to allocate resources for risk.

C.

sufficient time for monitoring and managing the risk effectively.

D.

risk communication and reporting skills to enable decision-making.

Buy Now
Questions 325

Due to changes in an organization ' s environment, security controls may no longer be adequate. What is the information security manager ' s BEST course of action?

Options:

A.

Review the previous risk assessment and countermeasures.

B.

Perform a new risk assessment,

C.

Evaluate countermeasures to mitigate new risks.

D.

Transfer the new risk to a third party.

Buy Now
Questions 326

Which of the following is an information security manager ' s BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

Options:

A.

Ensure a plan with milestones is developed.

B.

Implement a distributed denial of service (DDoS) control.

C.

Engage the incident response team.

D.

Define new key performance indicators (KPIs).

Buy Now
Questions 327

Labeling information according to its security classification:

Options:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Buy Now
Questions 328

Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?

Options:

A.

A security information and event management (SIEM) system

B.

An intrusion prevention system (IPS)

C.

A virtual private network (VPN) with multi-factor authentication (MFA)

D.

An identity and access management (IAM) system

Buy Now
Questions 329

An organization that has recently suffered a cyberattack is considering engaging law enforcement. Which of the following is the MOST important course of action for the incident response team?

Options:

A.

Encrypt digital evidence

B.

Solicit input from senior management

C.

Engage legal counsel

D.

Hire a digital forensic expert for evidence analysis

Buy Now
Questions 330

Which of the following is the PRIMARY objective of incident triage?

Options:

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Buy Now
Questions 331

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

notify the business process owner.

B.

follow the business continuity plan (BCP).

C.

conduct an incident forensic analysis.

D.

follow the incident response plan.

Buy Now
Questions 332

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Options:

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Buy Now
Questions 333

Which of the following BEST encourages staff to report issues related to information security?

Options:

A.

Tabletop exercises are performed on a regular basis

B.

Incentives are offered for security skills training

C.

The leaders set a positive security culture

D.

Formal incident response processes are in place

Buy Now
Questions 334

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Buy Now
Questions 335

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

Options:

A.

Obtain an independent audit report.

B.

Require the provider to follow stringent data classification procedures.

C.

Include high penalties for security breaches in the contract.

D.

Review the provider ' s information security policies.

Buy Now
Questions 336

Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?

Options:

A.

Data protection regulations

B.

Data storage limitations

C.

Business requirements

D.

Type and nature of data

Buy Now
Questions 337

A small organization needs to use a solution that is out of support in order to meet business objectives. Which of the following is the information security manager’s BEST course of action to manage the associated risk?

Options:

A.

Run periodic vulnerability scans

B.

Advise business units to change the system

C.

Recommend that the risk be accepted by senior leadership

D.

Implement compensating security controls

Buy Now
Questions 338

Which of the following business units should own the data that populates an identity management system?

Options:

A.

Human resources (HR)

B.

Legal

C.

Information technology

D.

Information security

Buy Now
Questions 339

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Options:

A.

Block IP addresses used by the attacker

B.

Redirect the attacker ' s traffic

C.

Disable firewall ports exploited by the attacker.

D.

Power off affected servers

Buy Now
Questions 340

Which of the following BEST contributes to establishing an information security culture within an organization?

Options:

A.

Conducting regular information security awareness initiatives

B.

Obtaining executive approval of information security policy

C.

Following industry best practices for information security

D.

Incorporating information security requirements in the software development life cycle

Buy Now
Questions 341

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Options:

A.

An industry peer experienced a recent breach with a similar application.

B.

The system can be replicated for additional use cases.

C.

The cost of implementing the system is less than the impact of downtime.

D.

The solution is within the organization ' s risk tolerance.

Buy Now
Questions 342

Which of the following is the BEST way to help ensure alignment of the information security program with organizational objectives?

Options:

A.

Establish an information security steering committee.

B.

Employ a process-based approach for information asset classification.

C.

Utilize an industry-recognized risk management framework.

D.

Provide security awareness training to board executives.

Buy Now
Questions 343

Who should be responsible for determining the level of data classification required for an application related to a new line of business?

Options:

A.

Data analyst

B.

Information security officer (ISO)

C.

Data custodian

D.

Data owners

Buy Now
Questions 344

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

Options:

A.

Business process owner

B.

Business continuity coordinator

C.

Senior management

D.

Information security manager

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Jul 19, 2026
Questions: 1191

PDF + Testing Engine

$249

Testing Engine

$225

PDF (Q&A)

$199