Professional Documents
Culture Documents
CISM
Certified Information
Security Manager
Version: 22.2
Email: support@dumpscollection.com
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at feedback@dumpscollection.com
Support
If you have any questions about our product, please provide the following items:
exam code
screenshot of the question
login id/email
please contact us at support@dumpscollection.com and our technical experts will provide support within 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Dumps Q&A Isaca - CISM
An internal security audit has reported several control weaknesses. The information security manager's BEST
course of action should be to:
Answer: B
Which of the following defines the triggers within a business continuity plan (BCP)?
B. Gap analysis
Answer: D
Which of the following would be the MOST effective incident response team structure for an organization
with a large headquarters and worldwide branch offices?
A. Coordinated
B. Decentralized
C. Outsourced
D. Centralized
Answer: D
To minimize security exposure introduced by changes to the IT environment, which of the following is MOST
important to implement as part of change management?
Answer: D
Which of the following is the BEST way to prevent recurrence of a security incident?
A. An appropriate investigation into the root cause with corrective measures applied
C. An expanded and more effective monitoring and detection process for incidents
Answer: A
When considering whether to adopt a new information security framework, an organization's information
security manager should FIRST:
Answer: B
Answer: D
An organization has established information security policies, but the information security the MOST likely
reason for this situation?
A. The information security policies are not communicated across the organization.
Answer: B
When recommending a preventive control against cross-site scripting in web applications, an information
security manager is MOST likely to suggest:
Answer: B
When developing a new system, detailed information security functionality should FIRST be addressed:
B.
B. as part of prototyping.
Answer: D
Which of the following is the BEST reason to develop comprehensive information security policies?
Answer: A
Which of the following is the MOST important reason to document information security incidents that are
reported across the organization?
Answer: C
In a resource-restricted security program, which of the following approaches will provide the BEST use of the
limited resources?
A. Cross-training
B. Risk avoidance
C. Risk prioritization
D. Threat management
Answer: C
Which of the following is MOST helpful for prioritizing the recovery of IT assets during a disaster?
A. Vulnerability assessment
D. Risk assessment
Answer: B
The PRIMARY purpose of a security information and event management (SIEM) system is to:
B. resolve incidents
Answer: D
Which of the following BEST helps to identify vulnerabilities introduced by changes to an organization's
technical infrastructure?
D. Penetration testing
Answer: A
Which of the following should be an information security manager's PRIMARY role when an organization
initiates a data classification process?
Answer: D
Answer: A
The MOST important reason to maintain key risk indicators (KRIs) is that:
Answer: A
A PRIMARY advantage of involving business management in evaluating and managing information security
Answer: A
Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
B. Threat intelligence
Answer: C
Which of the following is the MOST reliable source of information about emerging information security
threats and vulnerabilities?
B. Industry bloggers
Answer: D
An information security manager has been made aware that some employees are discussing confidential
corporate business on social media sites. Which of the following is the BEST response to this situation?
A.
A. Block workplace access to social media sites and monitor employee usage.
Answer: D
Which of the following is an indicator of improvement in the ability to identify security risks?
Answer: A
Which of the following would BEST help an information security manager prioritize remediation activities to
meet regulatory requirements?
Answer: B
An organization is planning to open a new office in another country. Sensitive data will be routinely sent
between the two offices. What should be the information security manager s FIRST course of action?
B. Encrypt the data for transfer to the head office based on security manager approval
C.
C. Update privacy policies to include the other country's laws and regulations.
Answer: C
Which of the following should be an information security manager's PRIMARY focus during the development
of a critical system storing highly confidential data?
Answer: A
An organization with a strict need-to-know information access policy is about to launch a knowledge
management intranet. Which of the following is the MOST important activity to ensure compliance with
existing security policies?
B. Change organization policy to allow wider use of the new web site.
D. Ensure that access to the web site is limited to senior managers and the board.
Answer: A
When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security
incident is that it helps to:
D.
Answer: D
An information security manager learns that a departmental system is out of compliance with the information
security policy's authentication requirements. Which of the following should be the information security
manager's FIRST course of action?
Answer: B
Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?
Answer: A
What should be an information security manager's FIRST course of action when an organization is subject to a
new regulatory requirement?
Answer: B
Inadvertent disclosure of internal business information on social media is BEST minimized by which of the
following?
Answer: B
Which of the following is MOST important to building an effective information security program?
Answer: D
When facilitating the alignment of corporate governance and information security governance, which of the
following is the MOST important role of an organizations security steering committee?
Answer: D
For an organization with a large and complex IT infrastructure, which of the following elements of a disaster
recovery hot site service will require the closest monitoring?
A. Number of subscribers
B. Audit tights
C. Systems configurations
D. Employee access
Answer: C
When aligning an organization's information security program with other risk and control activities, it is
MOST important to:
Answer: D
Which of the following BEST promotes stakeholder accountability in the management of information security
risks?
Answer: A
The use of a business case to obtain funding for an information security investment is MOST effective when
the business case:
Answer: A
Vulnerability scanning has detected a critical risk in a vital business application. Which of the following
should the information security manager do FIRST?
Answer: B
Which of the following has the GREATEST impact on efforts to improve an organization's security posture?
Answer: D
Which of the following is the FIRST step required to achieve effective performance measurement?
Answer: B
Which of the following is the MOST important security consideration when using Infrastructure as a Service
(laaS)?
Answer: B
An organization has determined that one of its web servers has been compromised. Which of the following
actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?
Answer: D
Which of the following is the BIST course of action for the information security manager when residual risk is
above the acceptable level of risk?
Answer: D
Which of the following is the BEST approach for an information security manager to effectively manage
third-party risk?
Answer: B
Answer: C
Reviewing which of the following would provide the GREATEST Input to the asset classification process?
B. Compliance requirements
C.
D. Risk assessment
Answer: A
In a large organization, which of the following is the BEST source for identifying ownership of a PC?
D. User ID register
Answer: A
An organization is considering the purchase of a competitor. To determine the competitor's security posture,
the BEST course of action for the organization's information security manager would be to:
Answer: B
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution
(MTTR) data is the ability to:
Answer: A
Question #:52 - (Exam Topic 1)
When selecting risk response options to manage risk, an information security manager's MAIN focus should
be on reducing:
Answer: A
After undertaking a security assessment of a production system, the information security manager is MOST
likely to:
A. inform the system owner of any residual risks and propose measures to reduce them.
B. establish an overall security program that minimizes the residual risks of that production system
C. inform the IT manager of the residual risks and propose measures to reduce them.
D. inform the development team of any residual risks and together formulate risk reduction measures.
Answer: A
A. risk appetite.
Answer: C
The MAIN purpose of documenting information security guidelines for use within a large, international
organization is to:
B. ensure that all business units have the same strategic security goals.
Answer: B
Which of the following is the MOST important consideration for designing an effective information security
governance framework?
Answer: B
Which of the following is MOST likely to increase end user security awareness in an organization?
Answer: C
The MOST effective way to communicate the level of impact of information security risks on organizational
objectives is to present:
A.
Answer: D
An organization's security was compromised by outside attackers. The organization believed that the incident
was resolved. After a few days, the IT staff is still noticing unusual network traffic. Which of the following is
the BEST course of action to address this situation?
Answer: C
An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is
the BEST course of action to address this issue?
Answer: A
Which of the following is the MOST important factor to ensure information security is meeting the
organization's objectives?
A.
Answer: B
Which of the following is the BEST reason to separate short-term from long-term plans within an information
security roadmap?
Answer: C
Which of the following is the MOST important influence to the continued success of an organization's
information security strategy?
A. Information systems
B. Security processes
C. Organizational culture
D. Policy development
Answer: C
Which of the following should be the FIRST step of incident response procedures?
C.
Answer: B
Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen
laptop?
Answer: C
Which of the following metrics would be considered an accurate measure of an information security program's
performance?
A. The number of key risk indicators (KRIs) identified, monitored, and acted upon
D. A single numeric score derived from various measures assigned to the security program
Answer: A
Which of the following should be an information security managers FIRST course of action following a
decision to implement a new technology?
C. Determine whether the new technology will comply with regulatory requirements.
D.
Answer: A
Answer: A
Which of the following presents the GREATEST information security concern when deploying an identity and
access management solution?
Answer: A
Which of the following is the PRIMARY reason an information security strategy should be deployed across an
organization?
Answer: D
Which of the following provides the BEST evidence that the information security program is aligned to the
business strategy?
B. The information security team is able to provide key performance indicators (KPIs) to senior
management.
D. The information security program manages risk within the business1* risk tolerance.
Answer: C
Which of the following BEST ensures timely and reliable access to services?
A. Nonrepudiation
C. Availability
D. Authenticity
Answer: B
The PRIMARY focus of a training curriculum for members of an incident response team should be:
A. technology training.
C. security awareness
Answer: D
Which of the following MOST effectively helps an organization to align information security governance with
corporate governance?
Answer: A
Answer: A
Which of the following is the BEST indication that an information security control is no longer relevant?
D. Following the control costs the business more than not following it.
Answer: D
B.
Answer: B
Which of the following is MOST important to consider when prioritizing threats during the risk assessment
process?
Answer: B
What is the PRIMARY purpose of communicating business impact to an incident response team?
Answer: D
Question #:80 - (Exam Topic 1)
When granting a vendor remote access to a system, which of the following is the MOST important
consideration?
A. Password hashing
B. Session monitoring
D.
Answer: B
Which of the following is the PRIMARY goal of an incident response team during a security incident?
Answer: B
Which of the following is the BEST control to minimize the risk associated with loss of information as a result
of ransomware exploiting a zero-day vulnerability?
Answer: B
Which of the following is MOST helpful when justifying the funding required for a compensating control?
B. Risk analysis
C. Business case
D. Threat assessment
Answer: C
Which of the following is the MOST important outcome of testing incident response plans?
Answer: D
An executive's personal mobile device used for business purposes is reported lost. The information security
manager should respond based on:
B. incident classification.
Answer: D
Which of the following is MOST critical to the successful implementation of information security within an
organization?
A. Strong risk management skills exist within the information security group.
B. The information security manager is responsible for setting information security policy.
Answer: D
What should be the information security manager s MOST important consideration when planning a disaster
recovery test?
A. Organization-wide involvement
Answer: C
Which of the following is the BEST strategy to implement an effective operational security posture?
A. Defense in depth
B. Threat management
C. Vulnerability management
Answer: D
Which of the following should an information security manager do FIRST after learning about a new
regulation that affects the organization?
Answer: C
What should the information security manager recommend to support the development of a new web
application that will allow retail customers to view inventory and order products?
A.
Answer: B
In addition to cost what is the BEST criteria for selecting countermeasures following a risk assessment?
A. Maintenance requirements
D. Effort of implementation
Answer: B
BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:
A. a sandbox environment
B. device encryption,
C. two-factor authentication
Answer: A
A security team is conducting its annual disaster recovery test. Post-restoration testing shows the system
response time is significantly slower due to insufficient bandwidth for Internet connectivity at the recovery
center. Which of the following is the security manager's BEST course of action?
B.
Answer: C
Which of the following is the PRIMARY reason to conduct periodic business impact assessments?
Answer: A
Which of the following would BEST demonstrate the maturity level of an organization's security incident
response program?
Answer: D
To ensure IT equipment meets organizational security standards, the MOST efficient approach is to:
Answer: A
Answer: A
When trying to integrate information security across an organization, the MOST important goal for a
governing body should be to ensure:
B. the resources used for information security projects are kept to a minimum.
Answer: D
Which of the following stakeholders would provide the BEST guidance in aligning the information security
strategy with organizational goals?
A. Board of directors
Answer: D
Management is questioning the need for several items in the information security budget proposal. Which of
the following would have been MOST helpful prior to budget submission?
Answer: C
Question #:101 - (Exam Topic 1)
An organization has an approved bring your own device (BYOD) program. Which of the following is the
MOST effective method to enforce application control on personal devices?
Answer: A
Which of the following is the BEST way to address any gaps identified during an outsourced provider
selection and contract negotiation process?
Answer: A
After adopting an information security framework, an information security manager is working with senior
management to change the organization-wide perception that information security is solely the responsibility
of the information security department. To achieve this objective, what should be the information security
manager's FIRST initiative?
C. Develop an operational plan providing best practices for information security projects.
Answer: A
The BEST way to obtain funding from senior management for a security awareness program is to:
Answer: A
When developing a protection strategy for outsourcing applications, the information se<urity manager MUST
ensure that:
A. the security requirements are included in the service level agreement (SLA).
C. the responsibility for security is transferred in the service level agreement (SLA).
Answer: A
Question #:106 - (Exam Topic 1)
Which of the following is MOST important for effective communication during incident response?
Answer: C
Answer: D
An organization recently rolled out a new procurement program that does not include any security
requirements. Which of the following should the information security manager do FIRST?
A. Escalate the procurement program gaps to the compliance department in case of noncompliance issues.
B. Ask internal audit to conduct an assessment of the current state of third-party security controls.
C. Conduct security assessments of vendors based on value of annual spend with each vendor.
D. Meet with the head of procurement to discuss aligning security with the organization's operational
objectives.
Answer: D
When integrating information security requirements into software development, which of the following
practices should be FIRST in the development lifecycle?
A. Penetration testing
C.
D. Threat modeling
Answer: D
An inexperienced information security manager is relying on its internal audit department to design and
implement key security controls. Which of the following is the GREATEST risk?
A. Conflict of interest
Answer: A
Which of the following functions is MOST critical when initiating the removal of system access for terminated
employees?
A. Help desk
B. Information security
C. Human resources
D. Legal
Answer: B
Senior management has decided to accept a significant risk within a security remediation plan. Which of the
following is the information security manager's BEST course of action?
Answer: C
Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?
Answer: D
Question #:114 - (Exam Topic 1)
Which of the following is MOST important when establishing a successful information security governance
framework?
Answer: A
Which of the following is MOST critical for an effective information security governance framework?
Answer: C
An organization has detected potential risk emerging from noncompliance with new regulations in its industry.
Which of the following is the MOST important reason to report this situation to senior management?
Answer: A
Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive
security framework for the organization to allow senior management to remain focused on business priorities.
Which of the following poses the GREATEST challenge to the successful implementation of the new security
governance framework?
B. Information security staff has little or no experience with the practice of information security
governance.
C. Executive leadership views information security governance primarily as a concern of the information
security management team.
D. Information Security management does not fully accept the responsibility for information security
governance.
Answer: C
Question #:118 - (Exam Topic 1)
An organization is about to purchase a rival organization. The PRIMARY reason for performing information
security due diligence prior to making the purchase is to:
Answer: B
Which of the following is the MOST important criterion for complete closure of a security incident?
Answer: C
An information security manager is developing a new information security strategy. Which of the following
functions would serve as the BEST resource to review the strategy and provide guidance for business
alignment?
B. Internal audit
Answer: C
What should an information security manager do FIRST when a service provider that stores the organization's
confidential customer data experiences a breach in its data center?
Answer: A
Answer: D
Which of the following should be communicated FIRST to senior management once an information security
incident has been contained?
Answer: B
Which of the following would be an information security manager's PRIMARY challenge when deploying a
bring your own device (BYOD) mobile program in an enterprise?
D. Configuration management
Answer: C
Which of the following BEST demonstrates alignment between information security governance and corporate
governance?
Answer: C
Which of the following is the BEST method to ensure that data owners take responsibility for implementing
information security processes?
Answer: A
Which of the following devices, when placed in a demilitarized zone (DMZ). would be considered a
significant exposure?
A. Authentication server
B. Web server
C. Proxy server
Answer: A
An information security manager is evaluating the key risk indicators (KRls) for an organization s information
security program. Which of the following would be the information security manager s GREATEST concern?
C.
Answer: C
The MOST important reason for an information security manager to be involved in a new software purchase
initiative is to:
Answer: A
Which of the following techniques is MOST useful when an incident response team needs to respond to
external attacks on multiple corporate network devices?
Answer: B
A third-party service provider is developing a mobile app for an organization's customers. Which of the
following issues should be of GREATEST concern to the information security management.
Answer: A
After a security incident has been contained, which of the following should be done FIRST?
Answer: B
In which of the following ways can an information security manager BEST ensure that security controls are
adequate for supporting business goals and objectives?
Answer: B
Which of the following will BEST ensure that risk is evaluated on system level changes?
Answer: B
Which of the following would be MOST effective in preventing malware from being launched through an
email attachment?
Answer: B
The MAIN consideration when designing an incident escalation plan should be ensuring that:
Answer: C
When implementing a new risk assessment methodology, which of the following is the MOST important
requirement?
Answer: C
When implementing security architecture, an information security manager MUST ensure that security
controls:
B. are transparent.
Answer: D
Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to
unauthorized stakeholders?
Answer: B
Which of the following metrics would provide management with the MOST useful information about the
effectiveness of a security awareness program?
Answer: C
In a large organization requesting outsourced services, which of the following contract clauses is MOST
important to the information security manager?
C. Nondisclosure clause
D. Intellectual property
Answer: A
The head of a department affected by a recent security incident expressed concern about not being aware of
the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?
Answer: D
Which of the following is MOST relevant for an information security manager to communicate to business
units?
A. Risk ownership
B. Vulnerability assessments
D. Threat assessments
Answer: C
Which of the following is BEST to include in a business case when the return on investment (RIO) for an
information security initiative is difficult to calculate?
B.
Answer: B
Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration
test?
Answer: D
Which of the following is the MOST important reason for logging firewall activity?
A. Auditing purposes
B. Incident investigation
C. Firewall tuning
D. Intrusion detection
Answer: A
An information security manager discovers that the organization's new information security policy is not being
followed across all departments. Which of the following should be of GREATEST concern to the information
security manager?
A. Business unit management has not emphasized the importance of the new policy.
Answer: A
Question #:148 - (Exam Topic 1)
Which of the following would BEST protect against web-based cross-domain attacks?
B. Encryption controls
C. Application controls
D. Database hardening
Answer: C
Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY
enabled by:
A. contractual agreements.
D. audit guidelines.
Answer: A
Which of the following is MOST important when prioritizing an information security incident?
Answer: C
Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from
employee-owned devices accessing the corporate email system?
A. Link the bring-your-own-device (BYOD) policy to the existing staff disciplinary policy.
B. Require employees to undergo training before permitting access to the corporate email service
C. Require employees to install a reputable mobile anti-virus solution on their personal devices.
D. Use a mobile device management (MDM) solution to isolate the local corporate email storage.
Answer: D
Answer: B
What information is MOST helpful in demonstrating to senior management how information security
governance aligns with business objectives?
Answer: A
Which of the following is the MAIN concern when securing emerging technologies?
B. Unknown vulnerabilities
Answer: D
A core business function has created a significant risk. Budget constraints do not allow for effective
remediation. Who should be accountable for selecting the appropriate risk treatment?
B. Security officer
C. Audit team
D. Senior management
Answer: A
Which of the following would provide the BEST evidence to senior management that security control
performance has improved?
Answer: C
Answer: B
Which of the following is MOST likely to occur following a security awareness campaign''
Answer: D
An organization recently implemented a data loss prevention (DLP) system. A senior business executive has
complained that the system seriously impedes departmental effectiveness. What is the information security
manager's BEST course of action?
Answer: B
Which of the following is MOST critical when creating an incident response plan?
Answer: B
During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based
on:
Answer: C
A new version of an information security regulation is published that requires an organization's compliance.
The information security manager should FIRST
Answer: D
An information security manager recently received funding for a vulnerability scanning tool to replace manual
assessment techniques and needs to justify the expense of the tool going forward. Which of the following
metrics would BEST indicate the tool is effective?
C.
Answer: C
Which of the following would be MOST helpful to an information security manager tasked with enforcing
enhanced password standards?
Answer: A
What should an information security manager do FIRST upon learning that the third-party provider
responsible for a mission-critical process is subcontracting critical functions to other providers?
Answer: D
Which of the following is MOST important lo track for determining the effectiveness of an information
security program?
D.
Answer: B
Answer: A
ON NO: 994
When two different controls are available to mitigate a risk, an information security manager's
recommendation should be based on the results of a:
A. control evaluation
B. cost-benefit analysis
C. countermeasure analysis
D. threat analysis.
Answer: B
If the inherent risk of a business activity is higher than the acceptable risk level, the information security
manager should FIRST
Answer: C
Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST
enable a cloud service provider to assist customers when recovering from a security incident?
Answer: D
For an organization with operations in different parts of the world, the BEST approach for ensuring that
security policies do not conflict with local laws and regulations is to:
Answer: D
Which of the following is the MOST important reason to consider the role of the IT service desk when
developing incident handling procedures?
A. The service desk provides a source for the identification of security incidents.
B. Service desk personnel have information on how to resolve common systems issues
C. The service desk provides information to prioritize systems recovery based on user demand
Answer: A
The MOST important reason to have a well-documented and tested incident response plan in place is to:
Answer: B
When is the BEST time to identify the potential regulatory risk a new service provider presents to the
organization?
Answer: B
Answer: A
Answer: D
For computer forensics evidence to be admissible in a court of law, the evidence MUST:
Answer: C
The authorization to transfer the handling of an internal security incident to a third-party support provider is
PRIMARILY defined by the:
B. escalation procedures
D. chain of custody.
Answer: B
Which of the following is the BEST way for an information security manager to protect against a zero-day
attack?
Answer: D
B. decentralize operations.
D. establish hierarchy.
Answer: A
An organization is developing a disaster recovery plan (DRP) for a data center that hosts multiple applications
The application recovery sequence would BEST be determined through an analysis of:
Answer: B
Which of the following is the FIRST step when defining and prioritizing security controls to be implemented
under an information security program?
A. Review the applicable regulations tn place and their impact to each business function
B. Understand the company's risk appetite and its alignment with the information security strategy
C.
C. Interview function owners across the company to determine the best plan of action.
D. Review recent information security incidents to determine organizational focus areas and priorities
Answer: A
Which of the following is an organization's BEST approach for media communications when experiencing a
disaster?
A. Hold a press conference and advise the media to refer to legal authorities.
C. Report high-level details of the losses and recovery strategy to the media.
Answer: D
Which of the following is the MOST effective way to facilitate the implementation of IT security program
objectives?
Answer: B
Answer: B
Answer: B
Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt
the availability of a critical business application?
C. Version control
Answer: B
Which of the following is the BEST reason for delaying the application of a critical security patch?
B. Resource limitations
D. Technology interdependences
Answer: D
Which of the following is the information security manager's PRIMARY role in the information assets
classification process?
Answer: C
Which of the following activities would BEST incorporate security into the software development life cycle
{SOLO7
Answer: C
Which of the following is the BEST way to determine if an information security program aligns with corporate
governance?
Answer: B
Information security awareness programs are MOST effective when they are:
Answer: A
Which of the following should be of MOST concern to an information security manager reviewing an
organization's data classification program*?
Answer: D
Which of the following is the BEST course of action for an information security manager to align security and
business goals?
Answer: C
Which of the following is the GREATEST security concern when an organization allows the use of social
networks?
B.
Answer: D
Which of the following is the STRONGEST indication that senior management commitment to information
security is lacking within an organization?
Answer: A
Question #:47 - (Exam Topic 2)
Which of the following is MOST important to consider when developing a business continuity plan (BCP)?
Answer: D
Which of the following is the MOST appropriate board-level activity for information security governance?
Answer: D
Senior management is concerned a security solution may not adequately protect its multiple global data centers
following recent industry breaches. What should be done NEXT?
Answer: D
A data leakage prevention (DLP) solution has identified that several employees are sending confidential
company data to their personal email addresses in violation of company policy. The information security
manager should FIRST.
Answer: C
Question #:51 - (Exam Topic 2)
The chief information security officer (ClSO) has developed an information security strategy, but is struggling
to obtain senior management commitment for funds to implement the strategy Which of the following is the
MOST likely reason?
Answer: C
Which of the following is MOST important when carrying out a forensic examination of a laptop to determine
an employee s involvement in a fraud?
Answer: A
Which of the following should provide the PRIMARY justification to approve the implementation of a disaster
recovery (DR) site on the recommendation of an external audit report?
B. Regulatory requirements
C. Cost-benefit analysis
Answer: B
Communicating which of the following would be MOST helpful to gain senior management support for risk
treatment options?
A. industry benchmarks
B. Threat analysis
D. Quantitative loss
Answer: C
Which of the following should be an information security manager's PRIMARY consideration when
developing an incident response plan?
Answer: D
Answer: C
A. international standards.
B. inherent risks.
C. business risks.
D. business demands.
Answer: C
Question #:58 - (Exam Topic 2)
What should be an information security manager's NEXT activity following the remediation of a security
incident?
C.
Answer: C
An information security manager finds that corporate information has been stored on a public cloud storage
site for business collaboration purposes. Which of the following should be the manager's FIRST action?
Answer: D
An information security manager has been asked to integrate security into the software development life cycle
(SDLC) after requirements have already been gathered. In this situation during which phase would integration
be MOST effectrve?
B. Code review
C. Penetration testing
Answer: A
An organization plans to implement a document collaboration solution to allow employees to share company
information. Which of the following is the MOST important control to mitigate the risk associated with the
new solution?
C.
Answer: C
Which of the following is the MOST important reason for performing a cost-benefit analysis when
implementing a security control?
A. To ensure that the mitigation effort does not exceed the asset value
Answer: A
Which of the following is the GREATEST benefit of a centralized approach to coordinating information
security?
Answer: B
Which of the following is the MOST important reason for an organization to develop an information security
governance program?
C. Establishment of accountability
Answer: C
An information security manager has determined that the mean time to prioritize information security
incidents has increased to an unacceptable level. Which of the following processes would BEST enable the
information security manager to address this concern?
A. Forensic analysis
B. Incident response
C. Incident classification
D. Vulnerability assessment
Answer: C
Which of the following is the BEST method to protect against data exposure when a mobile device is stolen?
A. Password protection
B. Insurance
C. Encryption
Answer: C
A validated patch to address a new vulnerability that may affect a mission-critical server has been released.
What should be done immediately?
Answer: A
an organizational objective
information assets
Answer: C
Which of the following would BEST ensure thai security risk assessment is integrated into the life cycle of
major IT projects
A. Having the Information security manager participate on the project steering committees
Answer: B
What is the MOST important role of an organization's data custodian in support of the information security
function?
D.
Answer: B
For an organization that provides web-based services, which of the following security events would MOST
likely initiate an incident response plan and be escalated to management?
Answer: D
Which of the following provides a sound basis for effective security change management?
A. Configuration management
B. Password management
C. Incident management
D. Version management
Answer: A
Answer: A
A newly appointed Information security manager finds mere is minimal interaction between departments in
identifying ...risk due to the organization's current decentralized structure What is the managers BEST course
of action?
B. identify appropriate risk management training for relevant staff in the departments
Answer: D
Which of the following would provide the BEST input to a business case for a technical solution to address
potential system vulnerabilities?
C. Risk assessment
Answer: B
What should an information security manager do FIRST when made aware of a new regulation which may
require the redesign of existing information security processes?
Answer: C
Which of the following is MOST important to help ensure an intrusion prevention system (IPS) can view all
traffic in a demilitarized zone (DMZ)?
Answer: D
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
Answer: B
While conducting a test of a business continuity plan (BCP). which of the following is the MOST important
consideration?
Answer: B
A risk assessment has been conducted following a data owner's decision to outsource an application to a cloud
provider Which of the following should be the information security manager's NEXT course of action?
Answer: D
Which of the following is the MOST effective way for an organization to ensure its third-party service
providers are aware of information security requirements and expectations?
Answer: A
Which of the following defines the MOST comprehensive set of security requirements for a newly developed
information system?
A. Baseline controls
C. Audit findings
Answer: B
The MOST important reason to maintain metrics for incident response activities is to
B.
Answer: A
Question #:84 - (Exam Topic 2)
Which of the following is the MOST appropriate party to approve an information security strategy?
Answer: D
Which of the following is MOST important in the development of metrics for the effectiveness of information
security?
Answer: A
When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines
of business systems that could be impacted by the same threat. Which of the following is the BEST method to
determine the priority of system recovery in the event of a disaster?
Answer: B
Which of the following is the MOST effective approach of delivering security incident response training?
A. Provide on-the-job training and mentoring for the incident response team.
Answer: A
Which of the following is the BEST option for addressing regulations that will adversely affect the allocation
of information security program resources?
Answer: C
When considering whether to adopt bring your own device (BYOD). it is MOST important for the information
security manager to ensure that
A. security controls are applied to each device when joining the network.
Answer: A
Which of the following should be the MOST important consideration when reporting sensitive risk-related
information to stakeholders?
Answer: A
Which of the following would be MOST useful in a report to senior management for evaluating changes in the
organization's information security risk position?
A. Trend analysis
B. Industry benchmarks
D. Risk register
Answer: A
Which of the following presents the MOST significant challenge when classifying IT assets?
Answer: D
Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle
A. continuity planning
B. compliance testing
C. configuration management.
D. change management
Answer: D
What is the BEST way to determine the level of risk associated with information assets processed by an IT
application?
B. Review the cost of acquiring the information assets for the business.
Answer: C
Which of the following should be the MOST important consideration when implementing an information
security framework?
A. Compliance requirements
B. Audit findings
C. Risk appetite
D. Technical capabilities
Answer: A
Question #:96 - (Exam Topic 2)
Presenting which of the following to senior management will be MOST helpful in securing ongoing support
for the information security strategy?
B.
Answer: C
A global organization has developed a strategy to share a customer information database between offices in
two countries. In this situation, it is MOST important to ensure:
B. data sharing complies with local laws and regulations at both locations.
Answer: B
The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:
Answer: B
Answer: C
A corporate web site has become compromised as a result of a malicious attack. Which of the following
should the information security manager do FIRST?
Answer: A
The MAIN objective of identifying and evaluating risk at each software development life cycle (SDLC) stage
is to reduce the:
B. development time
D. mitigation costs.
Answer: D
Which of the following is the PRIMARY purpose of establishing an information security governance
framework?
Answer: A
Which of the following is the BEST source of information to help determine whether a third party's
connections to the organization's internal network are aligned with internal control requirements?
C. Contractual requirements
Answer: C
An organization has announced new initiatives to establish a big data platform and develop mobile apps. What
is the FIRST step when defining new human resource requirements?
Answer: B
Answer: A
In a large organization, defining recovery time objectives (RTOs) is PRIMARILY the responsibility of;
B. the IT manager
C. senior management
Answer: D
Which of the following BEST demonstrates that the objectives of an information security governance
framework are being met?
B. Balanced scorecard
C. Risk dashboard
Answer: D
Several identified risks have been mitigated to an acceptable level with appropriate controls Which of the
following activities would BEST help to maintain acceptable risk levels?
Answer: B
Which of the following is MOST effective in reducing the financial impact following a security breach leading
to data disclosure9
Answer: B
Which of the following would provide the BEST justification for a new information security investment?
Answer: C
To meet operational business needs. IT staff bypassed the change process and applied an unauthorized update
to a critical business system Which of the following is the information security manager's BEST course of
action?
Answer: A
An organization has decided to store production data in a cloud environment. What should be the FIRST
consideration?
A. Data isolation
B.
B. Data classification
C. Data transfer
D. Data backup
Answer: B
Which of the following should cause the GREATEST concern for an information security manager reviewing
the effectiveness of an intrusion prevention system (IDS)?
Answer: B
A. Continuous monitoring
B. Two-factor authentication
C. Layered protection
D. Penetration testing
Answer: C
Which of the following should be of MOST influence to an information security manager when developing IT
security policies?
C. IT security framework
D.
D. Business strategy
Answer: B
When a security weakness is detected at facilities provided by an IT service provider, which of the following
tasks must the information security manager perform FIRST?
Answer: D
The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to
communicate the:
Answer: B
Which of the following would be MOST helpful in gaming support for a business case for an Information
security initiative9
Answer: B
The effectiveness of an information security governance framework will BEST be enhanced if:
Answer: A
An online trading company discovers that a network attack has penetrated the firewall What should be the
information security manager's FIRST response?
Answer: B
System logs and audit logs for sensitive systems should be stored
Answer: B
An information security manager has developed a strategy to address new information security risks resulting
from recent change the business. Which of the following would be MOST important to include when
presenting the strategy to senior management?
Answer: B
Which of the following should an information security manager do FIRST upon learning that a data loss
prevention (DLP) scanner has identified payment card information (PCI) stored in cleartext within accounting
file shares?
Answer: A
During which stage of the software development life cycle (SDLC) should application security controls FIRST
be addressed?
B. Configuration management
C. Requirements gathering
Answer: A
Following a significant change to the underlying code of an application, it is MOST important for the
information security manager to:
Answer: D
Which of the following is the MOST significant security risk in IT asset management?
Answer: B
An organization has identified an increased threat of external brute force attacks in its environment. Which of
the following is the MOST effective way to mitigate this risk to the organization's critical systems?
Answer: C
When developing an escalation process for an incident response plan, the information security manager should
PRIMARILY consider the:
A.
A. affected stakeholders
B. media coverage
Answer: A
Which of the following would MOST likely require a business continuity plan to be invoked?
Answer: C
Which of the following is the PRIMARY responsibility of the information security manager when an
organization implements the use of personally-owned devices on the corporate network?
Answer: C
A risk was identified during a risk assessment. The business process owner has chosen to accept the risk
because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the
information security manager's NEXT course of action?
Answer: A
B. Segregation of duties
Answer: B
An organization is planning to create a website that will collect site-visitor details from around the world and
use them as marketing lists for operations in several countries. Which of the following should be of MOST
concern to the information security manager?
B. Privacy laws in each of the countries using the details for marketing
D. Wording of the website's policy statement on how the details will be used
Answer: B
Which of the following is the MOST relevant risk factor to an organization when employees use social media?
B. Social media increases the velocity of risk and the threat capacity.
Answer: A
Which of the following should be the PRIMARY basis for determining risk appetite?
B. Organizational objectives
C. Industry benchmarks
Answer: D
Conflicting objectives are MOST likely to compromise the effectiveness of the information security process
when information security management is:
Answer: B
Which of the following should be the PRIMARY input when defining the desired state of security within an
organization?
Answer: D
Question #:138 - (Exam Topic 2)
An application system stores customer confidential data and encryption is not practical. The BEST measure to
protect against data disclosure is:
B. single sign-on.
Answer: D
An information security manager has researched several options for handling ongoing security concerns and
will be presenting these solutions to business managers. Which of the following with BEST enable business
managers to make an informed decision?
B. Cost-benefit analysis
C. Risk analysis
D. Gap analysis
Answer: A
An IT department is having difficulty controlling the installation and use of unauthorized software that is in
breach of organizational policy. Which of the following is the MOST effective solution?
Answer: A
Answer: C
An information security manager has been made aware that implementing a control would have an adverse
impact to the business. The business manager has suggested accepting the risk. The BEST course of action by
the information security manager would be to:
Answer: C
Which of the following is the MOST effective way for an Information security manager to ensure that security
is incorporated into an organization's project development processes?
Answer: C
Which of the following is the MAIN objective of classifying a security incident as soon as it is discovered?
Answer: B
Which of the following is the MOST important reason to identify and classify the sensitivity of assets?
Answer: C
Which of the following is necessary to determine what would constitute a disaster for an organization?
D. Risk analysis
Answer: D
Which of the following is the GREATEST benefit of integrating information security program requirements
into vendor management?
D.
Answer: A
Following a highly sensitive data breach at a large company, all servers and workstations were patched. The
information security manager s NEXT step should be to:
Answer: B
Which of the following is the BEST method for management to obtain assurance of compliance with its
security policy?
Answer: B
When making an outsourcing decision, which of the following functions is MOST important to retain within
the organization?
A. Security management
B. Incident response
C. Risk assessment
D. Security governance
Answer: D
The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an
organization is to:
Answer: D
Answer: D
Which is MOST important when contracting an external party to perform a penetration test?
Answer: D
Which of the following factors are the MAIN reasons why large networks are vulnerable?
Answer: A
Which of the following is MOST important to consider when developing a business case to support the
investment In an information security program?
Answer: A
Which of the following is the MOST reliable way to ensure network security incidents are Identified as soon
as possible'
Answer: D
Which of the following provides the BEST indication of strategic alignment between an organization's
information security program and business objectives?
B. A balanced scorecard
Answer: B
An information security manager has been tasked with implementing a security awareness training program
Which of this ..... have the MOST influence on the effectiveness of this program?
Answer: C
The GREATEST advantage of defining multiple types of system administrator accounts with different
privileges is that it helps to ensure:
Answer: B
The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is
by:
A.
Answer: C
From an Information security perspective, legal issues associated with a transborder flow of
technology-related items are MOST often related to
Answer: A
Question #:162 - (Exam Topic 2)
Which of the following will provide the MOST accurate test results for a disaster recovery plan (DRP)?
B. Structured walk-through
C. Parallel test
D. Simulation test
Answer: A
Which of the following is MOST important for an information security manager to ensure when evaluating
change requests?
D.
Answer: A
The MOST important reason to use a centralized mechanism to identify information security incidents is to:
Answer: B
Answer: B
Which of the following is the BEST way for an information security manager to justify ongoing annual
maintenance fees associated with an intrusion prevention system (IPS)*?
C. Perform industry research annually and document the overall ranking of the IPS
Answer: B
Which of the following is the BEST evidence of an effectively designed key risk indicator (KRI)?
Answer: B
Which of the following poses the GREATEST risk to the operational effectiveness of an incident response
team?
Answer: C
Which of the following provides the GREATEST assurance that existing controls meet compliance
requirements?
B. Evaluating metrics
D. Reviewing policies
Answer: B
A payroll application system accepts individual user sign-on IDs and then connects to its database using a
single application ID. The GREATEST weakness under this system architecture is that:
C. users can gam direct access to the application ID and circumvent data controls,
D. when multiple sessions with the same application ID collide, the database locks up
Answer: B
Question #:171 - (Exam Topic 2)
An organization plans to acquire and implement a new web-based solution to enhance service functionality.
Which of the following is the BEST way to ensure that information handled by the solution is secure?
Answer: D
A business unit is preparing the business case for acquiring an e-commerce solution Which of Ihe following
should be provided by the information security manager?
Answer: B
B.
Answer: C
When reporting on the effectiveness of the information security program, which of the following is the BEST
way lo demonstrate improvement m security performance?
C. Provide a summary of security project return on investments (ROls) for the past year.
Answer: D
Question #:175 - (Exam Topic 2)
Which of the following presents the GREATEST concern to the information security manager when using
account locking features on an online application? It can increase vulnerability to.
A. social engineering.
B. phishing.
D. denial of service.
Answer: D
Which of the following is MOST useful to an information security manager when conducting a post-incident
review of an attack?
Answer: D
An attacker was able to gain access to an organizations perimeter firewall and made changes to allow wider
external access and to steal data. Which of the following would have BEST provided timely identification of
this incident?
Answer: D
Which of the following is the MOST important consideration when deciding whether to continue outsourcing
to a managed security service provider?
Answer: B
During the establishment of a service level agreement (SLA) with a cloud service provider, it is MOST
important for the information security manager to:
Answer: B
An organization is considering a self-service solution for the deployment of virtualized development servers.
Which of the following should be information security manager's PRIMARY concern?
Answer: A
Which of the following is the BEST way to integrate information security into corporate governance?
C. Ensure information security processes are part of the existing management processes.
Answer: C
Which of the following recovery approaches generally has the LOWEST periodic cost?
A. Redundant site
B. Reciprocal agreement
D. Cold site
Answer: D
Which of the following metrics would BEST monitor how well information security requirements are
incorporated into the change management process?
Answer: C
Which of the following is the MOST important reason to have documented security procedures and
guidelines?
Answer: D
An organization is considering moving lo a cloud service provider for the storage of sensitive data Which of
the following .... consideration FIRST?
Answer: D
• A bad actor broke into a business-critical FTP server by brute forcing an administrative password
• The third-party service provider hosting the server sent an automated alert message to the help desk, but was
ignored
• The bad actor could not access the administrator console, but was exposed to encrypted data transferred to
the server
• After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate
customers to fail
Which of the following poses the GREATEST risk to the organization related to This event?
D. Removal of data
Answer: A
To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that
security.
Answer: B
A. replacement cost
B. threat level
C. business value
D. frequency of use.
Answer: C
Which of the following security controls should be integrated FIRST into procurement processes to improve
the security of the services provided by suppliers'?
Answer: D
Question #:190 - (Exam Topic 2)
Which of the following would be MOST important to include in a bring your own device (BYOD) policy with
regard to lost or stolen devices? The need for employees to:
Answer: B
Which of the following BEST supports information security management in the event of organizational
changes in security personnel?
Answer: D
When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the
BEST way to ensure effective and timely investigations following an information security incident?
Answer: B
Which of the following should be the PRIMARY objective when developing an information security strategy?
Answer: A
An internal control audit has revealed a control deficiency related to a legacy system where the compensating
controls no longer appear to be effective. Which of the following would BEST help the information security
manager determine the security requirements to resolve the control deficiency?
A. Risk assessment
B. Gap analysis
C. Cost-benefit analysis
D. Business case
Answer: B
Threat and vulnerability assessments are important PRIMARILY because they are:
Answer: C
Answer: D
The responsibility for approving access to data according to the organization's data classification policy
belongs to the:
A. data owner
B. system administrator.
Answer: A
Which of the following is MOST important for an information security manager to verify when selecting a
third-party forensics provider?
A.
Answer: C
Who should be responsible for determining the classification of data within a database used in conjunction
with an enterprise application?
A. Data owner
C. Database architect
D. Database administrator
Answer: A
A core business unit relies on an effective legacy system that does not meet the current security standards and
threatens that enterprise network. Which of the following is the BEST course of action to address the
situation?
A. Require that new systems that can meet the standards be implemented.
Answer: C
Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor
information security risk?
A. The indicator should align with key performance indicators (KPIs) and measure root causes of process
performance issues.
B. The indicator should possess a high correlation with a specific risk and be measured on a regular basis
D. The indicator should provide a retrospective view of risk impacts and be measured annually.
Answer: A
Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential
information?
Answer: C
Which of the following would BEST demonstrate the status of an organization's information security program
to the board of directors?
Answer: C
Which of the following messages would be MOST effective in obtaining senior management's commitment to
information security management?
Answer: C
When establishing an information security strategy, which of the following activities Is MOST helpful in
Identifying critical areas to be protected?
Answer: C
Answer: B
When training an incident response team, the advantage of using tabletop exercises is that they:
Answer: B
A risk has been formally accepted and documented. Which of the following is the MOST important action for
an information security manager?
Answer: C
Which of the following will BEST facilitate the development of appropriate incident response procedures?
Answer: D
When preparing a risk treatment plan, which of the following is the MOST important consideration when
reviewing options for mitigating risk?
A. Cost-benefit analysis
B. User acceptance
C. Control identification
Answer: A
Which of the following provides the GREATEST assurance that information security is addressed in change
management?
Answer: C
Which of the following BEST supports the alignment of information security with business functions?
Answer: C
Which of the following models provides a client organization with the MOST administrative control over a
cloud-hosted environment?
Answer: B
A multinational organization has developed a bring your own device (BYOD) policy that requires the
installation of mobile device management (MDM) software on personally owned devices. Which of the
Answer: B
An information security manager is reviewing the organization's incident response policy affected by a
proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud
service provider?
Answer: A
Answer: A
A data-hosting organization's data center houses servers, applications, and data for a large number of
geographically dispersed customers. Which of the following strategies is the BEST approach for developing a
physical access control policy for the organization?
A.
Answer: B
An outsourced vendor handles an organization's business-critical data. Which of the following is the MOST
effective way for the client organization to obtain assurance of the vendor's security practices?
Answer: B
Which of the following is the MOST important consideration m a bring your own device (BYOD) program to
protect company data in the event of a loss?
Answer: D
Which of the following is MOST helpful to developing a comprehensive Information security strategy?
Answer: D
Question #:221 - (Exam Topic 2)
Which of the following provides the BEST indication that the information security program is in alignment
with enterprise requirements?
Answer: A
During a review to approve a penetration test plan, which of the following should be an information security
Answer: D
Which of the following is MOST helpful in protecting against hacking attempts on the production network?
Answer: D
Which of the following should be the FIRST step when creating an organization's bring your own device
(BYOD) program?
Answer: B
When monitoring the security of a web-based application, which of the following is MOST frequently
reviewed?
A. Access logs
B. Threat metrics
C. Audit reports
D. Access lists
Answer: A
Which of the following is the BEST way to reduce the risk of a ransomware attack?
Answer: C
An organization is the victim of an attack generating multiple incident reports. Which of the following will
BEST enable incident handling and contain exposure?
Answer: D
Which of the following will BEST ensure that possible security incidents are correctly distinguished from
typical help desk requests?
Answer: B
An organization has decided to implement a security information and event management (SIEM) system. It is
MOST important for the organization to consider:
A. threat assessments.
B. data ownership.
D. log sources.
Answer: D
Which of the following is the PRIMARY purpose for defining key performance indicators (KPIs) for a
security program?
Answer: D
Which of the following is the BEST indicator that an organization is appropriately managing risk?
A. The number of events reported from the intrusion detection system (IDS) has declined.
Answer: B
In order to understand an organization's security posture, it is MOST important for an organizations senior
leadership to:
Answer: B
An organization has purchased a security Information and event management (SIEM) tool. Which of the
following is MOST important lo consider before implementation?
A. Controls to be monitored
B. Reporting capabilities
Answer: A
Which of the following is the MOST important security consideration when developing an incident response
strategy with a cloud provider?
A. Technological capabilities
B. Escalation processes
Answer: D
Which of the following should be an information security manager s MOST important consideration when
conducting a physical security review of a potential outsourced data center?
Answer: A
Answer: D
Which of the following trends BEST indicates that the maturity level of an information security program is
improving?
Answer: C
Which of the following approaches would MOST likely ensure that risk management is integrated into the
business life cycle processes?
Answer: B
What would be an information security manager's BEST recommendation upon learning that an existing
contract with a third party does not clearly identify requirements for safeguarding the organization's critical
data?
Answer: D
Senior management has allocated funding to each of the organization s divisions to address information
security vulnerabilities The funding is based on each division's technology budget from the previous fiscal
year. Which of the following should be of GREATEST concern to the information security manager?
Answer: C
Question #:241 - (Exam Topic 2)
Which of the following is MOST important when allowing employees to work at home using personally
owned devices?
Answer: B
Answer: A
While auditing a data center's IT architecture, an information security manager discovers that required
encryption for data communications has not been implemented. Which of the following should be done
NEXT?
Answer: A
What should be the PRIMARY basis for defining the appropriate level of access control to information assets?
A. Business needs
B. Management requests
C. Audit findings
D. Compensating controls
Answer: A
Question #:245 - (Exam Topic 2)
The MOST important objective of security awareness training for business staff is to:
A. modify behavior
D. increase compliance.
Answer: A
What should be an information security manager's BEST course of action if funding for a security-related
initiative is denied by a steering committee?
A.
Answer: D
An organization establishes an internal document collaboration site. To ensure data confidently of each project
group, it is MOST important to:
Answer: B
Answer: A
An information security manager is concerned about the risk of fire at its data processing center To address
this concern, an automatic fire suppression system has been installed Which of the following risk treatments
has been applied?
A. Acceptance
B. Transfer
C. Mitigation
D. Avoidance
Answer: C
Which of the following is MOST effective in the strategic alignment of security initiatives?
Answer: C
Shortly after installation, an intrusion detection system (IDS) reports a violation. Which of the following is the
MOST likely explanation?
Answer: A
An organization wants to enable digital forensics for a business-critical application. Which of the following
will BEST help to support this objective?
Answer: A
The MOST effective way to determine the resources required by internal Incident response teams is to
Answer: D
Senior management has endorsed a comprehensive information security policy. Which of the following should
the organization do NEXT?
Answer: A
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
Answer: B
Answer: D
The MAIN reason for an information security manager to monitor industry level changes in the business and
IT is to:
Answer: B
An information security manager wants to document requirements detailing the minimum security controls
required for user workstations. Which of the following resources would be MOST appropriate for this
purpose?
A. Procedures
B. Guidelines
C. Standards
D. Policies
Answer: D
Which of the following provides the MOST essential input for the development of an information security
strategy?
Answer: D
An online payment provider's computer security incident response team has confirmed that a customer credit
card database was breached. Which of the following would be MOST important to include in a report to senior
management?
Answer: C
Question #:261 - (Exam Topic 2)
An awareness program is implemented to mitigate the risk of infections introduced through the use of social
media Which of the following will BEST determine the effectiveness of the awareness program''
Answer: B
An organizations ability to prevent a security incident In a Software as a Service (SaaS) cloud-com puling
environment is MOST dependent on the:
B.
Answer: D
An incident was detected where customer records were altered without authorization. The GREATEST
concern for forensic analysis would be that the log data:
D. may be modified.
Answer: D
An organization rolled out information security awareness training and wants to perform an end-ot-year
assessment to determine the program's success. Which of the following would be the BEST indicator of the
program's effectiveness?
Answer: C
Answer: A
The PRIMARY objective of periodically testing an incident response plan should be to:
Answer: D
Which of the following is MOST important to the successful implementation of an information security
program?
Answer: C
When a critical incident cannot be contained in a timely manner and the affected system needs to be taken
offline, which of the following stakeholders MUST receive priority communication?
A. System end-users
B. System administrator
D. Senior management
Answer: C
An organization has contracted with an outsourcing company to address a security gap. Which of the
following is the BEST way to determine if the security gap has been addressed?
A. Vulnerability scan
D. Security audit
Answer: D
A business previously accepted the risk associated with a zero-day vulnerability The same vulnerability was
recently exploited in a high-profile attack on another organization m the same Industry Which of the following
should be the information security manager's FIRST course of action?
Answer: A
Which of the following should an information security manager do FIRST when a recent internal audit reveals
a security risk is more severe than previously assessed?
A. Escalate the finding to the business owner and obtain a remediation plan.
Answer: A
What is the MOST effective way to ensure information security incidents will be managed effectively and in a
timely manner?
Answer: B
An information security manager learns of a new international standard related to information security. Which
of the following would be the BEST course of action?
C. Determine whether the organization can benefit from adopting the new standard.
D. Perform a gap analysis between the new standard and existing practices.
Answer: D
An organization has outsourced many application development activities to a third party that uses contract
programmers extensively. Which of the following would provide the BEST assurance that the third party's
contract programmers comply with the organization's security policies?
Answer: A
The BEST way for an information security manager to understand the critically of an online application is to
perform a
A. threat assessment
D. vulnerability assessment
Answer: C
Which of the following would BEST enable integration of information security governance into corporate
governance?
C. Using a balanced scorecard to measure the performance of the information security strategy
Answer: C
Which aspect of an incident response plan will MOST effectively help to limit reputational damage when
multiple media services are seeking a response following a major security breach?
Answer: C
An information security manager has identified and implemented mitigating controls according to industry
best practices. Which of the following is the GREATEST risk associated with this approach?
Answer: A
An organization manages payroll and accounting systems for multiple client companies Which of the
following contract terms would indicate a potential weakness for a disaster recovery hot site?
B. Work-area size Is limited but can be augmented with nearby office space
Answer: A
Senior management is alarmed by recent media reports of severe security incidents at competing organizations
Which of the following would provide the BEST assurance that the organization's current security measures
are performing adequately?
Answer: B
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.
Sales: sales@dumpscollection.com
Feedback: feedback@dumpscollection.com
Support: support@dumpscollection.com
Skype ID: crack4sure@gmail.com
Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.