Rob van der Heijden
Quiz by , created more than 1 year ago

Digital Technologies Quiz on CISM 2014 Questions - 2, created by Rob van der Heijden on 23/03/2017.

72
0
0
Eduardo Castella7911
Created by Eduardo Castella7911 almost 9 years ago
Rob van der Heijden
Copied by Rob van der Heijden over 7 years ago
Close

CISM 2014 Questions - 2

Question 1 of 200

1

Strategic alignment is PRIMARILY achieved when services provided by the information security department:

Select one of the following:

  • A. reflect the requirements of key business stakeholders.

  • B. reflect the desires of the IT executive team.

  • C. reflect the requirements of industry best practices.

  • D. are reliable and cost-effective.

Explanation

Question 2 of 200

1

What is the TYPICAL output of a risk assessment?

Select one of the following:

  • A. A list of appropriate controls for reducing or eliminating risk

  • B. Documented threats to the organization

  • C. Evaluation of the consequences to the entity

  • D. An inventory of risk that may impact the organization

Explanation

Question 3 of 200

1

Which of the following actions is the BEST to ensure that incident response activities are consistent with the requirements of business continuity?

Select one of the following:

  • A. Develop a scenario and perform a structured walk-through.

  • B. Draft and publish a clear practice for enterprise-level incident response.

  • C. Establish a cross-departmental working group to share perspectives.

  • D. Develop a project plan for end-to-end testing of disaster recovery.

Explanation

Question 4 of 200

1

What is the BEST risk response for risk scenarios where the likelihood of a disruptive event for an asset is very low, but the potential financial impact is very high?

Select one of the following:

  • A. Accept the high cost of protection.

  • B. Implement detective controls.

  • C. Ensure that asset exposure is low.

  • D. Transfer the risk to a third party.

Explanation

Question 5 of 200

1

An effective risk management program should reduce risk to:

Select one of the following:

  • A. zero.

  • B. an acceptable level.

  • C. an acceptable percent of revenue.

  • D. an acceptable probability of occurrence.

Explanation

Question 6 of 200

1

The formal declaration of organizational information security goals and objectives should be found in the:

Select one of the following:

  • A. information security procedures.

  • B. information security principles.

  • C. employee code of conduct.

  • D. information security policy.

Explanation

Question 7 of 200

1

Which of the following is MOST effective in preventing disruptions to production systems?

Select one of the following:

  • A. Patch management

  • B. Security baselines

  • C. Virus detection

  • D. Change management

Explanation

Question 8 of 200

1

What is the MOST effective access control method to prevent users from sharing files with unauthorized users?

Select one of the following:

  • A. Mandatory

  • B. Discretionary

  • C. Walled garden

  • D. Role-based

Explanation

Question 9 of 200

1

Quantitative risk analysis is MOST appropriate when assessment results:

Select one of the following:

  • A. include customer perceptions.

  • B. contain percentage estimates.

  • C. lack specific details.

  • D. contain subjective information.

Explanation

Question 10 of 200

1

When should risk assessments be performed for optimum effectiveness?

Select one of the following:

  • A. At the beginning of security program development

  • B. On a continuous basis

  • C. While developing the business case for the security program

  • D. During the business change process

Explanation

Question 11 of 200

1

Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?

Select one of the following:

  • A. Obtain the support of the board of directors.

  • B. Improve the content of the information security awareness program.

  • C. Improve the employees' knowledge of security policies.

  • D. Implement logical access controls to the information systems.

Explanation

Question 12 of 200

1

Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?

Select one of the following:

  • A. User assessments of changes

  • B. Comparison of the program results with industry standards

  • C. Assignment of risk within the organization

  • D. Participation by all members of the organization

Explanation

Question 13 of 200

1

Which of the following is MOST important to the success of an information security program?

Select one of the following:

  • A. Security awareness training

  • B. Achievable goals and objectives

  • C. Senior management sponsorship

  • D. Adequate start-up budget and staffing

Explanation

Question 14 of 200

1

Which of the following is the MOST important step before implementing a security policy?

Select one of the following:

  • A. Communicating to employees

  • B. Training IT staff

  • C. Identifying relevant technologies for automation

  • D. Obtaining sign-off from stakeholders

Explanation

Question 15 of 200

1

For global organizations, which of the following is MOST essential to the continuity of operations in an emergency situation?

Select one of the following:

  • A. A documented succession plan

  • B. Distribution of key process documents

  • C. A reciprocal agreement with an alternate site

  • D. Strong senior management leadership

Explanation

Question 16 of 200

1

What is the PRIMARY benefit of a security awareness training program?

Select one of the following:

  • A. To reduce the likelihood of an information security event

  • B. To encourage compliance with information security policy

  • C. To comply with the local and industry-specific regulation and legislation

  • D. To provide employees with expectations for information security

Explanation

Question 17 of 200

1

When the computer incident response team (CIRT) finds clear evidence that a hacker has penetrated the corporate network and modified customer information, an information security manager should FIRST notify:

Select one of the following:

  • A. the information security steering committee.

  • B. customers who may be impacted.

  • C. data owners who may be impacted.

  • D. regulatory agencies overseeing privacy.

Explanation

Question 18 of 200

1

When a major vulnerability in the security of a critical web server is discovered, immediate notification should be made to the:

Select one of the following:

  • A. system owner to take corrective action.

  • B. incident response team to investigate.

  • C. data owners to mitigate damage.

  • D. development team to remediate.

Explanation

Question 19 of 200

1

Which of the following vulnerabilities allowing attackers access to the application database is the MOST serious?

Select one of the following:

  • A. Validation checks are missing in data input pages.

  • B. Password rules do not allow sufficient complexity.

  • C. Application transaction log management is weak.

  • D. Application and database share a single access ID.

Explanation

Question 20 of 200

1

A customer credit card database has been reported as being breached by hackers. What is the FIRST step in dealing with this attack?

Select one of the following:

  • A. Confirm the incident.

  • B. Notify senior management.

  • C. Start containment.

  • D. Notify law enforcement.

Explanation

Question 21 of 200

1

The facilities department of a large financial organization uses electronic swipe cards to manage physical access. The information security manager requests that facilities provide the manager with read-only access to the physical access data. What is the MOST likely purpose?

Select one of the following:

  • A. To monitor that personnel are complying with contract provisions

  • B. To determine who is in the building in case of fire

  • C. To compare logical and physical access for anomalies

  • D. To ensure that the physical access control system is operating correctly

Explanation

Question 22 of 200

1

Who is ultimately responsible for the organization's information?

Select one of the following:

  • A. Data custodian

  • B. Chief information security officer (CISO)

  • C. Board of directors

  • D. Chief information officer (CIO)

Explanation

Question 23 of 200

1

Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?

Select one of the following:

  • A. Communicating specially drafted messages by an authorized person

  • B. Refusing to comment until recovery

  • C. Referring the media to the authorities

  • D. Reporting the losses and recovery strategy to the media

Explanation

Question 24 of 200

1

What should an information security manager focus on when speaking to an organization's human resources department about information security?

Select one of the following:

  • A. An adequate budget for the security program

  • B. Recruitment of technical IT employees

  • C. Periodic risk assessments

  • D. Security awareness training for employees

Explanation

Question 25 of 200

1

Which of the following are the MOST important criteria when selecting virus protection software?

Select one of the following:

  • A. Product market share and annualized cost

  • B. Ability to interface with intrusion detection system (IDS) software and firewalls

  • C. Alert notifications and impact assessments for new viruses

  • D. Ease of maintenance and frequency of updates

Explanation

Question 26 of 200

1

Information security policy enforcement is the responsibility of the:

Select one of the following:

  • A. security steering committee.

  • B. chief information officer (CIO).

  • C. chief information security officer (CISO).

  • D. chief compliance officer (CCO).

Explanation

Question 27 of 200

1

Which of the following helps management determine the resources needed to mitigate a risk to the organization?

Select one of the following:

  • A. Risk analysis process

  • B. Business impact analysis (BIA)

  • C. Risk management balanced scorecard

  • D. Risk-based audit program

Explanation

Question 28 of 200

1

Which of the following is the MOST important consideration when developing an information security strategy?

Select one of the following:

  • A. Resources available to implement the program

  • B. Compliance with legal and regulatory constraints

  • C. Effectiveness of risk mitigation

  • D. Resources required to implement the strategy

Explanation

Question 29 of 200

1

When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?

Select one of the following:

  • A. Business continuity plan

  • B. Disaster recovery plan

  • C. Incident response plan

  • D. Vulnerability management plan

Explanation

Question 30 of 200

1

From an information security perspective, which of the following will have the GREATEST impact on a financial enterprise with offices in various countries and involved in transborder transactions?

Select one of the following:

  • A. Current and future technologies

  • B. Evolving data protection regulations

  • C. Economizing the costs of network bandwidth

  • D. Centralization of information security

Explanation

Question 31 of 200

1

Which of the following control measures BEST addresses integrity?

Select one of the following:

  • A. Nonrepudiation

  • B. Timestamps

  • C. Biometric scanning

  • D. Encryption

Explanation

Question 32 of 200

1

An employee's computer has been infected with a new virus. What should be the FIRST action?

Select one of the following:

  • A. Execute the virus scan.

  • B. Report the incident to senior management.

  • C. Format the hard disk.

  • D. Disconnect the computer from the network.

Explanation

Question 33 of 200

1

What practice should FIRST be applied to an emergency security patch that has been received via email?

Select one of the following:

  • A. The patch should be loaded onto an isolated test machine.

  • B. The patch should be decompiled to check for malicious code.

  • C. The patch should be validated to ensure its authenticity.

  • D. The patch should be copied onto write-once media to prevent tampering.

Explanation

Question 34 of 200

1

The purpose of incident management and response is to:

Select one of the following:

  • A. recover an activity interrupted by an emergency or disaster, within a defined time and cost.

  • B. perform a walk-through of the steps required to recover from an adverse event.

  • C. reduce business disruption insurance premiums for the business.

  • D. address disruptive events with the objective of controlling impacts within acceptable levels.

Explanation

Question 35 of 200

1

Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?

Select one of the following:

  • A. More uniformity in quality of service

  • B. Better adherence to policies

  • C. Better alignment to business unit needs

  • D. More savings in total operating costs

Explanation

Question 36 of 200

1

Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?

Select one of the following:

  • A. Implement countermeasures.

  • B. Eliminate the risk.

  • C. Transfer the risk.

  • D. Accept the risk.

Explanation

Question 37 of 200

1

The FIRST step in developing a business case is to:

Select one of the following:

  • A. determine the probability of success.

  • B. calculate the return on investment (ROI).

  • C. analyze the cost-effectiveness.

  • D. define the issues to be addressed.

Explanation

Question 38 of 200

1

Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?

Select one of the following:

  • A. Most new viruses' signatures are identified over weekends

  • B. Technical personnel are not available to support the operation

  • C. Systems are vulnerable to new viruses during the intervening week

  • D. The update's success or failure is not known until Monday

Explanation

Question 39 of 200

1

The purpose of an information security policy is to:

Select one of the following:

  • A. express clearly and concisely the goals of an information security protection program.

  • B. outline the intended configuration of information system security controls.

  • C. mandate the behavior and acceptable actions of all information system users.

  • D. authorize the steps and procedures necessary to protect critical information systems.

Explanation

Question 40 of 200

1

What is an advantage of sending messages using steganographic techniques as opposed to utilizing encryption?

Select one of the following:

  • A. The existence of messages is unknown.

  • B. Required key sizes are smaller.

  • C. Traffic cannot be sniffed.

  • D. Reliability of the data is higher in transit.

Explanation

Question 41 of 200

1

Which of the following is the MOST important information to include in a strategic plan for information security?

Select one of the following:

  • A. Information security staffing requirements

  • B. Current state and desired future state

  • C. IT capital investment requirements

  • D. Information security mission statement

Explanation

Question 42 of 200

1

Which of the following represents the MAJOR focus of privacy regulations?

Select one of the following:

  • A. Unrestricted data mining

  • B. Identity theft

  • C. Human rights protection

  • D. Identifiable personal data

Explanation

Question 43 of 200

1

Which of the following requirements is the MOST important when developing information security governance?

Select one of the following:

  • A. Complying with applicable corporate standards

  • B. Achieving cost effectiveness of risk mitigation

  • C. Obtaining consensus of business units

  • D. Aligning with organizational goals

Explanation

Question 44 of 200

1

An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?

Select one of the following:

  • A. Direct information security on what they need to do

  • B. Research solutions to determine the proper solutions

  • C. Require management to report on compliance

  • D. Nothing; information security does not report to the board

Explanation

Question 45 of 200

1

Once the objective of performing a security review has been defined, the NEXT step for the information security manager is to determine:

Select one of the following:

  • A. constraints.

  • B. approach.

  • C. scope.

  • D. results.

Explanation

Question 46 of 200

1

Which of the following should be identified in the business continuity policy?

Select one of the following:

  • A. Emergency call trees

  • B. Recovery criteria

  • C. Business impact assessment (BIA)

  • D. Critical backups inventory

Explanation

Question 47 of 200

1

An organization is planning to deliver subscription-based educational services to customers online that will require customers to log in with their user IDs and passwords. Which of the following is the BEST method to validate passwords entered by a customer before access to educational resources is granted?

Select one of the following:

  • A. Encryption

  • B. Content filtering

  • C. Database hardening

  • D. Hashing

Explanation

Question 48 of 200

1

Which person or group should have final approval of an organization's information security policies?

Select one of the following:

  • A. Business unit managers

  • B. Chief information security officer (CISO)

  • C. Senior management

  • D. Chief information officer (CIO)

Explanation

Question 49 of 200

1

How can access control to a sensitive intranet application by mobile users BEST be implemented?

Select one of the following:

  • A. Through data encryption

  • B. Through digital signatures

  • C. Through strong passwords

  • D. Through two-factor authentication

Explanation

Question 50 of 200

1

To ensure that all employees follow procedures regarding the integrity and confidentiality of personal identifiable information (PII), a hospital required that policies and procedures be put in place for data access and that all data stored should be encrypted. This is an example of what type of controls?

Select one of the following:

  • A. Administrative and technical controls

  • B. Administrative and deterrent controls

  • C. Technical and physical controls

  • D. Administrative and corrective controls

Explanation

Question 51 of 200

1

Which of the following is MOST likely to be responsible for establishing the information security requirements over an application?

Select one of the following:

  • A. IT steering committee

  • B. Data owner

  • C. System owner

  • D. IS auditor

Explanation

Question 52 of 200

1

Effective governance of enterprise IT is BEST ensured by:

Select one of the following:

  • A. utilizing a bottom-up approach.

  • B. management by the IT department.

  • C. referring the matter to the organization's legal department.

  • D. utilizing a top-down approach.

Explanation

Question 53 of 200

1

After performing an asset classification, the information security manager is BEST able to determine the:

Select one of the following:

  • A. level of risk to information resources.

  • B. impact of a compromise.

  • C. requirements for control strength.

  • D. annual loss expectancy (ALE).

Explanation

Question 54 of 200

1

An information security manager is performing a security review and determines that not all employees comply with the access control policy for the data center. The FIRST step to address this issue should be to:

Select one of the following:

  • A. assess the risk of noncompliance.

  • B. initiate security awareness training.

  • C. prepare a status report for management.

  • D. increase compliance enforcement.

Explanation

Question 55 of 200

1

The MOST effective use of a risk register is to:

Select one of the following:

  • A. identify risks and assign roles and responsibilities for mitigation.

  • B. identify threats and probabilities.

  • C. facilitate a thorough review of all IT-related risks on a periodic basis.

  • D. record the annualized financial amount of expected losses due to risks.

Explanation

Question 56 of 200

1

The factor that is MOST likely to result in identification of security incidents is:

Select one of the following:

  • A. effective communication and reporting processes.

  • B. clear policies detailing incident severity levels.

  • C. intrusion detection system (IDS) capabilities.

  • D. security awareness training.

Explanation

Question 57 of 200

1

Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?

Select one of the following:

  • A. Detailed technical recovery plans are maintained offsite

  • B. Network redundancy is maintained through separate providers

  • C. Hot site equipment needs are recertified on a regular basis

  • D. Appropriate declaration criteria have been established

Explanation

Question 58 of 200

1

What is the PRIMARY purpose of using risk analysis within a security program?

Select one of the following:

  • A. The risk analysis helps justify the security expenditure.

  • B. The risk analysis helps prioritize the assets to be protected.

  • C. The risk analysis helps inform executive management of the residual risk.

  • D. The risk analysis helps assess exposures and plan remediation.

Explanation

Question 59 of 200

1

What is the MOST cost-effective means of improving security awareness of staff personnel?

Select one of the following:

  • A. Employee monetary incentives

  • B. User education and training

  • C. A zero-tolerance security policy

  • D. Reporting of security infractions

Explanation

Question 60 of 200

1

Which is the BEST way to assess aggregate risk derived from a chain of linked system vulnerabilities?

Select one of the following:

  • A. Vulnerability scans

  • B. Penetration tests

  • C. Code reviews

  • D. Security audits

Explanation

Question 61 of 200

1

Which of the following provides the BEST defense against the introduction of malware in end-user computers via the Internet browser?

Select one of the following:

  • A. Input validation checks on SQL injection

  • B. Restricting access to social media sites

  • C. Deleting temporary files

  • D. Restricting execution of mobile code

Explanation

Question 62 of 200

1

Of the following, retention of business records should be PRIMARILY based on:

Select one of the following:

  • A. periodic vulnerability assessment.

  • B. regulatory and legal requirements.

  • C. device storage capacity and longevity.

  • D. past litigation.

Explanation

Question 63 of 200

1

Which of the following is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?

Select one of the following:

  • A. Perform periodic penetration testing

  • B. Establish minimum security baselines

  • C. Implement vendor default settings

  • D. Install a honeypot on the network

Explanation

Question 64 of 200

1

A newly hired information security manager notes that existing information security practices and procedures appear ad hoc. Based on this observation, the next action should be to:

Select one of the following:

  • A. assess the commitment of senior management to the program.

  • B. assess the maturity level of the organization.

  • C. review the corporate standards.

  • D. review corporate risk management practices.

Explanation

Question 65 of 200

1

Risk management programs are designed to reduce risk to:

Select one of the following:

  • A. a level that is too small to be measurable.

  • B. the point at which the benefit exceeds the expense.

  • C. a level that the organization is willing to accept.

  • D. a rate of return that equals the current cost of capital.

Explanation

Question 66 of 200

1

An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?

Select one of the following:

  • A. Design a training program for the staff involved to heighten information security awareness

  • B. Set role-based access permissions on the shared folder

  • C. The end user develops a PC macro program to compare sender and recipient file contents

  • D. Shared folder operators sign an agreement to pledge not to commit fraudulent activities

Explanation

Question 67 of 200

1

An organization has recently developed and approved an access control policy. Which of the following will be MOST effective in communicating the access control policy to the employees?

Select one of the following:

  • A. Requiring employees to formally acknowledge receipt of the policy

  • B. Integrating security requirements into job descriptions

  • C. Making the policy available on the intranet

  • D. Implementing an annual retreat for employees on information security

Explanation

Question 68 of 200

1

Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?

Select one of the following:

  • A. Signal strength

  • B. Number of administrators

  • C. Bandwidth

  • D. Encryption strength

Explanation

Question 69 of 200

1

Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?

Select one of the following:

  • A. Cost to build a redundant processing facility and invocation

  • B. Daily cost of losing critical systems and recovery time objectives (RTOs)

  • C. Infrastructure complexity and system sensitivity

  • D. Criticality results from the business impact analysis (BIA)

Explanation

Question 70 of 200

1

Who can BEST approve plans to implement an information security governance framework?

Select one of the following:

  • A. Internal auditor

  • B. Information security management

  • C. Steering committee

  • D. Infrastructure management

Explanation

Question 71 of 200

1

Successful implementation of information security governance will FIRST require:

Select one of the following:

  • A. security awareness training.

  • B. updated security policies.

  • C. a computer incident management team.

  • D. a security architecture.

Explanation

Question 72 of 200

1

Which of the following measures would be MOST effective against insider threats to confidential information?

Select one of the following:

  • A. Role-based access control

  • B. Audit trail monitoring

  • C. Privacy policy

  • D. Defense-in-depth

Explanation

Question 73 of 200

1

When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

Select one of the following:

  • A. aligned with the IT strategic plan.

  • B. based on the current rate of technological change.

  • C. three-to-five years for both hardware and software.

  • D. aligned with the business strategy.

Explanation

Question 74 of 200

1

What is the PRIMARY basis for the prioritization of security spending and budgeting?

Select one of the following:

  • A. The identified levels of risk

  • B. Industry trends

  • C. An increased cost of services

  • D. The allocated revenue of the enterprise

Explanation

Question 75 of 200

1

Which of the following approaches is BEST for addressing regulatory requirements?

Select one of the following:

  • A. Treat regulatory compliance as any other risk.

  • B. Ensure that policies address regulatory requirements.

  • C. Make regulatory compliance mandatory.

  • D. Obtain insurance for noncompliance.

Explanation

Question 76 of 200

1

What is the BEST way to ensure that an external service provider complies with organizational security policies?

Select one of the following:

  • A. Explicitly include the service provider in the security policies

  • B. Receive acknowledgement in writing stating the provider has read all policies

  • C. Cross-reference to policies in the service level agreement

  • D. Perform periodic reviews of the service provider

Explanation

Question 77 of 200

1

When performing a business impact analysis (BIA), which of the following would be the MOST appropriate to calculate the recovery time and cost estimates?

Select one of the following:

  • A. Information security manager

  • B. Information owners

  • C. Business continuity coordinator

  • D. Information technology (IT) operations manager

Explanation

Question 78 of 200

1

Which of the following is the BEST approach to obtain senior management commitment to the information security program?

Select one of the following:

  • A. Describe the reduction of risk.

  • B. Present the emerging threat environment.

  • C. Benchmark against other enterprises.

  • D. Demonstrate the alignment of the program to business objectives.

Explanation

Question 79 of 200

1

Which of the following would be the BEST indicator of an asset's value to an organization?

Select one of the following:

  • A. Risk assessment

  • B. Security audit

  • C. Certification

  • D. Classification

Explanation

Question 80 of 200

1

An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?

Select one of the following:

  • A. Ensure that critical data on the server are backed up.

  • B. Shut down the compromised server.

  • C. Initiate the incident response process.

  • D. Shut down the network.

Explanation

Question 81 of 200

1

Which of the following is an indicator of effective governance?

Select one of the following:

  • A. A defined information security architecture

  • B. Compliance with international security standards

  • C. Periodic external audits

  • D. An established risk management program

Explanation

Question 82 of 200

1

What activity should information security management perform FIRST when assessing the potential impact of new privacy legislation on the organization?

Select one of the following:

  • A. Develop an operational plan for achieving compliance with the legislation.

  • B. Identify systems and processes that contain privacy components.

  • C. Restrict the collection of personal information until compliant.

  • D. Identify privacy legislation in other countries that may contain similar requirements.

Explanation

Question 83 of 200

1

Who has the FINAL responsibility for classifying information?

Select one of the following:

  • A. Data custodian

  • B. Legal department

  • C. Data owner

  • D. Chief information security officer (CISO)

Explanation

Question 84 of 200

1

Which of the following is involved when conducting a business impact analysis (BIA)?

Select one of the following:

  • A. Identifying security threats and vulnerabilities

  • B. Developing notification and activation procedures

  • C. Listing investigative priorities

  • D. Listing critical business resources

Explanation

Question 85 of 200

1

Which of the following has the highest priority when defining an emergency response plan?

Select one of the following:

  • A. Critical data

  • B. Critical infrastructure

  • C. Safety of personnel

  • D. Vital records

Explanation

Question 86 of 200

1

Why is public key infrastructure (PKI) the preferred model when providing encryption keys to a large number of individuals?

Select one of the following:

  • A. It is computationally more efficient.

  • B. It is more scalable than a symmetric key.

  • C. It is less costly to maintain than a symmetric key approach.

  • D. It provides greater encryption strength than a secret key model.

Explanation

Question 87 of 200

1

Which of the following activities will MOST effectively foster effective security behavior?

Select one of the following:

  • A. Implementing a security awareness program

  • B. Rewarding compliance with security policies and guidelines

  • C. Implementing a discipline and reward system

  • D. Implementing a whistle-blower hotline

Explanation

Question 88 of 200

1

How should an information security manager proceed when selecting a public cloud vendor to provide outsourced infrastructure and software?

Select one of the following:

  • A. Insist on strict service level agreements (SLAs) to guarantee application availability.

  • B. Verify that the vendor's security architecture meets the organization's requirements.

  • C. Update the organization's security policies to reflect the vendor agreement.

  • D. Consult a third party to provide an audit report to assess the vendor's security program.

Explanation

Question 89 of 200

1

Once residual risk has been determined, the enterprise should NEXT:

Select one of the following:

  • A. transfer the remaining risk to a third party.

  • B. acquire insurance against the effects of the residual risk.

  • C. validate that the residual risk is acceptable.

  • D. formally document and accept the residual risk.

Explanation

Question 90 of 200

1

The use of insurance is an example of which of the following?

Select one of the following:

  • A. Risk mitigation

  • B. Risk acceptance

  • C. Risk elimination

  • D. Risk transfer

Explanation

Question 91 of 200

1

Who should approve user access in business-critical applications?

Select one of the following:

  • A. The information security manager

  • B. The data owner

  • C. The data custodian

  • D. Business management

Explanation

Question 92 of 200

1

The PRIMARY goal of developing an information security strategy is to:

Select one of the following:

  • A. establish security metrics and performance monitoring.

  • B. educate business process owner s regarding their duties.

  • C. ensure that legal and regulatory requirements are met.

  • D. support the business objectives of the organization.

Explanation

Question 93 of 200

1

To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?

Select one of the following:

  • A. Database server

  • B. Domain name server (DNS)

  • C. Time server

  • D. Proxy server

Explanation

Question 94 of 200

1

What is the BEST technique to determine which security controls to implement with a limited budget?

Select one of the following:

  • A. Risk analysis

  • B. Annualized loss expectancy (ALE) calculations

  • C. Cost-benefit analysis

  • D. Impact analysis

Explanation

Question 95 of 200

1

In implementing information security governance, the information security manager is PRIMARILY responsible for:

Select one of the following:

  • A. developing the security strategy.

  • B. reviewing the security strategy.

  • C. communicating the security strategy.

  • D. approving the security strategy.

Explanation

Question 96 of 200

1

Who has the inherent authority to grant an exception to information security policy?

Select one of the following:

  • A. The business process owner

  • B. The departmental manager

  • C. The policy approver

  • D. The information security manager

Explanation

Question 97 of 200

1

What should be the PRIMARY basis of a road map for implementing information security governance?

Select one of the following:

  • A. Policies

  • B. Architecture

  • C. Legal requirements

  • D. Strategy

Explanation

Question 98 of 200

1

Which of the following would BEST address the risk of data leakage?

Select one of the following:

  • A. File backup procedures

  • B. Database integrity checks

  • C. Acceptable use policies

  • D. Incident response procedures

Explanation

Question 99 of 200

1

Which of the following is the BEST approach to deal with inadequate funding of the information security program?

Select one of the following:

  • A. Eliminate low-priority security services.

  • B. Require management to accept the increased risk.

  • C. Use third-party providers for low-risk activities.

  • D. Reduce monitoring and compliance enforcement activities.

Explanation

Question 100 of 200

1

Which of the following events generally has the highest information security impact?

Select one of the following:

  • A. Opening a new office

  • B. Merging with another organization

  • C. Relocating the data center

  • D. Rewiring the network

Explanation

Question 101 of 200

1

An organization's board of directors is concerned about recent fraud attempts that originated over the Internet. What action should the board take to address this concern?

Select one of the following:

  • A. Direct information security regarding specific resolutions that are needed to address the risk.

  • B. Research solutions to determine appropriate actions for the company.

  • C. Take no action; information security does not report to the board.

  • D. Direct management to assess the risk and to report the results to the board.

Explanation

Question 102 of 200

1

An information security manager wants to implement a security information and event management system (SIEM) not funded in the current budget. Which of the following choices is MOST likely to persuade management of this need?

Select one of the following:

  • A. A comprehensive risk assessment

  • B. An enterprisewide impact assessment

  • C. A well-developed business case

  • D. Computing the net present value (NPV) of future savings

Explanation

Question 103 of 200

1

Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?

Select one of the following:

  • A. Restore servers from backup media stored offsite

  • B. Conduct an assessment to determine system status

  • C. Perform an impact analysis of the outage

  • D. Isolate the screened subnet

Explanation

Question 104 of 200

1

When a significant security breach occurs, what should be reported FIRST to senior management?

Select one of the following:

  • A. A summary of the security logs that illustrates the sequence of events

  • B. An explanation of the incident and corrective action taken

  • C. An analysis of the impact of similar attacks at other organizations

  • D. A business case for implementing stronger logical access controls

Explanation

Question 105 of 200

1

Which of the following are the essential ingredients of a business impact analysis (BIA)?

Select one of the following:

  • A. Downtime tolerance, resources and criticality

  • B. Cost of business outages in a year as a factor of the security budget

  • C. Business continuity testing methodology being deployed

  • D. Structure of the crisis management team

Explanation

Question 106 of 200

1

The use of public key encryption for the purpose of providing encryption keys between a large number of individuals is preferred PRIMARILY because:

Select one of the following:

  • A. public key encryption is computationally more efficient.

  • B. scaling is less of a problem than using a symmetrical key.

  • C. public key encryption is less costly to maintain than symmetric key approaches.

  • D. public key encryption provides greater encryption strength than secret key options.

Explanation

Question 107 of 200

1

What is the FIRST step of performing an information risk analysis?

Select one of the following:

  • A. Establish the ownership of assets.

  • B. Evaluate the risks to the assets.

  • C. Take an asset inventory.

  • D. Categorize the assets.

Explanation

Question 108 of 200

1

Integrating a number of different activities in the development of an information security infrastructure is BEST achieved by developing:

Select one of the following:

  • A. a business plan.

  • B. an architecture.

  • C. requirements.

  • D. specifications.

Explanation

Question 109 of 200

1

Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?

Select one of the following:

  • A. Never use open source tools

  • B. Focus only on production servers

  • C. Follow a linear process for attacks

  • D. Do not interrupt production processes

Explanation

Question 110 of 200

1

Which of the following would be the BEST approach to securing approval for information security expenditures?

Select one of the following:

  • A. Developing a business case

  • B. Conducting a cost-benefit analysis

  • C. Calculating return on investment (ROI)

  • D. Evaluating loss history

Explanation

Question 111 of 200

1

Asset classification should be MOSTLY based on:

Select one of the following:

  • A. business value.

  • B. book value.

  • C. replacement cost.

  • D. initial cost.

Explanation

Question 112 of 200

1

At what interval should a risk assessment TYPICALLY be conducted?

Select one of the following:

  • A. Once a year for each business process and subprocess

  • B. Every three to six months for critical business processes

  • C. On a continuous basis

  • D. Annually or whenever there is a significant change

Explanation

Question 113 of 200

1

Untested response plans:

Select one of the following:

  • A. depend on up-to-date contact information.

  • B. pose an unacceptable risk to the organization.

  • C. pose a risk that the plan will not work when needed.

  • D. are quickly distinguished from tested plans.

Explanation

Question 114 of 200

1

Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?

Select one of the following:

  • A. The information security department has had difficulty filling vacancies.

  • B. The chief information officer (CIO) approves changes to the security policy.

  • C. The information security oversight committee only meets quarterly.

  • D. The data center manager has final signoff on all security projects.

Explanation

Question 115 of 200

1

An organization's chief information security officer (CISO) would like to ensure that operations are prioritized correctly for recovery in case of a disaster. Which of the following would be the BEST to use?

Select one of the following:

  • A. A business impact assessment

  • B. An organization risk assessment

  • C. A business process map

  • D. A threat statement

Explanation

Question 116 of 200

1

What task should be performed once a security incident has been verified?

Select one of the following:

  • A. Identify the incident.

  • B. Contain the incident.

  • C. Determine the root cause of the incident.

  • D. Perform a vulnerability assessment.

Explanation

Question 117 of 200

1

An organization has commissioned an information security expert to perform network penetration testing and has provided the expert with information about the infrastructure to be tested. The benefit of this approach is:

Select one of the following:

  • A. more time is devoted to exploitation than to fingerprinting and discovery.

  • B. this accurately simulates an external hacking attempt.

  • C. the ability to exploit Transmission Control Protocol/Internet Protocol (TCP/IP) vulnerabilities.

  • D. the elimination of the need for penetration testing tools.

Explanation

Question 118 of 200

1

Which of the following is the BEST way to mitigate the risk of the database administrator reading sensitive data from the database?

Select one of the following:

  • A. Log all access to sensitive data.

  • B. Employ application-level encryption.

  • C. Install a database monitoring solution.

  • D. Develop a data security policy.

Explanation

Question 119 of 200

1

Which of the following is MOST essential when assessing risk?

Select one of the following:

  • A. Providing equal coverage for all asset types

  • B. Benchmarking data from similar organizations

  • C. Considering both monetary value and likelihood of loss

  • D. Focusing on valid past threats and business losses

Explanation

Question 120 of 200

1

Obtaining another party's public key is required to initiate which of the following activities?

Select one of the following:

  • A. Authorization

  • B. Digital signing

  • C. Authentication

  • D. Nonrepudiation

Explanation

Question 121 of 200

1

A regulatory authority has just introduced a new regulation pertaining to the release of quarterly financial results. The FIRST task that the security officer should perform is to:

Select one of the following:

  • A. identify whether current controls are adequate.

  • B. communicate the new requirement to audit.

  • C. implement the requirements of the new regulation.

  • D. conduct a cost-benefit analysis of implementing the control.

Explanation

Question 122 of 200

1

Which of the following is the MOST important to ensure a successful recovery?

Select one of the following:

  • A. Backup media is stored offsite

  • B. Recovery location is secure and accessible

  • C. More than one hot site is available

  • D. Network alternate links are regularly tested

Explanation

Question 123 of 200

1

Which of the following is the MOST important consideration when developing a service level agreement (SLA) to mitigate the risk that outsourcing will result in a loss to the business?

Select one of the following:

  • A. The nature of the indemnity clause

  • B. Ensuring that the business objectives are defined and met

  • C. Alignment of information system security objectives with enterprise goals

  • D. Compliance with legal requirements

Explanation

Question 124 of 200

1

Which of the following BEST prevents successful social engineering attacks?

Select one of the following:

  • A. Preemployment screening

  • B. Close monitoring of users' access patterns

  • C. Periodic awareness training

  • D. Efficient termination procedures

Explanation

Question 125 of 200

1

The assessment of risk is always subjective. To improve accuracy, which of the following is the MOST important action to take?

Select one of the following:

  • A. Train or "calibrate" the assessor.

  • B. Utilize only standardized approaches.

  • C. Ensure the impartiality of the assessor.

  • D. Utilize multiple methods of analysis.

Explanation

Question 126 of 200

1

The decision as to whether an IT risk has been reduced to an acceptable level should be determined by:

Select one of the following:

  • A. organizational requirements.

  • B. information systems requirements.

  • C. information security requirements.

  • D. international standards.

Explanation

Question 127 of 200

1

Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?

Select one of the following:

  • A. Provide security awareness training to the third-party provider's employees

  • B. Conduct regular security reviews of the third-party provider

  • C. Include security requirements in the service contract

  • D. Request that the third-party provider comply with the organization's information security policy

Explanation

Question 128 of 200

1

What is the MOST important reason for conducting security awareness programs throughout an organization?

Select one of the following:

  • A. Reducing the human risk

  • B. Maintaining evidence of training records to ensure compliance

  • C. Informing business units about the security strategy

  • D. Training personnel in security incident response

Explanation

Question 129 of 200

1

The PRIMARY reason to consider information security during the first stage of a project life cycle is:

Select one of the following:

  • A. the cost of security is higher in later stages.

  • B. information security may affect project feasibility.

  • C. information security is essential to project approval.

  • D. it ensures proper project classification.

Explanation

Question 130 of 200

1

Which of the following should be the PRIMARY basis for making a decision to establish an alternate site for disaster recovery?

Select one of the following:

  • A. A business impact analysis (BIA), which identifies the requirements for continuous availability of critical business processes

  • B. Adequate distance between the primary site and the alternate site so that the same disaster does not simultaneously impact both sites

  • C. A benchmarking analysis of similarly situated enterprises in the same geographic region to demonstrate due diligence

  • D. Differences between the regulatory requirements applicable at the primary site and those at the alternate site

Explanation

Question 131 of 200

1

Why is "slack space" of value to an information security manager as part of an incident investigation?

Select one of the following:

  • A. Hidden data may be stored there

  • B. The slack space contains login information

  • C. Slack space is encrypted

  • D. It provides flexible space for the investigation

Explanation

Question 132 of 200

1

Which of the following areas is MOST susceptible to the introduction of security weaknesses?

Select one of the following:

  • A. Database management

  • B. Tape backup management

  • C. Configuration management

  • D. Incident response management

Explanation

Question 133 of 200

1

Several business units reported problems with their systems after multiple security patches were deployed. What is the FIRST step to handle this problem?

Select one of the following:

  • A. Assess the problems and institute rollback procedures, if needed.

  • B. Disconnect the systems from the network until the problems are corrected.

  • C. Uninstall the patches from these systems.

  • D. Contact the vendor regarding the problems that occurred.

Explanation

Question 134 of 200

1

Which of the following choices BEST helps determine appropriate levels of information resource protection?

Select one of the following:

  • A. A business case

  • B. A vulnerability assessment

  • C. Asset classification

  • D. Asset valuation

Explanation

Question 135 of 200

1

In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?

Select one of the following:

  • A. Implementing on-screen masking of passwords

  • B. Conducting periodic security awareness programs

  • C. Increasing the frequency of password changes

  • D. Requiring that passwords be kept strictly confidential

Explanation

Question 136 of 200

1

An appropriate control for ensuring the authenticity of orders received in an electronic data interchange (EDI) system application is to:

Select one of the following:

  • A. acknowledge receipt of electronic orders with a confirmation message.

  • B. perform reasonableness checks on quantities ordered before filling orders.

  • C. encrypt electronic orders.

  • D. verify the identity of senders and determine whether orders correspond to contract terms.

Explanation

Question 137 of 200

1

Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?

Select one of the following:

  • A. Passwords stored in encrypted form

  • B. User awareness

  • C. Strong passwords that are changed periodically

  • D. Implementation of lock-out policies

Explanation

Question 138 of 200

1

Which of the following BEST ensures nonrepudiation?

Select one of the following:

  • A. Delivery path tracing

  • B. Reverse lookup translation

  • C. Out-of-band channels

  • D. Digital signatures

Explanation

Question 139 of 200

1

What must change management achieve from a risk management perspective?

Select one of the following:

  • A. It must be operated by information security to ensure that security is maintained.

  • B. It must be overseen by the steering committee because of its importance.

  • C. It must be secondary to release and configuration management.

  • D. It must include mandatory notification of the information security department.

Explanation

Question 140 of 200

1

Addressing risk at various life cycle stages is BEST supported by:

Select one of the following:

  • A. change management.

  • B. release management.

  • C. incident management.

  • D. configuration management.

Explanation

Question 141 of 200

1

Which of the following choices is the MOST important incident response resource for timely identification of an information security incident?

Select one of the following:

  • A. A fully updated intrusion detection system (IDS)

  • B. Multiple channels for distribution of information

  • C. A well-defined and structured communication plan

  • D. A regular schedule for review of network device logs

Explanation

Question 142 of 200

1

What makes an incident management program effective?

Select one of the following:

  • A. It identifies, assesses and prevents reoccurrence of incidents.

  • B. It detects and documents incidents.

  • C. It includes a risk management strategy.

  • D. It reflects the capabilities of the organization.

Explanation

Question 143 of 200

1

Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?

Select one of the following:

  • A. Card-key door locks

  • B. Photo identification

  • C. Biometric scanners

  • D. Awareness training

Explanation

Question 144 of 200

1

What is the PRIMARY goal of developing an information security program?

Select one of the following:

  • A. To implement the strategy

  • B. To optimize resources

  • C. To deliver on metrics

  • D. To achieve assurance

Explanation

Question 145 of 200

1

Responsibility for information security and related activities involves multiple departments. What is the PRIMARY reason the information security manager should develop processes that integrate these roles and responsibilities?

Select one of the following:

  • A. To mitigate the tendency for security gaps to exist between assurance functions

  • B. To reduce manpower requirements for providing effective information security

  • C. To ensure effective business continuity and disaster recovery

  • D. To simplify specification development and acquisition processes

Explanation

Question 146 of 200

1

An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:

Select one of the following:

  • A. an audit of the service provider uncovers no significant weakness.

  • B. the contract includes a nondisclosure agreement (NDA) to protect the organization's intellectual property.

  • C. the contract should mandate that the service provider will comply with security policies.

  • D. the third-party service provider conducts regular penetration testing.

Explanation

Question 147 of 200

1

What is the BEST way to ensure data protection upon termination of employment?

Select one of the following:

  • A. Retrieve identification badge and card keys

  • B. Retrieve all personal computer equipment

  • C. Erase all of the employee's folders

  • D. Ensure all logical access is removed

Explanation

Question 148 of 200

1

The FIRST step to create an internal culture that embraces information security is to:

Select one of the following:

  • A. implement stronger controls.

  • B. conduct periodic awareness training.

  • C. actively monitor operations.

  • D. gain endorsement from executive management.

Explanation

Question 149 of 200

1

Which of the following is MOST important for measuring the effectiveness of a security awareness program?

Select one of the following:

  • A. Reduced number of security violation reports

  • B. A quantitative evaluation to ensure user comprehension

  • C. Increased interest in focus groups on security issues

  • D. Increased number of security violation reports

Explanation

Question 150 of 200

1

Highly integrated enterprise IT systems pose a challenge to the information security manager when attempting to set security baselines PRIMARILY from the perspective of:

Select one of the following:

  • A. increased difficulty in problem management.

  • B. added complexity in incident management.

  • C. determining the impact of cascading risk.

  • D. less flexibility in setting service delivery objectives.

Explanation

Question 151 of 200

1

Who is responsible for ensuring that information is classified?

Select one of the following:

  • A. Senior management

  • B. The security manager

  • C. The data owner

  • D. The data custodian

Explanation

Question 152 of 200

1

Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?

Select one of the following:

  • A. A bit-level copy of all hard drive data

  • B. The last verified backup stored offsite

  • C. Data from volatile memory

  • D. Backup servers

Explanation

Question 153 of 200

1

What is the PRIMARY role of the information security manager related to the data classification and handling process within an organization?

Select one of the following:

  • A. Defining and ratifying the organization's data classification structure

  • B. Assigning the classification levels to the information assets

  • C. Securing information assets in accordance with their data classification

  • D. Confirming that information assets have been properly classified

Explanation

Question 154 of 200

1

After completing a full IT risk assessment, who is in the BEST position to decide which mitigating controls should be implemented?

Select one of the following:

  • A. Senior management

  • B. The business manager

  • C. The IT audit manager

  • D. The information security officer (ISO)

Explanation

Question 155 of 200

1

Which of the following items is the BEST basis for determining the value of intangible assets?

Select one of the following:

  • A. Contribution to revenue generation

  • B. A business impact analysis (BIA)

  • C. Threat assessment and analysis

  • D. Replacement costs

Explanation

Question 156 of 200

1

Which of the following needs to be MOST seriously considered when designing a risk-based incident response management program?

Select one of the following:

  • A. The chance of collusion among staff

  • B. Degradation of investigation quality

  • C. Minimization of false-positive alerts

  • D. Monitoring repeated low-risk events

Explanation

Question 157 of 200

1

Which of the following is the MOST appropriate control to address compliance with specific regulatory requirements?

Select one of the following:

  • A. Policies

  • B. Standards

  • C. Procedures

  • D. Guidelines

Explanation

Question 158 of 200

1

What should documented standards/procedures for the use of cryptography across the enterprise achieve?

Select one of the following:

  • A. They should define the circumstances where cryptography should be used.

  • B. They should define cryptographic algorithms and key lengths.

  • C. They should describe handling procedures of cryptographic keys.

  • D. They should establish the use of cryptographic solutions.

Explanation

Question 159 of 200

1

A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?

Select one of the following:

  • A. Understand the business requirements of the developer portal

  • B. Perform a vulnerability assessment of the developer portal

  • C. Install an intrusion detection system (IDS)

  • D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server

Explanation

Question 160 of 200

1

Which of the following BEST describes the key objective of an information security program?

Select one of the following:

  • A. Achieve strategic business goals and objectives.

  • B. Protect information assets using manual and automated controls.

  • C. Automate information security controls.

  • D. Eliminate threats to the organization.

Explanation

Question 161 of 200

1

Which of the following is MOST important when collecting evidence for forensic analysis?

Select one of the following:

  • A. Ensure the assignment of qualified personnel.

  • B. Request the IT department do an image copy.

  • C. Disconnect from the network and isolate the affected devices.

  • D. Ensure law enforcement personnel are present before the forensic analysis commences.

Explanation

Question 162 of 200

1

During a business continuity plan (BCP) test, one department discovered that its new software application was not going to be restored soon enough to meet the needs of the business. This situation can be avoided in the future by:

Select one of the following:

  • A. conducting a periodic and event-driven business impact analysis (BIA) to determine the needs of the business during a recovery.

  • B. assigning new applications a higher degree of importance and scheduling them for recovery first.

  • C. developing a help-desk ticket process that allows departments to request recovery of software during a disaster.

  • D. conducting a thorough risk assessment prior to purchasing the software.

Explanation

Question 163 of 200

1

What activity BEST helps ensure that contract personnel do not obtain unauthorized access to sensitive information?

Select one of the following:

  • A. Set accounts to pre-expire

  • B. Avoid granting system administration roles

  • C. Ensure they successfully pass background checks

  • D. Ensure their access is approved by the data owner

Explanation

Question 164 of 200

1

Which of the following is MOST important in developing a security strategy?

Select one of the following:

  • A. Creating a positive business security environment

  • B. Understanding key business objectives

  • C. Having a reporting line to senior management

  • D. Allocating sufficient resources to information security

Explanation

Question 165 of 200

1

What action should an incident response team take if the investigation of an incident response event cannot be completed in the time allocated?

Select one of the following:

  • A. Continue to work the current action.

  • B. Escalate to the next level for resolution.

  • C. Skip on to the next action in the plan.

  • D. Declare a disaster.

Explanation

Question 166 of 200

1

Who is accountable for ensuring that information is categorized and that specific protective measures are taken?

Select one of the following:

  • A. The security officer

  • B. Senior management

  • C. The end user

  • D. The custodian

Explanation

Question 167 of 200

1

A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?

Select one of the following:

  • A. User

  • B. Network

  • C. Operations

  • D. Database

Explanation

Question 168 of 200

1

An enterprise is implementing an information security program. During which phase of the implementation should metrics be established to assess the effectiveness of the program over time?

Select one of the following:

  • A. Testing

  • B. Initiation

  • C. Design

  • D. Development

Explanation

Question 169 of 200

1

Systems thinking as it relates to information security is:

Select one of the following:

  • A. a prescriptive methodology for designing the systems architecture.

  • B. an understanding that the whole is greater than the sum of its parts.

  • C. a process that ensures alignment with business objectives.

  • D. a framework for information security governance.

Explanation

Question 170 of 200

1

Which of the following MOST effectively reduces false-positive alerts generated by a security information and event management (SIEM) process?

Select one of the following:

  • A. Building use cases

  • B. Conducting a network traffic analysis

  • C. Performing an asset-based risk assessment

  • D. The quality of the logs

Explanation

Question 171 of 200

1

The return on investment of information security can BEST be evaluated through which of the following?

Select one of the following:

  • A. Support of business objectives

  • B. Security metrics

  • C. Security deliverables

  • D. Process improvement models

Explanation

Question 172 of 200

1

Which of the following MOST commonly falls within the scope of an information security governance steering committee?

Select one of the following:

  • A. Interviewing candidates for information security specialist positions

  • B. Developing content for security awareness programs

  • C. Prioritizing information security initiatives

  • D. Approving access to critical financial systems

Explanation

Question 173 of 200

1

Due to limited storage media, an IT operations employee has requested permission to overwrite data stored on a magnetic tape. The decision of the authorizing manager will MOST likely be influenced by the data:

Select one of the following:

  • A. classification policy.

  • B. retention policy.

  • C. creation policy.

  • D. leakage protection.

Explanation

Question 174 of 200

1

Which of the following indicators is MOST likely to be of strategic value?

Select one of the following:

  • A. Number of users with privileged access

  • B. Trends in incident frequency

  • C. Annual network downtime

  • D. Vulnerability scan results

Explanation

Question 175 of 200

1

What is a PRIMARY characteristic of a well-established information security culture?

Select one of the following:

  • A. Alignment of information security and business objectives

  • B. Alignment of security controls with information technology

  • C. Alignment of concurrent security strategies

  • D. Alignment of values to protect corporate assets

Explanation

Question 176 of 200

1

Which of the following is the BEST method for ensuring that temporary employees do not receive excessive access rights?

Select one of the following:

  • A. Mandatory access controls

  • B. Discretionary access controls

  • C. Lattice-based access controls

  • D. Role-based access controls

Explanation

Question 177 of 200

1

When outsourcing to an offshore provider, the MOST difficult element to determine during a security review will be:

Select one of the following:

  • A. technical competency.

  • B. incompatible culture.

  • C. defense in depth.

  • D. adequate policies.

Explanation

Question 178 of 200

1

An internal review of a web-based application system reveals that it is possible to gain access to all employees' accounts by changing the employee's ID used for accessing the account on the URL. The vulnerability identified is:

Select one of the following:

  • A. broken authentication.

  • B. unvalidated input.

  • C. cross-site scripting.

  • D. structured query language (SQL) injection.

Explanation

Question 179 of 200

1

Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?

Select one of the following:

  • A. Manager

  • B. Custodian

  • C. User

  • D. Owner

Explanation

Question 180 of 200

1

What is the FIRST action an information security manager should take when a company laptop is reported stolen?

Select one of the following:

  • A. Evaluate the impact of the information loss

  • B. Update the corporate laptop inventory

  • C. Ensure compliance with reporting procedures

  • D. Disable the user account immediately

Explanation

Question 181 of 200

1

Which one of the following considerations is MOST likely to be overlooked when conducting an information security review of a potential outsourcing service provider?

Select one of the following:

  • A. Cultural differences

  • B. Technical competency

  • C. Adequate controls

  • D. Information security policies

Explanation

Question 182 of 200

1

While implementing information security governance an organization should FIRST:

Select one of the following:

  • A. adopt security standards.

  • B. determine security baselines.

  • C. define the security strategy.

  • D. establish security policies.

Explanation

Question 183 of 200

1

Which of the following risk scenarios would BEST be assessed using qualitative risk assessment techniques?

Select one of the following:

  • A. Theft of purchased software

  • B. Power outage lasting 24 hours

  • C. Permanent decline in customer confidence

  • D. Temporary loss of email services

Explanation

Question 184 of 200

1

There is a delay between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?

Select one of the following:

  • A. Identify the vulnerable systems and apply compensating controls

  • B. Minimize the use of vulnerable systems

  • C. Communicate the vulnerability to system users

  • D. Update the signatures database of the intrusion detection system (IDS)

Explanation

Question 185 of 200

1

Which of the following BEST indicates senior management commitment toward supporting information security?

Select one of the following:

  • A. Assessment of risk to the assets

  • B. Approval of risk management methodology

  • C. Review of inherent risk to information assets

  • D. Review of residual risk for information assets

Explanation

Question 186 of 200

1

Which of the following is the BEST source for determining the value of information assets?

Select one of the following:

  • A. Individual business managers

  • B. Business systems analysts

  • C. Information security management

  • D. Industry benchmarking results

Explanation

Question 187 of 200

1

Business objectives should be evident in the security strategy by:

Select one of the following:

  • A. inferred connections.

  • B. standardized controls.

  • C. managed constraints.

  • D. direct traceability.

Explanation

Question 188 of 200

1

A financial institution plans to allocate information security resources to each of its business divisions. What areas should security activities focus on?

Select one of the following:

  • A. Areas where strict regulatory requirements apply

  • B. Areas that require the shortest recovery time objective (RTO)

  • C. Areas that can maximize return on security investment (ROSI)

  • D. Areas where threat likelihood and impact are greatest

Explanation

Question 189 of 200

1

Which of the following gives the MOST assurance of the effectiveness of an organization's disaster recovery plan (DRP)?

Select one of the following:

  • A. Checklist test

  • B. Tabletop exercise

  • C. Full interruption test

  • D. Simulation test

Explanation

Question 190 of 200

1

The MOST likely reason that management would choose not to mitigate a risk that exceeds the risk appetite is that it:

Select one of the following:

  • A. is the residual risk after controls are applied.

  • B. is a risk that is expensive to mitigate.

  • C. falls within the risk tolerance level.

  • D. is a risk of relatively low frequency.

Explanation

Question 191 of 200

1

What is the BEST approach to manage a security incident involving a successful penetration?

Select one of the following:

  • A. Allow business processes to continue during the response.

  • B. Allow the security team to assess the attack profile.

  • C. Permit the incident to continue to trace the source.

  • D. Examine the incident response process for deficiencies.

Explanation

Question 192 of 200

1

Which of the following is the MOST likely outcome of a well-designed information security awareness course?

Select one of the following:

  • A. Increased reporting of security incidents to the incident response function

  • B. Decreased reporting of security incidents to the incident response function

  • C. Decrease in the number of password resets

  • D. Increase in the number of identified system vulnerabilities

Explanation

Question 193 of 200

1

Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?

Select one of the following:

  • A. Cost-benefit analysis

  • B. Penetration testing

  • C. Frequent risk assessment programs

  • D. Annual loss expectancy (ALE) calculation

Explanation

Question 194 of 200

1

Which of the following recovery strategies has the GREATEST chance of failure?

Select one of the following:

  • A. Hot site

  • B. Redundant site

  • C. Reciprocal arrangement

  • D. Cold site

Explanation

Question 195 of 200

1

Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:

Select one of the following:

  • A. policy.

  • B. strategy.

  • C. guideline.

  • D. baseline.

Explanation

Question 196 of 200

1

Which of the following is MOST important to understand when developing a meaningful information security strategy?

Select one of the following:

  • A. Regulatory environment

  • B. International security standards

  • C. Organizational risks

  • D. Organizational goals

Explanation

Question 197 of 200

1

In a large enterprise, what makes an information security awareness program MOST effective?

Select one of the following:

  • A. The program is developed by a professional training company.

  • B. The program is embedded into the orientation process.

  • C. The program is customized to the audience using the appropriate delivery channel.

  • D. The program is required by the information security policy.

Explanation

Question 198 of 200

1

Which of the following controls would BEST prevent accidental system shutdown from the console or operations area?

Select one of the following:

  • A. Redundant power supplies

  • B. Protective switch covers

  • C. Shutdown alarms

  • D. Biometric readers

Explanation

Question 199 of 200

1

A company has installed biometric fingerprint scanners at all entrances in response to a management requirement for better access control. Due to the large number of employees coupled with a slow system response, it takes a substantial amount of time for all workers to gain access to the building and workers are increasingly piggybacking. What is the BEST course of action for the information security manager to address this issue?

Select one of the following:

  • A. Replace the system for better response time.

  • B. Escalate the issue to management.

  • C. Revert to manual entry control procedures.

  • D. Increase compliance enforcement.

Explanation

Question 200 of 200

1

Which of the following is the FIRST action to be taken when the information security manager notes that the controls for a critical application are inadequate?

Select one of the following:

  • A. Perform a risk assessment to determine the level of exposure.

  • B. Classify the risk as acceptable to senior management.

  • C. Deploy additional countermeasures immediately.

  • D. Transfer the remaining risk to another organization.

Explanation