Eduardo Castella7911
Test por , creado hace más de 1 año

Certificate CISM Test sobre CISM 2014 Questions - 1, creado por Eduardo Castella7911 el 17/02/2016.

3640
2
0
Eduardo Castella7911
Creado por Eduardo Castella7911 hace casi 9 años
Cerrar

CISM 2014 Questions - 1

Pregunta 1 de 200

1

In which of the following areas are data owners PRIMARILY responsible for establishing risk mitigation?

Selecciona una de las siguientes respuestas posibles:

  • A. Platform security

  • B. Entitlement changes

  • C. Intrusion detection

  • D. Antivirus controls

Explicación

Pregunta 2 de 200

1

Which of the following is the BEST justification to convince management to invest in an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Cost reduction

  • B. Compliance with company policies

  • C. Protection of business assets

  • D. Increased business value

Explicación

Pregunta 3 de 200

1

To improve the security of an organization's human resources (HR) system, an information security manager was presented with a choice to either implement an additional packet filtering firewall OR a heuristics-based intrusion detection system (IDS). How should the security manager with a limited budget choose between the two technologies?

Selecciona una de las siguientes respuestas posibles:

  • A. Risk analysis

  • B. Business impact analysis (BIA)

  • C. Return on investment (ROI) analysis

  • D. Cost-benefit analysis

Explicación

Pregunta 4 de 200

1

An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. What is the MOST important element of the request for proposal (RFP)?

Selecciona una de las siguientes respuestas posibles:

  • A. References from other organizations

  • B. Past experience of the engagement team

  • C. Sample deliverable

  • D. Methodology to be used in the assessment

Explicación

Pregunta 5 de 200

1

An organization is implementing intrusion protection in their demilitarized zone (DMZ). Which of the following steps is necessary to make sure that the intrusion prevention system (IPS) can view all traffic in the DMZ?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure that intrusion prevention is placed in front of the firewall.

  • B. Ensure that all devices that are connected can easily see the IPS in the network.

  • C. Ensure that all encrypted traffic is decrypted prior to being processed by the IPS.

  • D. Ensure that traffic to all devices is mirrored to the IPS.

Explicación

Pregunta 6 de 200

1

Which of the following are likely to be updated MOST frequently?

Selecciona una de las siguientes respuestas posibles:

  • A. Procedures for hardening database servers

  • B. Standards for password length and complexity

  • C. Policies addressing information security governance

  • D. Standards for document retention and destruction

Explicación

Pregunta 7 de 200

1

When performing a qualitative risk analysis, which of the following will BEST produce reliable results?

Selecciona una de las siguientes respuestas posibles:

  • A. Estimated productivity losses

  • B. Possible scenarios with threats and impacts

  • C. Value of information assets

  • D. Vulnerability assessment

Explicación

Pregunta 8 de 200

1

Addressing production risks is PRIMARILY a function of:

Selecciona una de las siguientes respuestas posibles:

  • A. release management.

  • B. incident management.

  • C. change management.

  • D. configuration management.

Explicación

Pregunta 9 de 200

1

Which of the following requirements would have the lowest level of priority in information security?

Selecciona una de las siguientes respuestas posibles:

  • A. Technical

  • B. Regulatory

  • C. Privacy

  • D. Business

Explicación

Pregunta 10 de 200

1

The MOST important component of a privacy policy is:

Selecciona una de las siguientes respuestas posibles:

  • A. notifications.

  • B. warranties.

  • C. liabilities.

  • D. geographic coverage.

Explicación

Pregunta 11 de 200

1

Which of the following groups would be in the BEST position to perform a risk analysis for a business?

Selecciona una de las siguientes respuestas posibles:

  • A. External auditors

  • B. A peer group within a similar business

  • C. Process owners

  • D. A specialized management consultant

Explicación

Pregunta 12 de 200

1

Obtaining senior management support for an information security initiative can BEST be accomplished by:

Selecciona una de las siguientes respuestas posibles:

  • A. developing and presenting a business case.

  • B. defining the risk that will be addressed.

  • C. presenting a financial analysis of benefits.

  • D. aligning the initiative with organizational objectives.

Explicación

Pregunta 13 de 200

1

Which of the following training mechanisms is the MOST effective means of promoting an organizational security culture?

Selecciona una de las siguientes respuestas posibles:

  • A. Choose a subset of influential people to promote the benefits of the security program.

  • B. Hold structured training in small groups on an annual basis.

  • C. Require each employee to complete a self-paced training module once per year.

  • D. Deliver training to all employees across the organization via streaming video.

Explicación

Pregunta 14 de 200

1

Data owners are PRIMARILY responsible for:

Selecciona una de las siguientes respuestas posibles:

  • A. providing access to systems.

  • B. approving access to systems.

  • C. establishing authorization and authentication.

  • D. handling identity management.

Explicación

Pregunta 15 de 200

1

Which of the following are the MOST important individuals to include as members of an information security steering committee?

Selecciona una de las siguientes respuestas posibles:

  • A. Direct reports to the chief information officer

  • B. IT management and key business process owners

  • C. Cross-section of end users and IT professionals

  • D. Internal audit and corporate legal departments

Explicación

Pregunta 16 de 200

1

Which one of the following measures will BEST indicate the effectiveness of an incident response process?

Selecciona una de las siguientes respuestas posibles:

  • A. Number of open incidents

  • B. Reduction of the number of security incidents

  • C. Reduction of the average response time to an incident

  • D. Number of incidents handled per month

Explicación

Pregunta 17 de 200

1

The BEST way to obtain senior management commitment and support for information security investments is to:

Selecciona una de las siguientes respuestas posibles:

  • A. link security risk to organization business objectives.

  • B. explain the technical risk to the organization.

  • C. include industry best practices as they relate to information security.

  • D. detail successful attacks against a competitor.

Explicación

Pregunta 18 de 200

1

When securing wireless access points, which of the following controls would BEST assure confidentiality?

Selecciona una de las siguientes respuestas posibles:

  • A. Implementing wireless intrusion prevention systems

  • B. Not broadcasting the service set IDentifier (SSID)

  • C. Implementing wired equivalent privacy (WEP) authentication

  • D. Enforcing a virtual private network (VPN) over wireless

Explicación

Pregunta 19 de 200

1

Who should PRIMARILY provide direction on the impact of new regulatory requirements that may lead to major application system changes?

Selecciona una de las siguientes respuestas posibles:

  • A. The internal audit department

  • B. System developers/analysts

  • C. Key business process owners

  • D. Corporate legal counsel

Explicación

Pregunta 20 de 200

1

Which of the following choices will MOST influence how the information security program will be designed and implemented?

Selecciona una de las siguientes respuestas posibles:

  • A. Type and nature of risk

  • B. Organizational culture

  • C. Overall business objectives

  • D. Lines of business

Explicación

Pregunta 21 de 200

1

The relationship between policies and corporate standards can BEST be described by which of the following associations?

Selecciona una de las siguientes respuestas posibles:

  • A. Standards and policies have only an indirect relationship.

  • B. Standards provide a detailed description of the meaning of a policy.

  • C. Standards provide direction on achieving compliance with policy intent.

  • D. Standards can exist without a relationship to any particular policy.

Explicación

Pregunta 22 de 200

1

Which one of the following factors of a risk assessment typically involves the GREATEST amount of speculation?

Selecciona una de las siguientes respuestas posibles:

  • A. Exposure

  • B. Impact

  • C. Vulnerability

  • D. Likelihood

Explicación

Pregunta 23 de 200

1

Which of the following is a key component of an incident response policy?

Selecciona una de las siguientes respuestas posibles:

  • A. Updated call trees

  • B. Escalation criteria

  • C. Press release templates

  • D. Critical backup files inventory

Explicación

Pregunta 24 de 200

1

The MOST complete business case for security solutions is one that:

Selecciona una de las siguientes respuestas posibles:

  • A. includes appropriate justification.

  • B. explains the current risk profile.

  • C. details regulatory requirements.

  • D. identifies incidents and losses.

Explicación

Pregunta 25 de 200

1

What is the MOST essential attribute of an effective key risk indicator (KRI)?

Selecciona una de las siguientes respuestas posibles:

  • A. The KRI is accurate and reliable.

  • B. The KRI provides quantitative metrics.

  • C. The KRI indicates required action.

  • D. The KRI is predictive of a risk event.

Explicación

Pregunta 26 de 200

1

Which of the following is MOST effective in protecting against the attack technique known as phishing?

Selecciona una de las siguientes respuestas posibles:

  • A. Firewall blocking rules

  • B. Up-to-date signature files

  • C. Security awareness training

  • D. Intrusion detection monitoring

Explicación

Pregunta 27 de 200

1

The acceptability of a partial system recovery after a security incident is MOST likely to be based on the:

Selecciona una de las siguientes respuestas posibles:

  • A. ability to resume normal operations.

  • B. maximum tolerable outage (MTO).

  • C. service delivery objective (SDO).

  • D. acceptable interruption window (AIW).

Explicación

Pregunta 28 de 200

1

Which of the following presents the GREATEST exposure to internal attack on a network?

Selecciona una de las siguientes respuestas posibles:

  • A. User passwords are not automatically expired

  • B. All network traffic goes through a single switch

  • C. User passwords are encoded but not encrypted

  • D. All users reside on a single internal subnet

Explicación

Pregunta 29 de 200

1

Which of the following is the MOST important aspect that needs to be considered from a security perspective when payroll processes are outsourced to an external service provider?

Selecciona una de las siguientes respuestas posibles:

  • A. A cost-benefit analysis has been completed.

  • B. Privacy requirements are met.

  • C. The service provider ensures a secure data transfer.

  • D. No significant security incident occurred at the service provider.

Explicación

Pregunta 30 de 200

1

Which of the following BEST supports continuous improvement of the risk management process?

Selecciona una de las siguientes respuestas posibles:

  • A. Regular review of risk treatment options

  • B. Classification of assets in order of criticality

  • C. Adoption of a maturity model

  • D. Integration of assurance functions

Explicación

Pregunta 31 de 200

1

Who would be the PRIMARY user of metrics regarding the number of email messages quarantined due to virus infection versus the number of infected email messages that were not caught?

Selecciona una de las siguientes respuestas posibles:

  • A. The security steering committee

  • B. The board of directors

  • C. IT managers

  • D. The information security manager

Explicación

Pregunta 32 de 200

1

Which of the following is the MOST effective way to measure strategic alignment of an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Survey business stakeholders

  • B. Track audits over time

  • C. Evaluate incident losses

  • D. Analyze business cases

Explicación

Pregunta 33 de 200

1

Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. Tree diagrams

  • B. Venn diagrams

  • C. Heat charts

  • D. Bar charts

Explicación

Pregunta 34 de 200

1

Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?

Selecciona una de las siguientes respuestas posibles:

  • A. To mitigate technical risks

  • B. To have an independent certification of network security

  • C. To receive an independent view of security exposures

  • D. To identify a complete list of vulnerabilities

Explicación

Pregunta 35 de 200

1

The MOST effective approach to ensure the continued effectiveness of information security controls is by:

Selecciona una de las siguientes respuestas posibles:

  • A. ensuring inherent control strength.

  • B. ensuring strategic alignment.

  • C. utilizing effective life cycle management.

  • D. utilizing effective change management.

Explicación

Pregunta 36 de 200

1

Which of the following documents would be the BEST reference to determine whether access control mechanisms are appropriate for a critical application?

Selecciona una de las siguientes respuestas posibles:

  • A. User security procedures

  • B. Business process flow

  • C. IT security standards

  • D. Regulatory requirements

Explicación

Pregunta 37 de 200

1

The IT function has declared that it is not necessary to update the business impact analysis (BIA) when putting a new application into production because it does not produce modifications in the business processes. The information security manager should:

Selecciona una de las siguientes respuestas posibles:

  • A. verify the decision with the business units.

  • B. check the system's risk analysis.

  • C. recommend update after postimplementation review.

  • D. request an audit review.

Explicación

Pregunta 38 de 200

1

Information security governance is PRIMARILY driven by:

Selecciona una de las siguientes respuestas posibles:

  • A. technology constraints.

  • B. regulatory requirements.

  • C. litigation potential.

  • D. business strategy.

Explicación

Pregunta 39 de 200

1

The FIRST step in developing an information security management program is to:

Selecciona una de las siguientes respuestas posibles:

  • A. identify business risk that affects the organization.

  • B. establish the need for creating the program.

  • C. assign responsibility for the program.

  • D. assess adequacy of existing controls.

Explicación

Pregunta 40 de 200

1

A privacy statement on a company's e-commerce web site should include:

Selecciona una de las siguientes respuestas posibles:

  • A. a statement regarding what the company will do with the information it collects.

  • B. a disclaimer regarding the accuracy of information on its web site.

  • C. technical information regarding how information is protected.

  • D. a statement regarding where the information is being hosted.

Explicación

Pregunta 41 de 200

1

What are the essential elements of risk?

Selecciona una de las siguientes respuestas posibles:

  • A. Impact and threat

  • B. Likelihood and consequence

  • C. Threat and exposure

  • D. Sensitivity and exposure

Explicación

Pregunta 42 de 200

1

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

Selecciona una de las siguientes respuestas posibles:

  • A. Enhanced policy compliance

  • B. Improved procedure flows

  • C. Segregation of duties

  • D. Better accountability

Explicación

Pregunta 43 de 200

1

What action should the security manager take FIRST when incident reports from different organizational units are inconsistent and highly inaccurate?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure that a clear organizational incident definition and severity hierarchy exists.

  • B. Initiate a companywide incident identification training and awareness program.

  • C. Escalate the issue to the security steering committee for appropriate action.

  • D. Involve human resources (HR) in implementing a reporting enforcement program.

Explicación

Pregunta 44 de 200

1

What is the BIGGEST concern for an information security manager reviewing firewall rules?

Selecciona una de las siguientes respuestas posibles:

  • A. The firewall allows source routing.

  • B. The firewall allows broadcast propagation.

  • C. The firewall allows unregistered ports.

  • D. The firewall allows nonstandard protocols.

Explicación

Pregunta 45 de 200

1

Which of the following is the MOST important reason for an information security review of contracts?

Selecciona una de las siguientes respuestas posibles:

  • A. To help ensure the parties to the agreement can perform

  • B. To help ensure confidential data are not included in the agreement

  • C. To help ensure appropriate controls are included

  • D. To help ensure the right to audit is a requirement

Explicación

Pregunta 46 de 200

1

Logging is an example of which type of defense against systems compromise?

Selecciona una de las siguientes respuestas posibles:

  • A. Containment

  • B. Detection

  • C. Reaction

  • D. Recovery

Explicación

Pregunta 47 de 200

1

Which of the following would be the MOST important goal of an information security governance program?

Selecciona una de las siguientes respuestas posibles:

  • A. Review of internal control mechanisms

  • B. Effective involvement in business decision making

  • C. Total elimination of risk factors

  • D. Ensuring trust in data

Explicación

Pregunta 48 de 200

1

Which of the following is the FIRST step after the intrusion detection system (IDS) sends out an alert about a possible attack?

Selecciona una de las siguientes respuestas posibles:

  • A. Assess the type and severity of the attack.

  • B. Determine whether it is an actual incident.

  • C. Contain the damage to minimize the risk.

  • D. Minimize the disruption of computer resources.

Explicación

Pregunta 49 de 200

1

Which of the following devices should be placed within a demilitarized zone (DMZ)?

Selecciona una de las siguientes respuestas posibles:

  • A. Network switch

  • B. Web server

  • C. Database server

  • D. File/print server

Explicación

Pregunta 50 de 200

1

Which of the following BEST protects confidentiality of information?

Selecciona una de las siguientes respuestas posibles:

  • A. Information classification

  • B. Segregation of duties

  • C. Least privilege

  • D. Systems monitoring

Explicación

Pregunta 51 de 200

1

What is the MOST cost-effective method of identifying new vendor vulnerabilities?

Selecciona una de las siguientes respuestas posibles:

  • A. External vulnerability reporting sources

  • B. Periodic vulnerability assessments performed by consultants

  • C. Intrusion prevention software

  • D. Honeypots located in the DMZ

Explicación

Pregunta 52 de 200

1

What is the MOST important factor in the successful implementation of an enterprisewide information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Realistic budget estimates

  • B. Security awareness

  • C. Support of senior management

  • D. Recalculation of the work factor

Explicación

Pregunta 53 de 200

1

An organization's IT change management process requires that all change requests be approved by the asset owner and the information security manager. The PRIMARY objective of getting the information security manager's approval is to ensure that:

Selecciona una de las siguientes respuestas posibles:

  • A. changes comply with security policy.

  • B. risk from proposed changes is managed.

  • C. rollback to a current status has been considered.

  • D. changes are initiated by business managers.

Explicación

Pregunta 54 de 200

1

The MOST important purpose of implementing an incident response plan is to:

Selecciona una de las siguientes respuestas posibles:

  • A. prevent the occurrence of incidents.

  • B. ensure business continuity.

  • C. train users on resolution of incidents.

  • D. promote business resiliency.

Explicación

Pregunta 55 de 200

1

Which one of the following groups has final responsibility for the effectiveness of security controls?

Selecciona una de las siguientes respuestas posibles:

  • A. The security administrator who implemented the controls

  • B. The organization's chief information security officer (CISO)

  • C. The organization's senior management

  • D. The information systems (IS) auditor who recommended the controls

Explicación

Pregunta 56 de 200

1

Which of the following factors will MOST affect the extent to which controls should be layered?

Selecciona una de las siguientes respuestas posibles:

  • A. The extent to which controls are procedural

  • B. The extent to which controls are subject to the same threat

  • C. The total cost of ownership for existing controls

  • D. The extent to which controls fail in a closed condition

Explicación

Pregunta 57 de 200

1

What is the PRIMARY focus if an organization considers taking legal action on a security incident?

Selecciona una de las siguientes respuestas posibles:

  • A. Obtaining evidence as soon as possible

  • B. Preserving the integrity of the evidence

  • C. Disconnecting all IT equipment involved

  • D. Reconstructing the sequence of events

Explicación

Pregunta 58 de 200

1

The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:

Selecciona una de las siguientes respuestas posibles:

  • A. change the root password of the system.

  • B. implement multifactor authentication.

  • C. rebuild the system from the original installation medium.

  • D. disconnect the mail server from the network.

Explicación

Pregunta 59 de 200

1

An information security manager is in the process of investigating a network intrusion. One of the enterprise's employees is a suspect. The manager has just obtained the suspect's computer and hard drive. Which of the following is the BEST next step?

Selecciona una de las siguientes respuestas posibles:

  • A. Create an image of the hard drive.

  • B. Encrypt the data on the hard drive.

  • C. Examine the original hard drive.

  • D. Create a logical copy of the hard drive.

Explicación

Pregunta 60 de 200

1

Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?

Selecciona una de las siguientes respuestas posibles:

  • A. Security compliant servers trend report

  • B. Percentage of security compliant servers

  • C. Number of security patches applied

  • D. Security patches applied trend report

Explicación

Pregunta 61 de 200

1

Which of the following elements are the MOST essential to develop an information security strategy?

Selecciona una de las siguientes respuestas posibles:

  • A. Complete policies and standards

  • B. An appropriate governance framework

  • C. Current state and objectives

  • D. Management intent and direction

Explicación

Pregunta 62 de 200

1

Which of the following is the BEST way to erase confidential information stored on magnetic tapes?

Selecciona una de las siguientes respuestas posibles:

  • A. Performing a low-level format

  • B. Rewriting with zeros

  • C. Burning them

  • D. Degaussing them

Explicación

Pregunta 63 de 200

1

Which of the following is the MAIN reason for performing risk assessment on a continuous basis?

Selecciona una de las siguientes respuestas posibles:

  • A. Justification of the security budget must be continually made.

  • B. New vulnerabilities are discovered every day.

  • C. The risk environment is constantly changing.

  • D. Management needs to be continually informed about emerging risks.

Explicación

Pregunta 64 de 200

1

A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:

Selecciona una de las siguientes respuestas posibles:

  • A. it simulates the real-life situation of an external security attack.

  • B. human intervention is not required for this type of test.

  • C. less time is spent on reconnaissance and information gathering.

  • D. critical infrastructure information is not revealed to the tester.

Explicación

Pregunta 65 de 200

1

Which of the following is the BEST indicator of the level of acceptable risk in an organization?

Selecciona una de las siguientes respuestas posibles:

  • A. The proportion of identified risk that has been remediated

  • B. The ratio of business insurance coverage to its cost

  • C. The percentage of the IT budget allocated to security

  • D. The percentage of assets that has been classified

Explicación

Pregunta 66 de 200

1

Which web application attack facilitates unauthorized access to a database?

Selecciona una de las siguientes respuestas posibles:

  • A. Cross site request forgery

  • B. Structured Query Language (SQL) injection

  • C. Metasploit

  • D. Cross site scripting

Explicación

Pregunta 67 de 200

1

Which of the following is an advantage of a centralized information security organizational structure?

Selecciona una de las siguientes respuestas posibles:

  • A. It is easier to promote security awareness.

  • B. It is easier to manage and control.

  • C. It is more responsive to business unit needs.

  • D. It provides a faster turnaround for security requests.

Explicación

Pregunta 68 de 200

1

Which of the following is the BEST way to verify that all critical production servers are utilizing up-to-date virus signature files?

Selecciona una de las siguientes respuestas posibles:

  • A. Verify the date that signature files were last pushed out

  • B. Use a recently identified benign virus to test if it is quarantined

  • C. Research the most recent signature file and compare to the console

  • D. Check a sample of servers that the signature files are current

Explicación

Pregunta 69 de 200

1

A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?

Selecciona una de las siguientes respuestas posibles:

  • A. Enforce the existing security standard

  • B. Change the standard to permit the deployment

  • C. Perform a risk analysis to quantify the risk

  • D. Perform research to propose use of a better technology

Explicación

Pregunta 70 de 200

1

IT-related risk management activities are MOST effective when they are:

Selecciona una de las siguientes respuestas posibles:

  • A. treated as a distinct process.

  • B. conducted by the IT department.

  • C. integrated within business processes.

  • D. communicated to all employees.

Explicación

Pregunta 71 de 200

1

Which of the following BEST defines the relationships among security technologies?

Selecciona una de las siguientes respuestas posibles:

  • A. Security metrics

  • B. Network topology

  • C. Security architecture

  • D. Process improvement models

Explicación

Pregunta 72 de 200

1

Which of the following is generally considered a fundamental component of an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Role-based access control systems

  • B. Automated access provisioning

  • C. Security awareness training

  • D. Intrusion prevention systems (IPSs)

Explicación

Pregunta 73 de 200

1

After a service interruption of a critical system, the incident response team finds that it needs to activate the warm recovery site. Discovering that throughput is only half of the primary site, the team nevertheless notifies management that it has restored the critical system. This is MOST likely because it has achieved the:

Selecciona una de las siguientes respuestas posibles:

  • A. recovery point objective (RPO).

  • B. recovery time objective (RTO).

  • C. service delivery objective (SDO).

  • D. maximum tolerable outage (MTO).

Explicación

Pregunta 74 de 200

1

Which of the following is the MOST critical consideration when collecting and preserving admissible evidence during an incident response?

Selecciona una de las siguientes respuestas posibles:

  • A. Unplugging the systems

  • B. Chain of custody

  • C. Separation of duties

  • D. Clock synchronization

Explicación

Pregunta 75 de 200

1

The BEST defense against successful phishing attacks is:

Selecciona una de las siguientes respuestas posibles:

  • A. application hardening.

  • B. spam filters.

  • C. an intrusion detection system (IDS).

  • D. end user awareness.

Explicación

Pregunta 76 de 200

1

Which of the following is MOST likely to improve the effectiveness of the incident response team?

Selecciona una de las siguientes respuestas posibles:

  • A. Briefing team members on the nature of new threats to IS security

  • B. Periodic testing and updates to incorporate lessons learned

  • C. Ensuring that all members have a good understanding of IS technology

  • D. A nonhierarchical structure to ensure that team members can share ideas

Explicación

Pregunta 77 de 200

1

An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

Selecciona una de las siguientes respuestas posibles:

  • A. Research best practices

  • B. Meet with stakeholders

  • C. Establish change control procedures

  • D. Identify critical systems

Explicación

Pregunta 78 de 200

1

An organization is using a vendor-supplied critical application which has a maximum password length that does not comply with organizational security standards. Which of the following approaches BEST helps mitigate the weakness?

Selecciona una de las siguientes respuestas posibles:

  • A. Shorten the password validity period.

  • B. Encourage the use of special characters.

  • C. Strengthen segregation of duties (SoD).

  • D. Introduce compensatory controls.

Explicación

Pregunta 79 de 200

1

The information classification scheme should:

Selecciona una de las siguientes respuestas posibles:

  • A. consider possible impact of a security breach.

  • B. classify personal information in electronic form.

  • C. be performed by the information security manager.

  • D. classify systems according to the data processed.

Explicación

Pregunta 80 de 200

1

Which of the following choices is MOST likely to ensure that responsibilities are carried out?

Selecciona una de las siguientes respuestas posibles:

  • A. Signed contracts

  • B. Severe penalties

  • C. Assigned accountability

  • D. Clear policies

Explicación

Pregunta 81 de 200

1

Which of the following items determines the acceptable level of residual risk in an organization?

Selecciona una de las siguientes respuestas posibles:

  • A. Management discretion

  • B. Regulatory requirements

  • C. Inherent risk

  • D. Internal audit findings

Explicación

Pregunta 82 de 200

1

It is MOST important that information security architecture be aligned with which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. Industry best practices

  • B. Business goals and objectives

  • C. Information technology (IT) plans

  • D. International information security frameworks

Explicación

Pregunta 83 de 200

1

Which of the following is the PRIMARY reason for implementing a risk management program?

Selecciona una de las siguientes respuestas posibles:

  • A. Allows the organization to eliminate risk

  • B. Is a necessary part of management's due diligence

  • C. Satisfies audit and regulatory requirements

  • D. Assists in increasing the return on investment (ROI)

Explicación

Pregunta 84 de 200

1

Which of the following is MOST important to achieve proportionality in the protection of enterprise information systems?

Selecciona una de las siguientes respuestas posibles:

  • A. Asset classification

  • B. Risk assessment

  • C. Security architecture

  • D. Configuration management

Explicación

Pregunta 85 de 200

1

For risk management purposes, the value of a physical asset should be based on:

Selecciona una de las siguientes respuestas posibles:

  • A. original cost.

  • B. net cash flow.

  • C. net present value.

  • D. replacement cost.

Explicación

Pregunta 86 de 200

1

Where should a firewall be placed?

Selecciona una de las siguientes respuestas posibles:

  • A. On the web server

  • B. On the intrusion detection system (IDS) server

  • C. On the screened subnet

  • D. On the domain boundary

Explicación

Pregunta 87 de 200

1

Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:

Selecciona una de las siguientes respuestas posibles:

  • A. baseline.

  • B. strategy.

  • C. procedure.

  • D. policy.

Explicación

Pregunta 88 de 200

1

Which of the following is the BEST quantitative indicator of an organization's current risk tolerance?

Selecciona una de las siguientes respuestas posibles:

  • A. The number of incidents and the subsequent mitigation activities

  • B. The number, type and layering of deterrent control technologies

  • C. The extent of risk management requirements in policies and standards

  • D. The ratio of cost to insurance coverage for business interruption protection

Explicación

Pregunta 89 de 200

1

Which of the following tools should a newly hired information security manager review to gain an understanding of how effectively the current set of information security projects is managed?

Selecciona una de las siguientes respuestas posibles:

  • A. A project database

  • B. A project portfolio database

  • C. Policy documents

  • D. A program management office

Explicación

Pregunta 90 de 200

1

Which of the following is the MOST important objective of an information security strategy review?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensuring that risk is identified and mitigated

  • B. Ensuring that information security strategy is aligned with organizational goals

  • C. Maximizing the return on information security investments

  • D. Ensuring the efficient utilization of information security resources

Explicación

Pregunta 91 de 200

1

Management decided that the organization will not achieve compliance with a recently issued set of regulations. Which of the following is the MOST likely reason for the decision?

Selecciona una de las siguientes respuestas posibles:

  • A. The regulations are ambiguous and difficult to interpret.

  • B. Management has a low level of risk tolerance.

  • C. The cost of compliance exceeds the cost of possible sanctions.

  • D. The regulations are inconsistent with the organizational strategy.

Explicación

Pregunta 92 de 200

1

Which of the following reasons is the MOST important to develop a strategy before implementing an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. To justify program development costs

  • B. To integrate development activities

  • C. To gain management support for an information security program

  • D. To comply with international standards

Explicación

Pregunta 93 de 200

1

Why would an organization decide not to take any action on a denial of service (DoS) risk found by the risk assessment team?

Selecciona una de las siguientes respuestas posibles:

  • A. There are sufficient safeguards in place to prevent this risk from happening.

  • B. The needed countermeasures are too complicated to deploy.

  • C. The cost of countermeasures outweighs the value of the asset and potential loss.

  • D. the likelihood of the risk occurring is unknown.

Explicación

Pregunta 94 de 200

1

Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Number of controls implemented

  • B. Percent of control objectives accomplished

  • C. Percent of compliance with the security policy

  • D. Reduction in the number of reported security incidents

Explicación

Pregunta 95 de 200

1

Investments in information security technologies should be based on:

Selecciona una de las siguientes respuestas posibles:

  • A. vulnerability assessments.

  • B. value analysis.

  • C. business climate.

  • D. audit recommendations.

Explicación

Pregunta 96 de 200

1

In controlling information leakage, management should FIRST establish:

Selecciona una de las siguientes respuestas posibles:

  • A. a data leak prevention program.

  • B. user awareness training.

  • C. an information classification process.

  • D. a network intrusion detection system (IDS).

Explicación

Pregunta 97 de 200

1

Which of the following is the BEST indicator that operational risks are effectively managed in an enterprise?

Selecciona una de las siguientes respuestas posibles:

  • A. A tested business continuity/disaster recovery plan (BCP/DRP)

  • B. An increase in timely reporting of incidents by employees

  • C. Extent of risk management education

  • D. Regular review of risks by senior management

Explicación

Pregunta 98 de 200

1

For an organization's information security program to be highly effective, who should have final responsibility for authorizing information system access?

Selecciona una de las siguientes respuestas posibles:

  • A. Information owner

  • B. Security manager

  • C. Chief information officer (CIO)

  • D. System administrator

Explicación

Pregunta 99 de 200

1

In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?

Selecciona una de las siguientes respuestas posibles:

  • A. Copies of critical contracts and service level agreements (SLAs)

  • B. Copies of the business continuity plan

  • C. Key software escrow agreements for the purchased systems

  • D. List of emergency numbers of service providers

Explicación

Pregunta 100 de 200

1

What is the PRIMARY focus of the change control process?

Selecciona una de las siguientes respuestas posibles:

  • A. To ensure that changes are authorized

  • B. To ensure that changes are applied

  • C. To ensure that changes are documented

  • D. To ensure that changes are tested

Explicación

Pregunta 101 de 200

1

The MOST effective technical approach to mitigate the risk of confidential information being disclosed in email attachments is to implement:

Selecciona una de las siguientes respuestas posibles:

  • A. content filtering.

  • B. data classification.

  • C. information security awareness.

  • D. encryption for all attachments.

Explicación

Pregunta 102 de 200

1

What is the MAIN drawback of emailing password-protected zip files across the Internet?

Selecciona una de las siguientes respuestas posibles:

  • A. They all use weak encryption.

  • B. They are decrypted by the firewall.

  • C. They may be quarantined by mail filters.

  • D. They may be corrupted by the receiving mail server.

Explicación

Pregunta 103 de 200

1

When recommending a control to protect corporate applications against structured query language (SQL) injection, the information security manager is MOST likely to suggest:

Selecciona una de las siguientes respuestas posibles:

  • A. hardening of web servers.

  • B. consolidating multiple sites into a single portal.

  • C. coding standards and reviewing code.

  • D. using https in place of http.

Explicación

Pregunta 104 de 200

1

What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?

Selecciona una de las siguientes respuestas posibles:

  • A. Functional requirements are not adequately considered.

  • B. User training programs may be inadequate.

  • C. Budgets allocated to business units are not appropriate.

  • D. Information security plans are not aligned with business requirements.

Explicación

Pregunta 105 de 200

1

Risk acceptance is a component of which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. Risk assessment

  • B. Risk treatment

  • C. Risk evaluation

  • D. Risk monitoring

Explicación

Pregunta 106 de 200

1

The PRIMARY reason for senior management review of information security incidents is to:

Selecciona una de las siguientes respuestas posibles:

  • A. ensure adequate corrective actions were implemented.

  • B. demonstrate management commitment to the information security process.

  • C. evaluate the incident response process for deficiencies.

  • D. evaluate the ability of the security team.

Explicación

Pregunta 107 de 200

1

The value of tangible assets can be BEST determined by which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. The market value minus the book value

  • B. The book value minus the market value

  • C. Adding the totals of the asset classification

  • D. A business impact assessment and analysis

Explicación

Pregunta 108 de 200

1

While governance, risk and compliance (GRC) can be applied to any area of an organization, it is MOST often focused on which of the following areas?

Selecciona una de las siguientes respuestas posibles:

  • A. Operations and marketing

  • B. IT, finance and legal

  • C. Audit, risk and regulations

  • D. Information security and risk

Explicación

Pregunta 109 de 200

1

The MOST important characteristic of good security policies is that they:

Selecciona una de las siguientes respuestas posibles:

  • A. state expectations of IT management.

  • B. state only one general security mandate.

  • C. are aligned with organizational goals.

  • D. govern the creation of procedures and guidelines.

Explicación

Pregunta 110 de 200

1

Which of the following roles would represent a conflict of interest for an information security manager?

Selecciona una de las siguientes respuestas posibles:

  • A. Evaluation of third parties requesting connectivity

  • B. Assessment of the adequacy of disaster recovery plans

  • C. Final approval of information security policies

  • D. Monitoring adherence to physical security controls

Explicación

Pregunta 111 de 200

1

Which two components PRIMARILY must be assessed in an effective risk analysis?

Selecciona una de las siguientes respuestas posibles:

  • A. Visibility and duration

  • B. Likelihood and impact

  • C. Probability and frequency

  • D. Financial impact and duration

Explicación

Pregunta 112 de 200

1

To be effective, risk management should be applied to:

Selecciona una de las siguientes respuestas posibles:

  • A. all organizational activities.

  • B. those elements identified by a risk assessment.

  • C. any area that exceeds acceptable risk levels.

  • D. only those areas that have potential impact.

Explicación

Pregunta 113 de 200

1

Which of the following is the MOST important information to include in an information security standard?

Selecciona una de las siguientes respuestas posibles:

  • A. Creation date

  • B. Author name

  • C. Initial draft approval date

  • D. Last review date

Explicación

Pregunta 114 de 200

1

An appropriate risk treatment method is:

Selecciona una de las siguientes respuestas posibles:

  • A. the method that minimizes risk to the greatest extent.

  • B. based on the organization's risk tolerance.

  • C. an efficient approach to achieve control objectives.

  • D. the method that maximizes risk mitigation.

Explicación

Pregunta 115 de 200

1

Which of the following would raise security awareness among an organization's employees?

Selecciona una de las siguientes respuestas posibles:

  • A. Distributing industry statistics about security incidents

  • B. Monitoring the magnitude of incidents

  • C. Encouraging employees to behave in a more conscious manner

  • D. Continually reinforcing the security policy

Explicación

Pregunta 116 de 200

1

An enterprise is transferring its IT operations to an offshore location. An information security manager should PRIMARILY focus on:

Selecciona una de las siguientes respuestas posibles:

  • A. reviewing new laws and regulations.

  • B. updating operational procedures.

  • C. validating staff qualifications.

  • D. conducting a risk assessment.

Explicación

Pregunta 117 de 200

1

What is the MAIN objective for developing an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. To create the information security policy

  • B. To maximize system uptime

  • C. To develop strong controls

  • D. To implement the strategy

Explicación

Pregunta 118 de 200

1

What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?

Selecciona una de las siguientes respuestas posibles:

  • A. Business impact analyses

  • B. Security gap analyses

  • C. System performance metrics

  • D. Incident response processes

Explicación

Pregunta 119 de 200

1

Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?

Selecciona una de las siguientes respuestas posibles:

  • A. Regular review of access control lists

  • B. Security guard escort of visitors

  • C. Visitor registry log at the door

  • D. A biometric coupled with a PIN

Explicación

Pregunta 120 de 200

1

A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?

Selecciona una de las siguientes respuestas posibles:

  • A. Enable access through a separate device that requires adequate authentication

  • B. Implement manual procedures that require password change after each use

  • C. Request the vendor to add multiple user IDs

  • D. Analyze the logs to detect unauthorized access

Explicación

Pregunta 121 de 200

1

Which of the following is the MOST important element of information asset classification?

Selecciona una de las siguientes respuestas posibles:

  • A. Residual risk

  • B. Separation of duties

  • C. Potential impact

  • D. Need to know

Explicación

Pregunta 122 de 200

1

What is the PRIMARY factor that should be taken into consideration when designing the technical solution for a disaster recovery site?

Selecciona una de las siguientes respuestas posibles:

  • A. Services delivery objective

  • B. Recovery time objective (RTO)

  • C. Recovery window

  • D. Maximum tolerable outage (MTO)

Explicación

Pregunta 123 de 200

1

Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?

Selecciona una de las siguientes respuestas posibles:

  • A. Design

  • B. Implementation

  • C. Application security testing

  • D. Feasibility

Explicación

Pregunta 124 de 200

1

Which of the following types of risk is BEST assessed using quantitative risk assessment techniques?

Selecciona una de las siguientes respuestas posibles:

  • A. Stolen customer data

  • B. An electrical power outage

  • C. A defaced web site

  • D. Loss of the software development team

Explicación

Pregunta 125 de 200

1

An organization has decided to implement governance, risk and compliance (GRC) processes into several critical areas of the enterprise. Which of the following objectives is the MAIN one?

Selecciona una de las siguientes respuestas posibles:

  • A. To reduce governance costs

  • B. To improve risk management

  • C. To harmonize security activities

  • D. To meet or maintain regulatory compliance

Explicación

Pregunta 126 de 200

1

What is the BEST method for mitigating against network denial of service (DoS) attacks?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure all servers are up-to-date on OS patches

  • B. Employ packet filtering to drop suspect packets

  • C. Implement network address translation to make internal addresses nonroutable

  • D. Implement load balancing for Internet facing devices

Explicación

Pregunta 127 de 200

1

While a disaster recovery exercise in the organization's hot site successfully restored all essential services, the test was deemed a failure. Which of the following circumstances would be the MOST likely cause?

Selecciona una de las siguientes respuestas posibles:

  • A. The maximum tolerable outage (MTO) exceeded the acceptable interruption window (AIW).

  • B. The recovery plans specified outdated operating system (OS) versions.

  • C. Some restored systems exceeded service delivery objectives (SDO).

  • D. Aggregate recovery activities exceeded the acceptable interruption window (AIW).

Explicación

Pregunta 128 de 200

1

When implementing regulatory compliance, the PRIMARY controls for defining senior management guidance and intent are:

Selecciona una de las siguientes respuestas posibles:

  • A. guidelines.

  • B. standards.

  • C. policies.

  • D. procedures.

Explicación

Pregunta 129 de 200

1

Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?

Selecciona una de las siguientes respuestas posibles:

  • A. Business continuity coordinator

  • B. Chief operations officer (COO)

  • C. Information security manager

  • D. Internal audit

Explicación

Pregunta 130 de 200

1

Which resource is the most effective in preventing physical access tailgating/piggybacking?

Selecciona una de las siguientes respuestas posibles:

  • A. Card key door locks

  • B. Photo identification

  • C. Awareness training

  • D. Biometric scanners

Explicación

Pregunta 131 de 200

1

Which of the following BEST contributes to the design of data restoration plans?

Selecciona una de las siguientes respuestas posibles:

  • A. Transaction turnaround time

  • B. Mean time between failures (MTBF)

  • C. Service delivery objectives (SDOs)

  • D. The duration of the data restoration job

Explicación

Pregunta 132 de 200

1

Which one of the following types of detection is NECESSARY to mitigate a denial or distributed denial of service (DoS or DDoS) attack?

Selecciona una de las siguientes respuestas posibles:

  • A. Signature-based detection

  • B. Deep packet inspection

  • C. Virus detection

  • D. Anomaly-based detection

Explicación

Pregunta 133 de 200

1

The MOST important reason that statistical anomaly-based intrusion detection systems (stat IDSs) are less commonly used than signature-based IDSs is that stat IDSs:

Selecciona una de las siguientes respuestas posibles:

  • A. create more overhead than signature-based IDSs.

  • B. cause false positives from minor changes to system variables.

  • C. generate false alarms from varying user or system actions.

  • D. cannot detect new types of attacks.

Explicación

Pregunta 134 de 200

1

Which of the following will BEST prevent external security attacks?

Selecciona una de las siguientes respuestas posibles:

  • A. Static IP addressing

  • B. Network address translation

  • C. Background checks for temporary employees

  • D. Securing and analyzing system access logs

Explicación

Pregunta 135 de 200

1

To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:

Selecciona una de las siguientes respuestas posibles:

  • A. revise the information security program.

  • B. evaluate a balanced business scorecard.

  • C. conduct regular user awareness sessions.

  • D. perform penetration tests.

Explicación

Pregunta 136 de 200

1

Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?

Selecciona una de las siguientes respuestas posibles:

  • A. Database administrator (DBA)

  • B. Finance department management

  • C. Information security manager

  • D. IT department management

Explicación

Pregunta 137 de 200

1

The typical requirement for security incidents to be resolved quickly and service restored is:

Selecciona una de las siguientes respuestas posibles:

  • A. always the best option for an enterprise.

  • B. often in conflict with effective problem management.

  • C. the basis for enterprise risk management (ERM) activities.

  • D. a component of forensics training.

Explicación

Pregunta 138 de 200

1

The classification level of an asset must be PRIMARILY based on which of the following choices?

Selecciona una de las siguientes respuestas posibles:

  • A. Criticality and sensitivity

  • B. Likelihood and impact

  • C. Valuation and replacement cost

  • D. Threat vector and exposure

Explicación

Pregunta 139 de 200

1

Which of the following constitutes the MAIN project activities undertaken in developing an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Controls design and deployment

  • B. Security organization development

  • C. Logical and conceptual architecture design

  • D. Development of risk management objectives

Explicación

Pregunta 140 de 200

1

In a forensic investigation, which of the following would be the MOST important factor?

Selecciona una de las siguientes respuestas posibles:

  • A. Operation of a robust incident management process

  • B. Identification of areas of responsibility

  • C. Involvement of law enforcement

  • D. Expertise of resources

Explicación

Pregunta 141 de 200

1

How should an information security manager balance the potentially conflicting requirements of an international organization's security standards with local regulation?

Selecciona una de las siguientes respuestas posibles:

  • A. Give organization standards preference over local regulations

  • B. Follow local regulations only

  • C. Make the organization aware of those standards where local regulations cause conflicts

  • D. Negotiate a local version of the organization standards

Explicación

Pregunta 142 de 200

1

When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?

Selecciona una de las siguientes respuestas posibles:

  • A. Business continuity coordinator

  • B. Information security manager

  • C. Business process owners

  • D. IT management

Explicación

Pregunta 143 de 200

1

Control baselines are MOST directly related to the:

Selecciona una de las siguientes respuestas posibles:

  • A. organization's risk appetite.

  • B. external threat landscape.

  • C. effectiveness of mitigation options.

  • D. vulnerability assessment.

Explicación

Pregunta 144 de 200

1

An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?

Selecciona una de las siguientes respuestas posibles:

  • A. Ethics

  • B. Proportionality

  • C. Integration

  • D. Accountability

Explicación

Pregunta 145 de 200

1

What is the BEST means to standardize security configurations in similar devices?

Selecciona una de las siguientes respuestas posibles:

  • A. Policies

  • B. Procedures

  • C. Technical guides

  • D. Baselines

Explicación

Pregunta 146 de 200

1

What is the BEST tool to define minimum requirements for database security settings?

Selecciona una de las siguientes respuestas posibles:

  • A. Procedures

  • B. Guidelines

  • C. Baselines

  • D. Policies

Explicación

Pregunta 147 de 200

1

Which of the following is the MOST cost-effective approach to achieve strategic alignment?

Selecciona una de las siguientes respuestas posibles:

  • A. Periodically survey management

  • B. Implement a governance framework

  • C. Ensure that controls meet objectives

  • D. Develop an enterprise architecture

Explicación

Pregunta 148 de 200

1

An information security manager has been notified that a server that is utilized within the entire organization has been breached. What is the FIRST step to take?

Selecciona una de las siguientes respuestas posibles:

  • A. Inform management.

  • B. Notify users.

  • C. Isolate the server.

  • D. Verify the information.

Explicación

Pregunta 149 de 200

1

The MOST important reason for aligning information security governance with corporate governance is to:

Selecciona una de las siguientes respuestas posibles:

  • A. maximize the cost-effectiveness of controls.

  • B. demonstrate that information security understands the requirements.

  • C. provide operational consistency.

  • D. minimize the number of regulations required.

Explicación

Pregunta 150 de 200

1

What is the BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk?

Selecciona una de las siguientes respuestas posibles:

  • A. Firewalls

  • B. Bastion hosts

  • C. Decoy files

  • D. Screened subnets

Explicación

Pregunta 151 de 200

1

The PRIMARY concern of an information security manager documenting a formal data retention policy is:

Selecciona una de las siguientes respuestas posibles:

  • A. generally accepted industry best practices.

  • B. business requirements.

  • C. legislative and regulatory requirements.

  • D. storage availability.

Explicación

Pregunta 152 de 200

1

The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:

Selecciona una de las siguientes respuestas posibles:

  • A. service level monitoring.

  • B. penetration testing.

  • C. periodically auditing.

  • D. security awareness training.

Explicación

Pregunta 153 de 200

1

Which of the following devices should be placed within a DMZ?

Selecciona una de las siguientes respuestas posibles:

  • A. Router

  • B. Firewall

  • C. Mail relay

  • D. Authentication server

Explicación

Pregunta 154 de 200

1

Which of the following design options is the lowest cost approach to achieve authentication and data integrity?

Selecciona una de las siguientes respuestas posibles:

  • A. Biometrics coupled with strong encryption

  • B. Challenge response authentication and a secure hash

  • C. Link encryption and hardware tokens

  • D. A public key infrastructure (PKI)

Explicación

Pregunta 155 de 200

1

What is the MOST appropriate IT incident response management approach for an organization that has outsourced its IT and incident management function?

Selecciona una de las siguientes respuestas posibles:

  • A. A tested plan and a team to provide oversight

  • B. An individual to serve as the liaison between the parties

  • C. Clear notification and reporting channels

  • D. A periodic audit of the provider's capabilities

Explicación

Pregunta 156 de 200

1

Serious security incidents typically lead to renewed focus by management on information security that then usually fades over time. What opportunity should the information security manager seize to BEST utilize this renewed focus?

Selecciona una de las siguientes respuestas posibles:

  • A. To improve the integration of business and information security processes

  • B. To increase information security budgets and staffing levels

  • C. To develop tighter controls and stronger compliance efforts

  • D. To acquire better supplemental technical security controls

Explicación

Pregunta 157 de 200

1

A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?

Selecciona una de las siguientes respuestas posibles:

  • A. Access control policy

  • B. Data classification policy

  • C. Encryption standards

  • D. Acceptable use policy

Explicación

Pregunta 158 de 200

1

Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?

Selecciona una de las siguientes respuestas posibles:

  • A. Setting up a backup site

  • B. Maintaining redundant systems

  • C. Aligning with recovery time objectives (RTOs)

  • D. Data backup frequency

Explicación

Pregunta 159 de 200

1

Isolation and containment measures for a compromised computer have been taken and information security management is now investigating. What is the MOST appropriate next step?

Selecciona una de las siguientes respuestas posibles:

  • A. Run a forensics tool on the machine to gather evidence

  • B. Reboot the machine to break remote connections

  • C. Make a copy of the whole system's memory

  • D. Document current connections and open Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports

Explicación

Pregunta 160 de 200

1

Which of the following components is established during the INITIAL steps of developing a risk management program?

Selecciona una de las siguientes respuestas posibles:

  • A. Management acceptance and support

  • B. Information security policies and standards

  • C. A management committee to provide oversight for the program

  • D. The context and purpose of the program

Explicación

Pregunta 161 de 200

1

The PRIMARY objective of continuous monitoring is to:

Selecciona una de las siguientes respuestas posibles:

  • A. minimize the magnitude of impact.

  • B. align the security program with IT goals.

  • C. identify critical information assets.

  • D. reduce the number of policy exceptions.

Explicación

Pregunta 162 de 200

1

What is a reasonable approach to determine control effectiveness?

Selecciona una de las siguientes respuestas posibles:

  • A. Determine whether the control is preventive, detective or corrective.

  • B. Review the control's capability of providing notification of failure.

  • C. Confirm the control's ability to meet intended objectives.

  • D. Assess and quantify the control's reliability.

Explicación

Pregunta 163 de 200

1

A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. Invalid logon attempts

  • B. Write access violations

  • C. Concurrent logons

  • D. Firewall logs

Explicación

Pregunta 164 de 200

1

What is the MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. To ensure the confidentiality of sensitive material

  • B. To provide a high assurance of identity

  • C. To allow deployment of the active directory

  • D. To implement secure sockets layer (SSL) encryption

Explicación

Pregunta 165 de 200

1

After a significant security breach has occurred, what is the MOST important item to report to the chief information officer (CIO)?

Selecciona una de las siguientes respuestas posibles:

  • A. A summary of the security logs that illustrates the sequence of events

  • B. An analysis of the impact of similar attacks at other organizations

  • C. A business case for implementing stronger logical access controls

  • D. The impact of the incident and corrective actions taken

Explicación

Pregunta 166 de 200

1

An organization has to comply with recently published industry regulatory requirements—compliance that potentially has high implementation costs. What should the information security manager do FIRST?

Selecciona una de las siguientes respuestas posibles:

  • A. Implement a security committee.

  • B. Perform a gap analysis.

  • C. Implement compensating controls.

  • D. Demand immediate compliance.

Explicación

Pregunta 167 de 200

1

The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:

Selecciona una de las siguientes respuestas posibles:

  • A. periodically testing the incident response plans.

  • B. regularly testing the intrusion detection system (IDS).

  • C. establishing mandatory training of all personnel.

  • D. periodically reviewing incident response procedures.

Explicación

Pregunta 168 de 200

1

The data access requirements for an application should be determined by the:

Selecciona una de las siguientes respuestas posibles:

  • A. legal department.

  • B. compliance officer.

  • C. information security manager.

  • D. business owner.

Explicación

Pregunta 169 de 200

1

Which of the following is the MOST appropriate use of gap analysis?

Selecciona una de las siguientes respuestas posibles:

  • A. Evaluating a business impact analysis (BIA)

  • B. Developing a balanced business scorecard

  • C. Demonstrating the relationship between controls

  • D. Measuring current state vs. desired future state

Explicación

Pregunta 170 de 200

1

From an information security perspective, which of the following poses the MOST important impact concern in a homogenous network?

Selecciona una de las siguientes respuestas posibles:

  • A. Increased uncertainty

  • B. Single points of failure

  • C. Cascading risk

  • D. Aggregated risk

Explicación

Pregunta 171 de 200

1

The BEST process for assessing an existing risk level is a(n):

Selecciona una de las siguientes respuestas posibles:

  • A. impact analysis.

  • B. security review.

  • C. vulnerability assessment.

  • D. threat analysis.

Explicación

Pregunta 172 de 200

1

Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his/her password reset?

Selecciona una de las siguientes respuestas posibles:

  • A. Performing reviews of password resets

  • B. Conducting security awareness programs

  • C. Increasing the frequency of password changes

  • D. Implementing automatic password syntax checking

Explicación

Pregunta 173 de 200

1

Serious security incidents typically lead to renewed focus on information security by management. To BEST utilize this attention, the information security manager should make the case for:

Selecciona una de las siguientes respuestas posibles:

  • A. improving integration of business and information security processes.

  • B. increasing information security budgets and staffing levels.

  • C. developing tighter controls and stronger compliance efforts.

  • D. acquiring better supplemental technical security controls.

Explicación

Pregunta 174 de 200

1

The MOST important factor in ensuring the success of an information security program is effective:

Selecciona una de las siguientes respuestas posibles:

  • A. communication of information security requirements to all users in the organization.

  • B. formulation of policies and procedures for information security.

  • C. alignment with organizational goals and objectives.

  • D. monitoring compliance with information security policies and procedures.

Explicación

Pregunta 175 de 200

1

Which of the following is MOST important in determining whether a disaster recovery test is successful?

Selecciona una de las siguientes respuestas posibles:

  • A. Only business data files from offsite storage are used

  • B. IT staff fully recovers the processing infrastructure

  • C. Critical business processes are duplicated

  • D. All systems are restored within recovery time objectives (RTOs)

Explicación

Pregunta 176 de 200

1

Which of the following is the MOST useful indicator of control effectiveness?

Selecciona una de las siguientes respuestas posibles:

  • A. The extent to which the control provides defense in depth

  • B. Whether the control fails open or closed

  • C. How often the control has failed

  • D. The extent to which control objectives are achieved

Explicación

Pregunta 177 de 200

1

An information security manager's MOST effective efforts to manage the inherent risk related to a third-party service provider will be the result of:

Selecciona una de las siguientes respuestas posibles:

  • A. limiting organizational exposure.

  • B. a risk assessment and analysis.

  • C. strong service level agreements (SLAs).

  • D. independent audits of third parties.

Explicación

Pregunta 178 de 200

1

What is the PRIMARY objective of conducting information security awareness training for all users?

Selecciona una de las siguientes respuestas posibles:

  • A. To achieve acceptable compliance with the security policy

  • B. To build a common understanding of information security

  • C. To change culture to be more conducive to good security

  • D. To establish communication between management and staff

Explicación

Pregunta 179 de 200

1

What is a PRIMARY advantage of performing a risk assessment on a consistent basis?

Selecciona una de las siguientes respuestas posibles:

  • A. It lowers costs of assessing risk.

  • B. It provides evidence of attestation.

  • C. It is a necessary part of third-party audits.

  • D. It provides trends in the evolving risk profile.

Explicación

Pregunta 180 de 200

1

Which of the following is the BEST way to confirm that disaster recovery planning is current?

Selecciona una de las siguientes respuestas posibles:

  • A. Audits of the business process changes

  • B. Maintenance of the latest configurations

  • C. Regular testing of the disaster recovery plan (DRP)

  • D. Maintenance of the personnel contact list

Explicación

Pregunta 181 de 200

1

Which of the following would be MOST appropriate for collecting and preserving evidence?

Selecciona una de las siguientes respuestas posibles:

  • A. Encrypted hard drives

  • B. Generic audit software

  • C. Proven forensic processes

  • D. Log correlation software

Explicación

Pregunta 182 de 200

1

A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:

Selecciona una de las siguientes respuestas posibles:

  • A. meet with stakeholders to decide how to comply.

  • B. analyze key risks in the compliance process.

  • C. assess whether existing controls meet the regulation.

  • D. update the existing security/privacy policy.

Explicación

Pregunta 183 de 200

1

Which of the following will require the MOST effort when supporting an operational information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Reviewing and modifying procedures

  • B. Modifying policies to address changing technologies

  • C. Writing additional policies to address new regulations

  • D. Drafting standards to address regional differences

Explicación

Pregunta 184 de 200

1

If an organization has a requirement for continuous operations, which of the following approaches would be BEST to test response and recovery?

Selecciona una de las siguientes respuestas posibles:

  • A. A full interruption test

  • B. A simulation test

  • C. A parallel test

  • D. A structured walk-through

Explicación

Pregunta 185 de 200

1

An information security manager must understand the relationship between information security and business operations in order to:

Selecciona una de las siguientes respuestas posibles:

  • A. support organizational objectives.

  • B. determine likely areas of noncompliance.

  • C. assess the possible impacts of compromise.

  • D. understand the threats to the business.

Explicación

Pregunta 186 de 200

1

A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BEST approach of the information security manager?

Selecciona una de las siguientes respuestas posibles:

  • A. Acceptance of the business manager's decision on the risk to the corporation

  • B. Acceptance of the information security manager's decision on the risk to the corporation

  • C. Review of the assessment with executive management for final input

  • D. A new risk assessment and BIA are needed to resolve the disagreement

Explicación

Pregunta 187 de 200

1

Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation?

Selecciona una de las siguientes respuestas posibles:

  • A. The tape was removed into the custody of law enforcement investigators.

  • B. The tape was kept in the tape library pending further analysis.

  • C. The tape was sealed in a signed envelope and locked in a safe under dual control.

  • D. The tape was handed over to authorized independent investigators.

Explicación

Pregunta 188 de 200

1

Which of the following would be the FIRST step when developing a business case for an information security investment?

Selecciona una de las siguientes respuestas posibles:

  • A. Defining the objectives

  • B. Calculating the cost

  • C. Defining the need

  • D. Analyzing the cost-effectiveness

Explicación

Pregunta 189 de 200

1

An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:

Selecciona una de las siguientes respuestas posibles:

  • A. assess the likelihood of incidents from the reported cause.

  • B. discontinue the use of the vulnerable technology.

  • C. report to senior management that the organization is not affected.

  • D. remind staff that no similar security breaches have taken place.

Explicación

Pregunta 190 de 200

1

The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:

Selecciona una de las siguientes respuestas posibles:

  • A. storage capacity and shelf life.

  • B. regulatory and legal requirements.

  • C. business strategy and direction.

  • D. application systems and media.

Explicación

Pregunta 191 de 200

1

In a large organization, effective management of security incidents will be MOST dependent on:

Selecciona una de las siguientes respuestas posibles:

  • A. clear policies detailing incident severity levels.

  • B. broadly dispersed intrusion detection capabilities.

  • C. training employees to recognize security incidents.

  • D. effective communication and reporting processes.

Explicación

Pregunta 192 de 200

1

Which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations?

Selecciona una de las siguientes respuestas posibles:

  • A. Systems operation guidelines are not enforced

  • B. Change management procedures are poor

  • C. Systems development is outsourced

  • D. Systems capacity management is not performed

Explicación

Pregunta 193 de 200

1

When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:

Selecciona una de las siguientes respuestas posibles:

  • A. calculating the risk.

  • B. enforcing the security standard.

  • C. redesigning the system change.

  • D. implementing mitigating controls.

Explicación

Pregunta 194 de 200

1

Which of the following will be MOST important in calculating accurate return on investment (ROI) in information security?

Selecciona una de las siguientes respuestas posibles:

  • A. Excluding qualitative risks for accuracy in calculated figures

  • B. Establishing processes to ensure cost reductions

  • C. Measuring monetary values in a consistent manner

  • D. Treating security investment as a profit center

Explicación

Pregunta 195 de 200

1

Which of the following is MOST important in the development of information security policies?

Selecciona una de las siguientes respuestas posibles:

  • A. Adopting an established framework

  • B. Using modular design for easier maintenance

  • C. Using prevailing industry standards

  • D. Gathering stakeholder requirements

Explicación

Pregunta 196 de 200

1

What is the goal of risk aggregation?

Selecciona una de las siguientes respuestas posibles:

  • A. To combine homogenous elements to reduce overall risk

  • B. To influence the organization's risk acceptance methodologies

  • C. To group individual acceptable risk events for simplified risk reporting

  • D. To identify significant overall risk from a single threat vector

Explicación

Pregunta 197 de 200

1

An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:

Selecciona una de las siguientes respuestas posibles:

  • A. mitigate the impact by purchasing insurance.

  • B. implement a circuit-level firewall to protect the network.

  • C. increase the resiliency of security measures in place.

  • D. implement a real-time intrusion detection system.

Explicación

Pregunta 198 de 200

1

During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. What is the FIRST step the security manager should perform?

Selecciona una de las siguientes respuestas posibles:

  • A. Copy sample files as evidence.

  • B. Remove access privileges to the folder containing the data.

  • C. Report this situation to the data owner.

  • D. Train the HR team on properly controlling file permissions.

Explicación

Pregunta 199 de 200

1

Which of the following application systems should have the shortest recovery time objective (RTO)?

Selecciona una de las siguientes respuestas posibles:

  • A. Contractor payroll

  • B. Change management

  • C. E-commerce web site

  • D. Fixed asset system

Explicación

Pregunta 200 de 200

1

The PRIMARY reason for classifying information resources according to sensitivity and criticality is to:

Selecciona una de las siguientes respuestas posibles:

  • A. determine inclusion of the information resource in the information security program.

  • B. define the appropriate level of access controls.

  • C. justify the costs of each information resource.

  • D. determine the overall budget of the information security program.

Explicación