Which of the following is the FIRST step to establishing an effective information security program?
Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?
Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?
When investigating an information security incident, details of the incident should be shared:
What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?
An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
Which of the following parties should be responsible for determining access levels to an application that processes client information?
An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?
Which of the following is the BEST indicator of an organization's information security status?
An anomaly-based intrusion detection system (IDS) operates by gathering data on:
Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?
Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
Which of the following documents should contain the INITIAL prioritization of recovery of services?
A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?
Which of the following is the BEST method to ensure compliance with password standards?
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Prior to conducting a forensic examination, an information security manager should:
When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:
Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?
Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?
When deciding to move to a cloud-based model, the FIRST consideration should be:
An information security manager developing an incident response plan MUST ensure it includes:
The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:
Which of the following is MOST important to include in a post-incident review following a data breach?
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Which of the following should be given the HIGHEST priority during an information security post-incident review?
Which of the following is the BEST approach for governing noncompliance with security requirements?
Which of the following should be the PRIMARY objective of an information security governance framework?
Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
Which of the following is the BEST way to obtain support for a new organization-wide information security program?
During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?
Which of the following is the MOST important detail to capture in an organization's risk register?
Which of the following is the BEST evidence of alignment between corporate and information security governance?
When developing an asset classification program, which of the following steps should be completed FIRST?
Which of the following would BEST help to ensure appropriate security controls are built into software?
Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?
Implementing the principle of least privilege PRIMARILY requires the identification of:
Which of the following should be the MOST important consideration of business continuity management?