Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

CISM Certified Information Security Manager Questions and Answers

Questions 4

Network isolation techniques are immediately implemented after a security breach to:

Options:

A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Buy Now
Questions 5

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Buy Now
Questions 6

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Options:

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Buy Now
Questions 7

Which of the following is a desired outcome of information security governance?

Options:

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Buy Now
Questions 8

Which of the following is MOST important when conducting a forensic investigation?

Options:

A.

Analyzing system memory

B.

Documenting analysis steps

C.

Capturing full system images

D.

Maintaining a chain of custody

Buy Now
Questions 9

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Buy Now
Questions 10

An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?

Options:

A.

Instruct IT to deploy controls based on urgent business needs.

B.

Present a business case for additional controls to senior management.

C.

Solicit bids for compensating control products.

D.

Recommend a different application.

Buy Now
Questions 11

Which of the following BEST indicates that information assets are classified accurately?

Options:

A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Buy Now
Questions 12

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Options:

A.

Execute a risk treatment plan.

B.

Review contracts and statements of work (SOWs) with vendors.

C.

Implement data regionalization controls.

D.

Determine current and desired state of controls.

Buy Now
Questions 13

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Buy Now
Questions 14

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Buy Now
Questions 15

Which risk is introduced when using only sanitized data for the testing of applications?

Options:

A.

Data loss may occur during the testing phase.

B.

Data disclosure may occur during the migration event

C.

Unexpected outcomes may arise in production

D.

Breaches of compliance obligations will occur.

Buy Now
Questions 16

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Options:

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Buy Now
Questions 17

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Options:

A.

Metrics to drive the information security program

B.

Information security policies

C.

A defined security organizational structure

D.

An information security strategy

Buy Now
Questions 18

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

Options:

A.

change activities are documented.

B.

the rationale for acceptance is periodically reviewed.

C.

the acceptance is aligned with business strategy.

D.

compliance with the risk acceptance framework.

Buy Now
Questions 19

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.

Increase the frequency of system backups.

B.

Review the mitigating security controls.

C.

Notify staff members of the threat.

D.

Assess the risk to the organization.

Buy Now
Questions 20

Which of the following is PRIMARILY determined by asset classification?

Options:

A.

Insurance coverage required for assets

B.

Level of protection required for assets

C.

Priority for asset replacement

D.

Replacement cost of assets

Buy Now
Questions 21

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Options:

A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Buy Now
Questions 22

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Buy Now
Questions 23

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Options:

A.

Refer the issue to internal audit for a recommendation.

B.

Re-classify the data and increase the security level to meet business risk.

C.

Instruct the relevant system owners to reclassify the data.

D.

Complete a risk assessment and refer the results to the data owners.

Buy Now
Questions 24

The fundamental purpose of establishing security metrics is to:

Options:

A.

increase return on investment (ROI)

B.

provide feedback on control effectiveness

C.

adopt security best practices

D.

establish security benchmarks

Buy Now
Questions 25

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

Options:

A.

Decrease in the number of security incidents

B.

Increase in the frequency of security incident escalations

C.

Reduction in the impact of security incidents

D.

Increase in the number of reported security incidents

Buy Now
Questions 26

Prior to conducting a forensic examination, an information security manager should:

Options:

A.

boot the original hard disk on a clean system.

B.

create an image of the original data on new media.

C.

duplicate data from the backup media.

D.

shut down and relocate the server.

Buy Now
Questions 27

Which of the following BEST enables an organization to transform its culture to support information security?

Options:

A.

Periodic compliance audits

B.

Strong management support

C.

Robust technical security controls

D.

Incentives for security incident reporting

Buy Now
Questions 28

Relationships between critical systems are BEST understood by

Options:

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Buy Now
Questions 29

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Buy Now
Questions 30

A balanced scorecard MOST effectively enables information security:

Options:

A.

risk management

B.

project management

C.

governance

D.

performance

Buy Now
Questions 31

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Buy Now
Questions 32

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Options:

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Buy Now
Questions 33

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Options:

A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Buy Now
Questions 34

Which of the following should be the PRIMARY basis for an information security strategy?

Options:

A.

The organization's vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Buy Now
Questions 35

Implementing the principle of least privilege PRIMARILY requires the identification of:

Options:

A.

job duties

B.

data owners

C.

primary risk factors.

D.

authentication controls

Buy Now
Questions 36

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Options:

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Buy Now
Questions 37

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Options:

A.

Develop the test plan.

B.

Analyze the business impact.

C.

Define response team roles.

D.

Identify recovery time objectives (RTOs).

Buy Now
Questions 38

An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?

Options:

A.

Conduct user awareness training within the IT function.

B.

Propose that IT update information security policies and procedures.

C.

Determine the risk related to noncompliance with the policy.

D.

Request that internal audit conduct a review of the policy development process,

Buy Now
Questions 39

The MOST important reason for having an information security manager serve on the change management committee is to:

Options:

A.

identify changes to the information security policy.

B.

ensure that changes are tested.

C.

ensure changes are properly documented.

D.

advise on change-related risk.

Buy Now
Questions 40

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Buy Now
Questions 41

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Options:

A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Buy Now
Questions 42

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.

B.

Run the application from a high-privileged account on a test system.

C.

Perform security code reviews on the entire application.

D.

Monitor Internet traffic for sensitive information leakage.

Buy Now
Questions 43

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:

A.

notify the business process owner.

B.

follow the business continuity plan (BCP).

C.

conduct an incident forensic analysis.

D.

follow the incident response plan.

Buy Now
Questions 44

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Options:

A.

Cost of replacing the asset

B.

Cost of additional mitigation

C.

Annual loss expectancy (ALE)

D.

Annual rate of occurrence

Buy Now
Questions 45

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Buy Now
Questions 46

Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

Options:

A.

Follow the escalation process.

B.

Identify the indicators of compromise.

C.

Notify law enforcement.

D.

Contact forensic investigators.

Buy Now
Questions 47

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Options:

A.

The information security team is aware of business goals.

B.

The board is regularly informed of information security key performance indicators (KPIs),

C.

The information security steering committee is composed of business leaders.

D.

A cost-benefit analysis is conducted on all information security initiatives.

Buy Now
Questions 48

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Buy Now
Questions 49

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Options:

A.

Involving information security at each stage of project management

B.

Identifying responsibilities during the project business case analysis

C.

Creating a data classification framework and providing it to stakeholders

D.

Providing stakeholders with minimum information security requirements

Buy Now
Questions 50

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Buy Now
Questions 51

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Options:

A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Buy Now
Questions 52

Which of the following is the BEST evidence of alignment between corporate and information security governance?

Options:

A.

Security key performance indicators (KPIs)

B.

Project resource optimization

C.

Regular security policy reviews

D.

Senior management sponsorship

Buy Now
Questions 53

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Buy Now
Questions 54

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Buy Now
Questions 55

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Options:

A.

A capability and maturity assessment

B.

Detailed analysis of security program KPIs

C.

An information security dashboard

D.

An information security risk register

Buy Now
Questions 56

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Options:

A.

Formalizing a security strategy and program

B.

Developing an awareness program for staff

C.

Ensuring current documentation of security processes

D.

Establishing processes within the security operations team

Buy Now
Questions 57

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Options:

A.

Management's business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Buy Now
Questions 58

Which of the following parties should be responsible for determining access levels to an application that processes client information?

Options:

A.

The business client

B.

The information security tear

C.

The identity and access management team

D.

Business unit management

Buy Now
Questions 59

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Buy Now
Questions 60

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

Options:

A.

Red team exercise

B.

Black box penetration test

C.

Disaster recovery exercise

D.

Tabletop exercise

Buy Now
Questions 61

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Buy Now
Questions 62

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

Options:

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Buy Now
Questions 63

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:

Options:

A.

evaluate results of the most recent incident response test.

B.

review the number of reported security incidents.

C.

ensure established security metrics are reported.

D.

assess progress of risk mitigation efforts.

Buy Now
Questions 64

Which of the following BEST ensures information security governance is aligned with corporate governance?

Options:

A.

A security steering committee including IT representation

B.

A consistent risk management approach

C.

An information security risk register

D.

Integration of security reporting into corporate reporting

Buy Now
Questions 65

The effectiveness of an information security governance framework will BEST be enhanced if:

Options:

A.

consultants review the information security governance framework.

B.

a culture of legal and regulatory compliance is promoted by management.

C.

risk management is built into operational and strategic activities.

D.

IS auditors are empowered to evaluate governance activities

Buy Now
Questions 66

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Buy Now
Questions 67

Of the following, who is in the BEST position to evaluate business impacts?

Options:

A.

Senior management

B.

Information security manager

C.

IT manager

D.

Process manager

Buy Now
Questions 68

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Buy Now
Questions 69

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Options:

A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Buy Now
Questions 70

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

Options:

A.

Members have knowledge of information security controls.

B.

Members are business risk owners.

C.

Members are rotated periodically.

D.

Members represent functions across the organization.

Buy Now
Questions 71

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Buy Now
Questions 72

Which of the following will result in the MOST accurate controls assessment?

Options:

A.

Mature change management processes

B.

Senior management support

C.

Well-defined security policies

D.

Unannounced testing

Buy Now
Questions 73

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Options:

A.

incident has been confirmed.

B.

incident has been contained.

C.

potential incident has been logged.

D.

incident has been mitigated.

Buy Now
Questions 74

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)

B.

Infrastructure as a Service (laaS)

C.

Platform as a Service (PaaS)

D.

Software as a Service (SaaS)

Buy Now
Questions 75

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:

A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Buy Now
Questions 76

Who is BEST suited to determine how the information in a database should be classified?

Options:

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Buy Now
Questions 77

Which of the following is the PRIMARY reason for granting a security exception?

Options:

A.

The risk is justified by the cost to the business.

B.

The risk is justified by the benefit to security.

C.

The risk is justified by the cost to security.

D.

The risk is justified by the benefit to the business.

Buy Now
Questions 78

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Options:

A.

Including service level agreements (SLAs) in vendor contracts

B.

Establishing communication paths with vendors

C.

Requiring security awareness training for vendor staff

D.

Performing integration testing with vendor systems

Buy Now
Questions 79

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Options:

A.

the chief risk officer (CRO).

B.

business senior management.

C.

the information security manager.

D.

the compliance officer.

Buy Now
Questions 80

Which of the following is MOST critical when creating an incident response plan?

Options:

A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Documenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Buy Now
Questions 81

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Options:

A.

reduces unauthorized access to systems.

B.

promotes efficiency in control of the environment.

C.

prevents inconsistencies in information in the distributed environment.

D.

allows administrative staff to make management decisions.

Buy Now
Questions 82

When investigating an information security incident, details of the incident should be shared:

Options:

A.

widely to demonstrate positive intent.

B.

only with management.

C.

only as needed,

D.

only with internal audit.

Buy Now
Questions 83

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Options:

A.

Compromise of critical assets via third-party resources

B.

Unavailability of services provided by a supplier

C.

Loss of customers due to unavailability of products

D.

Unreliable delivery of hardware and software resources by a supplier

Buy Now
Questions 84

Penetration testing is MOST appropriate when a:

Options:

A.

new system is about to go live.

B.

new system is being designed.

C.

security policy is being developed.

D.

security incident has occurred,

Buy Now
Questions 85

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Options:

A.

Risk levels may be elevated beyond acceptable limits.

B.

Security audits may report more high-risk findings.

C.

The compensating controls may not be cost efficient.

D.

Noncompliance with industry best practices may result.

Buy Now
Questions 86

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Options:

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Buy Now
Questions 87

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Options:

A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Buy Now
Questions 88

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Buy Now
Questions 89

When deciding to move to a cloud-based model, the FIRST consideration should be:

Options:

A.

storage in a shared environment.

B.

availability of the data.

C.

data classification.

D.

physical location of the data.

Buy Now
Questions 90

Which of the following is MOST effective in monitoring an organization's existing risk?

Options:

A.

Periodic updates to risk register

B.

Risk management dashboards

C.

Security information and event management (SIEM) systems

D.

Vulnerability assessment results

Buy Now
Questions 91

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Options:

A.

Documentation of control procedures

B.

Standardization of compliance requirements

C.

Automation of controls

D.

Integration of assurance efforts

Buy Now
Questions 92

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

Options:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Buy Now
Questions 93

Which of the following is MOST important for building 4 robust information security culture within an organization?

Options:

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Buy Now
Questions 94

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Buy Now
Questions 95

Which of the following activities MUST be performed by an information security manager for change requests?

Options:

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Buy Now
Questions 96

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Options:

A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Buy Now
Questions 97

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Options:

A.

The benefit is greater than the potential risk.

B.

USB storage devices are enabled based on user roles.

C.

Users accept the risk of noncompliance.

D.

Access is restricted to read-only.

Buy Now
Questions 98

Which of the following documents should contain the INITIAL prioritization of recovery of services?

Options:

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Buy Now
Questions 99

Which of the following is a PRIMARY benefit of managed security solutions?

Options:

A.

Wider range of capabilities

B.

Easier implementation across an organization

C.

Greater ability to focus on core business operations

D.

Lower cost of operations

Buy Now
Questions 100

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Options:

A.

Providing training from third-party forensics firms

B.

Obtaining industry certifications for the response team

C.

Conducting tabletop exercises appropriate for the organization

D.

Documenting multiple scenarios for the organization and response steps

Buy Now
Questions 101

Which of the following is the PRIMARY objective of incident triage?

Options:

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Buy Now
Questions 102

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Options:

A.

Requiring challenge/response information

B.

Requiring multi factor authentication

C.

Enforcing frequent password changes

D.

Enforcing complex password formats

Buy Now
Questions 103

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Options:

A.

It transfers the risk associated with recovery to a third party.

B.

It lowers the annual cost to the business.

C.

It eliminates the need to maintain offsite facilities.

D.

It eliminates the need for the business to perform testing.

Buy Now
Questions 104

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Options:

A.

developing a security program that meets global and regional requirements.

B.

ensuring effective communication with local regulatory bodies.

C.

using industry best practice to meet local legal regulatory requirements.

D.

monitoring compliance with defined security policies and standards.

Buy Now
Questions 105

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Buy Now
Questions 106

Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

Options:

A.

IT system clocks are not synchronized with the centralized logging server.

B.

Operating systems are no longer supported by the vendor.

C.

The patch management system does not deploy patches in a timely manner.

D.

An organization has a decentralized data center that uses cloud services.

Buy Now
Questions 107

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Options:

A.

results of exit interviews.

B.

previous training sessions.

C.

examples of help desk requests.

D.

responses to security questionnaires.

Buy Now
Questions 108

When collecting admissible evidence, which of the following is the MOST important requirement?

Options:

A.

Need to know

B.

Preserving audit logs

C.

Due diligence

D.

Chain of custody

Buy Now
Questions 109

Recovery time objectives (RTOs) are BEST determined by:

Options:

A.

business managers

B.

business continuity officers

C.

executive management

D.

database administrators (DBAs).

Buy Now
Questions 110

An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Options:

A.

Conduct an information security audit.

B.

Validate the relevance of the information.

C.

Perform a gap analysis.

D.

Inform senior management

Buy Now
Questions 111

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:

A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset's value is critical to risk management.

D.

The responsibility for security rests with all employees.

Buy Now
Questions 112

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Options:

A.

Host patching

B.

Penetration testing

C.

Infrastructure hardening

D.

Data classification

Buy Now
Questions 113

Which of the following is the BEST justification for making a revision to a password policy?

Options:

A.

Industry best practice

B.

A risk assessment

C.

Audit recommendation

D.

Vendor recommendation

Buy Now
Questions 114

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

Options:

A.

Clearer segregation of duties

B.

Increased user productivity

C.

Increased accountability

D.

Fewer security incidents

Buy Now
Questions 115

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

Options:

A.

rely on senior management to enforce security.

B.

promote the relevance and contribution of security.

C.

focus on compliance.

D.

reiterate the necessity of security.

Buy Now
Questions 116

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Buy Now
Questions 117

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Options:

A.

Impact on information security program

B.

Cost of controls

C.

Impact to business function

D.

Cost to replace

Buy Now
Questions 118

Which of the following should be the PRIMARY objective of an information security governance framework?

Options:

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization's information security policies.

Buy Now
Questions 119

Labeling information according to its security classification:

Options:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Buy Now
Questions 120

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Buy Now
Questions 121

Which of the following has the GREATEST influence on an organization's information security strategy?

Options:

A.

The organization's risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Buy Now
Questions 122

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

Options:

A.

Business impact analysis (BIA) results

B.

Key performance indicators (KPIs)

C.

Recovery procedures

D.

Systems inventory

Buy Now
Questions 123

Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Options:

A.

Key performance indicators (KPIs)

B.

Balanced scorecard

C.

Business impact analysis (BIA)

D.

Risk profile

Buy Now
Questions 124

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:

A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Buy Now
Questions 125

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Options:

A.

Patch management files

B.

Network system logs

C.

Configuration management files

D.

Intrusion detection system (IDS) logs

Buy Now
Questions 126

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

Options:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Buy Now
Questions 127

An organization's quality process can BEST support security management by providing:

Options:

A.

security configuration controls.

B.

assurance that security requirements are met.

C.

guidance for security strategy.

D.

a repository for security systems documentation.

Buy Now
Questions 128

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

Options:

A.

Inform senior management

B.

Re-evaluate the risk

C.

Implement compensating controls

D.

Ask the business owner for the new remediation plan

Buy Now
Questions 129

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Options:

A.

Purchase cyber insurance

B.

Encrypt sensitive production data

C.

Perform Integrity checks on backups

D.

Maintain multiple offline backups

Buy Now
Questions 130

Which of the following is the MOST important detail to capture in an organization's risk register?

Options:

A.

Risk appetite

B.

Risk severity level

C.

Risk acceptance criteria

D.

Risk ownership

Buy Now
Questions 131

Which of the following BEST determines the allocation of resources during a security incident response?

Options:

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Buy Now
Questions 132

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Options:

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Buy Now
Questions 133

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.

Which of the following would provide the MOST useful information for planning purposes? »

Options:

A.

Results from a business impact analysis (BIA)

B.

Deadlines and penalties for noncompliance

C.

Results from a gap analysis

D.

An inventory of security controls currently in place

Buy Now
Questions 134

Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?

Options:

A.

Consult with IT staff and assess the risk based on their recommendations

B.

Update the security policy based on the regulatory requirements

C.

Propose relevant controls to ensure the business complies with the regulation

D.

Identify and assess the risk in the context of business objectives

Buy Now
Questions 135

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Buy Now
Questions 136

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Buy Now
Questions 137

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Options:

A.

Incorporate policy statements derived from third-party standards and benchmarks.

B.

Adhere to a unique corporate privacy and security standard

C.

Establish baseline standards for all locations and add supplemental standards as required

D.

Require that all locations comply with a generally accepted set of industry

Buy Now
Questions 138

Which of the following has the MOST influence on the inherent risk of an information asset?

Options:

A.

Risk tolerance

B.

Net present value (NPV)

C.

Return on investment (ROI)

D.

Business criticality

Buy Now
Questions 139

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Options:

A.

Embedding compliance requirements within operational processes

B.

Engaging external experts to provide guidance on changes in compliance requirements

C.

Performing periodic audits for compliance with legal and regulatory requirements

D.

Assigning the operations manager accountability for meeting compliance requirements

Buy Now
Questions 140

Which of the following defines the triggers within a business continuity plan (BCP)? @

Options:

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Buy Now
Questions 141

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

Options:

A.

Adopt the cloud provider's incident response procedures.

B.

Transfer responsibility for incident response to the cloud provider.

C.

Continue using the existing incident response procedures.

D.

Revise incident response procedures to encompass the cloud environment.

Buy Now
Questions 142

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Options:

A.

Document risk acceptances.

B.

Revise the organization's security policy.

C.

Assess the consequences of noncompliance.

D.

Conduct an information security audit.

Buy Now
Questions 143

A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

Options:

A.

the risk assessment has not defined the likelihood of occurrence

B.

the reported vulnerability has not been validated

C.

executive management is not aware of the impact potential

D.

the cost of implementing controls exceeds the potential financial losses.

Buy Now
Questions 144

Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?

Options:

A.

Containment

B.

Recovery

C.

Eradication

D.

Identification

Buy Now
Questions 145

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Options:

A.

Require remote wipe capabilities for devices.

B.

Conduct security awareness training.

C.

Review and update existing security policies.

D.

Enforce passwords and data encryption on the devices.

Buy Now
Questions 146

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

Options:

A.

Multi-factor authentication (MFA) system

B.

Identity and access management (IAM) system

C.

Privileged access management (PAM) system

D.

Governance, risk, and compliance (GRC) system

Buy Now
Questions 147

Reevaluation of risk is MOST critical when there is:

Options:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Buy Now
Questions 148

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Options:

A.

Preventive

B.

Corrective

C.

Detective

D.

Deterrent

Buy Now
Questions 149

Which of the following is an example of risk mitigation?

Options:

A.

Purchasing insurance

B.

Discontinuing the activity associated with the risk

C.

Improving security controls

D.

Performing a cost-benefit analysis

Buy Now
Questions 150

Which of the following is the BEST indication of information security strategy alignment with the “&

Options:

A.

Percentage of information security incidents resolved within defined service level agreements (SLAs)

B.

Percentage of corporate budget allocated to information security initiatives

C.

Number of business executives who have attended information security awareness sessions

D.

Number of business objectives directly supported by information security initiatives

Buy Now
Questions 151

Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

Options:

A.

Security metrics

B.

Security baselines

C.

Security incident details

D.

Security risk exposure

Buy Now
Questions 152

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Options:

A.

Poor documentation of results and lessons learned

B.

Lack of communication to affected users

C.

Disruption to the production environment

D.

Lack of coordination among departments

Buy Now
Questions 153

Which of the following is the MOST effective way to prevent information security incidents?

Options:

A.

Implementing a security information and event management (SIEM) tool

B.

Implementing a security awareness training program for employees

C.

Deploying a consistent incident response approach

D.

Deploying intrusion detection tools in the network environment

Buy Now
Questions 154

An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Options:

A.

Store disaster recovery documentation in a public cloud.

B.

Maintain an outsourced contact center in another country.

C.

Require disaster recovery documentation be stored with all key decision makers.

D.

Provide annual disaster recovery training to appropriate staff.

Buy Now
Questions 155

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Buy Now
Questions 156

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:

A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Buy Now
Questions 157

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Options:

A.

Maintaining a repository base of security policies

B.

Measuring impact of exploits on business processes

C.

Facilitating the monitoring of risk occurrences

D.

Redirecting event logs to an alternate location for business continuity plan

Buy Now
Questions 158

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:

A.

Storing the plan at an offsite location

B.

Communicating the plan to all stakeholders

C.

Updating the plan periodically

D.

Conducting a walk-through of the plan

Buy Now
Questions 159

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

Options:

A.

To ensure separation of duties is maintained

B.

To ensure system audit trails are not bypassed

C.

To prevent accountability issues

D.

To prevent unauthorized user access

Buy Now
Questions 160

Which of the following is MOST important when designing security controls for new cloud-based services?

Options:

A.

Evaluating different types of deployment models according to the associated risks

B.

Understanding the business and IT strategy for moving resources to the cloud

C.

Defining an incident response policy to protect data moving between onsite and cloud applications

D.

Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies

Buy Now
Questions 161

Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident notification plan

C.

Risk response scenarios

D.

Security procedures

Buy Now
Questions 162

The MOST important information for influencing management’s support of information security is:

Options:

A.

an demonstration of alignment with the business strategy.

B.

An identification of the overall threat landscape.

C.

A report of a successful attack on a competitor.

D.

An identification of organizational risks.

Buy Now
Questions 163

Following an employee security awareness training program, what should be the expected outcome?

Options:

A.

A decrease in the number of viruses detected in incoming emails

B.

A decrease in reported social engineering attacks

C.

An increase in reported social engineering attempts

D.

An increase in user-reported false positive incidents

Buy Now
Questions 164

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

Options:

A.

Escalation processes

B.

Recovery time objective (RTO)

C.

Security audit reports

D.

Technological capabilities

Buy Now
Questions 165

An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?

Options:

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Buy Now
Questions 166

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

Options:

A.

Control matrix

B.

Business impact analysis (BIA)

C.

Risk register

D.

Information security policy

Buy Now
Questions 167

Identifying which of the following BEST enables a cyberattack to be contained?

Options:

A.

The vulnerability exploited by the attack

B.

The segment targeted by the attack

C.

The IP address of the computer that launched the attack

D.

The threat actor that initiated the attack

Buy Now
Questions 168

Which of the following should be the FIRST step when performing triage of a malware incident?

Options:

A.

Containing the affected system

B.

Preserving the forensic image

C.

Comparing backup against production

D.

Removing the malware

Buy Now
Questions 169

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

Options:

A.

An increase in the number of identified security incidents

B.

A decrease in the number of security audit findings

C.

A decrease in the number of security policy exceptions

D.

An increase in the number of compliant business processes

Buy Now
Questions 170

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Options:

A.

Maturity of the security policy

B.

Clarity of security roles and responsibilities

C.

Corporate culture

D.

Corporate risk framework

Buy Now
Questions 171

During which phase of an incident response plan is the root cause determined?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Eradication

Buy Now
Questions 172

A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager's PRIMARY focus in this situation?

Options:

A.

Establishing a strong ongoing risk monitoring process

B.

Presenting the risk profile for approval by the risk owner

C.

Conducting an independent review of risk responses

D.

Updating the information security standards to include the accepted risk

Buy Now
Questions 173

Which of the following is the BEST course of action when an information security manager identifies that systems are vulnerable to emerging threats?

Options:

A.

Frequently update systems and monitor the threat landscape.

B.

Monitor the network containing the affected systems for malicious traffic.

C.

Increase awareness of the threats among employees who work with the systems.

D.

Notify senior management and key stakeholders of the threats.

Buy Now
Questions 174

Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?

Options:

A.

Record and close security incident tickets.

B.

Test and verify that compromisedsystems are clean.

C.

Document recovery steps for senior management reporting.

D.

Capture and preserve forensic images of affected systems.

Buy Now
Questions 175

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Options:

A.

Industry benchmarks

B.

Security training test results

C.

Performance measures for existing controls

D.

Number of false positives

Buy Now
Questions 176

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

Options:

A.

Ensure security is involved in the procurement process.

B.

Review the third-party contract with the organization's legal department.

C.

Conduct an information security audit on the third-party vendor.

D.

Communicate security policy with the third-party vendor.

Buy Now
Questions 177

An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Reinforce security awareness practices for end users.

B.

Temporarily outsource the email system to a cloud provider.

C.

Develop a business case to replace the system.

D.

Monitor outgoing traffic on the firewall.

Buy Now
Questions 178

An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Options:

A.

Wipe the affected system.

B.

Notify internal legal counsel.

C.

Notify senior management.

D.

Isolate the impacted endpoints.

Buy Now
Questions 179

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Options:

A.

Integrity

B.

Authenticity

C.

Confidentiality

D.

Nonrepudiation

Buy Now
Questions 180

In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

Options:

A.

Ownership of security

B.

Compliance with policies

C.

Auditability of systems

D.

Allocation of training resources

Buy Now
Questions 181

Which of the following is the MOST essential element of an information security program?

Options:

A.

Benchmarking the program with global standards for relevance

B.

Prioritizing program deliverables based on available resources

C.

Involving functional managers in program development

D.

Applying project management practices used by the business

Buy Now
Questions 182

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:

A.

Right of the subscriber to conduct onsite audits of the vendor

B.

Escrow of software code with conditions for code release

C.

Authority of the subscriber to approve access to its data

D.

Commingling of subscribers' data on the same physical server

Buy Now
Questions 183

Which of the following BEST enables an organization to effectively manage emerging cyber risk?

Options:

A.

Periodic internal and external audits

B.

Clear lines of responsibility

C.

Sufficient cyber budget allocation

D.

Cybersecurity policies

Buy Now
Questions 184

The PRIMARY reason for creating a business case when proposing an information security project is to:

Options:

A.

articulate inherent risks.

B.

provide demonstrated return on investment (ROI).

C.

establish the value of the project in relation to business objectives.

D.

gain key business stakeholder engagement.

Buy Now
Questions 185

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

Options:

A.

Notify senior management of the issue.

B.

Report the issue to legal personnel.

C.

Initiate contract renegotiation.

D.

Assess the extent of the issue.

Buy Now
Questions 186

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Options:

A.

system availability.

B.

control gaps are minimized.

C.

alignment with compliance requirements.

D.

effectiveness of controls.

Buy Now
Questions 187

Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

Options:

A.

Risk assessment results

B.

Audit findings

C.

Key risk indicators (KRIs)

D.

Baseline controls

Buy Now
Questions 188

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.

Define the issues to be addressed.

B.

Perform a cost-benefit analysis.

C.

Calculate the total cost of ownership (TCO).

D.

Conduct a feasibility study.

Buy Now
Questions 189

Which of the following has the GREATEST influence on the successful integration of information security within the business?

Options:

A.

Organizational structure and culture

B.

Risk tolerance and organizational objectives

C.

The desired state of the organization

D.

Information security personnel

Buy Now
Questions 190

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?

Options:

A.

Alive demonstration of the third-party supplier's security capabilities

B.

The ability to i third-party supplier's IT systems and processes

C.

Third-party security control self-assessment (CSA) results

D.

An independent review report indicating compliance with industry standards

Buy Now
Questions 191

Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Options:

A.

Include the impact of the risk as part of regular metrics.

B.

Recommend the security steering committee conduct a review.

C.

Update the risk assessment at regular intervals

D.

Send regular notifications directly to senior managers

Buy Now
Questions 192

Which of the following metrics would provide an accurate measure of an information security program's performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Buy Now
Questions 193

Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.

Which of the following should be the PRIMARY focus of Company A's information security manager?

Options:

A.

The organizational structure of Company B

B.

The cost to align to Company A's security policies

C.

Company A's security architecture

D.

Company B's security policies

Buy Now
Questions 194

Which of the following is the MOST important function of an information security steering committee?

Options:

A.

Assigning data classifications to organizational assets

B.

Developing organizational risk assessment processes

C.

Obtaining multiple perspectives from the business

D.

Defining security standards for logical access controls

Buy Now
Questions 195

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

Options:

A.

Limited liability clause

B.

Explanation of information usage

C.

Information encryption requirements

D.

Access control requirements

Buy Now
Questions 196

The PRIMARY goal to a post-incident review should be to:

Options:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Buy Now
Questions 197

Which of the following is the MOST important outcome of effective risk treatment?

Options:

A.

Elimination of risk

B.

Timely reporting of incidents

C.

Reduced cost of acquiring controls

D.

Implementation of corrective actions

Buy Now
Questions 198

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

Options:

A.

Perform a business impact analysis (BIA).

B.

Notify local law enforcement agencies of a breach.

C.

Activate the incident response program.

D.

Validate the risk to the organization.

Buy Now
Questions 199

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Options:

A.

adherence to international standards

B.

availability of financial resources

C.

the organization s risk tolerance

D.

alignment with business needs

Buy Now
Questions 200

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Buy Now
Questions 201

Which of the following MUST be established to maintain an effective information security governance framework?

Options:

A.

Security controls automation

B.

Defined security metrics

C.

Change management processes

D.

Security policy provisions

Buy Now
Questions 202

Which of the following is the BEST way to contain an SQL injection attack that has been detected by a web application firewall?

Options:

A.

Force password changes on the SQL database.

B.

Reconfigure the web application firewall to block the attack.

C.

Update the detection patterns on the web application firewall.

D.

Block the IPs from where the attack originates.

Buy Now
Questions 203

During the selection of a Software as a Service (SaaS) vendor for a business process, the vendor provides evidence of a globally accepted information security certification. Which of the following is the MOST important consideration?

Options:

A.

The certification includes industry-recognized security controls.

B.

The certification was issued within the last five years.

C.

The certification is issued for the specific scope.

D.

The certification is easily verified.

Buy Now
Questions 204

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

Options:

A.

Obtain an independent audit report.

B.

Require the provider to follow stringent data classification procedures.

C.

Include high penalties for security breaches in the contract.

D.

Review the provider's information security policies.

Buy Now
Questions 205

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Options:

A.

Perform a vulnerability assessment

B.

Perform a gap analysis to determine needed resources

C.

Create a security exception

D.

Assess the risk to business operations

Buy Now
Questions 206

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Options:

A.

Asset classification

B.

Recovery time objectives (RTOs)

C.

Chain of custody

D.

Escalation procedures

Buy Now
Questions 207

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:

A.

Authority of the subscriber to approve access to its data

B.

Right of the subscriber to conduct onsite audits of the vendor

C.

Commingling of subscribers' data on the same physical server

D.

Escrow of software code with conditions for code release

Buy Now
Questions 208

To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?

Options:

A.

Gap analysis results

B.

Level of residual risk

C.

Level of risk treatment

D.

Configuration parameters

Buy Now
Questions 209

When building support for an information security program, which of the following elements is MOST important?

Options:

A.

Identification of existing vulnerabilities

B.

Information risk assessment

C.

Business impact analysis (BIA)

D.

Threat analysis

Buy Now
Questions 210

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

Options:

A.

To define security roles and responsibilities

B.

To determine return on investment (ROI)

C.

To establish incident severity levels

D.

To determine the criticality of information assets

Buy Now
Questions 211

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Options:

A.

Perform a privacy impact assessment (PIA).

B.

Perform a vulnerability assessment.

C.

Perform a gap analysis.

D.

Perform a business impact analysis (BIA).

Buy Now
Questions 212

Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?

Options:

A.

Network address translation (NAT)

B.

Message hashing

C.

Transport Layer Security (TLS)

D.

Multi-factor authentication

Buy Now
Questions 213

When developing a categorization method for security incidents, the categories MUST:

Options:

A.

align with industry standards.

B.

be created by the incident handler.

C.

have agreed-upon definitions.

D.

align with reporting requirements.

Buy Now
Questions 214

Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of

confidentiality?

Options:

A.

Ensuring hashing of administrator credentials

B.

Enforcing service level agreements (SLAs)

C.

Ensuring encryption for data in transit

D.

Utilizing a formal change management process

Buy Now
Questions 215

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

Options:

A.

Low number of false positives

B.

Low number of false negatives

C.

High number of false positives

D.

High number of false negatives

Buy Now
Questions 216

After a server has been attacked, which of the following is the BEST course of action?

Options:

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Buy Now
Questions 217

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

Options:

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Buy Now
Questions 218

Which of the following is the PRIMARY role of the information security manager in application development?

Options:

A.

To ensure security is integrated into the system development life cycle (SDLC)

B.

To ensure compliance with industry best practice

C.

To ensure enterprise security controls are implemented

D.

To ensure control procedures address business risk

Buy Now
Questions 219

An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?

Options:

A.

To facilitate the continuous improvement of the IT organization

B.

To ensure controls align with security needs

C.

To create and document required IT capabilities

D.

To prioritize security risks on a longer scale than the one-year plan

Buy Now
Questions 220

An email digital signature will:

Options:

A.

protect the confidentiality of an email message.

B.

verify to recipient the integrity of an email message.

C.

automatically correct unauthorized modification of an email message.

D.

prevent unauthorized modification of an email message.

Buy Now
Questions 221

Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Options:

A.

Increasing false negatives

B.

Decreasing false negatives

C.

Decreasing false positives

D.

Increasing false positives

Buy Now
Questions 222

Spoofing should be prevented because it may be used to:

Options:

A.

gain illegal entry to a secure system by faking the sender's address,

B.

predict which way a program will branch when an option is presented

C.

assemble information, track traffic, and identify network vulnerabilities.

D.

capture information such as passwords traveling through the network

Buy Now
Questions 223

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Options:

A.

Data owner

B.

Business owner

C.

Information security manager

D.

Compliance manager

Buy Now
Questions 224

A technical vulnerability assessment on a personnel information management server should be performed when:

Options:

A.

the data owner leaves the organization unexpectedly.

B.

changes are made to the system configuration.

C.

the number of unauthorized access attempts increases.

D.

an unexpected server outage has occurred.

Buy Now
Questions 225

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

Options:

A.

Requiring an external security audit of the IT service provider

B.

Requiring regular reporting from the IT service provider

C.

Defining information security requirements with internal IT

D.

Defining the business recovery plan with the IT service provider

Buy Now
Questions 226

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?

Options:

A.

Engage an independent audit of the third party's external provider.

B.

Recommend canceling the contract with the third party.

C.

Evaluate the third party's agreements with its external provider.

D.

Conduct an external audit of the contracted third party.

Buy Now
Questions 227

An information security program is BEST positioned for success when it is closely aligned with:

Options:

A.

information security best practices.

B.

recognized industry frameworks.

C.

information security policies.

D.

the information security strategy.

Buy Now
Questions 228

Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?

Options:

A.

Business impact analysis (BIA)

B.

Risk register

C.

Penetration testing

D.

Vulnerability assessment

Buy Now
Questions 229

An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

Options:

A.

a directory of approved local media contacts

B.

pre-prepared media statements

C.

procedures to contact law enforcement

D.

a single point of contact within the organization

Buy Now
Questions 230

The PRIMARY consideration when responding to a ransomware attack should be to ensure:

Options:

A.

backups are available.

B.

the most recent patches have been applied.

C.

the ransomware attack is contained

D.

the business can operate

Buy Now
Questions 231

The effectiveness of an incident response team will be GREATEST when:

Options:

A.

the incident response team members are trained security personnel.

B.

the incident response process is updated based on lessons learned.

C.

incidents are identified using a security information and event monitoring {SIEM) system.

Buy Now
Questions 232

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Options:

A.

Staff turnover rates that significantly exceed industry averages

B.

Large number of applications in the organization

C.

Inaccurate workforce data from human resources (HR)

D.

Frequent changes to user roles during employment

Buy Now
Questions 233

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Options:

A.

Downtime due to malware infections

B.

Number of security vulnerabilities uncovered with network scans

C.

Percentage of servers patched

D.

Annualized loss resulting from security incidents

Buy Now
Questions 234

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:

A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Buy Now
Questions 235

Which of the following components of an information security risk assessment is MOST valuable to senior management?

Options:

A.

Threat profile

B.

Residual risk

C.

Return on investment (ROI)

D.

Mitigation actions

Buy Now
Questions 236

Which of the following is the MOST effective defense against malicious insiders compromising confidential information?

Options:

A.

Regular audits of access controls

B.

Strong background checks when hiring staff

C.

Prompt termination procedures

D.

Role-based access control (RBAC)

Buy Now
Questions 237

Which of the following is the MOST important objective when planning an incident response program?

Options:

A.

Managing resources

B.

Ensuring IT resiliency

C.

Recovering from a disaster

D.

Minimizing business impact

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Nov 28, 2024
Questions: 793

PDF + Testing Engine

$99.6  $249

Testing Engine

$90  $225
buy now CISM testing engine

PDF (Q&A)

$79.6  $199
buy now CISM pdf