Month End Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

CISM Certified Information Security Manager Questions and Answers

Questions 4

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Options:

A.

Benchmark the processes with best practice to identify gaps.

B.

Calculate the return on investment (ROI).

C.

Provide security awareness training to HR.

D.

Assess the business objectives of the processes.

Buy Now
Questions 5

An information security manager is assessing security risk associated with a cloud service provider. Which of the following is the MOST appropriate reference to consult when performing this assessment?

Options:

A.

Previous provider service level agreements (SLAs)

B.

Threat intelligence reports

C.

Penetration test results from the provider

D.

Security control frameworks

Buy Now
Questions 6

Which of the following would BEST support the business case for an increase in the information security budget?

Options:

A.

Cost-benefit analysis results

B.

Comparison of information security budgets with peer organizations

C.

Business impact analysis (BIA) results

D.

Frequency of information security incidents

Buy Now
Questions 7

Which of the following is the BEST approach to make strategic information security decisions?

Options:

A.

Establish regular information security status reporting.

B.

Establish an information security steering committee.

C.

Establish business unit security working groups.

D.

Establish periodic senior management meetings.

Buy Now
Questions 8

When updating the information security policy to accommodate a new regulation, the information security manager should FIRST:

Options:

A.

Review key risk indicators (KRIs)

B.

Perform a gap analysis

C.

Consult process owners

D.

Update key performance indicators (KPIs)

Buy Now
Questions 9

Which of the following is PRIMARILY determined by asset classification?

Options:

A.

Insurance coverage required for assets

B.

Level of protection required for assets

C.

Priority for asset replacement

D.

Replacement cost of assets

Buy Now
Questions 10

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Options:

A.

Publish adopted information security standards.

B.

Perform annual information security compliance reviews.

C.

Implement an information security governance framework.

D.

Define penalties for information security noncompliance.

Buy Now
Questions 11

An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?

Options:

A.

Operations manager

B.

Service owner

C.

Information security manager

D.

Incident response team

Buy Now
Questions 12

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

Options:

A.

the integrity of evidence is preserved.

B.

forensic investigation software is loaded on the server.

C.

the incident is reported to senior management.

D.

the server is unplugged from power.

Buy Now
Questions 13

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:

A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Buy Now
Questions 14

Which of the following is the BEST course of action when using a web application that has known vulnerabilities?

Options:

A.

Monitor application level logs.

B.

Deploy host-based intrusion detection.

C.

Deploy an application firewall.

D.

Install anti-spyware software.

Buy Now
Questions 15

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

Options:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Buy Now
Questions 16

Which of the following is the BEST reason to implement an information security architecture?

Options:

A.

Assess the cost-effectiveness of the integration.

B.

Fast-track the deployment of information security components.

C.

Serve as a post-deployment information security road map.

D.

Facilitate consistent implementation of security requirements.

Buy Now
Questions 17

Detailed business continuity plans (BCPs) should be PRIMARILY based on:

Options:

A.

strategies validated by senior management.

B.

capabilities of available local vendors.

C.

strategies that cover all applications.

D.

cost and resources needed to execute.

Buy Now
Questions 18

Which of the following is the PRIMARY objective of testing security controls within a critical infrastructure?

Options:

A.

Ensuring the continued resilience and security of IT services

B.

Decreasing the percentage of security deployments that cause failures in production

C.

Reducing the number of control assessments to optimize resources

D.

Identifying and addressing security team performance issues

Buy Now
Questions 19

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Options:

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Buy Now
Questions 20

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Options:

A.

Lack of encryption for backup data in transit

B.

Undefined or undocumented backup retention policies

C.

Ineffective alert configurations for backup operations

D.

Unavailable or corrupt data backups

Buy Now
Questions 21

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Options:

A.

Metrics to drive the information security program

B.

Information security policies

C.

A defined security organizational structure

D.

An information security strategy

Buy Now
Questions 22

The PRIMARY goal to a post-incident review should be to:

Options:

A.

identify policy changes to prevent a recurrence.

B.

determine how to improve the incident handling process.

C.

establish the cost of the incident to the business.

D.

determine why the incident occurred.

Buy Now
Questions 23

Which of the following is the responsibility of a risk owner?

Options:

A.

Implementing risk treatment plan activities with control owners

B.

Evaluating control effectiveness

C.

Approving risk treatment plans

D.

Approving the selection of risk mitigation measures

Buy Now
Questions 24

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

Options:

A.

Enterprise risk committee

B.

Information security steering committee

C.

Data privacy officer (DPO)

D.

Chief information security officer (CISO)

Buy Now
Questions 25

Which of the following parties should be responsible for determining access levels to an application that processes client information?

Options:

A.

The business client

B.

The information security tear

C.

The identity and access management team

D.

Business unit management

Buy Now
Questions 26

Which of the following is MOST helpful to identify whether information security policies have been followed?

Options:

A.

Preventive controls

B.

Detective controls

C.

Directive controls

D.

Corrective controls

Buy Now
Questions 27

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

Options:

A.

Post-incident review

B.

Eradication

C.

Containment

D.

Identification

Buy Now
Questions 28

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:

A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Buy Now
Questions 29

Which of the following is the MOST critical factor for information security program success?

Options:

A.

comprehensive risk assessment program for information security

B.

The information security manager's knowledge of the business

C.

Security staff with appropriate training and adequate resources

D.

Ongoing audits and addressing open items

Buy Now
Questions 30

Which of the following is the BEST indication that an organization has integrated information security governance with corporate governance?

Options:

A.

Security performance metrics are measured against business objectives.

B.

Impact is measured according to business loss when assessing IT risk.

C.

Security policies are reviewed whenever business objectives are changed.

D.

Service levels for security vendors are defined according to business needs.

Buy Now
Questions 31

Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

Options:

A.

Demonstrating the program's value to the organization

B.

Discussing governance programs found in similar organizations

C.

Providing the results of external audits

D.

Providing examples of information security incidents within the organization

Buy Now
Questions 32

An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

Options:

A.

The cloud provider can meet recovery point objectives (RPOs).

B.

The cloud provider adheres to applicable regulations.

C.

The cloud provider’s service level agreement (SLA) includes availability requirements.

D.

The hosting contract has a termination clause.

Buy Now
Questions 33

Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

Options:

A.

The level of inherent risk

B.

Vulnerability assessments

C.

The level of exposure

D.

Threat assessments

Buy Now
Questions 34

Which of the following is the GREATEST benefit of including incident classification criteria within an incident response plan?

Options:

A.

Ability to monitor and control incident management costs

B.

More visibility to the impact of disruptions

C.

Effective protection of information assets

D.

Optimized allocation of recovery resources

Buy Now
Questions 35

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Options:

A.

the incident response process to stakeholders

B.

adequately staff and train incident response teams.

C.

develop effective escalation and response procedures.

D.

make tabletop testing more effective.

Buy Now
Questions 36

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

Options:

A.

Each process is assigned to a responsible party.

B.

The contact list is regularly updated.

C.

Minimum regulatory requirements are maintained.

D.

Senior management approval has been documented.

Buy Now
Questions 37

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Options:

A.

Employees use smartphone tethering when accessing from remote locations.

B.

Employees physically lock PCs when leaving the immediate area.

C.

Employees are trained on the acceptable use policy.

D.

Employees use the VPN when accessing the organization's online resources.

Buy Now
Questions 38

What will BEST facilitate the success of new security initiatives?

Options:

A.

Establish an IT security steering committee.

B.

Include business in security decision making.

C.

Update security policies on a regular basis

D.

Monitor post-implementation security metrics.

Buy Now
Questions 39

Which of the following events is MOST likely to require an organization to revisit its information security framework?

Options:

A.

New services offered by IT

B.

Changes to the risk landscape

C.

A recent cybersecurity attack

D.

A new technology implemented

Buy Now
Questions 40

Which of the following is the MOST effective way to identify changes in an information security environment?

Options:

A.

Business impact analysis (BIA)

B.

Annual risk assessments

C.

Regular penetration testing

D.

Continuous monitoring

Buy Now
Questions 41

Relationships between critical systems are BEST understood by

Options:

A.

evaluating key performance indicators (KPIs)

B.

performing a business impact analysis (BIA)

C.

developing a system classification scheme

D.

evaluating the recovery time objectives (RTOs)

Buy Now
Questions 42

Who should be responsible for determining the level of data classification required for an application related to a new line of business?

Options:

A.

Data analyst

B.

Information security officer (ISO)

C.

Data custodian

D.

Data owners

Buy Now
Questions 43

Which of the following is the PRIMARY objective of incident triage?

Options:

A.

Coordination of communications

B.

Mitigation of vulnerabilities

C.

Categorization of events

D.

Containment of threats

Buy Now
Questions 44

Which or the following is MOST important to consider when determining backup frequency?

Options:

A.

Recovery point objective (RPO)

B.

Recovery time objective (RTO)

C.

Allowable interruption window

D.

Maximum tolerable outage (MTO)

Buy Now
Questions 45

Which of the following is the MOST appropriate risk response when the risk impact has been determined to be immaterial and the likelihood is very low?

Options:

A.

Mitigate

B.

Avoid

C.

Transfer

D.

Accept

Buy Now
Questions 46

An organization is MOST likely to accept the risk of noncompliance with a new regulatory requirement when:

Options:

A.

employees are resistant to the controls required by the new regulation.

B.

the regulatory requirement conflicts with business requirements.

C.

the risk of noncompliance exceeds the organization's risk appetite.

D.

the cost of complying with the regulation exceeds the potential penalties.

Buy Now
Questions 47

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Options:

A.

Request the service provider comply with information security policy.

B.

Review a recent independent audit report of the service provider.

C.

Assess the level of security awareness of the service provider.

D.

Review samples of service level reports from the service provider.

Buy Now
Questions 48

Which of the following BEST supports investments in an information security program?

Options:

A.

Business cases

B.

Business impact analysis (BIA)

C.

Gap analysis results

D.

Risk assessment results

Buy Now
Questions 49

Which of the following is the PRIMARY responsibility of the information security function when an organization adopts emerging technologies?

Options:

A.

Developing security training for the new technologies

B.

Designing new security controls

C.

Creating an acceptable use policy for the technologies

D.

Assessing the potential security risk

Buy Now
Questions 50

Which of the following is MOST important to include in monthly information security reports to the board?

Options:

A.

Trend analysis of security metrics

B.

Risk assessment results

C.

Root cause analysis of security incidents

D.

Threat intelligence

Buy Now
Questions 51

Which of the following BEST facilitates the development of a comprehensive information security policy?

Options:

A.

Alignment with an established information security framework

B.

An established internal audit program

C.

Security key performance indicators (KPIs)

D.

Areview of recent information security incidents

Buy Now
Questions 52

An organization successfully responded to an information security incident. However, the information security manager learned that some of the steps specified in the incident management procedures were not taken by the response team. What should be the information security manager's FIRST step?

Options:

A.

Provide additional training to the incident response team.

B.

Review the incident management procedures.

C.

Interview the incident response team.

D.

Remove the steps from the incident management procedures.

Buy Now
Questions 53

An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Which of the following controls would MOST effectively manage risk to the organization?

Options:

A.

Implementing separation of duties between systems and data

B.

Including penalty clauses for noncompliance in the vendor contract

C.

Disabling vendor access and only re-enabling when access is needed

D.

Monitoring key risk indicators (KRIs)

Buy Now
Questions 54

An information security manager developing an incident response plan MUST ensure it includes:

Options:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Buy Now
Questions 55

Which of the following should an information security manager do FIRST when creating an organization's disaster recovery plan (DRP)?

Options:

A.

Conduct a business impact analysis (BIA)

B.

Identify the response and recovery learns.

C.

Review the communications plan.

D.

Develop response and recovery strategies.

Buy Now
Questions 56

Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Options:

A.

Poor documentation of results and lessons learned

B.

Lack of communication to affected users

C.

Disruption to the production environment

D.

Lack of coordination among departments

Buy Now
Questions 57

An information security manager has been asked to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?

Options:

A.

To facilitate the continuous improvement of the IT organization

B.

To ensure controls align with security needs

C.

To create and document required IT capabilities

D.

To prioritize security risks on a longer scale than the one-year plan

Buy Now
Questions 58

Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?

Options:

A.

Perform a risk analysis for critical applications.

B.

Determine whether critical success factors (CSFs) have been defined.

C.

Conduct a capability maturity model evaluation.

D.

Review and update current operational procedures.

Buy Now
Questions 59

Which of the following is the FIRST step when conducting a post-incident review?

Options:

A.

Identify mitigating controls.

B.

Assess the costs of the incident.

C.

Perform root cause analysis.

D.

Assign responsibility for corrective actions.

Buy Now
Questions 60

As part of incident response activities, the BEST time to begin the recovery process is after:

Options:

A.

The eradication phase has been completed

B.

The incident response team has been established

C.

The root cause has been determined

D.

The incident manager has declared the incident

Buy Now
Questions 61

A new type of ransomware has infected an organization's network. Which of the following would have BEST enabled the organization to detect this situation?

Options:

A.

Regular review of the threat landscape

B.

Periodic information security training for end users

C.

Use of integrated patch deployment tools

D.

Monitoring of anomalies in system behavior

Buy Now
Questions 62

Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Options:

A.

Mobile application control

B.

Inconsistent device security

C.

Configuration management

D.

End user acceptance

Buy Now
Questions 63

Which of the following is MOST important to include in a post-incident review following a data breach?

Options:

A.

An evaluation of the effectiveness of the information security strategy

B.

Evaluations of the adequacy of existing controls

C.

Documentation of regulatory reporting requirements

D.

A review of the forensics chain of custom

Buy Now
Questions 64

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

Options:

A.

Conduct phishing awareness training.

B.

Implement disciplinary procedures.

C.

Establish an acceptable use policy.

D.

Assess and update spam filtering rules.

Buy Now
Questions 65

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:

A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Buy Now
Questions 66

Which of the following is the GREATEST benefit of classifying information security incidents?

Options:

A.

Reporting capabilities

B.

Improved chain of custody

C.

Comprehensive documentation

D.

Prioritized recovery

Buy Now
Questions 67

After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?

Options:

A.

To ensure access rights meet classification requirements

B.

To facilitate the analysis of application logs

C.

To ensure web application availability

D.

To support strong two-factor authentication protocols

Buy Now
Questions 68

The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

Options:

A.

scope of the business continuity program.

B.

resources needed for business recovery.

C.

recovery time objective (RTO).

D.

scope of the incident response plan.

Buy Now
Questions 69

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design

B.

To assess and approve the security application architecture

C.

To identify noncompliance in the early design stage

D.

To identify software security weaknesses

Buy Now
Questions 70

A department has reported that a security control is no longer effective. Which of the following is the information security manager's BEST course of action?

Options:

A.

Assess the control state.

B.

Replace the control.

C.

Report the failure to management.

D.

Check for defense in depth.

Buy Now
Questions 71

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

Options:

A.

Recommend canceling the outsourcing contract.

B.

Request an independent review of the provider's data center.

C.

Notify affected customers of the data breach.

D.

Determine the extent of the impact to the organization.

Buy Now
Questions 72

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Buy Now
Questions 73

An organization requires that business-critical applications be recovered within 30 minutes in the event of a disaster. Which of the following metrics should be defined in the business continuity plan (BCP) to manage this requirement?

Options:

A.

Recovery time objective (RTO)

B.

Recovery point objective (RPO)

C.

Maximum tolerable downtime (MTD)

D.

Service level agreement (SLA)

Buy Now
Questions 74

Which of the following is the BEST option to lower the cost to implement application security controls?

Options:

A.

Perform security tests in the development environment.

B.

Integrate security activities within the development process

C.

Perform a risk analysis after project completion.

D.

Include standard application security requirements

Buy Now
Questions 75

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

Options:

A.

Inform the public relations officer.

B.

Monitor the third party's response.

C.

Invoke the incident response plan.

D.

Inform customers of the breach.

Buy Now
Questions 76

An information security manager has confirmed the organization's cloud provider has unintentionally published some of the organization's business data. Which of the following should be done NEXT?

Options:

A.

Identify users associated with the exposed data.

B.

Initiate the organization's data loss prevention (DLP) processes.

C.

Review the cloud provider's service level agreement (SLA).

D.

Invoke the incident response plan.

Buy Now
Questions 77

Which of the following is the BEST method to ensure compliance with password standards?

Options:

A.

Implementing password-synchronization software

B.

Using password-cracking software

C.

Automated enforcement of password syntax rules

D.

A user-awareness program

Buy Now
Questions 78

Implementing the principle of least privilege PRIMARILY requires the identification of:

Options:

A.

job duties

B.

data owners

C.

primary risk factors.

D.

authentication controls

Buy Now
Questions 79

A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 80

Senior management wants to thoroughly test a disaster recovery plan (DRP) for a mission-critical system. Which of the following would provide the MOST reliable results?

Options:

A.

Full interruption test

B.

Parallel test

C.

Simulation test

D.

Structured walk-through

Buy Now
Questions 81

A department has reported that a security control is no longer effective. Which of the following is the information security manager's BEST course of action?

Options:

A.

Replace the control

B.

Check for defense in depth

C.

Assess the control state

D.

Report the failure to management

Buy Now
Questions 82

The PRIMARY consideration when responding to a ransomware attack should be to ensure:

Options:

A.

backups are available.

B.

the most recent patches have been applied.

C.

the ransomware attack is contained

D.

the business can operate

Buy Now
Questions 83

Which of the following should be the PRIMARY focus for an information security manager when reviewing access controls for data stored in an off-premise cloud environment?

Options:

A.

Reviewing and updating access controls in response to changes in organizational structure

B.

Implementing strong password policies and enforcing regular password changes

C.

Ensuring access is granted to only those individuals whose job functions require it

D.

Implementing strong encryption protocols to protect sensitive data

Buy Now
Questions 84

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Options:

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Buy Now
Questions 85

Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?

Options:

A.

Conducting periodic vulnerability assessments

B.

Communicating business impact analysis (BIA) results

C.

Establishing effective stakeholder relationships

D.

Defining the organization's risk management framework

Buy Now
Questions 86

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?

Options:

A.

Isolate the PC from the network

B.

Perform a vulnerability scan

C.

Determine why the PC is not included in the inventory

D.

Reinforce information security training

Buy Now
Questions 87

A Seat a-hosting organization's data center houses servers, appli

BEST approach for developing a physical access control policy for the organization?

Options:

A.

Review customers’ security policies.

B.

Conduct a risk assessment to determine security risks and mitigating controls.

C.

Develop access control requirements for each system and application.

D.

Design single sign-on (SSO) or federated access.

Buy Now
Questions 88

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Options:

A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Buy Now
Questions 89

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?

Options:

A.

Align the standards with the organizational policy.

B.

Align the standards with industry best practices.

C.

Resolve the discrepancy before developing the standards.

D.

Perform a cost-benefit analysis of aligning the standards to policy.

Buy Now
Questions 90

Which of the following is the BEST strategy when determining an organization's approach to risk treatment?

Options:

A.

Implementing risk mitigation controls that are considered quick wins

B.

Prioritizing controls that directly mitigate the organization's most critical risks

C.

Advancing the maturity of existing controls based on risk tolerance

D.

Implementing a one-size-fits-all set of controls across all organizational units

Buy Now
Questions 91

A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager's PRIMARY focus in this situation?

Options:

A.

Establishing a strong ongoing risk monitoring process

B.

Presenting the risk profile for approval by the risk owner

C.

Conducting an independent review of risk responses

D.

Updating the information security standards to include the accepted risk

Buy Now
Questions 92

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Options:

A.

a control self-assessment (CSA) process.

B.

automated reporting to stakeholders.

C.

a monitoring process for the security policy.

D.

metrics for each milestone.

Buy Now
Questions 93

Which of the following defines the triggers within a business continuity plan (BCP)? @

Options:

A.

Needs of the organization

B.

Disaster recovery plan (DRP)

C.

Information security policy

D.

Gap analysis

Buy Now
Questions 94

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?

Options:

A.

Engage an independent audit of the third party's external provider.

B.

Recommend canceling the contract with the third party.

C.

Evaluate the third party's agreements with its external provider.

D.

Conduct an external audit of the contracted third party.

Buy Now
Questions 95

What is the PRIMARY benefit to an organization that maintains an information security governance framework?

Options:

A.

Resources are prioritized to maximize return on investment (ROI)

B.

Information security guidelines are communicated across the enterprise_

C.

The organization remains compliant with regulatory requirements.

D.

Business risks are managed to an acceptable level.

Buy Now
Questions 96

Which of the following is the MOST important requirement for a successful security program?

Options:

A.

Mapping security processes to baseline security standards

B.

Penetration testing on key systems

C.

Management decision on asset value

D.

Nondisclosure agreements (NDA) with employees

Buy Now
Questions 97

An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Options:

A.

Responsible entities

B.

Key risk indicators (KRIS)

C.

Compensating controls

D.

Potential business impact

Buy Now
Questions 98

An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?

Options:

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Buy Now
Questions 99

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?

Options:

A.

Schedule patching based on the criticality.

B.

Install the patch immediately to eliminate the vulnerability.

C.

Conduct comprehensive testing of the patch.

D.

Validate the authenticity of the patch.

Buy Now
Questions 100

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

Options:

A.

Risk acceptance by the business has been documented

B.

Teams and individuals responsible for recovery have been identified

C.

Copies of recovery and incident response plans are kept offsite

D.

Incident response and recovery plans are documented in simple language

Buy Now
Questions 101

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Options:

A.

The time and location that the breach occurred

B.

Evidence of previous incidents caused by the user

C.

The underlying reason for the user error

D.

Appropriate disciplinary procedures for user error

Buy Now
Questions 102

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Options:

A.

Benchmark against similar industry organizations

B.

Deliver an information security awareness campaign.

C.

Publish an information security RACI chart.

D.

Establish an information security strategy committee.

Buy Now
Questions 103

When assigning a risk owner, the MOST important consideration is to ensure the owner has:

Options:

A.

adequate knowledge of risk treatment and related control activities.

B.

decision-making authority and the ability to allocate resources for risk.

C.

sufficient time for monitoring and managing the risk effectively.

D.

risk communication and reporting skills to enable decision-making.

Buy Now
Questions 104

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Options:

A.

Host patching

B.

Penetration testing

C.

Infrastructure hardening

D.

Data classification

Buy Now
Questions 105

Which of the following is the MOST important outcome of a post-incident review?

Options:

A.

The impact of the incident is reported to senior management.

B.

The system affected by the incident is restored to its prior state.

C.

The person responsible for the incident is identified.

D.

The root cause of the incident is determined.

Buy Now
Questions 106

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Options:

A.

Lack of availability

B.

Lack of accountability

C.

Improper authorization

D.

Inadequate authentication

Buy Now
Questions 107

Which of the following is the BEST reason to implement a comprehensive information security management system?

To ensure continuous alignment with the organizational strategy

To gain senior management support for the information security program

To support identification of key risk indicators (KRIs)

Options:

A.

To facilitate compliance with external regulatory requirements

Buy Now
Questions 108

Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Options:

A.

A patch management process

B.

Version control

C.

Change management controls

D.

Logical access controls

Buy Now
Questions 109

An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Options:

A.

Wipe the affected system.

B.

Notify internal legal counsel.

C.

Notify senior management.

D.

Isolate the impacted endpoints.

Buy Now
Questions 110

Which of the following is MOST important to include in an information security policy?

Options:

A.

Best practices

B.

Management objectives

C.

Baselines

D.

Maturity levels

Buy Now
Questions 111

Which of the following is MOST important to ensure incident management readiness?

Options:

A.

The plan is compliant with industry standards.

B.

The plan is regularly tested.

C.

The plan is updated annually.

D.

The plan is concise and includes a checklist.

Buy Now
Questions 112

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Buy Now
Questions 113

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Options:

A.

Update in accordance with the best business practices.

B.

Perform a risk assessment of the current IT environment.

C.

Gain an understanding of the current business direction.

D.

Inventory and review current security policies.

Buy Now
Questions 114

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

)the information security officer.

B.

the steering committee.

C.

the board of directors.

D.

the internal audit manager.

Buy Now
Questions 115

Which of the following roles is BEST able to influence the security culture within an organization?

Options:

A.

Chief information security officer (CISO)

B.

Chief information officer (CIO)

C.

Chief executive officer (CEO)

D.

Chief operating officer (COO)

Buy Now
Questions 116

Which of the following has the GREATEST impact on the ability to successfully execute a disaster recovery plan (DRP)?

Options:

A.

Conducting tabletop exercises of the plan

B.

Updating the plan periodically

C.

Communicating the plan to all stakeholders

D.

Reviewing escalation procedures

Buy Now
Questions 117

After a server has been attacked, which of the following is the BEST course of action?

Options:

A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Buy Now
Questions 118

The executive management of a domestic organization has announced plans to expand operations to multiple international locations. Which of the following should be the information security manager's FIRST step upon learning of these plans?

Options:

A.

Perform a gap analysis against international information security standards

B.

Update security training and awareness resources accordingly

C.

Research legal and regulatory requirements impacting the new locations

D.

Prepare localized information security policies for each new location

Buy Now
Questions 119

Which of the following is the PRIMARY objective of information asset classification?

Options:

A.

Vulnerability reduction

B.

Compliance management

C.

Risk management

D.

Threat minimization

Buy Now
Questions 120

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Options:

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party's service level agreement (SLA) does not include guarantees of uptime.

Buy Now
Questions 121

A technical vulnerability assessment on a personnel information management server should be performed when:

Options:

A.

the data owner leaves the organization unexpectedly.

B.

changes are made to the system configuration.

C.

the number of unauthorized access attempts increases.

D.

an unexpected server outage has occurred.

Buy Now
Questions 122

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

Options:

A.

Notify the regulatory agency of the incident.

B.

Implement mitigating controls.

C.

Evaluate the impact to the business.

D.

Examine firewall logs to identify the attacker.

Buy Now
Questions 123

Which of the following BEST enables an information security manager to demonstrate the effectiveness of the information security and risk program to senior management?

Options:

A.

Updated risk assessments

B.

Counts of information security incidents

C.

Audit reports

D.

Monthly metrics

Buy Now
Questions 124

What type of control is being implemented when a security information and event management (SIEM) system is installed?

Options:

A.

Preventive

B.

Deterrent

C.

Detective

D.

Corrective

Buy Now
Questions 125

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Options:

A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Buy Now
Questions 126

The business value of an information asset is derived from:

Options:

A.

the threat profile.

B.

its criticality.

C.

the risk assessment.

D.

its replacement cost.

Buy Now
Questions 127

Which of the following is the BEST way to address data availability concerns when outsourcing information security administration?

Options:

A.

Develop service level agreements (SLAs).

B.

Stipulate insurance requirements.

C.

Require nondisclosure agreements (NDAs).

D.

Create contingency plans.

Buy Now
Questions 128

Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Options:

A.

Data owner

B.

Business owner

C.

Information security manager

D.

Compliance manager

Buy Now
Questions 129

A data discovery project uncovers an unclassified process document. Of the following, who is BEST suited to determine the classification?

Options:

A.

Information security manager

B.

Security policy author

C.

Creator of the document

D.

Data custodian

Buy Now
Questions 130

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

Options:

A.

security metrics are included in the service level agreement (SLA).

B.

contract clauses comply with the organization's information security policy.

C.

the information security policy of the third-party service provider is reviewed.

D.

right to audit is included in the service level agreement (SLA).

Buy Now
Questions 131

Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy. What should the information security manager do NEXT?

Options:

A.

Develop a personal device policy

B.

Implement a mobile device management (MDM) solution

C.

Develop training specific to BYOD awareness

D.

Define control requirements

Buy Now
Questions 132

Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?

Options:

A.

Adhere to regulatory requirements

B.

Conduct security awareness

C.

Document and distribute security procedures

D.

Communicate and enforce security policies

Buy Now
Questions 133

Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?

Options:

A.

To compare emerging trends with the existing organizational security posture

B.

To communicate worst-case scenarios to senior management

C.

To train information security professionals to mitigate new threats

D.

To determine opportunities for expanding organizational information security

Buy Now
Questions 134

Which of the following control types should be considered FIRST for aligning employee behavior with an organization's information security objectives?

Options:

A.

Administrative security controls

B.

Technical security controls

C.

Physical security controls

D.

Access security controls

Buy Now
Questions 135

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.

B.

Disable remote

C.

Initiate a device reset.

D.

Conduct a risk assessment.

Buy Now
Questions 136

Which of the following is the PRIMARY reason for an information security manager to periodically review existing controls?

Options:

A.

To prioritize security initiatives

B.

To avoid redundant controls

C.

To align with emerging risk

D.

To address end-user control complaints

Buy Now
Questions 137

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

Options:

A.

Management support and approval has been obtained.

B.

The incident response team has the appropriate training.

C.

An incident response maturity assessment has been conducted.

D.

A reputable managed security services provider has been engaged.

Buy Now
Questions 138

Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?

Options:

A.

Restore affected systems for normal operations.

B.

Mitigate exploited vulnerabilities to stop future incidents.

C.

Estimate the amount of damage caused by the incident.

D.

Isolate affected systems to prevent further damage

Buy Now
Questions 139

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Determine acceptable levels of information security risk

B.

Create a roadmap to identify security baselines and controls

C.

Perform a gap analysis based on the current state

D.

Identify key stakeholders to champion information security

Buy Now
Questions 140

Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?

Options:

A.

A security information and event management (SIEM) system

B.

An intrusion prevention system (IPS)

C.

A virtual private network (VPN) with multi-factor authentication (MFA)

D.

An identity and access management (IAM) system

Buy Now
Questions 141

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

Options:

A.

Inadequate incident response controls

B.

Lack of legal review

C.

Inadequate change control

D.

Lack of quality control

Buy Now
Questions 142

The MOST useful technique for maintaining management support for the information security program is:

Options:

A.

informing management about the security of business operations.

B.

implementing a comprehensive security awareness and training program.

C.

identifying the risks and consequences of failure to comply with standards.

D.

benchmarking the security programs of comparable organizations.

Buy Now
Questions 143

After a ransomware incident an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?

Options:

A.

The service level agreement (SLA) was not met.

B.

The recovery time objective (RTO) was not met.

C.

The root cause was not identified.

D.

Notification to stakeholders was delayed.

Buy Now
Questions 144

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Options:

A.

Regulatory requirements are being met.

B.

Internal compliance requirements are being met.

C.

Risk management objectives are being met.

D.

Business needs are being met.

Buy Now
Questions 145

The PRIMARY objective of performing a post-incident review is to:

Options:

A.

re-evaluate the impact of incidents

B.

identify vulnerabilities

C.

identify control improvements.

D.

identify the root cause.

Buy Now
Questions 146

Which of the following BEST facilitates the effective execution of an incident response plan?

Options:

A.

The plan is based on risk assessment results.

B.

The response team is trained on the plan

C.

The plan is based on industry best practice.

D.

The incident response plan aligns with the IT disaster recovery plan (DRP).

Buy Now
Questions 147

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.

B.

Establish a compliance program,

C.

Perform a gap analysis against the current state

D.

Hire new resources to support the service.

Buy Now
Questions 148

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Options:

A.

Security requirements are included in the vendor contract

B.

External security audit results are reviewed.

C.

Service level agreements (SLAs) meet operational standards.

D.

Business continuity contingency planning is provided

Buy Now
Questions 149

Which of the following will BEST enable an effective information asset classification process?

Options:

A.

Including security requirements in the classification process

B.

Analyzing audit findings

C.

Reviewing the recovery time objective (RTO) requirements of the asset

D.

Assigning ownership

Buy Now
Questions 150

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Options:

A.

Regulations and standards

B.

People and culture

C.

Executive and board directives

D.

Processes and technology

Buy Now
Questions 151

Which of the following should be done NEXT following senior management's decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

Options:

A.

Encrypt data in transit and at rest.

B.

Complete a return on investment (ROI) analysis.

C.

Create and implement a data minimization plan.

D.

Conduct a gap analysis.

Buy Now
Questions 152

An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?

Options:

A.

Conduct a risk assessment and share the result with senior management.

B.

Revise the incident response plan-to align with business processes.

C.

Provide incident response training to data custodians.

D.

Provide incident response training to data owners.

Buy Now
Questions 153

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Buy Now
Questions 154

Which of the following events would MOST likely require a revision to the information security program?

Options:

A.

An increase in industry threat level .

B.

A significant increase in reported incidents

C.

A change in IT management

D.

A merger with another organization

Buy Now
Questions 155

Which of the following is MOST difficult to measure following an information security breach?

Options:

A.

Reputational damage

B.

Human resource costs

C.

Replacement efforts

D.

Regulatory sanctions

Buy Now
Questions 156

From a business perspective, the GREATEST benefit of an incident response plan is that it:

Options:

A.

Promotes efficiency by providing predefined response procedures

B.

Improves security responsiveness to disruptive events

C.

Limits the negative impact of disruptive events

D.

Ensures compliance with regulatory requirements

Buy Now
Questions 157

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Options:

A.

Providing ongoing training to the incident response team

B.

Implementing proactive systems monitoring

C.

Implementing a honeypot environment

D.

Updating information security awareness materials

Buy Now
Questions 158

A PRIMARY purpose of creating security policies is to:

Options:

A.

define allowable security boundaries.

B.

communicate management's security expectations.

C.

establish the way security tasks should be executed.

D.

implement management's security governance strategy.

Buy Now
Questions 159

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:

A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Buy Now
Questions 160

Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Options:

A.

Disaster recovery plan (DRP)

B.

Incident notification plan

C.

Risk response scenarios

D.

Security procedures

Buy Now
Questions 161

A security incident has been reported within an organization When should an information security manager contact the information owner?

Options:

A.

After the incident has been mitigated

B.

After the incident has been confirmed.

C.

After the potential incident has been togged

D.

After the incident has been contained

Buy Now
Questions 162

To help ensure that an information security training program is MOST effective, its contents should be:

Options:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Buy Now
Questions 163

Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?

Options:

A.

Data privacy officer

B.

Information security manager

C.

Head of IT department

D.

Head of human resources (HR)

Buy Now
Questions 164

Which of the following is the MOST important issue in a penetration test?

Options:

A.

Having an independent group perform the test

B.

Obtaining permission from audit

C.

Performing the test without the benefit of any insider knowledge

D.

Having a defined goal as well as success and failure criteria

Buy Now
Questions 165

Which of the following provides the BEST evidence that a recently established infofmation security program is effective?

Options:

A.

The number of reported incidents has increased

B.

Regular IT balanced scorecards are communicated.

C.

Senior management has reported fewer junk emails.

D.

The number of tickets associated with IT incidents have stayed consistent

Buy Now
Questions 166

When analyzing the emerging risk and threat landscape, an information security manager should FIRST:

Options:

A.

determine the impact if threats materialize.

B.

determine the sources of emerging threats.

C.

review historical threats within the industry.

D.

map threats to business assets.

Buy Now
Questions 167

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

Options:

A.

Control matrix

B.

Business impact analysis (BIA)

C.

Risk register

D.

Information security policy

Buy Now
Questions 168

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe

B.

Developing security awareness training

C.

Requiring the backup of the organization's data by the user

D.

Monitoring how often the smartphone is used

Buy Now
Questions 169

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Options:

A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Buy Now
Questions 170

Which of the following will BEST enable an organization to meet incident response requirements when outsourcing its incident response function?

Options:

A.

Including response times in service level agreements (SLAs)

B.

Including a right-to-audit clause in service level agreements (SLAs)

C.

Contracting with a well-known incident response provider

D.

Requiring comprehensive response applications and tools

Buy Now
Questions 171

The categorization of incidents is MOST important for evaluating which of the following?

Options:

A.

Appropriate communication channels

B.

Allocation of needed resources

C.

Risk severity and incident priority

D.

Response and containment requirements

Buy Now
Questions 172

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Options:

A.

Establish an organization-wide social media policy.

B.

Develop sanctions for misuse of social media sites.

C.

Monitor social media sites visited by employees.

D.

Restrict social media access on corporate devices.

Buy Now
Questions 173

Which of the following is the BEST indication of an effective information security awareness training program?

Options:

A.

An increase in the frequency of phishing tests

B.

An increase in positive user feedback

C.

An increase in the speed of incident resolution

D.

An increase in the identification rate during phishing simulations

Buy Now
Questions 174

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Options:

A.

A capability and maturity assessment

B.

Detailed analysis of security program KPIs

C.

An information security dashboard

D.

An information security risk register

Buy Now
Questions 175

The contribution of recovery point objective (RPO) to disaster recovery is to:

Options:

A.

minimize outage periods.

B.

eliminate single points of failure.

C.

define backup strategy

D.

reduce mean time between failures (MTBF).

Buy Now
Questions 176

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Options:

A.

Implement compensating controls.

B.

Communicate consequences for future instances.

C.

Enhance the data loss prevention (DLP) solution.

D.

Improve the security awareness training program.

Buy Now
Questions 177

Which of the following would be MOST helpful when creating information security policies?

Options:

A.

The information security framework

B.

Business impact analysis (BIA)

C.

Information security metrics

D.

Risk assessment results

Buy Now
Questions 178

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

Options:

A.

To ensure industry best practices for enterprise security are followed

B.

To establish the minimum level of controls needed

C.

To determine the desired state of enterprise security

D.

To satisfy auditors' recommendations for enterprise security

Buy Now
Questions 179

Which of the following MUST happen immediately following the identification of a malware incident?

Options:

A.

Preparation

B.

Recovery

C.

Containment

D.

Eradication

Buy Now
Questions 180

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Options:

A.

Emerging security technologies

B.

Risk profile changes

C.

Defined risk appetite

D.

Vulnerability scanning progress

Buy Now
Questions 181

The PRIMARY objective of timely declaration of a disaster is to:

Options:

A.

ensure engagement of business management in the recovery process.

B.

assess and correct disaster recovery process deficiencies.

C.

protect critical physical assets from further loss.

D.

ensure the continuity of the organization's essential services.

Buy Now
Questions 182

An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?

Options:

A.

Business impact analysis (BIA)

B.

Business continuity plan (BCP)

C.

Incident response plan

D.

Disaster recovery plan (DRP)

Buy Now
Questions 183

What is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

Options:

A.

To share responsibility for addressing security breaches

B.

To gain acceptance of the policy across the organization

C.

To decrease the workload of the IT department

D.

To reduce the overall cost of policy development

Buy Now
Questions 184

Reevaluation of risk is MOST critical when there is:

Options:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Buy Now
Questions 185

Which of the following should an information security manager do FIRST when there is a conflict between the organization's information security policy and a local regulation?

Options:

A.

Enforce the local regulation.

B.

Obtain legal guidance.

C.

Enforce the organization's information security policy.

D.

Obtain an independent assessment of the regulation.

Buy Now
Questions 186

Which of the following provides the MOST effective response against ransomware attacks?

Options:

A.

Automatic quarantine of systems

B.

Thorough communication plans

C.

Effective backup plans and processes

D.

Strong password requirements

Buy Now
Questions 187

Which of the following is the MOST important characteristic of an effective information security metric?

Options:

A.

The metric expresses residual risk relative to risk tolerance.

B.

The metric is frequently reported to senior management.

C.

The metric directly maps to an industry risk management framework.

D.

The metric compares the organization's inherent risk against its risk appetite.

Buy Now
Questions 188

Who is BEST suited to determine how the information in a database should be classified?

Options:

A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Buy Now
Questions 189

Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?

Options:

A.

Record and close security incident tickets.

B.

Test and verify that compromisedsystems are clean.

C.

Document recovery steps for senior management reporting.

D.

Capture and preserve forensic images of affected systems.

Buy Now
Questions 190

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

Options:

A.

Providing evidence that resources are performing as expected

B.

Verifying security costs do not exceed the budget

C.

Demonstrating risk is managed at the desired level

D.

Confirming the organization complies with security policies

Buy Now
Questions 191

Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

Options:

A.

Crisis management plan

B.

Disaster recovery plan (DRP)

C.

Incident response plan

D.

Business continuity plan (BCP)

Buy Now
Questions 192

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Options:

A.

Availability of web application firewall logs.

B.

Capability of online virtual machine analysis

C.

Availability of current infrastructure documentation

D.

Capability to take a snapshot of virtual machines

Buy Now
Questions 193

An information security team plans to strengthen authentication requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager's BEST course of action?

Options:

A.

Assess business impact against security risk.

B.

Provide security awareness training to customers.

C.

Refer to industry best practices.

D.

Quantify the security risk to the business.

Buy Now
Questions 194

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:

A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Buy Now
Questions 195

While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Options:

A.

Assign responsibility to the database administrator (DBA).

B.

Review the databases for sensitive content.

C.

Prepare a report of the databases for senior management.

D.

Assign the highest classification level to those databases.

Buy Now
Questions 196

Which of the following would BEST help to ensure appropriate security controls are built into software?

Options:

A.

Integrating security throughout the development process

B.

Performing security testing prior to deployment

C.

Providing standards for implementation during development activities

D.

Providing security training to the software development team

Buy Now
Questions 197

An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?

Options:

A.

Focus the review on the infrastructure with the highest risk

B.

Review controls listed in the vendor contract

C.

Determine whether the vendor follows the selected security framework rules

D.

Review the vendor's security policy

Buy Now
Questions 198

Senior management has just accepted the risk of noncompliance with a new regulation What should the information security manager do NEX*P

Options:

A.

Report the decision to the compliance officer

B.

Update details within the risk register.

C.

Reassess the organization's risk tolerance.

D.

Assess the impact of the regulation.

Buy Now
Questions 199

Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?

Options:

A.

Security awareness plan

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Incident response plan

Buy Now
Questions 200

The PRIMARY objective of a post-incident review of an information security incident is to:

Options:

A.

update the risk profile

B.

minimize impact

C.

prevent recurrence.

D.

determine the impact

Buy Now
Questions 201

An organization has an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

Options:

A.

Report the findings to senior management with recommendations.

B.

Implement a phishing reporting tool in the email system.

C.

Include regular phishing campaigns after each training session.

D.

Make the training program mandatory for all employees.

Buy Now
Questions 202

What is the MOST important consideration for an organization operating in a highly regulated market when new regulatory requirements with high impact to the business need to be implemented?

Options:

A.

Engaging an external audit

B.

Establishing compensating controls

C.

Enforcing strong monitoring controls

D.

Conducting a gap analysis

Buy Now
Questions 203

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

Options:

A.

Escalation processes

B.

Technological capabilities

C.

Recovery time objective (RTO)

D.

Security audit reports

Buy Now
Questions 204

Which of the following would BEST justify continued investment in an information security program?

Options:

A.

Reduction in residual risk

B.

Security framework alignment

C.

Speed of implementation

D.

Industry peer benchmarking

Buy Now
Questions 205

Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

Options:

A.

Data owner

B.

Data custodian

C.

System administrator

D.

Senior management

Buy Now
Questions 206

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

Options:

A.

Evaluate the results of business continuity testing.

B.

Review key performance indicators (KPIs).

C.

Evaluate the business impact of incidents.

D.

Engage business process owners.

Buy Now
Questions 207

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

Options:

A.

Enforcing data retention

B.

Developing policy standards

C.

Benchmarking against industry peers

D.

Categorizing information assets

Buy Now
Questions 208

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

Options:

A.

Digital currency is immediately available.

B.

Network access requires two-factor authentication.

C.

Data backups are recoverable from an offsite location.

D.

An alternative network link is immediately available.

Buy Now
Questions 209

Which of the following is MOST likely to reduce the effectiveness of a SIEM system?

Options:

A.

Lack of multi-factor authentication (MFA) for system access

B.

Weakly encrypted log files

C.

Misconfiguration of alert thresholds

D.

Complex user interface

Buy Now
Questions 210

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

Options:

A.

Intrusion detection

B.

Log monitoring

C.

Patch management

D.

Antivirus software

Buy Now
Questions 211

The MOST appropriate time to conduct a disaster recovery test would be after:

Options:

A.

major business processes have been redesigned.

B.

the business continuity plan (BCP) has been updated.

C.

the security risk profile has been reviewed

D.

noncompliance incidents have been filed.

Buy Now
Questions 212

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.

Include security requirements in the contract.

B.

Update the risk register.

C.

Consult with the business owner.

D.

Restrict application network access temporarily.

Buy Now
Questions 213

Which of the following is the PRIMARY objective of a cyber resilience strategy?

Options:

A.

Business continuity

B.

Regulatory compliance

C.

Employee awareness

D.

Executive support

Buy Now
Questions 214

Which of the following is the MOST important consideration when determining which type of failover site to employ?

Options:

A.

Reciprocal agreements

B.

Disaster recovery test results

C.

Recovery time objectives (RTOs)

D.

Data retention requirements

Buy Now
Questions 215

During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption, unauthorized alterations, and errors?

Options:

A.

Configuration management

B.

Password management

C.

Change management

D.

Version management

Buy Now
Questions 216

The MOST important information for influencing management’s support of information security is:

Options:

A.

an demonstration of alignment with the business strategy.

B.

An identification of the overall threat landscape.

C.

A report of a successful attack on a competitor.

D.

An identification of organizational risks.

Buy Now
Questions 217

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?

Options:

A.

Identify the skill set of the provider's incident response team.

B.

Evaluate the provider's audit logging and monitoring controls.

C.

Review the provider’s incident definitions and notification criteria.

D.

Update the incident escalation process.

Buy Now
Questions 218

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Options:

A.

Compartmentalization

B.

Overlapping redundancy

C.

Continuous monitoring

D.

Multi-factor authentication

Buy Now
Questions 219

Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

Options:

A.

To enforce security policy requirements

B.

To maintain business asset inventories

C.

To ensure audit and compliance requirements are met

D.

To ensure the availability of business operations

Buy Now
Questions 220

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Options:

A.

Current resourcing levels

B.

Availability of potential resources

C.

Information security strategy

D.

Information security incidents

Buy Now
Questions 221

What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?

Options:

A.

Perform a vulnerability assessment on the systems within the department.

B.

Introduce additional controls to force compliance with policy.

C.

Require department users to repeat security awareness training.

D.

Report the policy violation to senior management.

Buy Now
Questions 222

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Options:

A.

Perform a privacy impact assessment (PIA).

B.

Perform a vulnerability assessment.

C.

Perform a gap analysis.

D.

Perform a business impact analysis (BIA).

Buy Now
Questions 223

Which of the following BEST helps to ensure the effective execution of an organization's disaster recovery plan (DRP)?

Options:

A.

The plan is reviewed by senior and IT operational management.

B.

The plan is based on industry best practices.

C.

Process steps are documented by the disaster recovery team.

D.

Procedures are available at the primary and failover location.

Buy Now
Questions 224

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Establish performance metrics for the team

B.

Perform a post-incident review

C.

Implement a SIEM solution

D.

Perform a threat analysis

Buy Now
Questions 225

Which of the following devices, when placed in a demilitarized zone (DMZ), would be considered the MOST significant exposure?

Options:

A.

Mail relay server

B.

Proxy server

C.

Database server

D.

Application server

Buy Now
Questions 226

An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?

Options:

A.

Information security threat profile

B.

Information security policy

C.

Information security objectives

D.

Information security strategy

Buy Now
Questions 227

Which of the following should be the FIRST consideration when developing a strategy for protecting an organization's data?

Options:

A.

Classification

B.

Encryption

C.

Access monitoring

D.

Access rights

Buy Now
Questions 228

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Options:

A.

Preventive

B.

Corrective

C.

Detective

D.

Deterrent

Buy Now
Questions 229

For an e-business that requires high availability, which of the following design principles is BEST?

Options:

A.

Manual failover to the website of another e-business that meets the user's needs

B.

A single point of entry allowing transactions to be received and processed quickly

C.

Intelligent middleware to direct transactions from a downed system to an alternative

D.

Availability of an adjacent cold site and a standby server with mirrored copies of critical data

Buy Now
Questions 230

An organization is experiencing a sharp increase in incidents related to phishing messages. The root cause is an outdated email filtering system that is no longer supported by the vendor. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Reinforce security awareness practices for end users.

B.

Temporarily outsource the email system to a cloud provider.

C.

Develop a business case to replace the system.

D.

Monitor outgoing traffic on the firewall.

Buy Now
Questions 231

An organization is planning to outsource network management to a service provider. Including which of the following in the contract would be the MOST effective way to mitigate information security risk?

Options:

A.

Requirement for regular information security awareness

B.

Right-to-audit clause

C.

Service level agreement (SLA)

D.

Requirement to comply with corporate security policy

Buy Now
Questions 232

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Options:

A.

Involving all stakeholders in testing and training

B.

Scheduling periodic internal and external audits

C.

Including the board and senior management in plan reviews

D.

Maintaining copies of the plan at the primary and recovery sites

Buy Now
Questions 233

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

Options:

A.

Requiring an external security audit of the IT service provider

B.

Requiring regular reporting from the IT service provider

C.

Defining information security requirements with internal IT

D.

Defining the business recovery plan with the IT service provider

Buy Now
Questions 234

Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?

Options:

A.

To validate the incident

B.

To review network configurations

C.

To validate the payload signature

D.

To devise the incident response strategy

Buy Now
Questions 235

In a call center, the BEST reason to conduct a social engineering is to:

Options:

A.

Identify candidates for additional security training.

B.

minimize the likelihood of successful attacks.

C.

gain funding for information security initiatives.

D.

improve password policy.

Buy Now
Questions 236

Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization’s security program?

Options:

A.

Management review policy

B.

Business continuity management policy

C.

Information security training policy

D.

Security incident management policy

Buy Now
Questions 237

Which of the following is the MOST common cause of cybersecurity breaches?

Options:

A.

Lack of adequate password rotation

B.

Human error

C.

Abuse of privileged accounts

D.

Lack of control baselines

Buy Now
Questions 238

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.

Define the issues to be addressed.

B.

Perform a cost-benefit analysis.

C.

Calculate the total cost of ownership (TCO).

D.

Conduct a feasibility study.

Buy Now
Questions 239

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.

Which of the following should be given immediate focus?

Options:

A.

Moving to a zero trust access model

B.

Enabling network-level authentication

C.

Enhancing cyber response capability

D.

Strengthening endpoint security

Buy Now
Questions 240

An email digital signature will:

Options:

A.

protect the confidentiality of an email message.

B.

verify to recipient the integrity of an email message.

C.

automatically correct unauthorized modification of an email message.

D.

prevent unauthorized modification of an email message.

Buy Now
Questions 241

Which of the following is the MOST effective way to protect the authenticity of data in transit?

Options:

A.

Digital signature

B.

Private key

C.

Access controls

D.

Public key

Buy Now
Questions 242

Which of the following is the PRIMARY reason to use a phased incident recovery approach?

Options:

A.

To gain management buy-in

B.

To give the response team time to analyze incidents

C.

To ensure critical systems are recovered first

D.

To prioritize remediation steps

Buy Now
Questions 243

Which of the following is the BEST indication of an effective disaster recovery planning process?

Options:

A.

Hot sites are required for any declared disaster.

B.

Chain of custody is maintained throughout the disaster recovery process.

C.

Post-incident reviews are conducted after each event.

D.

Recovery time objectives (RTOs) are shorter than recovery point objectives (RPOs).

Buy Now
Questions 244

Which of the following is the BEST course of action when confidential information is inadvertently disseminated outside the organization?

Options:

A.

Review compliance requirements.

B.

Communicate the exposure.

C.

Declare an incident.

D.

Change the encryption keys.

Buy Now
Questions 245

Which of the following is MOST important for building 4 robust information security culture within an organization?

Options:

A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Buy Now
Questions 246

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:

A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Buy Now
Questions 247

Which of the following should be the PRIMARY goal of information security?

Options:

A.

Information management

B.

Regulatory compliance

C.

Data governance

D.

Business alignment

Buy Now
Questions 248

When mitigation is the chosen risk treatment, which of the following roles is responsible for effective implementation of the chosen treatment?

Options:

A.

Risk owner

B.

Control owner

C.

Business system owner

D.

Application owner

Buy Now
Questions 249

Which of the following is the BEST source of information to support an organization's information security vision and strategy?

Options:

A.

Metrics dashboard

B.

Governance policies

C.

Capability maturity model

D.

Enterprise information security architecture

Buy Now
Questions 250

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Options:

A.

number of impacted users.

B.

capability of incident handlers.

C.

type of confirmed incident.

D.

predicted incident duration.

Buy Now
Questions 251

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

Options:

A.

Assess the residual risk.

B.

Share lessons learned with the organization.

C.

Update the system's documentation.

D.

Allocate budget for penetration testing.

Buy Now
Questions 252

Which of the following should be the MOST important consideration of business continuity management?

Options:

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Buy Now
Questions 253

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

Options:

A.

Available annual budget

B.

Cost-benefit analysis of mitigating controls

C.

Recovery time objective (RTO)

D.

Maximum tolerable outage (MTO)

Buy Now
Questions 254

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

Options:

A.

Centralized logging

B.

Time clock synchronization

C.

Available forensic tools

D.

Administrator log access

Buy Now
Questions 255

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Options:

A.

Training project managers on risk assessment

B.

Having the information security manager participate on the project steering committees

C.

Applying global security standards to the IT projects

D.

Integrating the risk assessment into the internal audit program

Buy Now
Questions 256

Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Options:

A.

The framework defines managerial responsibilities for risk impacts to business goals.

B.

The framework provides direction to meet business goals while balancing risks and controls.

C.

The framework provides a roadmap to maximize revenue through the secure use of technology.

D.

The framework is able to confirm the validity of business goals and strategies.

Buy Now
Questions 257

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Buy Now
Questions 258

An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?

Options:

A.

Assemble the incident response team to evaluate the incidents

B.

Initiate the crisis communication plan to notify stakeholders of the incidents

C.

Engage external incident response consultants to conduct an independent investigation

D.

Prioritize the incidents based on data classification standards

Buy Now
Questions 259

Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

Options:

A.

Return on investment (ROI)

B.

Compliance requirements

C.

Target audience

D.

Criticality of information

Buy Now
Questions 260

Which of the following should be of GREATEST concern regarding an organization's security controls?

Options:

A.

Some controls are performing outside of an acceptable range.

B.

No key control indicators (KCIs) have been implemented.

C.

Control ownership has not been updated.

D.

Control gap analysis is outdated.

Buy Now
Questions 261

An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Options:

A.

Accept the risk, as the benefits exceed the potential consequences.

B.

Mitigate the risk by applying anonymization on the data set.

C.

Transfer the risk by purchasing insurance.

D.

Mitigate the risk by encrypting the customer names in the data set.

Buy Now
Questions 262

Labeling information according to its security classification:

Options:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Buy Now
Questions 263

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

Options:

A.

Ensure security is involved in the procurement process.

B.

Review the third-party contract with the organization's legal department.

C.

Conduct an information security audit on the third-party vendor.

D.

Communicate security policy with the third-party vendor.

Buy Now
Questions 264

Which of the following is MOST appropriate for an organization to consider when defining incident classification and categorization levels?

Options:

A.

Maturity of incident response activities

B.

Threat environment

C.

Quantity of impacted assets

D.

Incident impact

Buy Now
Questions 265

A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?

Options:

A.

Perform a gap analysis.

B.

Conduct benchmarking.

C.

Notify the legal department.

D.

Determine the disruption to the business.

Buy Now
Questions 266

Which of the following is MOST important to consider when determining asset valuation?

Options:

A.

Asset recovery cost

B.

Asset classification level

C.

Cost of insurance premiums

D.

Potential business loss

Buy Now
Questions 267

Which of the following metrics would provide an accurate measure of an information security program's performance?

Options:

A.

A collection of qualitative indicators that accurately measure security exceptions

B.

A combination of qualitative and quantitative trends that enable decision making

C.

A collection of quantitative indicators that are compared against industry benchmarks

D.

A single numeric score derived from various measures assigned to the security program

Buy Now
Questions 268

The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:

Options:

A.

the partition table on the disk has been deleted.

B.

the tile has been overwritten.

C.

all files in the directory have been deleted.

D.

high-level disk formatting has been performed.

Buy Now
Questions 269

Which of the following provides the MOST assurance that a third-party hosting provider will be able to meet availability requirements?

Options:

A.

Right-to-audit clause

B.

The third party's incident response plan

C.

Service level agreement (SLA)

D.

The third party's business continuity plan (BCP)

Buy Now
Questions 270

Which of the following is the MOST important consideration during the design phase of a business impact analysis (BIA)?

Options:

A.

Selecting quality metrics to monitor business performance

B.

Estimating the likelihood that end-to-end processes will be disrupted

C.

Obtaining reserve funding to prepare for possible business failures

D.

Identifying critical functions for business operations

Buy Now
Questions 271

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:

A.

The capabilities and expertise of the information security team

B.

The organization's mission statement and roadmap

C.

A prior successful information security strategy

D.

The organization's information technology (IT) strategy

Buy Now
Questions 272

Which of the following is MOST helpful in determining whether a phishing email is malicious?

Options:

A.

Security awareness training

B.

Reverse engineering

C.

Threat intelligence

D.

Sandboxing

Buy Now
Questions 273

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Options:

A.

quickly resolved and eliminated regardless of cost.

B.

tracked and reported on until their final resolution.

C.

documented in security awareness programs.

D.

noted and re-examined later if similar weaknesses are found.

Buy Now
Questions 274

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?

Options:

A.

Reviewing policies and procedures

B.

Performing a risk assessment

C.

Interviewing business managers and employees

D.

Performing a business impact analysis (BIA)

Buy Now
Questions 275

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.

Focus on addressing conflicts between security and performance.

B.

Collaborate with business and IT functions in determining controls.

C.

Include information security requirements in the change control process.

D.

Obtain assistance from IT to implement automated security cantrals.

Buy Now
Questions 276

Which of the following is the BEST indication that an organization has a mature information security culture?

Options:

A.

Information security training is mandatory for all staff.

B.

The organization's information security policy is documented and communicated.

C.

The chief information security officer (CISO) regularly interacts with the board.

D.

Staff consistently consider risk in making decisions.

Buy Now
Questions 277

The BEST way to report to the board on the effectiveness of the information security program is to present:

Options:

A.

a dashboard illustrating key performance metrics.

B.

a summary of the most recent audit findings.

C.

peer-group industry benchmarks.

D.

a report of cost savings from process improvements.

Buy Now
Questions 278

Which of the following is the BEST indication ofa successful information security culture?

Options:

A.

Penetration testing is done regularly and findings remediated.

B.

End users know how to identify and report incidents.

C.

Individuals are given roles based on job functions.

D.

The budget allocated for information security is sufficient.

Buy Now
Questions 279

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

Options:

A.

Clearer segregation of duties

B.

Increased user productivity

C.

Increased accountability

D.

Fewer security incidents

Buy Now
Questions 280

Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Options:

A.

Incident management procedures

B.

Incident management policy

C.

System risk assessment

D.

Organizational risk register

Buy Now
Questions 281

Which of the following sources is MOST useful when planning a business-aligned information security program?

Options:

A.

Security risk register

B.

Information security policy

C.

Business impact analysis (BIA)

D.

Enterprise architecture (EA)

Buy Now
Questions 282

An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Options:

A.

Create a business case for a new incident response plan.

B.

Revise the existing incident response plan.

C.

Conduct a gap analysis.

D.

Assess the impact to the budget,

Buy Now
Questions 283

Application data integrity risk is MOST directly addressed by a design that includes:

Options:

A.

reconciliation routines such as checksums, hash totals, and record counts.

B.

strict application of an authorized data dictionary.

C.

application log requirements such as field-level audit trails and user activity logs.

D.

access control technologies such as role-based entitlements.

Buy Now
Questions 284

After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?

Options:

A.

Calculating cost of the incident

B.

Conducting a postmortem assessment

C.

Performing an impact analysis

D.

Preserving the evidence

Buy Now
Questions 285

For which of the following is it MOST important that system administrators be restricted to read-only access?

Options:

A.

User access log files

B.

Administrator user profiles

C.

Administrator log files

D.

System logging options

Buy Now
Questions 286

Which of the following is the BEST way to build a risk-aware culture?

Options:

A.

Periodically change risk awareness messages.

B.

Ensure that threats are documented and communicated in a timely manner.

C.

Establish a channel for staff to report risks.

D.

Periodically test compliance with security controls.

Buy Now
Questions 287

Which of the following should be the PRIMARY objective of an information security governance framework?

Options:

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization's information security policies.

Buy Now
Questions 288

Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?

Options:

A.

To reduce risk mitigation costs

B.

To resolve vulnerabilities in enterprise architecture (EA)

C.

To manage the risk to an acceptable level

D.

To eliminate threats impacting the business

Buy Now
Questions 289

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

Options:

A.

Access to the hardware

B.

Data encryption

C.

Non-standard event logs

D.

Compressed customer data

Buy Now
Questions 290

An information security manager is updating the organization's incident response plan. Which of the following is the BEST way to validate that the process and procedures provided by IT and business units are complete, accurate, and known by all responsible teams?

Options:

A.

Review the test objectives with stakeholders.

B.

Conduct a data breach incident tabletop exercise.

C.

Conduct an incident response plan survey.

D.

Review data breach incident triage steps.

Buy Now
Questions 291

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Options:

A.

adherence to international standards

B.

availability of financial resources

C.

the organization s risk tolerance

D.

alignment with business needs

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Aug 26, 2025
Questions: 967

PDF + Testing Engine

$74.7  $249

Testing Engine

$67.5  $225
buy now CISM testing engine

PDF (Q&A)

$59.7  $199
buy now CISM pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 26 Aug 2025