Cism Test Bank
626 questions across 0 topics. Use the find bar or section chips to jump to what you need.
Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
Critical path
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
security awareness training for employees.
Good information security standards should:
define precise and unambiguous allowable limits.
Which of the following should be the FIRST step in developing an information security plan?
Analyze the current business strategy
Senior management commitment and support for information security can BEST be obtained through presentations that:
tie security risks to key business objectives
The MOST appropriate role for senior management in supporting information security is the:
approval of policy statements and funding
Which of the following would BEST ensure the success of information security governance within an organization?
Steering committees approve security projects
Information security governance is PRIMARILY driven by:
business strategy
Which of the following represents the MAJOR focus of privacy regulations?
Identifiable personal data
Investments in information security technologies should be based on:
value analysis
Retention of business records should PRIMARILY be based on
regulatory and legal requirements
Which of the following is characteristic of centralized information security management?
Better adherence to policies
Successful implementation of information security governance will FIRST require:
updated security policies
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?
Chief operating officer (COO)
The MOST important component of a privacy policy is:
notifications
The cost of implementing a security control should not exceed the:
asset value
When a security standard conflicts with a business objective, the situation should be resolved by:
performing a risk analysis
Minimum standards for securing the technical infrastructure should be defined in a security:
architecture
Which of the following is MOST appropriate for inclusion in an information security strategy?
Security processes, methods, tools and techniques
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
organizational risk
Which of the following roles would represent a conflict of interest for an information security manager?
Final approval of information security policies
Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?
The data center manager has final signoff on all security projects
Which of the following requirements would have the lowest level of priority in information security?
Technical
When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
Establish good communication with steering committee members
It is MOST important that information security architecture be aligned with which of the following?
Business goals and objectives
Which of the following is MOST likely to be discretionary?
Guidelines
Security technologies should be selected PRIMARILY on the basis of their:
ability to mitigate business risks
Which of the following are seldom changed in response to technological changes?
Policies
The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:
application systems and media
Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
Better alignment to business unit needs
Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
Chief operating officer (COO)
Which of the following would be the MOST important goal of an information security governance program?
Ensuring trust in data
Relationships among security technologies are BEST defined through which of the following?
Security architecture
A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?
Perform a risk analysis to quantify the risk
Acceptable levels of information security risk should be determined by:
die steering committee
The PRIMARY goal in developing an information security strategy is to:
support the business objectives of the organization
Senior management commitment and support for information security can BEST be enhanced through:
periodic review of alignment with business management goals
When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
Develop policies that meet all mandated requirements
Which of the following MOST commonly falls within the scope of an information security governance steering committee?
Prioritizing information security initiatives
Which of the following is the MOST important factor when designing information security architecture?
Stakeholder requirements
Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
Ability to understand and map organizational needs to security technologies
Which of the following are likely to be updated MOST frequently?
Procedures for hardening database servers
Who should be responsible for enforcing access rights to application data?
Security administrators
The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
chief operations officer (COO)
Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
Develop an information security strategy paper
Developing a successful business case for the acquisition of information security software products can BEST be assisted by:
calculating return on investment (ROD projections)
When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:
aligned with the business strategy
Which of the following is the MOST important information to include in a strategic plan for information security?
Current state and desired future state
Information security projects should be prioritized on the basis of:
impact on the organization
Which of the following is the MOST important information to include in an information security standard?
Last review date
Which of the following would BEST prepare an information security manager for regulatory reviews?
Perform self-assessments using regulatory guidelines and reports
An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:
establish baseline standards for all locations and add supplemental standards as required
Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?
Evaluate the impact of information security risks
From an information security manager perspective, what is the immediate benefit of clearly defined roles and responsibilities?
Better accountability
An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?
Risk assessment reports
Reviewing which of the following would BEST ensure that security controls are effective?
Security metrics
Which of the following is responsible for legal and regulatory liability?
Board and senior management
While implementing information security governance an organization should FIRST:
define the security strategy
The MOST basic requirement for an information security governance program is to
be aligned with the corporate business strategy
Information security policy enforcement is the responsibility of the:
chief information security officer (CISO)
A good privacy statement should include:
what the company will do with information it collects
Which of the following would be MOST effective in successfully implementing restrictive password policies?
Security awareness program
When designing an information security quarterly report to management, the MOST important element to be considered should be the:
linkage to business area objectives
An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
data privacy policy where data are collected.
A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
assess whether existing controls meet the regulation.
Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
policy
At what stage of the applications development process should the security department initially become involved?
At detail requirements
A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?
Associating realistic threats to corporate objectives
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
business requirements
When personal information is transmitted across networks, there MUST be adequate controls over:
privacy protection.
An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
ensure that security processes are consistent across the organization.
Who in an organization has the responsibility for classifying information?
Data owner
What is the PRIMARY role of the information security manager in the process of information classification within an organization?
Defining and ratifying the classification structure of information assets
Which of the following is MOST important in developing a security strategy?
Understanding key business objectives
Who is ultimately responsible for the organization's information?
Board of directors
Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?
Regulatory compliance
A security manager meeting the requirements for the international flow of personal data will need to ensure:
the agreement of the data subjects.
An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?
Proportionality
Which of the following is the MOST important prerequisite for establishing information security management within an organization?
Senior management commitment
What will have the HIGHEST impact on standard information security governance models?
Complexity of organizational structure
In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:
conduct a risk assessment.
Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
it implies compliance risks.
An outcome of effective security governance is:
strategic alignment.
How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
Negotiate a local version of the organization standards
Who should drive the risk analysis for an organization?
Security manager
The FIRST step in developing an information security management program is to:
clarify organizational purpose for creating the program.
Which of the following is the MOST important to keep in mind when assessing the value of information?
The potential financial loss
What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?
Business case
To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?
Cost-benefit analysis
Which of the following situations would MOST inhibit the effective implementation of security governance:
High-level sponsorship
To achieve effective strategic alignment of security initiatives, it is important that:
Inputs be obtained and consensus achieved between the major organizational units.
What would be the MOST significant security risks when using wireless local area network (LAN) technology?
Rogue access point
When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
Information security manager
In implementing information security governance, the information security manager is PRIMARILY responsible for:
developing the security strategy.
An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
alignment.
When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
Compliance with the organization's information security requirements.
To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:
substantiate the investment in meeting organizational needs.
The MOST useful way to describe the objectives in the information security strategy is through: attributes and characteristics of the 'desired state."
conduct a risk assessment.
In order to highlight to management the importance of network security, the security manager should FIRST:
Skills inventory
When developing an information security program, what is the MOST useful source of information for determining available resources?
are aligned with organizational goals.
The MOST important characteristic of good security policies is that they:
support organizational objectives.
An information security manager must understand the relationship between information security and business operations in order to:
refer the issues to senior management along with any security recommendations.
The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:
developing a business case.
Obtaining senior management support for establishing a warm site can BEST be accomplished by:
Include security responsibilities in the job description
Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?
Defined objectives
Which of the following is the MOST important element of an information security strategy?
Cultures of the different countries
A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?
Increased business value
Which of the following is the BEST justification to convince management to invest in an information security program?
a statement regarding what the company will do with the information it collects.
On a company's e-commerce web site, a good legal statement regarding data privacy should include:
alignment with organizational goals and objectives .
The MOST important factor in ensuring the success of an information security program is effective:
A security program that enables business activities
Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?
Continuous analysis, monitoring and feedback
Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
includes appropriate justification.
The MOST complete business case for security solutions is one that.
Organizational goals
Which of the following is MOST important to understand when developing a meaningful information security strategy?
It is easier to manage and control.
Which of the following is an advantage of a centralized information security organizational structure?
Obtain strong management support
Which of the following would help to change an organization's security culture?
a business case.
The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
obtain high-level sponsorship.
The FIRST step in establishing a security governance program is to:
conflicting security controls with organizational needs.
An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:
managing risk relative to business objectives.
An organization's information security strategy should be based on:
A cost-benefit analysis of budgeted resources
Which of the following should be included in an annual information security budget that is submitted for management approval?
Reduction of the potential for civil or legal liability
Which of the following is a benefit of information security governance?
clear alignment with the goals and objectives of the organization.
Investment in security technology and processes should be based on:
business owner.
The data access requirements for an application should be determined by the:
analyzed under the retention policy.
From an information security perspective, information that no longer supports the main purpose of the business should be:
Laws and regulations of the country of origin may not be enforceable in the foreign country.
The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?
utilizing a top-down approach.
Effective IT governance is BEST ensured by:
gain the endorsement of executive management.
The FIRST step to create an internal culture that focuses on information security is to:
Obtain the support of the board of directors.
Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?
setting the strategic direction of the program.
When an organization is implementing an information security governance program, its board of directors should be responsible for:
Review of the assessment with executive management for final input
A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BES T approach of the information security manager?
Senior management
Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
Require management to report on compliance
An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?
a balance between technical and business requirements.
Information security should be:
Support of senior management
What is the MOST important factor in the successful implementation of an enterprise wide information security program?
Information security plans are not aligned with business requirements
What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?
the plan aligns with the organization's business plan.
The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
Organizational objectives and risk appetite
Which of the following should be determined while defining risk management strategies?
Preserving the confidentiality of sensitive data
When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?
To help determine the current state of risk
Which of the following is the BEST reason to perform a business impact analysis (BIA)?
acceptance
A risk mitigation report would include recommendations for:
an acceptable level.
A risk management program should reduce risk to:
security risks are subject to frequent change.
The MOST important reason for conducting periodic risk assessments is because:
Residual risk is minimized
Which of the following BEST indicates a successful risk management practice?
Loss of customer confidence
Which of the following would generally have the GREATEST negative impact on an organization?
Risk analysis results
A successful information security management program should use which of the following to determine the amount of resources devoted to mitigating exposures?
Prospective employee background checks
Which of the following will BEST protect an organization from internal security attacks?
replacement cost.
For risk management purposes, the value of an asset should be based on:
if unavailable.
In a business impact analysis, the value of an information system should be based on the overall cost:
residual risk is minimized.
Acceptable risk is achieved when:
individual business managers.
The value of information assets is BEST determined by:
Feasibility
During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
change management.
The MOST effective way to incorporate risk management practices into existing production systems is through:
Business impact analysis
Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
Restoration of the system
The recovery time objective (RTO) is reached at which of the following milestones?
Residual risk
Which of the following results from the risk assessment process would BEST assist risk management decision making?
Visibility of impact
The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
Mitigation
Risk acceptance is a component of which of the following?
a level that the organization is willing to accept.
Risk management programs are designed to reduce risk to:
annually or whenever there is a significant change.
A risk assessment should be conducted:
minimize residual risk.
The MOST important function of a risk management program is to:
Permanent decline in customer confidence
Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
Network address translation
Which of the following will BEST prevent external security attacks?
cost to obtain a replacement.
In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:
priority of restoration.
A business impact analysis (BIA) is the BEST tool for calculating:
acceptable risk is probable.
When residual risk is minimized:
contain percentage estimates.
Quantitative risk analysis is MOST appropriate when assessment data:
Measuring current state vs. desired future state
Which of the following is the MOST appropriate use of gap analysis?
address areas with most significance.
Identification and prioritization of business risk enables project managers to:
address the potential size and likelihood of loss.
A risk analysis should:
Before-image restoration
The recovery point objective (RPO) requires which of the following?
Change management procedures are poor
Based on the information provided, which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations?
Organizational activities
Which of the following BEST describes the scope of risk analysis?
organizational requirements.
The decision as to whether a risk has been reduced to an acceptable level should be determined by:
Is a necessary part of management's due diligence
Which of the following is the PRIMARY reason for implementing a risk management program?
Process owners
Which of the following groups would be in the BEST position to perform a risk analysis for a business?
optimization of risk reduction efforts against cost.
A successful risk management program should lead to:
An electrical power outage
Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
financial losses incurred by affected business units.
The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:
List of action items to mitigate risk
Which of the following is the MOST usable deliverable of an information security risk analysis?
Heat charts
Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?
Chief operations officer (COO)
Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?
Likelihood and impact
Which two components PRIMARILY must be assessed in an effective risk analysis?
justify selection of risk mitigation strategies.
Information security managers should use risk assessment techniques to:
consider both monetary value and likelihood of loss.
In assessing risk, it is MOST essential to:
data owners who may be impacted.
When the computer incident response team (CIRT) finds clear evidence that a hacker has penetrated the corporate network and modified customer information, an information security manager should FIRST notify:
Entitlement changes
Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
stated objectives are achievable.
The PRIMARY goal of a corporate risk management program is to ensure that an organization's:
countermeasures are proportional to risk.
It is important to classify and determine relative sensitivity of assets to ensure that:
determine the current level of security.
The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
vulnerability.
An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
Calculate the value of the information or asset
When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?
map the major threats to business objectives.
Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:
the information owner.
The valuation of IT assets should be performed by:
minimize residual risk.
The PRIMARY objective of a risk management program is to:
Business manager
After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?
identify controls commensurate to risk.
The PRIMARY benefit of performing an information asset classification is to:
New risks detection
Which of the following is MOST essential for a risk management program to be effective?
Brute force attack
Which of the following attacks is BEST mitigated by utilizing strong passwords?
User awareness
Phishing is BEST mitigated by which of the following?
ensuring security measures are consistent with policy.
The security responsibility of data custodians in an organization will include:
business threats are constantly changing.
A security risk assessment exercise should be repeated at regular intervals because:
Identity business assets
Which of the following steps in conducting a risk assessment should be performed FIRST?
periodically testing the incident response plans.
The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:
Residual
Which of the following risks is represented in the risk appetite of an organization?
Recover)' time objective (RTO)
Which of the following would a security manager establish to determine the target for restoration of normal processing?
maintain residual risk at an acceptable level.
A risk management program would be expected to:
Feasibility
Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?
Business impact analysis (BIA)
Which of the following would help management determine the resources needed to mitigate a risk to the organization?
the cost of countermeasure outweighs the value of the asset and potential loss.
A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:
Percent of control objectives accomplished
Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?
Previous financial results
Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?
assess exposures and plan remediation.
The PRIMARY purpose of using risk analysis within a security program is to:
Identifying data owners
Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?
mitigate the impact by purchasing insurance.
An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:
Security gap analyses
What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?
inject structured query language (SQL) statements.
A common concern with poorly written web applications is that they can allow an attacker to:
Cost versus benefit of additional mitigating controls
Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
Understand the business requirements of the developer portal
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?
Create a strong random password
A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?
a lack of proper input validation controls.
Attackers who exploit cross-site scripting vulnerabilities take advantage of:
Acceptable use policies
Which of the following would BEST address the risk of data leakage?
Data classification policy
A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
Cost-benefit analysis
What is the BEST technique to determine which security controls to implement with a limited budget?
A risk assessment
A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action?
Role-based access control
Which of the following measures would be MOST effective against insider threats to confidential information?
recommend a risk assessment and implementation only if the residual risks are accepted.
Because of its importance to the business, an organization wants to quickly implement a technical solution which deviates from the company's policies. An information security manager should:
implement monitoring techniques to detect and react to potential fraud.
After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to:
impact assessment.
The criticality and sensitivity of information assets is determined on the basis of:
Valuation
Which program element should be implemented FIRST in asset classification and control?
assets have been identified and appropriately valued.
When performing a risk assessment, the MOST important consideration is that:
the appropriate level of protection to the asset.
The MAIN reason why asset classification is important to a successful information security program is because classification determines:
reduce risk to an acceptable level.
The BEST strategy for risk management is to:
Intrinsic value of the data stored on the equipment
Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?
Perform a gap analysis.
An organization has to comply with recently published industry regulatory requirementsÑ compliance that potentially has high implementation costs. What should the information security manager do FIRST?
Total cost of ownership (TCO)
Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
the test results of intended objectives.
One way to determine control effectiveness is by determining:
Misconfiguration and missing updates
What does a network vulnerability assessment intend to identify?
Data owner
Who is responsible for ensuring that information is classified?
accepted.
After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:
An explanation of the incident and corrective action taterm-276ken
When a significant security breach occurs, what should be reported FIRST to senior management?
the risk is justified by the benefit.
The PRIMARY reason for initiating a policy exception process is when:
Requirements of data owners
Which of (lie following would be the MOST relevant factor when defining the information classification policy?
focus on key controls.
To determine the selection of controls required to meet business objectives, an information security manager should:
head of the sales department.
The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:
identify systems and processes that contain privacy components.
In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
on a continuous basis.
Risk assessment is MOST effective when performed:
The risk environment is constantly changing.
Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?
Identify the vulnerable systems and apply compensating controls
There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?
Penetration testing
Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?
Countermeasure cost-benefit analysis
Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?
mitigating the risk.
An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:
Owner
Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?
defining the level of access controls.
The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:
Gap analysis
An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?
Possible scenarios with threats and impacts
When performing a qualitative risk analysis, which of the following will BEST produce reliable results?
Participation by all members of the organization
Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?
facilitate a thorough review of all IT-related risks on a periodic basis.
The MOST effective use of a risk register is to:
Conduct a risk assessment
After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?
Downtime tolerance, resources and criticality
Which of the following are the essential ingredients of a business impact analysis (B1A)?
managing risks to an acceptable level, commensurate with goals and objectives.
A risk management approach to information protection is:
Transfer the risk.
Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?
Conducting a business impact analysis (BIA).
To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?
support the business objectives of the company by providing security-related support services.
An information security organization should PRIMARILY:
minimizing operational impacts.
When implementing security controls, an information security manager must PRIMARILY focus on:
an acceptable level based on organizational risk tolerance.
All risk management activities are PRIMARILY designed to reduce impacts to:
Business owner
After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?
mitigate impact.
The purpose of a corrective control is to:
Basing the information security infrastructure on risk assessment
Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system?
re-assessed periodically since the risk can be escalated to an unacceptable level due to revised conditions.
Previously accepted risk should be:
immediately advise senior management of the elevated risk.
An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:
Asset identification and valuation
Which of the following steps should be performed FIRST in the risk assessment process?
Challenge/response mechanism
Which of the following authentication methods prevents authentication replay?
A new risk assessment should be performed.
An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?
Steering committee
Who can BEST advocate the development of and ensure the success of an information security program?
Virtual private network (VPN)
Which of the following BEST ensures that information transmitted over the Internet will remain confidential?
Definition tables
The effectiveness of virus detection software is MOST dependent on which of the following?
Role-based
Which of the following is the MOST effective type of access control?
Mail relay
Which of the following devices should be placed within a DMZ?
on a screened subnet.
An intrusion detection system should be placed:
permit traffic load balancing.
The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:
on a screened subnet.
An extranet server should be placed:
reported incidents.
Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining? The number of:
focus on business-critical information.
Security monitoring mechanisms should PRIMARILY:
Computer-based certification training (CBT)
Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?
service level agreement (SLA).
When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:
Ratio of false positives to false negatives
Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?
Change management
Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
Patch management
Which of the following is MOST effective in preventing security weaknesses in operating systems?
calculating the residual risk.
When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:
Steering committee
Who can BEST approve plans to implement an information security governance framework?
Role-based access controls
Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
Embedded digital signature
Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?
Daily
Which of the following is the MOST appropriate frequency for updating antivirus signature files for antivirus software on production servers?
Web server
Which of the following devices should be placed within a demilitarized zone (DMZ )?
Domain boundary
On which of the following should a firewall be placed?
internal network.
An intranet server should generally be placed on the:
two-factor authentication.
Access control to a sensitive intranet application by mobile users can BEST be implemented through:
Centralizing security management
When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?
Increase in reported incidents
Security awareness training is MOST likely to lead to which of the following?
consider possible impact of a security breach.
The information classification scheme should:
Give a dummy password over the telephone set for immediate expiration
Which of the following is the BEST method to provide a new user with their initial password for email system access?
key business process owners.
An information security program should be sponsored by:
Service levels
Which of the following is the MOST important item to include when developing web hosting agreements with third-party providers?
number of attacks blocked.
The BEST metric for evaluating the effectiveness of a firewall is the:
Patch management
Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
reduces overall administrative workload.
The MAIN advantage of implementing automated password synchronization is that it:
Balanced scorecard
Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?
Change management
Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
Compensate for not installing the patch with mitigating controls
An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
Senior management sponsorship
Which of the following is MOST important to the success of an information security program?
Executive management commitment
Which of the following is MOST important for a successful information security program?
Screened subnets
Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
Two-factor authentication
Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?
Whenever important security patches are released
What is an appropriate frequency for updating operating system (OS) patches on production servers?
Application server
A border router should be placed on which of the following?
Demilitarized zone (DMZ)
An e-commerce order fulfillment web server should generally be placed on which of the following?
data encryption.
Secure customer use of an e-commerce application can BEST be accomplished through:
Strict controls on input fields
What is the BEST defense against a Structured Query Language (SQL) injection attack?
Tuning
Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
Encryption
Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?
Establish predetermined automatic expiration dates
Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
key business process owners.
Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:
System overhead
Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
Do not interrupt production processes
Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?
Change management
Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?
helps ensure that communications are secure.
The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:
Strong encryption
Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?
Security awareness training
Which of the following is MOST effective in protecting against the attack technique known as phishing?
Access control should fall back to no synchronized mode
When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?
System integrity may be affected
Which of the following is the MOST important risk associated with middleware in a client-server environment?
Security in storage and transmission of sensitive data
An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?
Safeguards over keys
Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?
Encryption
In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?
generate false alarms from varying user or system actions.
The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:
performance of the information security program.
An information security manager uses security metrics to measure the:
customize the content to the target audience.
The MOST important success factor to design an effective IT security awareness program is to:
Connect through an IPSec VPN
Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?
Certificate-based authentication of web client
Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?
Secure Sockets Layer (SSL).
The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:
confidentiality and nonrepudiation.
A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:
Trojan
When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSI.), confidentiality is MOST vulnerable to which of the following?
Security compliant servers trend report
Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?
the minimum acceptable security to be implemented.
It is important to develop an information security baseline because it helps to define:
Public key infrastructure (PKI)
Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?
Regular review of access control lists
Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?
evaluate a balanced business scorecard.
To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:
The key objectives of the security program
What is the MOST important item to be included in an information security policy?
all personnel.
In an organization, information systems security is the responsibility of:
define high-level business security requirements.
An organization without any formal information security program that has decided to implement information security best practices should FIRST:
Cost of achieving control objectives
When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?
Percentage of critical assets with budgeted remedial
Which of the following would be the BEST metric for the IT risk management process?
Business continuity management
Which of the following is a key area of the ISO 27001 framework?
protect information assets and resources.
The MAIN goal of an information security strategic plan is to:
Encrypting first by sender's private key and second by receiver's public key
Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?
rebuild the system from the original installation medium.
The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
verify the decision with the business units.
The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
Traffic sniffing
A risk assessment study carried out by an organization noted that there is no segmentation of the local area network (LAN). Network segmentation would reduce the potential impact of which of the following?
disruption of Internet access.
The PRIMARY objective of an Internet usage policy is to prevent:
broken authentication.
An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:
Design
A test plan to validate the security controls of a new system should be developed during which phase of the project?
periodically auditing.
The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:
a strong authentication.
In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
contribute cost-effective expertise not available internally.
The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
Planning
Priority should be given to which of the following to ensure effective implementation of information security governance?
provide a high assurance of identity.
The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:
Protective switch covers
Which of the following controls would BEST prevent accidental system shutdown from the console or operations area?
Tool for measuring effectiveness
Which of the following is the MOST important reason why information security objectives should be defined?
Encryption
What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
Encrypted hard drives
Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
Reducing the human risk
What is the MOST important reason for conducting security awareness programs throughout an organization?
Requirements development
At what stage of the applications development process would encryption key management initially be addressed?
messages displayed at every logon.
The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is:
Encrypt the data being transmitted
Which of the following would be the BEST defense against sniffing?
rely on the extent to which the certificate authority (CA) is trusted.
A digital signature using a public key infrastructure (PKI) will:
to u higher false reject rate (FRR).
When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:
Using public key infrastructure (PKI) encryption
Which of the following is the BEST method to securely transfer a message?
Develop the security plan.
Which of the following would be the FIRST step in establishing an information security program?
Role-based
An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?
appropriate controls are included.
Which of the following is the MOST important reason for an information security review of contracts? To help ensure that:
Two-factor authentication
For virtual private network (VPN) access to the corporate network, the information security manager is requiring strong authentication. Which of the following is the strongest method to ensure that logging onto the network is secure?
Creating a hash of the file, then comparing the file hashes
Which of the following guarantees that data in a file have not changed?
Use a Wi-Fi Protected Access (WPA2) protocol
Which of the following mechanisms is the MOST secure way to implement a secure wireless network?
An intrusion prevention system (IPS)
Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?
digital signatures.
Nonrepudiation can BEST be ensured by using:
establish security baselines.
The BEST way to ensure that security settings on each platform are in compliance with information security policies and procedures is to:
User
A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
perform periodic reviews for compliance.
The BEST way to ensure that information security policies are followed is to:
system data owner.
The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
Conducting security awareness programs
Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?
Security awareness campaigns
Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
Perform periodic reviews of the service provider.
The BEST way to ensure that an external service provider complies with organizational security policies is to:
validated to ensure its authenticity.
When an emergency security patch is received via electronic mail, the patch should FIRST be:
Changing access rules
In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
More incidents are being reported
Which of the following is the BEST indicator that security awareness training has been effective?
Penetration attempts investigated
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
emergency change requests.
Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:
User
Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
goals and objectives are clearly defined.
Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:
conduct an impact analysis to quantify the risks.
When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
Management support
Which of the following is MOST important to the successful promotion of good security management practices?
Locally managed file server
Which of the following environments represents the GREATEST risk to organizational security?
digital signatures.
Nonrepudiation can BEST be assured by using:
role-based access controls.
Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:
Configuration management
Which of the following areas is MOST susceptible to the introduction of security weaknesses?
organizational needs.
Security policies should be aligned MOST closely with:
simulate an attack and review IDS performance.
The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
various infrastructure changes are made.
The BEST time to perform a penetration test is after:
periodic awareness training.
Successful social engineering attacks can BEST be prevented through:
Install a honeypot on the network
What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?
Operating system (OS) security patches have not been applied
Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
Conducting periodic security awareness programs
In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
Security-steering committees
Which of the following will BEST ensure that management takes ownership of the decision making process for information security?
Process owner
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
Perform periodic security reviews of the contractors
What is the BEST way to ensure that contract programmers comply with organizational security policies?
Backing up files
Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?
before they have access to data.
Security awareness training should be provided to new employees:
Trace OS patch logs to change control requests
What is the BEST method to verify that all security patches applied to servers were properly documented?
address specific groups and roles.
A security awareness program should:
influence employee behavior.
The PRIMARY objective of security awareness is to:
Effective termination procedures
Which of the following will BEST protect against malicious activity by a former employee?
Network mapping
Which of the following represents a PRIMARY area of interest when conducting a penetration test?
Support of business objectives
The return on investment of information security can BEST be evaluated through which of the following?
avoid granting system administration roles.
To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
be straightforward and easy to understand.
Information security policies should:
Perform periodic penetration testing.
Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?
User passwords are encoded but not encrypted
Which of the following presents the GREATEST exposure to internal attack on a network?
Standards
Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?
IT management and key business process owners
Which of the following are the MOST important individuals to include as members of an information security steering committee?
ensure that controls operate as required.
Security audit reviews should PRIMARILY:
Out-of-band channels
Which of the following is the MOST appropriate method to protect a password that opens a confidential file?
Mandatory
What is the MOST effective access control method to prevent users from sharing files with unauthorized users?
New attack methods will be missed
Which of the following is an inherent weakness of signature-based intrusion detection systems?
Determining the level of application security required
Data owners are normally responsible for which of the following?
System user
Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?
Enable system-enforced password configuration
What is the BEST way to ensure users comply with organizational security requirements for password complexity?
Initially load the patches on a test machine
Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?
Security incidents are investigated within five business days
Which of the following would present the GREATEST risk to information security?
enable steady improvement.
The PRIMARY reason for using metrics to evaluate information security is to:
Periodically perform penetration tests
What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
A quantitative evaluation to ensure user comprehension
Which of the following is MOST important for measuring the effectiveness of a security awareness program?
Establish clear rules of engagement
Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?
Restrict the available drive allocation on all PCs
Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
Number of administrators
Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?
be updated frequently as new software is released.
Good information security procedures should:
may be quarantined by mail filters.
What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:
Set up firewall rules restricting network traffic from that location
A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?
define the circumstances where cryptography should be used.
Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:
The number of false positives increases
Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?
Documentation is completed with approval soon after the change
What is the MOST appropriate change management procedure for the handling of emergency program changes?
Security steering committee
Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?
authorized.
The PRIMARY focus of the change control process is to ensure that changes are:
Meet with stakeholders
An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?
Enable access through a separate device that requires adequate authentication
A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?
IT security policy
Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?
The right to conduct independent security reviews
Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?
Awareness training
Which resource is the MOST effective in preventing physical access tailgating/piggybacking?
implement role-based access control in the application.
In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:
data owner.
In business-critical applications, user access should be approved by the:
testing time window prior to deployment.
In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:
operational units.
To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
Meet with data owners to understand business needs
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
the total cost of security is increased.
When security policies are strictly enforced, the initial impact is that:
an effective control over connectivity and continuity.
A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager should PRIMARILY ensure that there is:
A clearly stated definition of scope
Which of the following should be in place before a black box penetration test begins?
Easy-to-read and compelling information
What is the MOST important element to include when developing user security awareness material?
Top-down approach
What is the MOST important success factor in launching a corporate information security awareness program?
Merging with another organization
Which of the following events generally has the highest information security impact?
IT senior management.
The configuration management plan should PRIMARILY be based upon input from:
Competitions and rewards for compliance
Which of the following is the MOST effective, positive method to promote security awareness?
key controls identified in risk assessments.
An information security program should focus on:
Finance department management
Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
Theft of a Research and Development laptop
Which of the following would be the MOST significant security risk in a pharmaceutical institution?
The program's governance oversight mechanisms
Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?
Capability maturity model (CMM)
Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?
Information security manager
Who is responsible for raising awareness of the need for adequate funding for risk action plans?
independent trusted source.
Managing the life cycle of a digital certificate is a role of a(n):
User acceptance
Which of the following would be MOST critical to the successful implementation of a biometric authentication system?
Inclusion as a required step in the system life cycle process
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date can be BEST achieved through which of the following?
service level agreements may not otherwise be met.
When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:
Service level agreements (SLAs)
To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOS T important item to include?
log all of the programmers' activity for review by supervisor.
To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
are stated in the contract.
Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
One rule may override another rule in the chain and create a loophole
What is the GREATEST risk when there is an excessive number of firewall rules?
Biometric lock
Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center"?
Ensure consistency of activities to provide a more stable environment
What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
Ensure all logical access is removed
What is the BEST way to ensure data protection upon termination of employment?
processes are repeatable and sustainable.
The MOST important reason for formally documenting security procedures is to ensure:
Restrict access to a need-to-know basis
Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
Systems programmer
The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?
Restrict account access to read only
An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?
Publish security guidance for customers
Which would be the BEST recommendation to protect against phishing attacks?
The monthly service level statistics indicate a minimal impact from security issues.
Which of the following is the BEST indicator that an effective security control is built into an organization?
Establish a virtual security team from competent employees across the company
What is the BEST way to alleviate security team understaffing while retaining the capability in house?
implement the security baselines to establish information security best practices.
An information security manager wishing to establish security baselines would:
policy.
Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
methodology used in the assessment.
An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:
assess the problems and institute rollback procedures, if needed.
Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:
access control matrix.
When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:
sustaining the organization's security posture.
The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:
incidents may have a high impact and frequency
The implementation of continuous monitoring controls is the BEST option where:
Security code reviews for the entire application
A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors?
source routing.
An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:
User education and training
What is the MOS T cost-effective means of improving security awareness of staff personnel?
Awareness training
Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
mapping to business needs.
Data owners will determine what access and authorizations users will have by:
Increased reporting of security incidents to the incident response function
Which of the following is the MOST likely outcome of a well-designed information security awareness course?
Review of various security models
Which item would be the BEST to include in the information security awareness training program for new general staff employees?
measuring processes and providing feedback.
A critical component of a continuous improvement program for information security is:
report significant security risks.
The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager
Role-based
An organization has implemented an enterprise resource planning (ERP) system used by 500 employees from various departments. Which of the following access control approaches is MOST appropriate?
the contract should mandate that the service provider will comply with security policies.
An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
To receive an independent view of security exposures
Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?
Prepare an impact assessment report.
A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?
Perform an internal risk assessment to determine needed controls.
An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?
Continually reinforcing the security policy
Which of the following would raise security awareness among an organization's employees?
Review general security settings on each platform
Which of the following is the MOST appropriate method of ensuring password strength in a large organization?
External vulnerability reporting sources
What is the MOST cost-effective method of identifying new vendor vulnerabilities?
Define and monitor security metrics.
Which of the following is the BEST approach for improving information security management processes?
validate and sanitize client side inputs.
An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is to:
has implemented cookies as the sole authentication mechanism.
The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:
regulatory and legal requirements.
Of the following, retention of business records should be PRIMARILY based on:
Ensuring that the third party is contractually obligated to all relevant security requirements
An organization is entering into an agreement with a new business partner to conduct customer mailings. What is the MOST important action that the information security manager needs to perform?
Right to audit
An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?
Conduct regular security reviews of the third-party provider
Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?
Set role-based access permissions on the shared folder
An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?
A change control process
Which of the following BEST ensures that security risks will be reevaluated when modifications in application developments are made?
Penetration tests
Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?
System design specifications
In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?
Security awareness training
Which of the following is generally considered a fundamental component of an information security program?
Key metrics indicate a reduction in incident impacts.
How would an organization know if its new information security program is accomplishing its goals?
less time is spent on reconnaissance and information gathering.
A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
User awareness training
Which of the following is the BEST method to reduce the number of incidents of employees forwarding spam and chain e-mail messages?
Implementation of lock-out policies
Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?
Signed acceptable use policy
Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?
the existence of messages is unknown.
The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
formally managed within the information security framework.
As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:
Source code review
There is reason to believe that a recently modified web application has allowed unauthorized access. Which is the BEST way to identify an application backdoor?
Clear text authentication
Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does il always introduce?
Feasibility
Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?
Incremental daily cost of the unavailability of systems
Which of the following should be determined FIRST when establishing a business continuity program?
disconnecting the computer from all power sources.
A desktop computer that was involved in a computer security incident should be secured as evidence by:
The provider services all major companies in the area
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GRF.ATEST weakness in recovery capability?
Isolate the affected network segment
Which of the following actions should be taken when an online trading company discovers a network attack in progress?
decoy files.
The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
containment.
The FIRST priority when responding to a major security incident is:
Backup media is stored offsite
Which of the following is the MOST important to ensure a successful recovery?
Business management actively participates
Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
Erase data and software from devices
At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?
escalation criteria.
An incident response policy must contain:
allow business processes to continue during the response.
The BEST approach in managing a security incident involving a successful penetration should be to:
lessons learned.
A post-incident review should be conducted by an incident management team to determine:
current processing capacity loads at data centers.
An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:
Critical business processes are duplicated
Which of the following is MOST important in determining whether a disaster recovery test is successful?
Infrastructure complexity and system sensitivity
Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?
Block all e-mails containing picture file attachments
A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?
Monitor the probe and isolate the affected segment
When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?
All equipment is provided "at time of disaster, not on floor"
Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?
Conduct an assessment to determine system status
Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?
Detailed technical recovery plans are maintained offsite
Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
Recovery criteria
The business continuity policy should contain which of the following?
potential attacks on the internal network.
The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
Ensuring accessibility should a disaster occur
When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
Check a sample of servers that the signature files are current
Which of the following is the BEST way to verify that all critical production servers are utilizing up to.date virus signature files?
Check IDS logs and monitor for any active attacks
Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
Ease of maintenance and frequency of updates
Which of the following are the MOST important criteria when selecting virus protection software?
Systems are vulnerable to new viruses during the intervening week
Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?
Business process owners
When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?
Developing recovery time objectives (RTOs) for critical functions
Which of the following is MOST closely associated with a business continuity program?
E-commerce web site
Which of the following application systems should have the shortest recovery time objective (RTO)?
Severity criteria
A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
weaknesses in network and server security.
The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
kept in the tape library' pending further analysis.
Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:
Incident response plan
When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?
Make a copy of the whole system's memory
Isolation and containment measures lor a compromised computer have been taken and information security management is now investigating. What is the MOST appropriate next step?
Hidden data may be stored there
Why is "slack space" of value to an information security manager as pan of an incident investigation?
Improve the response process
What is the PRIMARY objective of a post-event review in incident response?
strategies validated by senior management.
Detailed business continuity plans should be based PRIMARILY on:
rebuild the server with original media and relevant patches.
A web server in a financial institution that has been compromised using a super-user account has been isolated, and proper forensic processes have been followed. The next step should be to:
A bit-level copy of all hard drive data
Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?
local regulations.
In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:
reducing the extent of operational damage.
Emergency actions are taken at the early stage of a disaster with the purpose of preventing injuries or loss of life and:
Ensure compliance with reporting procedures
What is the FIRST action an information security manager should take when a company laptop is reported stolen?
Confirm the incident
Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
recovery window.
When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:
recovery point objective (RPO).
In designing a backup strategy that will be consistent with a disaster recovery strategy, the PRIMARY factor to be taken into account will be the:
run continuously
An intrusion detection system (IDS) should:
isolate the infected server(s) from the network.
The PRIORITY action to be taken when a server is infected with a virus is to:
The recovery time objective (RTO) was not exceeded during testing
Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?
A Trojan was found to be installed on a system administrator's laptop
Which of the following situations would be the MOST concern to a security manager?
confirm the incident.
A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
take an image copy of the media.
A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
ensure the assignment of qualified personnel.
When collecting evidence for forensic analysis, it is important to:
Employ packet filtering to drop suspect packets
What is the BEST method for mitigating against network denial of service (DoS) attacks?
Possible business benefits from incident impact reduction
To justify the establishment of an incident management team, an information security manager would find which of the following to be the MOST effective?
Invalid logon attempts
A database was compromised by guessing the password for a shared administrative account and confidential customer information was stolen. The information security manager was able to detect this breach by analyzing which of the following?
Diverting incoming traffic upon responding to the denial of service (DoS) attack
Which of the following is an example of a corrective control?
Time server
To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
install an intrusion detection system (IDS).
An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to:
Obtain guidance from the firewall manufacturer
A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
retrieve the tapes from the warm site and test them.
An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:
Business impact analysis (BIA)
Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
Copies of the business continuity plan
In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?
assess the likelihood of incidents from the reported cause.
An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:
Communicating specially drafted messages by an authorized person
Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?
report this situation to the data owner.
During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:
preserving the integrity of the evidence.
If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
Safety of personnel
Which of the following has the highest priority when defining an emergency response plan?
enable independent and objective review of the root cause of the incidents.
The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
capture lessons learned to improve the process.
The MOST important objective of a post incident review is to:
Post incident review
Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?
validate the incident.
The FIRST step in an incident response plan is to:
Determine the extent of the compromise.
An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?
Validate the incident
A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?
business requirements.
The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:
Contain the incident.
What task should be performed once a security incident has been verified?
Initiate the incident response process.
An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
Isolate the server from the network.
An unauthorized user gained access to a merchant's database server and customer credit card information. Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?
Aligning with recovery time objectives (RTOs)
Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?
Proven forensic processes
Which of the following would be MOST appropriate for collecting and preserving evidence?
Chain of custody
Of the following, which is the MOST important aspect of forensic investigations?
Perform a bit-by-bit image of the original media source onto new media.
In the course of examining a computer system for forensic evidence, data on the suspect media were inadvertently altered. Which of the following should have been the FIRST course of action in the investigative process?
Reciprocal arrangement
Which of the following recovery strategies has the GREATEST chance of failure?
Maximum tolerable period of data loss
Recovery point objectives (RPOs) can be used to determine which of the following?
Preparedness tests
Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?
Locating the data and preserving the integrity of the data
When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?
Establish a chain of custody log.
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials