VENOM
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
Título del Test:
 VENOM Descripción: venom of the venom |
Nuevo Comentario | Comentarios |
|---|
NO HAY REGISTROS |
|
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST: conduct a cost-benefit analysis. conduct a risk assessment. interview senior management. perform a gap analysis. Which of the following is the MOST important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?. The ability to remotely locate devices. The ability to centrally manage devices. The ability to restrict unapproved applications. The ability to classify types of devices. The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to: comply with security policy. increase corporate accountability. enforce individual accountability. reinforce the need for training. When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?. Develop metrics for vendor performance. Include information security criteria as part of vendor selection. Review third-party reports of potential vendors. Include information security clauses in the vendor contract. Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?. Security audit reports. Recovery time objective (RTO). Technological capabilities. Escalation processes. A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?. Assess the business impact to the organization. Present the noncompliance risk to senior management. Investigate alternative options to remediate the noncompliance. Determine the cost to remediate the noncompliance. Which of the following BEST enables effective information security governance?. Security-aware corporate culture. Advanced security technologies. Periodic vulnerability assessments. Established information security metrics. Which of the following is the BEST way for an organization to determine the maturity level of its information security program?. Review the results of information security awareness testing. Validate the effectiveness of implemented security controls. Benchmark the information security policy against industry standards. Track the trending of information security incidents. What is the PRIMARY purpose of an unannounced disaster recovery exercise?. To provide metrics to senior management. To evaluate how personnel react to the situation. To assess service level agreements (SLAs). To estimate the recovery time objective (RTO). Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?. Tabletop exercises. Forensics certification. Penetration tests. Disaster recovery drills. Which of the following would be MOST useful to help senior management understand the status of information security compliance?. Key performance indicators (KPIs). Risk assessment results. Industry benchmarks. Business impact analysis (BIA) results. Which of the following is the MOST important reason for an organization to develop an information security governance program?. Establishment of accountability. Compliance with audit requirements. Creation of tactical solutions. Monitoring of security incidents. Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?. Confirming the organization complies with security policies. Verifying security costs do not exceed the budget. Demonstrating risk is managed at the desired level. Providing evidence that resources are performing as expected. Which of the following should be an information security managers MOST important consideration when determining if an information asset has been classified appropriately?. Value to the business. Security policy requirements. Ownership of information. Level of protection. An information security manager MUST have an understanding of the organization's business goals to: relate information security to change management. develop an information security strategy. develop operational procedures. define key performance indicators (KPIs). When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be t. measure management engagement as part of an incident response team. provide participants with situations to ensure understanding of their roles. give the business a measure of the organization's overall readiness. challenge the incident response team to solve the problem under pressure. An information security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. Which of the following should the information security manager do FIRST. Implement mitigating controls. Perform a business impact analysis (BIA). Perform a risk assessment. Notify senior management. Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?. Report the decision to the compliance officer. Reassess the organization's risk tolerance. Update details within the risk register. Assess the impact of the regulation. Which of the following is the MOST essential element of an information security program?. Prioritizing program deliverables based on available resources. Benchmarking the program with global standards for relevance. Involving functional managers in program development. Applying project management practices used by the business. The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the: escalation procedures. information security manager. chain of custody. disaster recovery plan (DRP). During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action. Report the risk to the information security steering committee. Determine mitigation options with IT management. Communicate the potential impact to the application owner. Escalate the risk to senior management. An information security manager discovers that the organization's new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?. Business unit management has not emphasized the importance of the new policy. Different communication methods may be required for each business unit. The wording of the policy is not tailored to the audience. The corresponding controls are viewed as prohibitive to business operations. Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?. To provide the response team with expert training on evidence handling. To ensure evidence is handled by qualified resources. To prevent evidence from being disclosed to any internal staff members. To validate the incident response process. Who should determine data access requirements for an application hosted at an organization's data center?. Information security manager. Business owner. Data custodian. Systems administrator. An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?. Policies. Standards. Procedures. Guidelines. Which of the following is the PRIMARY responsibility of an information security steering committee. Setting up password expiration procedures. Drafting security policies. Prioritizing security initiatives. Reviewing firewall rules. Which of the following is the MOST important element in the evaluation of inherent security risks?. Impact to the organization. Control effectiveness. Residual risk. Cost of countermeasures. Recovery time objectives (RTOs) are an output of which of the following?. Business continuity plan (BCP). Business impact analysis (BIA). Service level agreement (SLA). Disaster recovery plan (DRP). Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management's understanding of impact to the organization?. Detailed assessment of the security risk profile. Risks inherent in new security technologies. Findings from recent penetration testing. Status of identified key security risks. Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?. Escalation paths. Termination language. Key performance indicators (KPIs). Right-to-audit clause. Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way for the information security manager to respond to this situation?. Update roles and responsibilities of the incident response team. Train the incident response team on escalation procedures. Implement a monitoring solution for incident response activities. Validate that the information security strategy maps to corporate objectives. Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan?. When recovery time objectives (RTOs) are not met. When missing information impacts recovery from an incident. Before an internal audit of the incident response process. At intervals indicated by industry best practice. What is the FIRST line of defense against criminal insider activities?. Signing security agreements by critical personnel. Stringent and enforced access controls. Validating the integrity of personnel. Monitoring employee activities. Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective?. Develop an acceptable use policy. Conduct a vulnerability assessment on the devices. Assess risks introduced by the technology. Research mobile device management (MDM) solutions. When determining an acceptable risk level, which of the following is the MOST important consideration?. Vulnerability scores. System criticalities. Risk matrices. Threat profiles. Which of the following is an information security manager's BEST approach when selecting cost-effective controls needed to meet business objectives?. Conduct a gap analysis. Focus on preventive controls. Align with industry best practice. Align with the risk appetite. A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?. Document and schedule a date to revisit the issue. Document and escalate to senior management. Shut down the business application. Determine a lower-cost approach to remediation. Which of the following is MOST important to the successful implementation of an information security program?. Establishing key performance indicators (KPIs). Obtaining stakeholder input. Understanding current and emerging technologies. Conducting periodic risk assessments. Which of the following metrics provides the BEST measurement of the effectiveness of a security awareness program?. Variance of program cost to allocated budget. The number of security breaches. Mean time between incident detection and remediation. The number of reported security incidents. After a server has been attacked, which of the following is the BEST course of action?. Isolate the system. Initiate incident response. Conduct a security audit. Review vulnerability assessment. Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?. Consult corporate legal counsel. Conduct a cost-benefit analysis. Update the information security policy. Perform a gap analysis. Which of the following is the MOST important security feature an information security manager would need for a mobile device management (MDM) program?. Ability to inventory devices. Ability to remotely wipe devices. Ability to locate devices. Ability to push updates to devices. An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?. Gap analysis results. Risk register. Threat assessment results. Risk heat map. Information security awareness programs are MOST effective when they are: sponsored by senior management. reinforced by computer-based training. customized for each target audience. conducted at employee orientation. Which of the following would BEST help an organization's ability to manage advanced persistent threats (APT)?. Having a skilled information security team. Increasing the information security budget. Using multiple security vendors. Having network detection tools in place. An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?. Initiate incident response. Initiate a device reset. Conduct a risk assessment. Disable remote access. Which of the following would provide the BEST evidence to senior management that security control performance has improved?. Demonstrated return on security investment. Review of security metrics trends. Results of an emerging threat analysis. Reduction in inherent risk. A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?. Implement an information security awareness training program. Conduct a threat analysis. Establish an audit committee. Create an information security steering committee. An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?. Invoke the organization's incident response plan. Set up communication channels for the target audience. Create a comprehensive singular communication. Determine the needs and requirements of each audience. The PRIMARY goal of a post-incident review should be to: identify policy changes to prevent a recurrence. establish the cost of the incident to the business. determine why the incident occurred. determine how to improve the incident handling process. Which type of control is an incident response team?. Detective. Directive. Corrective. Preventive. An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?. Users accept the risk of noncompliance. The benefit is greater than the potential risk. USB storage devices are enabled based on user roles. Access is restricted to read-only. Which of the following should be determined FIRST when preparing a risk communication plan?. Reporting content. Communication channel. Target audience. Reporting frequency. Which of the following would MOST effectively communicate the benefits of an information security program to executive management?. Key performance indicators (KPIs). Threat models. Key risk indicators (KRIs). Industry benchmarks. Which of the following BEST enables the detection of advanced persistent threats (APTs)?. Vulnerability scanning. Security information and event management system (SIEM). Internet gateway filtering. Periodic reviews of intrusion prevention system (IPS). Which of the following BEST demonstrates that an anti-phishing campaign is effective?. Improved staff attendance in awareness sessions. Decreased number of incidents that have occurred. Decreased number of phishing emails received. Improved feedback on the anti-phishing campaig. When developing an incident escalation process, the BEST approach is to classify incidents based on: their root causes. information assets affected. recovery point objectives (RPOs). estimated time to recover. A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?. Conduct benchmarking. Perform a gap analysis. Notify the legal department. Determine the disruption to the business. Which of the following would be MOST useful in determining how an organization will be affected by a new regulatory requirement for cloud services?. Data loss protection plan. Risk assessment. Information asset inventory. Data classification policy. Embedding security responsibilities into job descriptions is important PRIMARILY because it: simplifies development of the security awareness program. aligns security to the human resources (HR) function. strengthens employee accountability Most Voted. supports access management. Which of the following is the MAJOR advantage of conducting a post-incident review? The review: helps develop business cases for security monitoring tools. provides continuous process improvement. facilitates reporting on actions taken during the incident process. helps identify current and desired level of risk. Which of the following is the BEST way to present the status of an information security program to senior management?. Detail latest security trends. Display concise dashboards. Provide detailed information regarding risk exposure. Report on root causes of security incidents. Which of the following is the MOST effective way to detect security incidents?. Analyze penetration test results. Analyze security anomalies. Analyze recent security risk assessments. Analyze vulnerability assessments. Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?. Mapping the risks to existing controls. Illustrating risk on a heat map. Providing a technical risk assessment report. Mapping the risks to the security classification scheme. During the eradication phase of an incident response, it is MOST important to: identify the root cause. restore from the most recent backup. notify affected users. wipe the affected system. Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?. Low number of false negatives. High number of false negatives. Low number of false positives. High number of false positives. The security baselines of an organization should be based on: procedures. standards. policies. guidelines. Which of the following is the FIRST step in developing a business continuity plan (BCP)?. Identify critical business processes. Determine the business recovery strategy. Determine available resources. Identify the applications with the shortest recovery time objectives (RTOs). An anomaly-based intrusion detection system (IDS) operates by gathering data on: normal network behavior and using it as a baseline for measuring abnormal activity. abnormal network behavior and using it as 4 baseline for measuring normal activity. abnormal network behavior and issuing instructions to the firewall to drop rogue connections. attack pattern signatures from historical data. Which of the following factors would have the MOST significant impact on an organization's information security governance model?. Corporate culture. Outsourced processes. Number of employees. Security budget. Relationships between critical systems are BEST understood by: performing a business impact analysis (BIA). developing a system classification scheme. evaluating key performance indicators (KPIs). evaluating the recovery time objectives (RTOs). When making decisions on prioritizing risk mitigation activities, which of the following would provide senior management with the MOST comprehensive information?. Risk assessment report. Risk action plan. Risk register. Internal audit report. Which of the following is the MOST important element when developing an information security strategy?. Identifying and classifying information assets. Determining the needs of the business. Aligning to applicable laws and regulations. Determining the risk management methodology. Which of the following is the BEST way to demonstrate the alignment of the information security strategy with the business strategy?. Show the relationship between information security goals and corporate goals. Compare the allocated budget for business with the information security budget. Present senior management's approval of information security policies. Provide evidence that information security is included in the change management process. Which of the following documents should contain the INITIAL prioritization of recovery of services?. Threat assessment. IT risk analysis. Business impact analysis (BIA). Business process map. A company has a remote office located in a different country. The company's chief information security officer (CISO) has just learned of a new regulatory requirement mandated by the country of the remote office. Which of the following should be the NEXT step?. Integrate new requirements into the corporate policies. Evaluate whether the new regulation impacts information security. Create separate security policies and procedures for the new regulation. Implement the requirement at the remote office location. An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization's FIRST action?. Implement additional controls. Report to senior management. Initiate incident response processes. Conduct an impact analysis. Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?. Senior management. Application owner. Legal representative. Information security manager. The PRIMARY objective of performing a post-incident review is to: identify control improvements. identify vulnerabilities. re-evaluate the impact of incidents. identify the root cause. Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?. Information order. Business manager. Senior management. Information security manager. Which of the following is the BEST course of action when confidential information is inadvertently disseminated outside the organization?. Change the encryption keys. Declare an incident. Review compliance requirements. Communicate the exposure. Which of the following would BEST mitigate accidental data loss events?. Enforce a data hard drive encryption policy. Conduct a data loss prevention audit. Conduct periodic user awareness training. Obtain senior management support for the information security strategy. Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?. Legal and regulatory requirements. Root cause analysis results. Availability of resources. Adverse effects on the business. Which of the following is MOST important to include in an information security strategy?. Industry benchmarks. Stakeholder requirements. Risk register. Regulatory requirements. Which of the following should be the PRIMARY goal of information security?. Business alignment. Regulatory compliance. Data governance. Information management. Which of the following should be the PRIMARY basis for determining information security objectives?. Business strategy. Regulatory requirements. Information security strategy. Data classification. The PRIMARY purpose for deploying information security metrics is to: ensure that technical operations meet specifications. compare program effectiveness to benchmarks. support ongoing security budget requirements. provide information needed to make decisions. Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?. The information security operations matrix. Changes to information security risks. Information security program metrics. Results of a recent external audit. Which of the following is the MOST effective method for testing an incident response plan?. Disaster recovery testing. Risk assessment. Tabletop exercises. Industry benchmarking. What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?. Perform a vulnerability assessment. Perform a business impact analysis (BIA). Perform a privacy impact assessment. Perform a gap analysis. Which of the following is the MOST important consideration when developing incident classification methods?. Data classification. Data owner input. Service level agreements (SLAs). Business impact. Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?. Minimizing the cost of security controls. Reducing organizational security risk. Improving the protection of information. Achieving organizational objectives. How does an organization's information security steering committee facilitate the achievement of information security program objectives?. Monitoring information security resources. Making decisions on security priorities. Enforcing regulatory and policy compliance. Evaluating information security metrics. Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?. Direction from senior management. Results of recovery testing. Determination of recovery point objective (RPO). Impact of service interruption. Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?. Validate the authenticity of the patch. Conduct comprehensive testing of the patch. Schedule patching based on the criticality. Install the patch immediately to eliminate the vulnerability. The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on: behavior analysis. penetration testing. signature analysis. signature analysis. Which of the following is MOST likely to trigger an update and revision of information security policies?. Engagement with a new service provider. Replacement of the information security manager. Attainment of business process maturity. Changes in the organization's risk appetite. A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator, and application administrator. What is the manager's BEST course of action?. Formally document IT administrator activities. Automate user provisioning activities. Maintain strict control over user provisioning activities. Implement monitoring of IT administrator activities. Which of the following should an information security manager do FIRST when assessing conflicting requirements between the global organization's security standards and local regulations?. Conduct a gap analysis against local regulations. Perform a cost-benefit analysis of compliance. Create a local version of the organizational standards. Prioritize the organizational standards over local regulations. A desktop computer is being used to perpetrate a fraud, and data on the machine must be secured for evidence. Which of the following should be done FIRST?. Encrypt the content of the hard drive using a strong algorithm. Obtain a hash of the desktop computer's internal hard drive. Copy the data on the computer to an external hard drive. Capture a forensic image of the computer. Changes have been proposed to a large organization's enterprise resource planning (ERP) system that would violate existing security standards. Which of the following should be done FIRST to address this conflict?. Perform a cost-benefit analysis. Calculate business impact levels. Validate current standards. Implement updated standards. Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?. Develop a project plan to implement the strategy. Obtain consensus on the strategy from the executive board. Define organizational risk tolerance. Review alignment with business goals. Which of the following is the MOST important function of an information security steering committee?. Assigning data classifications to organizational assets. Defining security standards for logical access controls. Developing organizational risk assessment processes. Obtaining multiple perspectives from the business. Which of the following is the MOST effective approach to ensure seamless integration between the business continuity plan (BCP) and the incident response plan?. The BCP manager is included in the core incident response team. Criteria for escalating to the BCP manager are in the incident response plan. Both response teams contain the same members. Consistent event classifications are used in both plans. Which of the following is MOST important to consider when determining asset valuation?. Potential business loss. Asset classification level. Asset recovery cost. Cost of insurance premiums. An event occurred that resulted in the activation of the business continuity plan (BCP). All employees were notified during the event, and they followed the plan. However, two major suppliers missed deadlines because they were not aware of the disruption. What is the BEST way to prevent a similar situation in the future?. Ensure service level agreements (SLAs) with suppliers are enforced. Conduct a vulnerability assessment. Perform testing of the BCP communication plan. Provide suppliers with access to the BCP document. What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?. Local laws and regulations. Backup and restoration of data. Vendor service level agreements (SLAs). Independent review of the vendor. Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?. Procedures. Regulations. Baselines. Standards. The PRIMARY reason for using metrics as part of an information security program is to help management: determine whether objectives are being met. visualize security trends. develop an information security baseline. track financial impact of the program. Which of the following is the MOST important input to the development of an effective information security strategy?. Well-defined security policies and procedures. Current and desired state of security. Business processes and requirements. Risk and business impact assessments. A new law requires an organization to implement specific security controls. Which of the following should the information security manager do FIRST?. Integrate the new requirements into the security policy. Perform a gap analysis on the new requirements. Develop a control implementation plan. Assess the risk of noncompliance with the new requirements. The PRIMARY goal of information security governance is to: reduce risk to an acceptable level. align with business processes. align with business objectives. establish a security strategy. If an organization does not have an information security governance framework in place, which of the following would BEST facilitate the adoption of a future governance program?. Audit recommendations. IT department support. Information security funding. Involvement of business stakeholders. Which of the following provides the BEST guidance when establishing a security program?. Risk assessment methodology. Security audit report. Information security budget. Information security framework. An information security manager has been notified that two senior executives have the ability to elevate their own privileges in the corporate accounting system, in violation of policy. What is the FIRST step to address this issue?. Notify the CISO of the security policy violation. Perform a system access review. Perform a full review of all system transactions over the past 90 days. Immediately suspend the executives’ access privileges. Which of the following is the BEST approach to make strategic information security decisions?. Establish periodic senior management meetings. Establish regular information security status reporting. Establish an information security steering committee. Establish business unit security working groups. Which of the following is the MOST important action to prepare for a ransomware attack?. Back up data regularly and verify the integrity of backups. Scan emails to detect threats and filter out executable files. Configure access controls with least privilege in mind. Execute operating systems and programs in a virtualized environment. A software vendor has announced a zero-day vulnerability that exposes an organization’s critical business systems. The vendor has released an emergency patch. Which of the following should be the information security manager’s PRIMARY concern?. Ability to test the patch prior to deployment. Adequacy of the incident response plan. Availability of resources to implement controls. Documentation of patching procedures. What is the MOST important reason to regularly report information security risk to relevant stakeholders?. To enable risk-informed decision making. To reduce the impact of information security risk. To ensure information security controls are effective. To achieve compliance with regulatory requirements. Which of the following is MOST important to determine following the discovery and eradication of a malware attack?. The creator of the malware. The malware entry path. The type of malware involved. The method of detecting the malware. Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?. Management’s business goals and objectives. Strategies of other non-regulated companies. industry best practices and control recommendations. Risk assessment results. An organization has identified a risk scenario that has low impact to the organization but is very costly to mitigate. Which risk treatment option is MOST appropriate in this situation?. Transfer. Acceptance. Mitigation. Avoidance. The fundamental purpose of establishing security metrics is to: adopt security best practices. establish security benchmarks. provide feedback on control effectiveness. increase return on investment (ROI). Which of the following activities MUST be performed by an information security manager for change requests?. Assess impact on information security risk. Perform penetration testing on affected systems. Scan IT systems for operating system vulnerabilities. Review change in business requirements for information security. The PRIMARY purpose for continuous monitoring of security controls is to ensure: alignment with compliance requirements. effectiveness of controls. control gaps are minimized. system availability. Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?. Security is a business product and not a process. Effective security eliminates risk to the business. Adopt a recognized framework with metrics. Security supports and protects the business. Which of the following is the MOST important reason to document information security incidents that are reported across the organization?. Support business investments in security. Evaluate the security posture of the organization. Identify unmitigated risk. Prevent incident recurrence. Which of the following metrics BEST measures the effectiveness of an organization’s information security program?. Return on information security investment. Number of information security business cases developed. Reduction in information security incidents. Increase in risk assessments completed. An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager’s FIRST course of action?. Identify the skill set of the provider's incident response team. Update the incident escalation process. Evaluate the provider’s audit logging and monitoring controls. Review the provider’s incident definitions and notification criteria. An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?. Deterrent. Detective. Preventive. Corrective. Of the following, whose input is of GREATEST importance in the development of an information security strategy?. Security architects. End users. Corporate auditors. Process owners. Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?. Legal and regulatory requirements. Likelihood of a disaster. Organizational tolerance to service interruption. Geographical location of the backup site. Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?. Information security awareness training. Risk assessment program. Information security governance. Information security metrics. A business unit is not complying with a control implemented to mitigate risk because doing so impacts the ability to achieve business goals. When reporting the noncompliance to senior management, what would be the information security manager's BEST recommendation?. Accept the noncompliance. Conduct a control assessment. Implement compensating controls. Educate the noncompliant users. A strict new regulation is being finalized to address global concerns regarding cybersecurity. Which of the following should the information security manager do FIRST?. Monitor industry response to the regulation. Seek legal counsel on the new regulation. Validate the applicability of the regulation. Escalate compliance risk to senior management. Of the following, who is in the BEST position to evaluate business impacts?. Senior management. Information security manager. Process manager. IT manager. An organization plans to leverage popular social network platforms to promote its products and services. Which of the following is the BEST course of action for the information security manager to support this initiative?. Conduct vulnerability assessments on social network platforms. Assess the security risk associated with the use of social networks. Establish processes to publish content on social networks. Develop security controls for the use of social networks. Which of the following BEST supports information security management in the event of organizational changes in security personnel?. Ensuring current documentation of security processes. Formalizing a security strategy and program. Developing an awareness program for staff. Establishing processes within the security operations team. Which of the following change management procedures is MOST likely to cause concern to the information security manager?. Users are not notified of scheduled system changes. Fallback processes are tested the weekend before changes are made. The development manager migrates programs into production. A manual rather than an automated process is used to compare program versions. Which of the following should be the MOST important consideration when establishing information security policies for an organization?. Job descriptions include requirements to read security policies. Senior management supports the policies. The policies are aligned to industry best practices. The policies are updated annually. Which of the following is the BEST course of action for an information security manager to align security and business goals?. Reviewing the business strategy. Conducting a business impact analysis (BIA). Actively engaging with stakeholders. Defining key performance indicators (KPIs). Which of the following defines the triggers within a business continuity plan (BCP)?. Disaster recovery plan (DRP). Needs of the organization. Information security policy. Gap analysis. What is the BEST way to reduce the impact of a successful ransomware attack?. Include provisions to pay ransoms in the information security budget. Monitor the network and provide alerts on intrusions. Perform frequent backups and store them offline. Purchase or renew cyber insurance policies. In which cloud model does the cloud service buyer assume the MOST security responsibility?. Infrastructure as a Service (IaaS). Software as a Service (SaaS). Disaster Recovery as a Service (DRaaS). Platform as a Service (PaaS). Which of the following is MOST useful to an information security manager when conducting a post-incident review of an attack?. Cost of the attack to the organization. Location of the attacker. Details from intrusion detection system (IDS) logs. Method of operation used by the attacker. Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?. Existence of a right to audit clause. Technical capabilities of the provider. Results of the provider's business continuity tests. Existence of the provider's incident response plan. When investigating an information security incident details of the incident should be shared: widely to demonstrate positive intent. only as needed. only with management. only with internal audit. Which of the following roles is BEST able to influence the security culture within an organization?. Chief information security officer (CISO). Chief information officer (CIO). Chief operating officer (COO). Chief executive officer (CEO). Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?. Regulatory requirements. Compliance acceptance. Management support. Budgetary approval. During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?. Eradication. Identification. Containment. Post-incident review. |