QUESTION 41
The MOST significant security issue resulting from the growth in the number of mobile devices and an increase in their flexibility is the:
A. lack of accountability.
B. diversity of operating systems.
C. higher exposure to threats.
D. complexity of support.
Correct Answer: C
QUESTION 42
The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization. Which of the following Should be done FIRST?
A. Inform senior management.
B. Evaluate the risk.
C. Conduct a penetration test.
D. Implement compensating controls.
Correct Answer: B
QUESTION 43
An information security manager of an e-commerce business is reviewing the results of a business continuity plan (BCP) review. Which of the following findings should be the MOST immediate concern?
A. The business continuity plan (BCP) has not been recently tested.
B. The annual business impact analysis (BIA) has been delayed.
C. The cost of a recent recovery test exceeded budget expectations.
D. The business continuity plan (BCP) has not been recently audited.
Correct Answer: A
QUESTION 44
Which of the following will BEST facilitate timely and effective incident response?
A. Notifying stakeholders when invoking the incident response plan
B. Including penetration test results in incident response planning
C. Classifying the severity of an incident
D. Assessing the risk of compromised assets
Correct Answer: C
QUESTION 45
Which of the following BEST demonstrates the effectiveness of the information security program?
A. Utilization of security budget
B. A security metrics dashboard
C. Business impact analysis (BIA) results
D. A security risk heat map
Correct Answer: B
QUESTION 46
Which of the following should have the GREATEST influence on incident categorization?
A. History of similar incidents
B. Audit requirements
C. Individual or department reporting the incident
D. Value of information
Correct Answer: D
QUESTION 47
What is an information security manager’s MOST important consideration when determining a recovery strategy for a business continuity plan (BCP)?
A. Reciprocal arrangements with other organizations
B. Time required to recover
C. Complexity of business processes
D. Results of disaster recovery plan (DRP) tests
Correct Answer: B
QUESTION 48
Which of the following should be the PRIMARY objective when establishing a new information security program?
A. Meeting compliance requirements
B. Facilitating operational security
C. Managing organizational risk
D. Optimizing resources
Correct Answer: C
QUESTION 49
Which of the following will BEST support the business case to senior management for an information security investment?
A. Quantitative risk assessment
B. Operational cost calculation
C. Industry benchmark
D. Vendor-provided return on investment (ROI)
Correct Answer: A
QUESTION 50
Which of the following BEST enables an organization to ensure that its information security program complies with legal and regulatory compliance requirements?
A. Performing a cost-benefit analysis of security controls needed to meet the compliance requirements
B. Developing a disciplinary process for users not adhering to the compliance requirements
C. Engaging a legal expert to assess the compliance requirements and recommend an approach
D. Integrating compliance requirements into overall security requirements
Correct Answer: D
QUESTION 51
Which of the following is the BEST way to identify vulnerabilities in the production code of an Agile software development project?
A. Conduct penetration testing throughout development.
B. Incorporate enhanced user acceptance testing (UAT).
C. Implement periodic stage gate reviews.
D. Incorporate static code scans within the pipeline.
Correct Answer: D
QUESTION 52
Which of the following would provide the BEST reference for the initial development of an information security program?
A. Incident response plan
B. Disaster recovery plan (DRP)
C. Recent security audit findings
D. Industry-recognized security framework
Correct Answer: D
QUESTION 53
Which of the following should review and approve the objectives within an organization’s information security framework?
A. CISO
B. Information security steering committee
C. Information security manager
D. CIO
Correct Answer: B
QUESTION 54
Which of the following is the MOST effective way for an information security manager to support a procurement department’s objective to minimize the risk associated with services provided by external parties?
A. Perform a review of internal security policies.
B. Develop a third-party risk management program.
C. Require senior management approval of contracts.
D. Require IT steering committee approval of supplier list.
Correct Answer: B
QUESTION 55
Activities leading up to the declaration of a disaster as outlined in an organization’s disaster recovery plan (DRP) should be based on:
A. threat analysis results.
B. the risk treatment plan.
C. the incident response plan.
D. vulnerability assessment results.
Correct Answer: C
QUESTION 56
When conducting a post-incident review of an on-premise system, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A. verify compliance with the service level agreement (SLA).
B. reduce the costs of future preventive controls.
C. learn of potential areas of improvement.
D. provide metrics for reporting to senior management.
Correct Answer:
QUESTION 57
As part of a risk assessment, a security control was discovered to be inadequate. When assigning a risk owner, which of the following attributes is MOST important to consider?
A. The risk owner has the authority to take action on the risk.
B. The risk owner is able to make timely updates to the risk register.
C. The risk owner is able to reassess the risk following remediation.
D. The risk owner also owns the associated control that failed.
Correct Answer: A
QUESTION 58
The cost of a security mechanism should be aligned to the:
A. projected cost of a security incident.
B. annual loss expectancy (ALE).
C. cost of the application being protected.
D. expected benefit to be derived.
Correct Answer: D
QUESTION 59
In the context of planning security incident response, which of the following is the PRIMARY benefit of a business impact analysis (BIA)?
A. It identifies the most important information systems for recovery purposes.
B. It identifies systems that require forensic examination during an incident.
C. It identifies business owners associated with information systems to assist in developing escalation paths.
D. It identifies the location of the most critical data.
Correct Answer: A
QUESTION 60
Which of the following is the MOST important consideration during the recovery phase of a data breach?
A. Developing criteria for when to report an incident to authorities
B. Enabling system owners to declare normal operation
C. Establishing chain of custody when handing potential evidence
D. Determining the severity of the incident and escalating as needed
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.