QUESTION 181
Which of the following is the information security steering committee’s role with regard to the organization’s information security strategy?
A. Developing and executing the information security strategy
B. Communicating stakeholder responsibilities for information security
C. Reviewing and approving the information security strategy
D. Calculating return on investment (ROI) for information security initiatives
Correct Answer: C
QUESTION 182
Which of the following should be an information security manager’s NEXT step following the detection of a suspected incident?
A. Review the sensitivity of detection processes and tools.
B. Invoke the business continuity plan (BCP).
C. Report the suspected incident to management.
D. Perform triage on the suspected incident.
Correct Answer: D
QUESTION 183
During which of the following incident management phases would an information security manager MOST likely seek to evaluate the sequence of events leading to a breach and the incident response activities that were initiated?
A. Incident containment phase
B. Incident response phase
C. Post-incident review phase
D. Incident identification phase
Correct Answer: C
QUESTION 184
Risk treatment options should PRIMARILY focus on:
A. high- and medium-rated risks.
B. reducing risk to an acceptable level.
C. the criticality of impacted assets.
D. inherent and residual risks.
Correct Answer: B
QUESTION 185
An organization is in the process of selecting a third party to process customer information. Which of the following provides the BEST evidence that the third party’s controls will operate as required?
A. An external vulnerability assessment
B. An independent assessment
C. Results of incident response tests
D. An information security questionnaire
Correct Answer: B
QUESTION 186
Network sniffing is difficult to detect because it can be performed:
A. actively.
B. continuously
C. remotely.
D. passively.
Correct Answer: D
QUESTION 187
Which of the following is the BEST resource for determining the priority of applications to recover?
A. Risk assessment
B. Cost-benefit analysis
C. Business impact analysis (BIA)
D. Incident response plan
Correct Answer: C
QUESTION 188
To align with the principles of Zero Trust, which of the following is the MOST important course of action when engaging with external parties?
A. Mandating that external parties provide annual security training to their employees
B. Ensuring contracts with external parties mandate continuous verification and least privilege access
C. insisting on regular comprehensive audits of external parties’ access management practices
D. Requiring external parties to use a specific type of encryption for data at rest and in transit
Correct Answer: B
QUESTION 189
An information security manager finds there are gaps in ownership for identified risks and controls within the organization’s risk management program. Which of the following is the BEST way to address the Issue?
A. Assess compliance with current policies and standards,
B. Escalate the issue to the executive level.
C. Review the risk management framework.
D. Discuss the issue with business unit leadership.
Correct Answer: D
QUESTION 190
An information security manager is handling a breach. For containment purposes, the incident responders must take a critical business system offline. Which of the following is the MOST important course of action?
A. Preserve forensic evidence.
B. Verify backups of the data.
C. Initiate the disaster recovery plan(DRP).
D. Confirm the system’s recovery time objective (RTO).
Correct Answer: D
QUESTION 191
Which risk treatment option is MOST appropriate when residual risk is within the organization’s risk tolerance?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
Correct Answer: C
QUESTION 192
The likelihood of a successful intrusion is a function of:
A. design and redundancy of network perimeter controls,
B. configuration and maintenance of log monitoring system.
C. threat and vulnerability levels.
D. opportunity and asset value
Correct Answer: C
QUESTION 193
Which of the following would be MOST useful to help senior management understand the status of information security compliance?
A. Vulnerability assessment results
B. Industry benchmarks
C. Key performance indicators (KPIs)
D. Business impact analysis (BIA) results
Correct Answer: C
QUESTION 194
Which of the following is MOST critical to document when developing an incident response program?
A. Retained forensics support
B. Key stakeholder contact information
C. Incident response training plan
D. Incident plan test results
Correct Answer: B
QUESTION 195
Which of the following are the MOST important factors to consider when defining a disaster recovery strategy?
A. Annual loss expectancy (ALE) and risk exposure
B. Volume of data to be restored and volume of storage media to be recovered
C. Maximum tolerable downtime (MTD) and acceptable data loss
D. Vendor capability and proximity of alternate recovery sites
Correct Answer: C
QUESTION 196
Which of the following is the MAIN feature of a web application firewall (WAF)?
A. Modifying its predefined configuration automatically based on malicious traffic
B. Filtering incoming Hypertext Transfer Protocol (HTTP) traffic
C. Restricting external traffic within a private network
D. Redirecting distributed denial of service (DDoS) attacks
Correct Answer: B
QUESTION 197
An organization wants to test its disaster recovery plan (DRP) for a mission-critical system while minimizing production downtime. Which of the following will provide the MOST accurate test results for the plan while meeting the organizational goals?
A. Simulation test
B. Checklist review
C. Structured walk-through
D. Parallel test
Correct Answer: D
QUESTION 198
Which of the following should be the MOST important consideration when determining the protection level assigned to an asset that supports multiple business processes?
A. Appropriate classification of the information asset
B. Impact on the business due to threat materialization
C. Impact on the business due to non-availability of the asset
D. Cost of protecting the asset based on aggregated risk results
Correct Answer: C
QUESTION 199
An information security manager is drafting procedures to support digital forensic investigations to be included in an incident response plan. Which of the following would provide the BEST input for related requirements?
A. Legal counsel
B. Senior management
C. Information security steering committee
D. Risk owners
Correct Answer: A
QUESTION 200
Which of the following is an information security manager’s BEST course of action when monitoring emerging privacy laws for a global organization?
A. Develop a risk profile and report significant changes in risk.
B. Develop and implement a process to adhere to privacy laws.
C. Determine potential financial impacts and request additional budget.
D. Conduct an internal audit and identify possible countermeasures.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.