QUESTION 61
Which of the following BEST illustrates residual risk within an organization?
A. Metrics dashboard
B. Business impact analysis (BIA)
C. Risk management framework
D. Risk heat map
Correct Answer: D
QUESTION 62
Which of the following should be the PRIMARY focus during the immediate aftermath of a security incident when following through with the business continuity plan (BCP)?
A. Conducting a root cause analysis
B. Communicating with business stakeholders
C. Restoring all disrupted services
D. Restoring the most critical business processes
Correct Answer: D
QUESTION 63
Which of the following is the BEST approach for reporting information security noncompliance to senior management?
A. Explain scenarios of noncompliance at competing organizations.
B. Explain the cost of remediation for noncompliance.
C. Explain the potential impact of noncompliance.
D. Explain the root cause of the noncompliance.
Correct Answer: C
QUESTION 64
From a security perspective, what is the MOST important consideration when planning to leverage Software as a Service (Saas) provider?
A. Obtaining approval from data owners
B. Performing due diligence
C. Performing regular penetration testing
D. Obtaining senior management input
Correct Answer: B
QUESTION 65
Which of the following is MOST critical for ensuring the effectiveness of information security metrics?
A. Alignment to key performance indicators (KPIs)
B. Compliance with a governance framework
C. Alignment to regulatory requirements
D. Benchmark analysis against industry security metrics
Correct Answer: A
QUESTION 66
Which of the following is best practice for the implementation of cloud database encryption?
A. The organization implements proprietary encryption algorithms.
B. The vendor supports public key encryption.
C. The vendor encrypts primary keys and indexed columns.
D. The organization maintains its own encryption keys.
Correct Answer: D
QUESTION 67
Which of the following is the BEST type of control to manage the access of employees who move between business units?
A. Role-based
B. Identity
C. Rule-based
D. Mandatory
Correct Answer: A
QUESTION 68
In the absence of technical controls. what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?
A. Stop providing mobile devices until the organization is able to implement controls.
B. Conduct a business impact analysis (BIA) and provide the report to management.
C. Include the topic of prohibited texting in security awareness training.
D. Communicate regular reminders of the acceptable use policy.
Correct Answer: C
QUESTION 69
Which of the following is the PRIMARY reason to continue incident detection and analysis activities during the eradication phase of a cybersecurity incident?
A. To develop a tailored remediation strategy
B. To determine the root cause of the incident
C. To assess newly discovered affected hosts
D. To confirm containment tasks have been performed
Correct Answer: C
QUESTION 70
Which of the following is an information security manager’s MOST important course of action to ensure emerging technologies are deployed in alignment with the organization’s information security framework?
A. Conduct comprehensive penetration testing tailored to emerging technologies.
B. Require emerging technologies to be designed and deployed in accordance with Zero Trust principles.
C. Integrate security considerations into the development and deployment life cycle.
D. Establish a continuous security monitoring and incident response plan for emerging technologies.
Correct Answer: C
QUESTION 71
Which of the following presents the GREATEST challenge to integrating information security governance into corporate governance?
A. The security organizational structure is loosely defined.
B. Key security processes are outsourced.
C. Stakeholders are not invested in the information security program.
D. Information security best practices are not well understood.
Correct Answer: C
QUESTION 72
The manager of a key project has bypassed the standard contractor onboarding process to acquire additional resources for delivering the project on time. Contracts were executed offline, and contractors were provided organizational access without going through the standard due diligence process. Which of the following should be the PRIMARY concern?
A. There are insufficient contractual requirements in place to govern third-party arrangements.
B. The contractors may inappropriately outsource the business functions to fourth-party suppliers.
C. The contractors may not operate in line with industry benchmarks.
D. The project may be delayed further if the incident is reported.
Correct Answer: A
QUESTION 73
An information security manager has identified the loss of confidentiality of personal information. Which of the following should be done NEXT?
A. Inform the data protection officer (DPO).
B. Report the issue to senior management.
C. Initiate the incident response process.
D. Perform an organization-wide risk assessment.
Correct Answer: C
QUESTION 74
An organization has been adhering to the requirements of stringent cybersecurity legislation in one of its local markets and a change to the legislation has recently occurred. Which of the following should the organization do FIRST?
A. Reassess the applicability of the requirements on the business.
B. Develop an implementation plan to address compliance gaps.
C. Determine the effectiveness of existing controls.
D. Communicate the changes in requirements to senior management.
Correct Answer: A
QUESTION 75
Reviewing which of the following is MOST likely to give an indication that the objectives of an information security program are being met?
A. Risk dashboard
B. Approved security policies
C. Incident reports
D. Penetration test results
Correct Answer: A
QUESTION 76
Which of the following is the PRIMARY advantage of using established standards when developing and implementing an information security program?
A. Stakeholders are provided assurance regarding the security program.
B. It enables the identification of gaps in the program via benchmarking.
C. It helps the organization comply with regulatory requirements.
D. The number of security audits needed is reduced.
Correct Answer: B
QUESTION 77
Which of the following would BEST fulfill a board of directors’ request for a concise overview of information security risk facing the business?
A. Business impact analysis (BIA)
B. Metrics dashboard
C. Risk heat map
D. Risk scenario summary
Correct Answer: C
QUESTION 78
Which of the following should an information security manager do FIRST when an employee reports having clicked on a potentially suspicious link sent via email?
A. Disable and quarantine the user’s computer.
B. Investigate and confirm the incident.
C. Lock the user’s account.
D. Schedule mandatory security awareness training.
Correct Answer: B
QUESTION 79
Of the following, who should determine the control objectives for an identified security risk?
A. Control owner
B. Risk owner
C. Chief risk officer (CRO)
D. Chief information security officer (CISO)
Correct Answer: B
QUESTION 80
During a control deficiency analysis, an information security manager discovers that a data breach has occurred. Which of the following should be done FIRST?
A. Perform a root cause analysis.
B. Deploy compensating controls.
C. Notify stakeholders of the breach.
D. Perform incident triage.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.