QUESTION 81
During the acquisition of another company, which of the following should the information security manager of the parent organization do FIRST?
A. Review existing key performance indicators (KPIs).
B. Ascertain the current security posture of the target company.
C. Evaluate the target company’s security strategy.
D. Identify needed security controls for the potential combined entity.
Correct Answer: B
QUESTION 82
The BEST way to achieve a strong information security culture is by:
A. requiring employees to sign acknowledgement of policy.
B. implementing a warning banner upon login.
C. educating and training employees.
D. defining responsibilities in employee job descriptions.
Correct Answer: C
QUESTION 83
Which of the following is the MOST important requirement for an information security governance committee?
A. The committee’s charter is approved by executive management.
B. The committee meets quarterly to review any security incidents since the last meeting.
C. The committee is represented by every department in the organization.
D. The committee members have budgetary authority for security projects.
Correct Answer: A
QUESTION 84
Following a serious security breach that could lead to prosecution, an information security manager has been requested to provide full support to local authorities. How would the information security manager BEST support the investigation?
A. Providing investigators with an updated network map and a list a of system components
B. Arranging for investigators to interview members of the incident response team
C. Ensuring the integrity of data related to the investigation
D. Producing a comprehensive security incident report
Correct Answer: C
QUESTION 85
The BEST time to evaluate the effectiveness of security controls is:
A. before the measurement of key risk indicators (KRIs).
B. after a software patch is released.
C. after a major system modification.
D. before a system is hardened.
Correct Answer: C
QUESTION 86
Which type of disaster recovery strategy is the BEST option for a data center with mission-critical workloads that require continuous uptime and availability?
A. Duplicating
B. Mirroring
C. Warm recovery site
D. Disaster Recovery as a Service (DRaaS)
Correct Answer: B
QUESTION 87
The BEST indication of the effectiveness of an organization’s information security awareness program is:
A. senior management satisfaction.
B. incidents reported to the help desk.
C. hours of operational downtime.
D. intrusion detection system (IDS) alerts.
Correct Answer: B
QUESTION 88
Which of the following should the information security function do FIRST when an organization has decided to adopt a new T solution?
A. Ensure contract addendums are in place for the new solution.
B. Define security requirements for the solution.
C. Test threat scenarios associated with the new solution.
D. Define security test cases for the new solution.
Correct Answer: B
QUESTION 89
Which of the following BEST enables an organization to appropriately prioritize information security-focused projects?
A. Organizational risk appetite
B. Privacy compliance requirements
C. Historical security incidents
D. Return on investment (ROI)
Correct Answer: A
QUESTION 90
Which of the following is the BEST way to present the status of an information security program to senior management?
A. Detail latest security trends.
B. Display concise dashboards.
C. Report on root causes of security incidents.
D. Provide detailed information regarding risk exposure.
Correct Answer: B
QUESTION 91
Which of the following BEST enables an organization to increase information security control effectiveness?
A. Performing criticality analysis of controls on a quarterly basis
B. Reassigning control ownership for failing areas
C. Establishing risk metrics
D. Reviewing control implementation progress
Correct Answer: C
QUESTION 92
An organization follows a DevSecOps approach to software development. During a routine audit, it was discovered that vulnerabilities are being introduced during the coding phase. Which of the following is the BEST way to address this issue?
A. Implement an interactive application security tool.
B. Reduce the frequency of software releases.
C. Limit access to code repositories.
D. Enhance the manual code review process.
Correct Answer: A
QUESTION 93
An organization has installed machine learning (ML) endpoint security software in some test systems, and the information security manager has discovered multiple vulnerabilities in the software. Which of the following is MOST important to consider in this situation?
A. Impact of the vulnerabilities being exploited
B. Change in the organization’s risk appetite
C. Threat actors who can exploit the vulnerability
D. Availability of alternative software solutions
Correct Answer: A
QUESTION 94
Which of the following is the MOST important benefit of conducting a business impact analysis (BIA)?
A. Ability to determine which controls involved in the core business are properly designed
B. Ability to properly value assets involved in the core business
C. Ability to understand departmental interdependencies and related key stakeholders
D. Ability to prioritize restoration activities and understand recovery options
Correct Answer: D
QUESTION 95
Which of the following BEST encourages staff to report issues related to information security?
A. Formal incident response processes are in place.
B. Tabletop exercises are performed on a regular basis.
C. Incentives are offered for security skills training.
D. The leaders set a positive security culture.
Correct Answer: D
QUESTION 96
An information security manager is updating the organization’s security awareness program to include training on ransomware. Which of the following is MOST important to consider when developing the related materials?
A. The number of phishing emails received on daily basis
B. The intended audience for the training
C. Timeframe to deliver the training
D. Statistics about previous ransomware incidents
Correct Answer: B
QUESTION 97
When developing a classification method for incidents, the categories MUST be:
A. assigned to incident handlers.
B. based on industry best practices.
C. regularly reviewed.
D. specific to situations.
Correct Answer: C
QUESTION 98
Which of the following should be done FIRST when developing an information security strategy?
A. Establish information security steering committee.
B. Identify owners of information assets.
C. Determine the desired state of information security.
D. Develop security policies and standards.
Correct Answer: C
QUESTION 99
Which of the following is the BEST way to build an organization’s security culture?
A. Ensure security best practices are periodically communicated to the organization.
B. Establish penalties for failing to achieve security improvement milestones.
C. Periodically test for compliance with international security best practices.
D. Establish security performance indicators by benchmarking with industry peers.
Correct Answer: A
QUESTION 100
Which of the following provides the BEST indication of end-user security awareness within an organization?
A. Security training completion metrics
B. Trends in operational incidents reported
C. Acknowledgment of acceptable use policies
D. Results of phishing simulation exercises
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.