QUESTION 101
An organization’s information security manager should PRIMARILY leverage its internal audit function to:
A. identify control gaps.
B. review policies and procedures.
C. justify security funding.
D. obtain security certification.
Correct Answer: A
QUESTION 102
Which of the following is the MOST important goal of conducting a post-incident review?
A. Reducing the impact of similar incidents
B. Satisfying compliance requirements
C. Calculating the total cost of an incident
D. Determining monthly trends in the volume of incidents
Correct Answer: D
QUESTION 103
Which of the following is an input to information security strategy development?
A. Information security staffing levels
B. Residual risk levels
C. Organizational information security policies
D. Organizational risk profile
Correct Answer: D
QUESTION 104
Which of the following should be considered FIRST when updating an organization’s business continuity plan (BCP) after the acquisition of a new business?
A. New business infrastructure requirements
B. Updated IT budget
C. Risk associated with the new business
D. Business strategy
Correct Answer: C
QUESTION 105
Which of the following would cause the GREATEST concern to a newly hired information security manager reviewing an organization’s risk management program?
A. Security standards are reviewed only once a year.
B. Security standards are owned by operations.
C. Security policies are linked to key risk indicators (KRIs).
D. Security procedures contain both mandatory and discretionary actions.
Correct Answer: B
QUESTION 106
A healthcare company is working with a virtual a reality (VR) vendor to provide a training solution for customers of the organization’s products. Which of the following is MOST important to include in the contract?
A. A clause prohibiting reuse of the organization’s data
B. A service level agreement (SLA) for uptime
C. A requirement to encrypt the organization’s data
D. A clause establishing the right to audit the vendor
Correct Answer: C
QUESTION 107
After an information security business case for a new solution has been approved by senior management, it should be:
A. reviewed at key intervals to ensure intended outcomes.
B. used as the foundation for a risk assessment.
C. referenced to build architectural blueprints for the solution.
D. analyzed for alignment to the IT strategy.
Correct Answer: A
QUESTION 108
Which of the following should be done FIRST to effectively protect against advanced persistent threats (APTs)?
A. Develop security policies and procedures for APTs.
B. Assess the risk posed by the APTs.
C. Implement a SIEM system.
D. Promote security awareness and certification.
Correct Answer: B
QUESTION 109
Which of the following is the BEST way for an organization to compensate for slowdowns in production network performance due to vulnerability scanning?
A. Restrict the scope of vulnerability scanning packets to be released to the network.
B. Perform vulnerability scanning after business hours.
C. Discontinue vulnerability scanning and apply patches to high-risk areas.
D. Conduct unannounced penetration tests after business hours.
Correct Answer: B
QUESTION 110
A new application with customer data is to be tested prior to deployment. Which of the following factors PRIMARILY determines the level of testing needed?
A. The results of a cost-benefit analysis
B. The location where the application is hosted
C. The coding language used by the developers
D. The classification of the data
Correct Answer: D
QUESTION 111
Which of the following is the MOST important course of action when developing an implementation approach for an organization-wide cybersecurity strategy?
A. Soliciting input from senior leadership
B. Gaining a deep understanding of the organizational culture
C. Conducting tabletop exercises
D. Developing cybersecurity awareness training
Correct Answer: B
QUESTION 112
Which of the following is the MOST important reason for an information security manager to request certificate of destruction from a third-party service provider hired to destroy media?
A. To comply with contractual requirements
B. To facilitate requests to replace the destroyed media
C. To attach to the invoice for payment to the third party
D. To retain as evidence of compliance
Correct Answer: D
QUESTION 113
An organization is procuring a customer interaction chatbot that appears to be human . The head of sales has identified a vendor for a generative Al solution that seems to meet all identified business requirements. Which of the following is the information security manager’s MOST important consideration?
A. Review the vendor’s industry certifications.
B. Assess the vendor’s security controls.
C. Assess the risk of generative Al.
D. Review privacy compliance requirements.
Correct Answer: D
QUESTION 114
Which of the following is the MOST effective way to verify the proper installation of a firewall policy that restricts a small group of internal IP addresses from accessing the internet?
A. A port scan of the firewall from an external source
B. A connectivity test from a restricted host
C. A network discovery scan
D. A simulated denial of service (DoS) attack against the firewall
Correct Answer: B
QUESTION 115
Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?
A. Update the security policy to address shadow IT.
B. Determine the value of shadow IT projects.
C. Determine the extent of shadow IT usage.
D. Block the end user’s ability to use shadow IT.
Correct Answer: C
QUESTION 116
An information security manager is creating a new information security initiative. Which of the following activities should be the HIGHEST priority?
A. Communicating the initiative organization wide
B. Conducting vulnerability testing of critical IT infrastructure
C. Developing a business case for the initiative
D. Identifying required information security tools
Correct Answer: C
QUESTION 117
Which of the following is the GREATEST privacy concern when personal data is collected and processed?
A. Data collected without consent
B. Increased time and resources needed
C. Outdated privacy policy
D. More storage required to store collected data
Correct Answer: A
QUESTION 118
Results from which of the following would BEST provide an understanding of the effectiveness of an organization’s information security program?
A. Internal audits
B. Enterprise risk assessments
C. Control self-assessments (CSAs)
D. Security spot checks
Correct Answer: A
QUESTION 119
Which of the following is MOST important when identifying adverse events that could jeopardize an organization’s operations?
A. Training end users to recognize anti-malware warnings for potential incidents.
B. Preparing and testing an incident response plan.
C. Establishing baseline conditions for normal business operation.
D. Installing an intrusion detection system (IDS) across the IT infrastructure.
Correct Answer: C
QUESTION 120
When conducting a post-incident review of an on-premise system, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A. reduce the costs of future preventive controls.
B. learn of potential areas of improvement.
C. verify compliance with the service level agreement (SLA).
D. provide metrics for reporting to senior management.
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.