QUESTION 121
Which of the following provides the GREATEST assurance that Zero Trust has been successfully implemented?
A. Conducting an internal audit
B. Surveying stakeholders
C. Engaging an independent assessment
D. Performing vulnerability testing
Correct Answer: C
QUESTION 122
Which of the following is the GREATEST risk associated with the use of single sign-on (SSO)?
A. Separation of duties is more difficult to enforce when using SSO across the organization.
B. Integration of SSO with the rest of the infrastructure is complex and difficult to manage.
C. A compromise of one user’s credentials grants access to all applications for which the user has rights.
D. A user who loses a password can lose access to all organizational systems and resources.
Correct Answer: C
QUESTION 123
The MOST important reason to classify security incidents is to:
A. enhance the reporting of incident status to the incident lead.
B. improve the efficiency and effectiveness of incident resolution.
C. better manage security event and incident logging.
D. align the incident response plan with corporate policy.
Correct Answer: B
QUESTION 124
Which of the following BEST prepares an organization for severe disruptive events?
A. Incorporating incident containment procedures within essential business processes
B. Educating staff to take preemptive measures when process failures arise
C. Sharing lessons learned and reports from post-incident review databases
D. Identifying interdependencies between business resources and associated supply chains
Correct Answer: D
QUESTION 125
Which of the following is the MOST important reason for an organization’s information security manager to actively engage with the compliance department?
A. To gain an understanding of changes in various legal and regulatory compliance requirements
B. To explain technical issues related to noncompliance
C. To collaborate with the compliance department on the application of compliance requirements
D. To provide compliance reporting related to IT and security
Correct Answer: A
QUESTION 126
After a major attack, which of the following is MOST important to an organization’s ability to restore services with minimal impact to customers?
A. Business impact analysis (BIA)
B. Threat intelligence capabilities
C. Disaster recovery planning (DRP)
D. Incident management tools
Correct Answer: C
QUESTION 127
Who is accountable for approving an information security governance framework?
A. Enterprise risk committee
B. Information security manager
C. Information security steering committee
D. Senior management
Correct Answer: D
QUESTION 128
Which of the following would pose the GREATEST risk to the preparedness of an incident response team?
A. Lack of formal incident response scenarios
B. A change in information security management
C. Outdated incident response plans
D. New attack vectors used by hackers
Correct Answer: C
QUESTION 129
Which of the following stakeholders should be responsible for the effectiveness of controls that maintain audit log integrity?
A. Information security manager
B. Senior management
C. Internal audit management
D. IT management
Correct Answer: D
QUESTION 130
An organization recently identified a significant risk related to data exfiltration, and the information security manager is asked to quickly address this issue. The security team suggests a number of different security controls. Which of the following is the BEST approach for selecting controls to manage the risk?
A. Prioritize the controls based on ease of implementation and resource availability.
B. Implement controls recommended by an industry-recognized security framework.
C. Assess the effectiveness of each control in reducing residual risk.
D. Choose the most economical controls for risk mitigation based a on a cost-benefit analysis.
Correct Answer: C
QUESTION 131
The MOST important attribute to be considered in designing defense-in-depth controls is that:
A. the cost of control at each layer contributes to the overall cost of protection.
B. the strongest control can substitute multiple layers of controls.
C. failure of one layer does not cause the next layer to fail.
D. a consistent approach is used for each layer.
Correct Answer: C
QUESTION 132
Which of the following is the PRIMARY benefit of a centralized approach to information security assurance?
A. Compliance with security policy
B. Reduced cost of assurance
C. Consistently applied security controls
D. A robust security-aware culture
Correct Answer: C
QUESTION 133
Which of the following BEST supports the adoption of effective information security practices throughout an organization?
A. Business continuity measures
B. The latest security technologies
C. Information security metrics
D. A security-aware culture
Correct Answer: D
QUESTION 134
Which of the following should an information security manager do FIRST when a regulatory body issues a new guideline for customer payment transaction processing?
A. Prepare a strategy for implementing the new guideline.
B. Determine the cost of implementing new controls.
C. Assess the risk associated with noncompliance to the regulation.
D. Evaluate the ability of existing controls to meet the guideline.
Correct Answer: D
QUESTION 135
Which of the following is the BEST way for an information security manager to provide evidence that data has been retained for the appropriate period in accordance with applicable laws and regulations?
A. Providing reports on requirements mapped from the regulations
B. Obtaining copies of the retention configurations
C. Publishing retention periods in an information management policy
D. Conducting a data inventory
Correct Answer: B
QUESTION 136
Which of the following is the BEST control to minimize the risk associated with loss of information as a result of ransomware exploiting a zero-day vulnerability?
A. Data encryption processes
B. Patch management
C. Vulnerability management
D. Data backup processes
Correct Answer: D
QUESTION 137
Which of the following is MOST important to consider when deciding whether to accept residual risk?
A. Classification of the information
B. Annual rate of occurrence
C. Cost of replacing the asset
D. Cost of additional mitigation Correct Answer: A QUESTION 138
Which of the following is MOST a important for a healthcare organization to address during the requirements gathering phase of Al development?
A. Data privacy concerns
B. Inadequate computational resources
C. Data labeling inefficiencies
D. Algorithm selection challenges
Correct Answer: A
QUESTION 139
The PRIMARY outcome of a post-incident review is to enable the information security manager to:
A. evaluate roles and responsibilities.
B. quantify cost of the incident.
C. document the lessons learned.
D. improve the security program.
Correct Answer: D
QUESTION 140
When an organization and its IT-hosting service provider are establishing their contract, it is MOST important that the contract includes:
A. provider operational performance monitoring.
B. each party’s security responsibilities.
C. details of expected security metrics.
D. penalties for noncompliance with security policies.
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.