QUESTION 141
A high-risk issue is discovered during an information security risk assessment of a legacy application. The business is unwilling to allocate the resources to remediate the issue. Which of the following would be the information security manager’s BEST course of action?
A. Recommend discontinuing the use of the legacy application.
B. Present the worst-case scenario related to the risk.
C. Document risk acceptance from the business.
D. Purchase compensating controls to reduce the risk.
Correct Answer: C
QUESTION 142
Which of the following would be MOST helpful if more detail is needed on network activity during a suspected incident?
A. Access log reviews
B. Network time protocol
C. Packet sniffer
D. Forensic investigation
Correct Answer: A
QUESTION 143
What is the BEST way to monitor the execution of an information security strategy?
A. Security metrics dashboard
B. Trends in security incidents
C. Annual maturity assessment
D. Regular audit activities
Correct Answer: C
QUESTION 144
When recommending compensating controls for a system, which of the following is the MOST useful input?
A. Vendor documentation on secure configurations
B. Risk assessment results
C. Cost-benefit analysis
D. Management recommendations
Correct Answer: A
QUESTION 145
Which of the following is the MOST likely reason to implement a new security control on a system?
A. An emerging threat has been identified.
B. Residual risk exceeds risk appetite.
C. Risk appetite levels have increased.
D. The information security budget increased.
Correct Answer: B
QUESTION 146
An incident management team has confirmed a cyberattack and has determined which computers have been affected. Which of the following should be done NEXT?
A. Disconnect the power to the affected computers.
B. Isolate the affected computers from the network.
C. Notify senior management of the findings.
D. Take a bit-level image of all the data on the drive.
Correct Answer: B
QUESTION 147
A new regulation has just been introduced regarding protection of personal data. Which of the following should the information security manager do FIRST?
A. Implement new controls.
B. Update the privacy policy.
C. Assess the risk of noncompliance.
D. Review third-party processors.
Correct Answer: C
QUESTION 148
A post-incident review reveals that incidents are not reported in a timely manner to the data custodian. Which of the following is the BEST way for the organization to address this issue?
A. Perform an incident gap analysis.
B. Update the incident response plan.
C. Perform business continuity planning (BCP).
D. Conduct a business impact analysis (BIA).
Correct Answer: B
QUESTION 149
Which of the following is the PRIMARY reason to document a security incident?
A. To enable analysis and investigation
B. To keep senior leadership informed
C. To track how many incidents have been reported
D. To train and develop incident response staff
Correct Answer: A
QUESTION 150
What is the BEST way to monitor the execution of an information security strategy?
A. Trends in security incidents
B. Security metrics dashboard
C. Annual maturity assessment
D. Regular audit activities
Correct Answer: B
QUESTION 151
A conflicting information about the severity and impact of a cybersecurity breach was reported to the media by multiple executives. Which of the following should be reviewed to address the incident response process?
A. Incident communication plan
B. Incident response training program
C. Incident prioritization criteria
D. Incident escalation procedures
Correct Answer: A
QUESTION 152
Which of the following is the MOST important characteristic to consider when prioritizing vulnerability remediation?
A. Effort to mitigate
B. Key risk indicators (KRIs)
C. Exploitability
D. Impact
Correct Answer: D
QUESTION 153
Which of the following is the BEST control to minimize the risk associated with loss of information as a result of ransomware exploiting a Zero-day vulnerability?
A. Vulnerability management
B. Patch management
C. Data backup processes
D. Data encryption processes
Correct Answer: C
QUESTION 154
Which of the following is MOST helpful for an information security manager t consider when setting the information security baseline?
A. Risk appetite
B. Security metrics
C. Gap analysis
D. Control objectives
Correct Answer: D
QUESTION 155
An organization shut down its system during a cyberattack. When the system was brought back online, the organization’s data was then encrypted by ransomware. Which of the following is the MOST likely cause of the successful ransomware installation?
A. The containment response to the attack failed.
B. The firewall was not properly configured to prevent the attack.
C. The system lacked the necessary encryption and security measures.
D. The organization did not have a patching and vulnerability management program.
Correct Answer: A
QUESTION 156
Which of the following is the BEST way to improve the vendor selection process to address the security of provided services?
A. Performing risk assessments to identify security deficiencies
B. Performing regular security audits to determine control deficiencies
C. Contractually obligating the vendor to report security deficiencies
D. Conducting penetration testing to identify control deficiencies
Correct Answer: A
QUESTION 157
Which of the following is the MOST important objective of a disaster recovery test?
A. All critical systems are successfully tested.
B. All critical data is recovered within recovery time objectives (RTOS).
C. Errors are discovered in the disaster recovery strategy.
D. The business gains assurance it can recover from a disaster.
Correct Answer: D
QUESTION 158
Defining risk appetite PRIMARILY helps an organization to:
A. identify appropriate risk owners.
B. determine appropriate treatment options.
C. understand risk analysis results.
D. demonstrate continuous improvement.
Correct Answer: B
QUESTION 159
Blockchain forensics supports the investigation of blockchain-related incidents PRIMARILY by:
A. implementing non-fungible tokens (NFTs) for ownership verification.
B. regulating decentralized finance platforms.
C. identifying geolocations of transactions.
D. helping to trace illicit transactions through record analysis.
Correct Answer: D
QUESTION 160
An organization is updating security baseline controls for its customer relationship management (CRM) system. Which of the following is MOST important to consider when selecting the controls?
A. The effectiveness of existing controls within the operating environment
B. The availability of qualified personnel to implement the controls
C. The ability of the organization to align changes with existing controls
D. The ability to obtain leadership support for the initiative
Correct Answer: A
QUESTION 161
Which of the following would BEST mature an organization’s incident response capabilities?
A. Assigning additional financial resources to incident containment
B. Ensuring business impact analyses (BIAs) are conducted
C. Implementing a decentralized incident response monitoring function
D. Improving the incident classification process
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.