1.Which is an example of two-factor authentication?
A. Using encryption and a security certificate to positively identify a website
B. Using a password and a PIN to log in to a business application
C. Using a PIN and a physical key to unlock the door to a computer room
D. Using two passwords known by different people to access a computer system
Answer: B
2.Which action will be performed as part of the “information security incident review of the ‘information security incident management process, after a server has been compromised?
A. Configuring a new server to perform the role of the compromised system
B. Disconnecting the compromised system from the network
C. Contacting regulators to explain the impact of the incident
D. Monitoring services to ensure the incident has been fully resolved
Answer: D
3.An organization has a small information security team. This team evaluates all changes to decide there might be a security Impact, and this evaluation is a significant bottleneck for the organization, resulting in delays that slow down the rate of business change.
What should the organization do to manage this issue?
A. Allow staff from other teams to assess the security impact of changes that are frequent and low risk
B. Communicate the importance of information security to stakeholders so that people understand the need for the delays
C. Prioritize the evaluation of changes so that important business changes are not severely affected
D. Automatically approve changes that have not been assessed within agreed times
Answer: A
4. A board of a large organization is considering certification of the organization’s information security management system to an international standard. The board expects the certification to help retain and attract customers and reach new markets. CISO and information security managers estimated the costs of certification and necessary preparations and think that some requirements of the standard are too expensive to meet compared to the risks they address.
What is the BE ST course of action for the organization in this situation?
A. The board should consider the costs of the certification together with the expected value for the organization
B. The board should cancel the certification project as the costs are not justified
C. The organization should adopt only those parts of the standard which are recommended by the CISO
D. The organization should delegate the certification project to an external consultant
Answer: A
5. An organization has a public website where customers can make purchases. The website has daily automated vulnerability assessments to make sure that it is protected from known attacks, and to detect some types of security breach.
What additional automation should the organization implement to help ensure security incidents are detected quickly?
A. Use regular automated vulnerability assessments to detect missing patches and updates
B. Automatically switch services away from any compromised servers to provide continual service to customers
C. Use automated data forensic tools to collect and save evidence before investigating incidents
D. Analyse transactions to identify unusual or unexpected customer behavior
Answer: D
6. An organization’s strategy requires an information security management system to be established.
What BEST supports this strategic requirement?
A. Implementation of a SIEM toolset
B. Introduction of a CISO role
C. Adoption of the ISOMEC 27001 standard
D. Implementation of the 2FA method
Answer: C
7. A large organization has a small, centralized information security management team, but most information security work is devolved to the many independent product teams. The central team defines policy, and makes recommendations about tools and automation, but each product team makes its own decisions about how to meet the policy.
What is the BEST approach to ensure information security is managed consistently across this organization?
A. Security experts in the product teams should report directly to the centralized information security management team
B. The centralized team should create an information security centre of excellence to help the security experts collaborate
C. The centralized team should produce detailed process documentation to be followed by all product teams
D. The organization should adopt a security standard such as ISOMEC 27001 and enforce its use across the product teams
Answer: B
8. A supplier provides business data that is critical to the organization’s business. This supplier must log in to a server on the organization’s network to update the data on a regular basis.
What should the organization use to ensure that only authorized supplier staff perform these updates?
A. Network isolation
B. Two factor authentication
C. Vulnerability assessments
D. Security incident and event management tools
Answer: B
9. An organization has mapped the value stream for resolving incidents, and has identified many handoffs to and from third parties. These handoffs require potentially sensitive information to be shared so that the incidents can be resolved, and this results in a risk that information might be leaked.
What Two things should the organization do to manage this risk?
1. Resolve all incidents that involve sensitive information using in-house staff only
2. Automatically detect sensitive information and remove it when it is not essential for the
supplier
3. Ensure contracts specify how the suppliers should manage this information.
4. Delete all sensitive data from incident records so that it cannot be leaked during incident
investigation
A. 1and 2
B. 2 and 3
C. 3 and 4
D. 1 and 4
Answer: B
10. The information security team is having difficulty working with the supplier management team. All other aspects of information security management work very well, but contracts with suppliers are often inadequate.
What is the HIGHE ST capability level that the organization’s information security management practice demonstrates?
A. Level 1
B. Level 2
C. Level 3
D. Level 4
Answer: B
11. A small organization is planning to migrate some of its IT systems from on-premise data centre to a major cloud service provider.
What should the organization do to ensure that their systems and data are adequately protected from information security threats?
A. Keep all sensitive data on premise, migrate only non-critical systems
B. Employ a specialized service provider to protect the cloud-based data and systems
C. Update user agreements to transfer liability for possible data losses to the cloud service provider
D. Utilize information security capabilities offers by the cloud service provider and analyse the residual risks
Answer: D
12. An organization has implemented encryption with multi-factor authentication to protect sensitive data. It is still possible that the data might be leaked by someone with access to the encryption key.
What term is used to describe this possibility?
A. Residual risk
B. Risk retention
C. Risk avoidance
D. Risk mitigation
Answer: A
13. An organization has created recovery pians for dealing with a number of different possible security breaches.
Which process activity will be used to validate that these plans are effective?
A. The ‘assess control effectiveness’ activity of the assessment and review process
B. The ‘containment and recovery activity of the security incident management process
C. The ‘identify missing controls’ activity of the assessment and review process
D. The ‘define and agree information security controls and plans’ of the information security planning and implementation process
Answer: A
14. Which activity is performed by an information security manager?
A. Representing the organization in strategic conversations with regulators
B. Conducting information security training and education
C. Defining the balance between business performance and information security
D. Governing security management employees across the organization
Answer: B
15. An organization has very effective information security controls, its information security management plans are regularly tested. The information security team Is working on integration of information security in all aspects of the organization, but this work has just begun.
Which capability level does this information security management practice demonstrate?
A. Level 1
B. Level 2
C. Level 3
D. Level 4
Answer: C
16. What activity helps identify potential events that could impact the security of information?
A. Security plan tests
B. Security awareness training
C. Security incident management
D. Vulnerability assessments
Answer: D
17. What Two types of tool are the BEST to use to isolate a compromised server from the network?
1. Analysis and reporting tool
2. Workflow management and collaboration tool
3. SIEM tool
4. Knowledge management tool
A. 1 and 2
B. 2 and.3
C. 3 and 4
D. 1 and 4
Answer: C
18. Which input to the ‘assessment and review process helps to assess whether information security controls are effective?
A. New and changed technology
B. External standards
C. Business process information
D. Information security records and reports
Answer: D
19. To support an audit, an information security consultant wants to share with relevant teams a list of additional controls that are needed to protect the organization’s assets. What type of tool is BEST to assist with this?
A. Workflow management and collaboration tools
B. Monitoring ang event management tools
C. Orchestration systems
D. SIEM tools
Answer: A
20. A newly appointed chief information security officer (CISO) has been asked to explain the purpose of information security management to the board.
Which explanation is the BEST for the CISO to use?
A. Information security management will protect the organization’s IT systems and services
B. Information security management will help to ensure that the organization can always rely on its data in performing the business activities
C. Information security management will ensure that the organization uses the right controls to manage security risks
D. Information security management will enable the organization to pass external audits
Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.