An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

A. business senior management.

B. the compliance officer.

C. the information security manager.

D. the chief risk officer (CRO).

Which of the following is MOST important to the successful implementation of an information security program?

A. Key performance indicators (KPIs) are defined.

B. Adequate security resources are allocated to the program.

C. A balanced scorecard is approved by the steering committee.

D. The program is developed using global security standards.

Which of the following is a PRIMARY function of an incident response team?

A. To provide a single point of contact for critical incidents

B. To provide a risk assessment for zero-day vulnerabilities

C. To provide a business impact analysis (BIA)

D. To provide effective incident mitigation

Which of the following is MOST important to consider when prioritizing threats during the risk assessment process?

A. Regulatory requirements on the organization

B. The severity of exploited vulnerabilities

C. The threat landscape within the industry

D. The potential impact on operations

Which of the following is the MOST critical factor for information security program success?

A. A comprehensive risk assessment program for information security

B. The information security manager’s knowledge of the business

C. Ongoing audits and addressing open items

D. Security staff with appropriate training and adequate resources

Which of the following is the MOST effective way to demonstrate improvement in security performance?

A. Report the results of a security control self-assessment (CSA).

B. Present trends in a validated metrics dashboard.

C. Provide a summary of security project return on investments (ROIs).

D. Present vulnerability testing results.

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

A. Access control management

B. Change management

C. Configuration management

D. Risk management

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

A. a control self-assessment (CSA) process.

B. metrics for each milestone.

C. automated reporting to stakeholders.

D. a monitoring process for the security policy.

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?

A. Validate the breach with the provider.

B. Suspend the data exchange with the provider.

C. Notify appropriate regulatory authorities of the breach.

D. Initiate the business continuity plan (BCP).

An organization has experienced multiple instances of privileged users misusing their access. Which of the following processes would be MOST helpful in identifying such violations?

A. Policy exception review

B. Review of access controls

C. Security assessment

D. Log review

Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective?

A. Develop an acceptable use policy

B. Conduct a vulnerability assessment on the devices

C. Assess risks introduced by the technology

D. Research mobile device management (MDM) solutions

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

A. Information security manager

B. External consultant

C. Business continuity coordinator

D. Information owner

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

A. baseline security controls

B. security objectives

C. cost-benefit analyses

D. benchmarking security metrics

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

A. Data loss prevention (DLP)

B. Data retention strategy

C. Data encryption standards

D. Data masking

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

A. Escalate to the chief risk officer (CRO).

B. Conduct a vulnerability analysis.

C. Conduct a risk analysis.

D. Determine compensating controls.

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

A. Impact on information security program

B. Cost of controls

C. Impact to business function

D. Cost to replace

Which of the following should be the PRIMARY goal of information security?

A. Business alignment

B. Regulatory compliance

C. Data governance

D. Information management

Which of the following is the BEST approach to identify new security issues associated with IT systems and applications in a timely manner?

A. Requiring periodic security audits of IT systems and applications

B. Comparing current state to established industry benchmarks

C. Performing a vulnerability assessment for each change to IT systems

D. Integrating risk assessments into the change management process

Key risk indicators (KRIs) are MOST effective when they:

A. are mapped to core strategic initiatives.

B. allow for comparison with industry peers.

C. are redefined on a regular basis.

D. assess progress toward declared goals.

Which of the following is MOST helpful to identify whether information security policies have been followed?

A. Corrective controls

B. Directive controls

C. Detective controls

D. Preventive controls

Which of the following is the MAJOR advantage of conducting a post-incident review? The review:

A. helps develop business cases for security monitoring tools

B. provides continuous process improvement

C. facilitates reporting on actions taken during the incident process

D. helps identify current and desired level of risk

Which of the following should an information security manager do FIRST upon learning of a new ransomware targeting a particular line of business?

A. Ensure backups are stored offsite.

B. Conduct a disaster recovery test and address any gaps.

C. Assess the potential impact to the organization.

D. Conduct a vulnerability scan and remediate the findings.

Which of the following is the MOST important driver when developing an effective information security strategy?

A. Benchmarking reports

B. Information security standards

C. Business requirements

D. Security audit reports

Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?

A. Penetration testing

B. Root cause analysis

C. Continuous log monitoring

D. Computer forensics

Which of the following is MOST important when developing an information security governance framework?

A. Ensuring alignment with the organization’s risk management framework

B. Integrating security within the system development life cycle (SDLC) process

C. Developing policies and procedures to support the framework

D. Developing security incident response measures

What is the BEST way for an information security manager to improve the effectiveness of risk management in an organization that currently manages risk at the departmental level?

A. Deploy security risk management software in all departments.

B. Determine whether the organization has defined its risk tolerance and risk appetite.

C. Subscribe to external risk reports relevant to each department.

D. Propose that security risk be integrated under a common risk register.

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant to a project?

A. Involving information security at each stage of project management

B. Creating a data classification framework and providing it to stakeholders

C. Identifying responsibilities during the project business case analysis

D. Providing stakeholders with minimum information security requirements

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

A. Implementing an IT resilience solution

B. Implementing management reviews

C. Documenting critical business processes

D. Incorporating lessons learned

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

A. Activate the incident response program

B. Validate the risk to the organization

C. Perform a business impact analysis (BIA)

D. Notify local law enforcement agencies of a breach

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following is MOST important to include in the business case?

A. Alignment with the approved IT strategy

B. Potential impact of threat realization

C. Availability of resources to implement the initiative

D. Peer group threat intelligence report

Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

A. Disaster recovery plan (DRP)

B. Vulnerability management plan

C. Incident response plan

D. Business continuity plan (BCP)

An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?

A. Requirements for regularly testing backups

B. The disaster recovery communication plan

C. Recovery time objectives (RTOs)

D. Definition of when a disaster should be declared

What is the FIRST line of defense against criminal insider activities?

A. Signing security agreements by critical personnel

B. Stringent and enforced access controls

C. Validating the integrity of personnel

D. Monitoring employee activities

The PRIMARY objective of performing a post-incident review is to:

A. identify control improvements

B. identify vulnerabilities

C. re-evaluate the impact of incidents

D. identify the root cause

A PRIMARY benefit of adopting an information security framework is that it provides:

A. standardized security controls.

B. common exploitability indices.

C. credible emerging threat intelligence.

D. security and vulnerability reporting guidelines.

Which of the following would BEST fulfill a board of directors' request for a concise overview of information security risk facing the business?

A. Business impact analysis (BIA)

B. Balanced scorecard

C. Risk heat map

D. Risk scenario summary

An incident response team has established that an application has been breached. Which of the following should be done NEXT?

A. Maintain the affected systems in a forensically acceptable state.

B. Inform senior management of the breach.

C. Isolate the impacted systems from the rest of the network.

D. Conduct a risk assessment on the affected application.

Due to changes in an organization’s environment, security controls may no longer be adequate. What is the information security manager’s BEST course of action?

A. Perform a new risk assessment.

B. Review the previous risk assessment and countermeasures.

C. Transfer the new risk to a third party.

D. Evaluate countermeasures to mitigate new risks.

Which of the following BEST indicates that information assets are classified accurately?

A. An accurate and complete information asset catalog

B. Appropriate assignment of information asset owners

C. Appropriate prioritization of information risk treatment

D. Increased compliance with information security policy

Which of the following should an information security manager do FIRST when developing a security framework?

A. Document security procedures

B. Conduct an asset inventory

C. Update the security policy

D. Perform a gap analysis

When creating an incident response plan, the triggers for the business continuity plan (BCP) MUST be based on:

A. a threat assessment.

B. recovery time objectives (RTOs).

C. a business impact analysis (BIA).

D. a risk assessment.

Which of the following is MOST helpful in ensuring an information security governance framework continues to support business objectives?

A. A consistent risk assessment methodology

B. A monitoring strategy

C. An effective organizational structure

D. Stakeholder buy-in

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is MOST important for the security manager to:

A. follow the incident response plan

B. follow the business continuity plan (BCP)

C. conduct an incident forensic analysis

D. notify the business process owner

Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?

A. Remediation of audit findings

B. Decentralization of security governance

C. Establishment of security governance

D. Maturity of security processes

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

A. Update the risk assessment framework.

B. Monitor the effectiveness of controls.

C. Review the risk probability and impact.

D. Review the inherent risk level.

An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:

A. evaluate the impact.

B. prepare for criminal prosecution.

C. document lessons learned.

D. update information security policies.

An information security manager wants to improve the ability to identify changes in risk levels affecting the organization's systems. Which of the following is the
BEST method to achieve this objective?

A. Performing business impact analyses (BIA)

B. Monitoring key goal indicators (KGIs)

C. Monitoring key risk indicators (KRIs)

D. Updating the risk register

Which of the following will have the GREATEST impact on the development of the information classification scheme consisting of various classification levels?

A. Value of the information

B. Data format

C. Owners of the information

D. Organizational structure

Which of the following activities is designed to handle a control failure that leads to a breach?

A. Vulnerability management

B. Incident management

C. Root cause analysis

D. Risk assessment

Which of the following groups is MOST important to involve in the development of information security procedures?

A. Audit management

B. Senior management

C. End users

D. Operational units