Which of the following BEST demonstrates return on investment (ROI) for an information security initiative?

A. Risk heat map

B. Business impact analysis (BIA)

C. Business case

D. Information security program roadmap

Which of the following presents the GREATEST challenge to a security operations center's timely identification of potential security breaches?

A. An organization has a decentralized data center that uses cloud services.

B. Operating systems are no longer supported by the vendor.

C. IT system clocks are not synchronized with the centralized logging server.

D. The patch management system does not deploy patches in a timely manner.

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

A. Assess the risk to the organization.

B. Review the mitigating security controls.

C. Notify staff members of the threat.

D. Increase the frequency of system backups.

Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?

A. Procedures

B. Regulations

C. Baselines

D. Standards

The PRIMARY objective of a risk response strategy should be:

A. threat reduction.

B. senior management buy-in.

C. appropriate control selection.

D. regulatory compliance.

An incident response team has been assembled from a group of experienced individuals. Which type of exercise would be MOST beneficial for the team at the first drill?

A. Tabletop exercise

B. Red team exercise

C. Disaster recovery exercise

D. Black box penetration test

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

A. require less IT staff preparation

B. identify more threats

C. simulate real-world attacks

D. cause fewer potential production issues

Which of the following documents should contain the INITIAL prioritization of recovery of services?

A. Threat assessment

B. IT risk analysis

C. Business impact analysis (BIA)

D. Business process map

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

A. alignment with compliance requirements.

B. effectiveness of controls.

C. control gaps are minimized.

D. system availability.

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation. However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges. Which of the following would BEST enable regulatory compliance?

A. Identity and access management (IAM) system

B. Privileged access management (PAM) system

C. Multi-factor authentication (MFA) system

D. Governance risk, and compliance (GRC) system

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

A. Corporate risk framework

B. Corporate culture

C. Clarity of security roles and responsibilities

D. Maturity of the security policy

Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?

A. Security benchmark report

B. Risk heat map

C. Security metrics dashboard

D. Key risk indicators (KRIs)

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

A. change activities are documented.

B. compliance with the risk acceptance framework.

C. the rationale for acceptance is periodically reviewed.

D. the acceptance is aligned with business strategy.

Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way for the information security manager to respond to this situation?

A. Update roles and responsibilities of the incident response team.

B. Train the incident response team on escalation procedures.

C. Implement a monitoring solution for incident response activities.

D. Validate that the information security strategy maps to corporate objectives.

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

A. the incident is reported to senior management.

B. the integrity of evidence is preserved.

C. the server is unplugged from power.

D. forensic investigation software is loaded on the server.

The MOST important element in achieving executive commitment to an information security governance program is:

A. identified business drivers.

B. a process improvement model.

C. established security strategies.

D. a defined security framework.

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?

A. Establish a capability maturity model.

B. Develop a training plan.

C. Conduct a risk assessment.

D. Perform a skills gap analysis.

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

A. Identification of risk

B. Selection of risk treatment options

C. Analysis of control gaps

D. Design of key risk indicators (KRIs)

Which of the following should an information security manager do FIRST when developing a security framework?

A. Document security procedures

B. Conduct an asset inventory

C. Update the security policy

D. Perform a gap analysis

Which of the following would be the BEST way to maintain organization-wide support for an information security strategy?

A. Ensure information security objectives are understood by key stakeholders.

B. Monitor user activity to identify and track information security policy violations.

C. Place information security awareness materials in visible locations.

D. Ensure information security policies are easily accessible.

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

A. Users accept the risk of noncompliance.

B. The benefit is greater than the potential risk.

C. USB storage devices are enabled based on user roles.

D. Access is restricted to read-only.

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

A. Processes and technology

B. People and culture

C. Regulations and standards

D. Executive and board directives

Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?

A. Gaps between current and desirable levels will be addressed.

B. Information security management costs will be optimized.

C. Information security strategy will be in line with industry best practice.

D. Staff awareness of information security compliance will be promoted.

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

A. Business impact analysis (BIA)

B. Risk assessment

C. Vulnerability assessment

D. Industry best practices

An organization that uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:

A. the availability of continuous technical support.

B. appropriate service level agreements (SLAs) are in place.

C. a right-to-audit clause is included in contracts.

D. internal security standards are in place.

A large organization is in the process of developing its information security program that involves working with several complex organizational functions. Which of the following will BEST enable the successful implementation of this program?

A. Security governance

B. Security policy

C. Security metrics

D. Security guidelines

Which of the following is the BEST way to maintain ongoing senior management support for the implementation of a security monitoring toot?

A. Demonstrate return on investment (ROI).

B. Update security plans.

C. Present security monitoring reports.

D. Communicate risk reduction.

Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?

A. Percentage of outstanding high-risk audit issues

B. Number of incidents resulting in disruptions

C. Number of successful disaster recovery tests

D. Frequency of updates to system software

Which of the following is MOST important to the successful implementation of an information security program?

A. Key performance indicators (KPIs) are defined.

B. Adequate security resources are allocated to the program.

C. A balanced scorecard is approved by the steering committee.

D. The program is developed using global security standards.

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

A. Documenting multiple scenarios for the organization and response steps

B. Providing training from third-party forensics firms

C. Obtaining industry certifications for the response team

D. Conducting tabletop exercises appropriate for the organization

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?

A. Assess the business impact to the organization.

B. Present the noncompliance risk to senior management.

C. Investigate alternative options to remediate the noncompliance.

D. Determine the cost to remediate the noncompliance.

Which of the following should be the FIRST step when performing triage of a malware incident?

A. Preserving the forensic image

B. Containing the affected system

C. Comparing backup against production

D. Removing the malware

An organization is in the process of acquiring a new company. Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

A. Review data architecture.

B. Include security requirements in the contract.

C. Perform a risk assessment.

D. Assess security controls.

A Software as a Service (SaaS) application has been implemented to support a critical business process. Which of the following is MOST important to include within the service level agreement (SLA) to ensure timely response to incidents affecting the application?

A. Vendor declarations and warranties

B. Enhanced monitoring of in-scope systems

C. Defined incident response roles and responsibilities

D. Established incident response procedures

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

A. Elapsed time between detection, reporting, and response

B. Average number of incidents per reporting period

C. Average total cost of downtime per reported incident

D. Elapsed time between response and resolution

Which of the following is MOST important to include in an information security policy?

A. Maturity levels

B. Baselines

C. Best practices

D. Management objectives

For which of the following is it MOST important that system administrators be restricted to read-only access?

A. User access log files

B. Administrator user profiles

C. System logging options

D. Administrator log files

Which of the following is an incident containment method?

A. Reviewing system logs and audit trails

B. Removing compromised systems from the network

C. Analyzing systems for impact from the incident

D. Mapping the scope of the incident on the network

Which of the following is the BEST indicator of an organization's information security status?

A. Threat analysis

B. Controls audit

C. Penetration test

D. Intrusion detection log analysis

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

A. Performance measures for existing controls

B. Number of false positives

C. Security training test results

D. Industry benchmarks

In which cloud model does the cloud service buyer assume the MOST security responsibility?

A. Infrastructure as a Service (IaaS)

B. Software as a Service (SaaS)

C. Disaster Recovery as a Service (DRaaS)

D. Platform as a Service (PaaS)

An organization recently activated its business continuity plan (BCP). All employees were notified during the event, but some did not fully follow the communications plan. What is the BEST way to prevent a recurrence?

A. Perform tabletop testing with appropriate employees

B. Reprimand employees for not following the plan

C. Enhance external communication instructions in the BCP

D. Incorporate BCP communication expectations in job descriptions

Which of the following should be done FIRST when developing an information security strategy that is aligned with organizational goals?

A. Establish a security risk framework with key risk indicators (KRIs).

B. Determine information security’s impact on the achievement of organizational goals.

C. Assess information security risk associated with the organizational goals

D. Select information security projects related to the organizational goals.

Which of the following BEST facilitates recovery of data lost as a result of a cybersecurity incident?

A. Disaster recovery plan (DRP)

B. Offsite data backups

C. Encrypted data drives

D. Removable storage media

When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to:

A. identify the program’s risk and compensating controls.

B. consider the organization’s business strategy.

C. consider the strategic objectives of the program.

D. leverage industry benchmarks.

Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?

A. To ensure that the mitigation effort does not exceed the asset value

B. To ensure that benefits are aligned with business strategies

C. To present a realistic information security budget

D. To justify information security program activities

The PRIMARY advantage of single sign-on (SSO) is that it will:

A. support multiple authentication mechanisms.

B. strengthen user passwords.

C. increase efficiency of access management.

D. increase the security of related applications.

When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that:

A. the applications are tested prior to implementation

B. security controls are applied to each device when joining the network

C. users have read and signed acceptable use agreements

D. business leaders have an understanding of security risks

Which of the following is the MOST important objective when recommending controls?

A. Ensuring implementation costs are approved

B. Identifying business processes the controls can support

C. Reducing the risk to an acceptable level

D. Minimizing the impact to business processes

The BEST indicator the effectiveness of a security program conducted for users is an increase in the number of:

A. social engineering attempts reported to information security

B. requests for more security training information

C. participants in the security awareness program

D. threats detected by information security staff