Which of the following should be the most important consideration when reviewing an information security strategy?

An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

A. Conduct a mobile device risk assessment. B. Create an acceptable use policy. C. Deploy mobile device management (MDM). D. Implement remote wipe capability,

Deciding the level of protection a particular asset should be given is BEST determined by:

A. a threat assessment. B. a vulnerability assessment. C. a risk analysis. D. the corporate risk appetite.

Which of the following is the MAJOR advantage of conducting a post-incident review? The review:

A. provides continuous process improvement. B. helps develop business cases for security monitoring tools. C. facilitates reporting on actions taken during the incident process. D. helps identify current and desired level of risk.

When developing an incident escalation process, the BEST approach is to classify incidents based on:

A. their root causes. B. recovery point objectives (RPOs). C. information assets affected. D. estimated time to recover.

Information security awareness programs are MOST effective when they are:

A. customized for each target audience. B. reinforced by computer-based training. C. conducted at employee orientation. D. sponsored by senior management.

Which of the following BEST enables the detection of advanced persistent threats (APTs)?

A. Security information and event management system (SIEM) B. Internet gateway C. Vulnerability scanning D. Periodic reviews of intrusion prevention system (IPS)

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?

A. Heat map B. Risk register C. Gap analysis results D. Risk assessment results

An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?

A. Develop an incident response plan. B. Define data retention criteria.lag C. Install biometric access control. D. Enable activity logging.

For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?

A. Number of virus infections detected B. Average recovery time per incident C. Number of downtime-related help desk calls D. Amount of infection-related downtime

Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?

A. Ensure that proper controls exist for code review and release management. B. Implement controls for continuous monitoring of middleware transactions. C. Apply the latest patch programs to the production operating systems. D. Set up an agent to run a virus-scanning program across platforms.

An organization is developing a disaster recovery strategy and needs to identify each application's criticality so that the recovery sequence can be established. Which of the following is the BEST course of action?

A. Restore the applications with the shortest recovery times first. B. Document the data flow and review the dependencies. C. Perform a business impact analysis (BIA) on each application. D. Identify which applications contribute the most cash flow.

Which of the following should be an information security manager's MAIN concern if the same digital signing certificate is able to be used by two or more users?

A. Certificate alteration B. Inability to validate identity of sender C. Potential to decrypt digital hash values D. Segregation of duties

An information security manager discovers that newly hired privileged users are not taking necessary steps to protect critical information at their workstations. Which of the following is the BEST way to address this situation?

A. Communicate the responsibility and provide appropriate training. B. Turn on logging and record user activity. C. Publish an acceptable use policy and require signed acknowledgment. D. Implement a data loss prevention (DLP) solution.

Human resources (HR) is evaluating potential Software as a Service (SaaS) cloud services. Which of the following should the information security manager do FIRST to support this effort?

A. Perform a risk assessment of adopting cloud services. B. Perform a cost-benefit analysis of using cloud services. C. Review the cloud service providers' controls reports. D. Conduct a security audit on the cloud service providers.

The business advantage of implementing authentication tokens is that they:

A. provide nonrepudiation B. reduce administrative workload. C. reduce overall cost. D. improve access security.

Which of the following is the PRIMARY responsibility of an information security steering committee?

A. Setting up password expiration procedures B. Reviewing firewall rules C. Drafting security policies D. Prioritizing security initiatives

Which of the following BEST indicates an effective vulnerability management program?

A. Controls are managed proactively. B. Security incidents are reported in a timely manner. C. Risks are managed within acceptable limits. D. Threats are identified accurately.

The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:

A. disaster recovery plan (DRP). B. information security manager. C. escalation procedures.

Which of the following would be MOST effective in changing the security culture and behavior of staff?

A. Promoting the information security mission within the enterprise B. Auditing compliance with the information security policy C. Enforcing strict technical information security controls D. Developing procedures to enforce the information security policy

Which of the following is the BEST way to strengthen the alignment of an information security program with business strategy?

A. Increasing the frequency of control assessments B. Increasing budget for risk assessments C. Establishing an information security steering committee D. Providing organizational training on information security policies

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

A. relates the investment to the organization's strategic plan B. translates information security policies and standards into business requirements. C. articulates management's intent and information security directives in clear language. D. realigns information security objectives to organizational strategy.

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

A. Monitor the effectiveness of controls. B. Update the risk assessment framework. C. Review the inherent risk level. D. Review the risk probability and impact.

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action?

A. Determine mitigation options with IT management. B. Report the risk to the information security steering committee. C. Communicate the potential impact to the application owner. D. Escalate the risk to senior management.

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

A. Recovery strategy B. IT strategy C. Risk mitigation strategy D. Security 'strategy

Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

A. Conduct an information security audit on the third-party vendor. B. Communicate security policy with the third-party vendor. C. Review the third-party contract with the organization's legal department. D. Ensure security is involved in the procurement process.

When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?

A. Audit reports B. Access logs C. Access lists D. Threat metrics