Which of the following MOST effectively prevents internal users from modifying sensitive data?
- A . Network segmentation
- B . Role-based access controls
- C . Multi-factor authentication –
- D . Acceptable use policies
A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that
- A . any alteration of the bid will invalidate the signature.
- B . the signature can be authenticated even if no encryption is used,
- C . the bid cannot be forged even if the keys are compromised.
- D . the bid and the signature can be copied from one document to another
Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?
- A . Security controls offered by the provider are inadequate
- B . Service level agreements (SLAs) art not well defined.
- C . Data retention policies may be violated.
- D . There is no right to audit the security of the provider
An access rights review revealed that some former employees’ access is still active.
Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?
- A . Implement a periodic recertification program.
- B . Initiate an access control policy review.
- C . Validate HR offboarding processes.
- D . Conduct a root cause analysis.
Which of the following is the MOST effective approach for integrating security into application development?
- A . Including security in user acceptance testing sign-off
- B . Performing vulnerability scans
- C . Defining security requirements
- D . Developing security models in parallel
Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?
- A . Change management
- B . Problem management
- C . Configuration management
- D . Incident management
The MOST important factors in determining the scope and timing for testing a business continuity plan are:
- A . the experience level of personnel and the function location.
- B . prior testing results and the degree of detail of the business continuity plan
- C . the importance of the function to be tested and the cost of testing,
- D . manual processing capabilities and the test location
A threat intelligence report indicates there has been a significant rise in the number of attacks targeting the industry.
What should the information security manager do NEXT?
- A . Discuss the risk with senior management.
- B . Conduct penetration testing to identity vulnerabilities.
- C . Allocate additional resources to monitor perimeter security systems,
- D . Update the organization’s security awareness campaign.
Which of the following is the MOST effective way to detect social engineering attacks?
- A . Implement real-time monitoring of security-related events.
- B . Encourage staff to report any suspicious activities.
- C . Implement an acceptable use policy.
- D . Provide incident management training to all start.
A third-party contract signed by a business unit manager failed to specify information security requirements.
Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?
- A . Inform business unit management of the information security requirements.
- B . Provide information security training to the business units
- C . Integrate information security into the procurement process
- D . Involve the information security team in contract negotiations
Which of the following is the MOST important requirement for the successful implementation of security governance?
- A . Mapping to organizational
- B . Implementing a security balanced scorecard
- C . Performance an enterprise-wide risk assessment
- D . Aligning to an international security framework
Which of the following would contribute MOST to employees’ understanding of data handling responsibilities?
- A . Demonstrating support by senior management of the security program
- B . Implementing a tailored security awareness training program
- C . Requiring staff acknowledgement of security policies
- D . Labeling documents according to appropriate security classification
Which of the following BEST reduces the likelihood of leakage of private information via email?
- A . User awareness training
- B . Email encryption
- C . Strong user authentication protocols
- D . Prohibition on the personal use of email
A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:
- A . remain unchanged to avoid variations across the organization
- B . be updated to address emerging threats and vulnerabilities.
- C . be changed for different subsets of the systems to minimize impact,
- D . not deviate from industry best practice baselines.
An information security manager s PRIMARY objective for presenting key risks to the board of directors is to:
- A . re-evaluate the risk appetite
- B . quantify reputational risks
- C . meet information security compliance requirements.
- D . ensure appropriate information security governance.
The PRIMARY purpose of asset valuation for the management of information security is to:
- A . prioritize risk management activities.
- B . provide a basis for asset classification.
- C . determine the value of each asset
- D . eliminate the least significant assets.
Which of the following is the PRIMARY reason to invoke continuity and recovery plans?
- A . To achieve service delivery objectives
- B . To coordinate with senior management
- C . To enforce service level agreements (SLAs)
- D . To protect corporate networks
An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?
- A . Revise the information security strategy to meet executive management expectations.
- B . Escalate noncompliance concerns to the internal audit manager
- C . Report the risk and status of the information security program to the board.
- D . Demonstrate alignment of the information security function with business needs.
A policy has been established requiting users to install mobile device management (MDM) software on their personal devices.
Which of the following would BEST mitigate the risk created by noncompliance with this policy?
- A . Disabling remote access from the mobile device
- B . Requiring users to sign off on terms and conditions
- C . Issuing company-configured mobile devices
- D . Issuing warnings and documenting noncompliance
Which of the following provides the BEST input to maintain an effective asset classification program?
- A . Business impact analysis (BIA)
- B . Annual toss expectancy
- C . Vulnerability assessment
- D . Risk heat map
When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
- A . implement controls to mitigate the risk.
- B . monitor for business changes.
- C . review the residual risk level
- D . report compliance to management
Which of the following is the BEST way to prevent employees from making unauthorized comments to the media about security incidents in progress?
- A . Establish standard media responses for employees to control the message
- B . Communicate potential disciplinary actions for noncompliance.
- C . Include communication policies In regular information security training
- D . training Implement controls to prevent discussion with media during an Incident.
Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?
- A . Vulnerability assessment results
- B . Application security policy
- C . A business case
- D . Internal audit reports
An information security manager is concerned that executive management does not support information security initiatives.
Which of the following is the BEST way to address this situation?
- A . Revise the information security strategy to meet executive management’s expectations.
- B . Escalate noncompliance concerns to the internal audit manager
- C . Report the risk and status of the information security program to the board.
- D . Demonstrate alignment of the information security function with business needs.
Which of the following is the PRIMARY objective of a business impact analysis (BIA):
- A . Define the recovery point objective (RPO).
- B . Determine recovery priorities.
- C . Confirm control effectiveness.
- D . Analyze vulnerabilities
Which of the following should be define* I FIRST when creating an organization’s information security strategy?
- A . Budget
- B . Policies and processes
- C . Objectives
- D . Organizational structures
Meeting which of the following security objectives BEST ensures that information is protected against unauthorized modification?
- A . Availability
- B . Integrity
- C . Confidentiality
- D . Authenticity
Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?
- A . Provide information security awareness training.
- B . Conduct a business impact analysis (BIA).
- C . Facilitate the creation of an information security steering group
- D . Conduct information security briefings for executives
Senior management learns of several web application security incidents and wants to know the exposure risk to the organization.
What is the information security manager’s BEST course of action?
- A . Perform a vulnerability assessment.
- B . Review audit logs from IT systems.
- C . Activate the incident response plan
- D . Assess IT system configurations
A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:
- A . generating hash output that is the same size as the original message,
- B . requiring the recipient to use a different hash algorithm,
- C . using the senders public key to encrypt the message.
- D . using a secret key m conjunction with the hash algorithm.
Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
- A . Redundant
- B . Shared
- C . Warm
- D . Mobile
Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?
- A . The framework includes industry-recognized information security best practices.
- B . The number of security incidents has significantly declined
- C . The business has obtained framework certification.
- D . Objectives in the framework correlate directly to business practices
Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?
- A . The framework includes industry-recognized information security best practices.
- B . The number of security incidents has significantly declined
- C . The business has obtained framework certification.
- D . Objectives in the framework correlate directly to business practices
Which of the following is MOST likely to result from a properly conducted post-incident review?
- A . Breach information is provided to the organization’s key stakeholders and users.
- B . The cause of the incident is discovered and remediated.
- C . Forensic evidence is reviewed and provided to law enforcement
- D . The incident response team discovers inefficiencies in the recovery process.
Labeling information according to its security classification:
- A . affects the consequences if information is handled insecurely,
- B . induces the number and type of counter measures required
- C . enhances the likelihood of people handling information securely,
- D . reduces the need to identify baseline controls for each classification.
Which of the following is MOST likely to result from a properly conducted post-incident review?
- A . Breach information is provided to the organization’s key stakeholders and us«rs.
- B . The cause of the incident is discovered and remediated.
- C . Forensic evidence is reviewed and provided to law enforcement
- D . The incident response team discovers inefficiencies in the recovery process.
Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?
- A . Before-and-after heat maps
- B . Analysis of recent incident
- C . Detailed risk analysis of the treatments
- D . individual risk assessments
The GREATEST benefit of choosing a private cloud over a public cloud would be:
- A . containment of customer data
- B . collection of data forensic
- C . online service availability.
- D . server protection.
The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:
- A . assign accountability for transactions made with the user’s ID.
- B . maintain compliance with industry best practices.
- C . serve as evidence of security awareness training.
- D . maintain an accurate record of users access rights
Which of the following is MOST important to the successful development of an information security strategy?
- A . An implemented development life cycle process
- B . A well-implemented governance framework
- C . Current state and desired objectives
- D . Approved policies and standards
Which of the following processes is the FIRST step in establishing an information security policy?
- A . Review of current global standards
- B . Business risk assessment
- C . Security controls evaluation
- D . Information security audit
A company has purchased a rival organization and is looking to integrate security strategies.
Which of the following is the GREATEST issue to consider?
- A . The organizations have different risk appetites
- B . Differing security skills within the organizations
- C . Confidential information could be leaked
- D . Differing security technologies
Which of the following is the PRIMARY reason social media has become a popular target for attack?
- A . The reduced effectiveness of access controls
- B . The accessibility of social media from multiple locations
- C . The prevalence of strong perimeter protection
- D . The element of trust created by social media
When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?
- A . Encryption
- B . Retention
- C . Report distribution
- D . Tuning
An organization’s security policy is to disable access to USB storage devices on laptops and desktops.
Which of the following is the STRONGEST justification foi granting an exception to the policy?
- A . Access is restricted to read-only.
- B . USB storage devices are enabled based on user roles
- C . Users accept the risk of noncompliance.
- D . The benefit is greater than the potential risk
Which of the following is the BEST way to improve the timely reporting of information security incidents?
- A . Perform periodic simulations with the incident response team.
- B . Regularly reassess and update the incident response plan.
- C . Integrate an intrusion detection system (IDS) in the DMZ
- D . Incorporate security procedures in help desk processes
Which of the following would BEST assist an information security manager in gaining strategic support from executive management?
- A . Risk analysis specific to the organization
- B . Research on trends in global information security breaches
- C . Rating of the organization s security, based on international standards
- D . Annual report of security incidents within the organization
When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?
- A . The security awareness programs
- B . Firewall logs
- C . The risk management processes
- D . Post-incident analysis results
What should be information security manager’s FIRST course of action when it is discovered a staff member has been posting corporate information on social media sites?
- A . Asses the classification of the data posted.
- B . Implement controls to block the social media sites.
- C . Refer the staff member to the information security policy
- D . Notify senior management
Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?
- A . Mature security policy
- B . Information security roles and responsibilities
- C . Organizational information security awareness
- D . Organizational culture
Which of the following is the MOST useful metric for determining how well firewall logs are being monitored?
- A . The number of port scanning attempts
- B . The number of log entries reviewed
- C . The number of investigated alerts
- D . The number of dropped malformed packets
As part of an international expansion plan, an organization has acquired a company located in another jurisdiction.
Which of the following would be the BEST way to maintain an effective information security program?
- A . Determine new factors that could influence the information security strategy.
- B . Implement the current information security program in the acquired company.
- C . Merge the two information security programs to establish continuity.
- D . Ensure information security s included in any change control efforts
Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?
- A . Users must agree to allow the mobile device to be wiped if it is lost
- B . Email must be stored in an encrypted format on the mobile device
- C . A senior manager must approve each new connection
- D . Email synchronization must be prevented when connected to a public Wi-Fi hotspot.
An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients.
The BEST approach to obtain the support of business management would be to:
- A . Present an analysis of the cost and benefit of the changes
- B . Elaborate on the positive impact to information security
- C . Present industry benchmarking results to business units
- D . Discuss the risk and impact of security incidents if not implemented
Which of the following is the BEST resource for evaluating the strengths and weaknesses of an incident response plan?
- A . Recovery time objectives (RTOs)
- B . Mission, goals and objectives
- C . Incident response maturity assessment
- D . Documentation from preparedness tests
Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
- A . Existence of an industry-accepted framework
- B . Up-to-date policy and procedures documentation
- C . A report on the maturity of controls
- D . Results of an independent assessment
Over the last year, an information security manager has performed risk assessments on multiple third-party vendors.
Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
- A . Criticality of the service to the organization
- B . Compliance requirements associated with the regulation
- C . Compensating controls in place to protect information security
- D . Corresponding breaches associated with each vendor
A
Explanation:
Associated level of risk applied to each vendor is the Residual Risk (the risk after applying vendor’s controls). CRISC RM 6th, (Residual Risk = Inherent Risk C Cumulative Effect of Controls) Inherent risk is the current risk without applying any control (i.e. before vendor’s controls), this risk is the same quantity in the equation for each vendor. Effect of controls (the value supplied by the vendor) will be different for each vendor. Ex. For vendor 1, Residual Risk1= Inherent/current Risk C Effect of controls of Vendor1 For vendor 2, Residual Risk2= Inherent/current Risk C Effect of controls of Vendor2
After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?
- A . Risk heat map
- B . Recent audit results
- C . Balanced scorecard
- D . Gap analysis
Which of the following is the BEST method to defend against social engineering attacks?
- A . Monitor for unauthorized access attempts and failed logins.
- B . Employ the use of a web-content filtering solution.
- C . Communicate guideline to limit information posted to public sites
- D . Periodically perform antivirus scans to identify malware
Which of the following would provide the MOST useful input when creating an information security program?
- A . Business case
- B . Information security budget
- C . Key risk indicators (KRls)
- D . Information security strategy
Which of the following is an information security manager’s BEST course of action when informed of decision to reduce funding for the information security program?
- A . Remove overlapping security controls
- B . Prioritize security projects based on risk.
- C . Design key risk indicators (KRIs)
- D . Create a business case appeal decision.
Which of the following will BEST protect an organization against spear phishing?
- A . Antivirus software
- B . Acceptable use policy
- C . Email content filtering
- D . End-user training
Which of the following should be PRIMARILY included in a security training program for business process owners?
- A . Application recovery time
- B . Impact of security risks
- C . Application vulnerabilities
- D . List of security incidents reported
Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?
- A . Recognised threat intelligence communities
- B . Open-source reconnaissance
- C . Disaster recovery consultants widely endorsed in industry forums
- D . Incident response experts from highly regarded peer organizations
Which of the following is a PRIMARY security responsibility of an information owner?
- A . Testing information classification controls
- B . Determining the controls associated with information classification
- C . Maintaining the integrity of data in the information system
- D . Deciding what level of classification the information requires
To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:
- A . criteria consistent with classification levels
- B . efficient technical processing considerations,
- C . overall IT capacity and operational constraints,
- D . established guidelines
Which of the following BEST enables an effective escalation process within an incident response program?
- A . Dedicated funding for incident management
- B . Adequate incident response staffing
- C . Monitored program metrics
- D . Defined incident thresholds
Which of the following activities BEST enables executive management to ensure value delivery within an information security program?
- A . Requiring employees to undergo information security awareness training
- B . Assigning an information security manager to a senior management position
- C . Approving an industry-recognized information security framework
- D . Reviewing business cases for information security initiatives
Which of the following would present the GREATEST need to revise information security poll’
- A . Implementation of a new firewall
- B . An increase in reported incidents
- C . A merger with a competing company
- D . Changes in standards and procedures
During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?
- A . Review
- B . Identification
- C . Eradication
- D . Containment
The PRIMARY benefit of integrating information security activities into change management processes is to:
- A . provide greater accountability for security-related changes In the business
- B . protect the organization from unauthorized changes.
- C . protect the business from collusion and compliance threats.
- D . ensure required controls are Included in changes.
Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:
- A . has a clearly defined charier and meeting protocols.
- B . includes a mix of members from all levels of management.
- C . conducts frequent reviews of the security policy.
- D . has established relationships with external professionals.
Which of the following is an information security manager’s BEST course of action to address a significant materialized risk that was not prevented by organizational controls?
- A . Update the business impact analysis (BIA)
- B . Update the risk register.
- C . Perform root cause analysis.
- D . Invoke the incident response plan.
Which of the following control type is the FIRST consideration for aligning employee behavior with an organization’s information security objectives?
- A . Physical security control
- B . Directive security
- C . Technical security controls
- D . Logical access control
Which of the following would BEST justify spending for a compensating control?
- A . Risk analysis
- B . Vulnerability analysis
- C . Threats analysis
- D . Peer benchmarking
To gain a clear understanding of the impact that a new regulatory will have on an organization’s security control, an information manager should FIRST.
- A . Conduct a risk assessment
- B . Interview senior management
- C . Perform a gap analysis
- D . Conduct a cost-benefit analysis
An emergency change was made to an IT system as a result of a failure.
Which of the following should be of GREATEST concern to the organizations information security manager?
- A . The change did not include a proper assessment of risk.
- B . Documentation of the change was made after implementation.
- C . The operations team implemented the change without regression testing,
- D . The information security manager did not review the change prior to implementation.
The PRIMARY purpose of vulnerability assessments is to:
- A . provide clear evidence that the system is sufficiently secure.
- B . test intrusion detection systems (IDS) and response procedures
- C . detect deficiencies that could lead to a system compromise.
- D . determine the impact of potential threats,
A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.
- A . Change the password policy to improve the customer experience
- B . Reach alternative secure of identify verification
- C . Recommended implementing two-factor authentication.
- D . Evaluate the impact of the customer’s experience on business revenue.
Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
- A . Implement more stringent countermeasures.
- B . Evaluate whether an excessive level of control is being applied.
- C . Ask senior management to increase the acceptable risk levels
- D . Ask senior management to lower the acceptable risk levels.
Which of the following is the MOST effective defense against spear phishing attacks?
- A . Unified threat management
- B . Web filtering
- C . Anti-spam solution
- D . User awareness training
Which of the following provides the MOST relevant evidence of incident response maturity?
- A . Red team testing results
- B . Average incident closure time
- C . Independent audit assessment
- D . Tabletop exercise results
Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?
- A . Statistical pattern recognition
- B . Attack signatures
- C . Heuristic analysis
- D . Traffic analysis
Which is MOST important to enable a timely response to a security breach?
- A . Knowledge sharing and collaboration
- B . Security event logging
- C . Roles and responsibilities
- D . Forensic analysis
Which of the following is the BEST way to increase the visibility of information security within an organization’s culture?
- A . Requiring cross-functional information security training
- B . Implementing user awareness campaigns for the entire company
- C . Publishing an acceptable use policy
- D . Establishing security policies based on industry standards
After a server has been attacked, which of the following is the BEST course of action?
- A . Review vulnerability assessment
- B . Conduct a security audit
- C . Initiate modem response
- D . Isolate the system.
Which of the following is the MOST important driver when developing an effective information security strategy?
- A . Information security standards
- B . Compliance requirements
- C . Security audit reports
- D . Benchmarking reports
An information security manager is reviewing the impact of a regulation on the organization’s human resources system.
The NEXT course of action should be to:
- A . perform a gap analysis of compliance requirements
- B . assess the penalties for noncompliance.
- C . review the organization s most recent audit report
- D . determine the cost of compliance
Which of the following is the MOST important outcome from vulnerability scanning?
- A . Prioritization of risks
- B . Information about steps necessary to hack the system
- C . Identification of back doors
- D . Verification that systems are property configured
Which of the following would provide nonrepudiation of electronic transactions?
- A . Two-factor authentication
- B . Periodic reaccredinations
- C . Third-party certificates
- D . Receipt acknowledgment
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations.
Which of the following would be of MOST concern to senior management?
- A . The organization uses a decentralized privacy governance structure
- B . Privacy policies ire only reviewed annually
- C . The organization doe* not have a dedicated privacy officer
- D . The privacy program does not include a formal warning component
Executive management is considering outsourcing all IT operations.
Which of the following functions should remain internal?
- A . Data encryption
- B . Data ownership
- C . Data custodian
- D . Data monitoring
Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
- A . Average time to resolve an incident
- B . Total number of reported incidents
- C . Total number of incident responses
- D . Average time to respond to an incident
Senior management has approved employees working off-site by using a virtual private network (VPN) connection.
It is MOST important for the information security manager to periodically:
- A . perform a cost-benefit analysis.
- B . perform a risk assessment.
- C . review firewall configuration.
- D . review the security policy.
The success of a computer forensic investigation depends on the concept of:
- A . chain of evidence.
- B . chain of attack.
- C . forensic chain
- D . evidence of attack.
Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?
- A . The patch should be applied to critical systems.
- B . The patch should be validated using a hash algorithm.
- C . The patch should be evaluated in a testing environment.
- D . The patch should be deployed quickly to systems that are vulnerable.
Which of the following will BEST help to ensure security is addressed when developing a custom application?
- A . Conducting security training for the development staff
- B . Integrating security requirements into the development process
- C . Requiring a security assessment before implementation
- D . Integrating a security audit throughout the development process
Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA).
Which of the following is the information security manager’s BEST course of action?
- A . Inform the legal department of the deficiency
- B . Analyze and report the issue to server management
- C . Require the application owner to implement the controls.
- D . Assess and present the risks to the application owner
Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?
- A . Disaster recovery plan
- B . Identity and access management
- C . Vendor’s information security policy
- D . A risk assessment
When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?
- A . Provide security training for developers.
- B . Prepare detailed acceptance criteria
- C . Adhere to change management processes.
- D . Perform a security gap analysis.