750
Correct Answer: B Explanation/Reference:
Employees in a large multinational organization frequently travel among various geographic locations. Which type of authorization policy BEST addresses this practice? A. Multilevel B. Identity C. Role-based D. Discretionary
Correct Answer: A Explanation/Reference:
Ensuring that activities performed by outsourcing providers comply with information security policies can BEST be accomplished through the use of: A. service level agreements. B. explicit contract language. C. local regulations. D. independent audits.
Correct Answer: A Explanation/Reference:
Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT? A. Develop an implementation strategy. B. Schedule the target and date for implementation activities. C. Budget the total cost of implementation activities. D. Calculate the residual risk for each countermeasure.
Correct Answer: D Explanation/Reference:
A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that: A. users can gain direct access to the application ID and circumvent data controls .B. when multiple sessions with the same application ID collide, the database locks up. C. the database becomes unavailable if the password of the application ID expires. D. an incident involving unauthorized access to data cannot be tied to a specific user.
Correct Answer: B Explanation/Reference:
A business unit uses an e-commerce application with a strong password policy. Many customers complain that they cannot remember their passwords because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST: A. change the password policy to improve the customer experience B. research alternative secure methods of identity verification C. evaluate the impact of the customer's experience on business revenue D. recommend implementing two-factor authentication
Correct Answer: C Explanation/Reference:
A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies would be the BEST approach for developing a physical access control policy for the organization? A. Design single sign-on or federated access B. Conduct a risk assessment to determine security risks and mitigating controls C. Develop access control requirements for each system and application D. Review customers security policies
Correct Answer: B Explanation/Reference:
A multinational organization wants to monitor outbound traffic for data leakage from the use of unapproved cloud services. Which of the following should be the information security manager's GREATEST consideration when implementing this control? A. Security of cloud services B. Data privacy regulations C. Resistance from business users D. Allocation of monitoring resources
Correct Answer: C Explanation/Reference:
A multinational organization's information security manager has been advised that the city in which a contracted regional data center is located is experiencing civil unrest. The information security manager should FIRST: A. delete the organization's sensitive data at the provider's location B. engage another service provider at a safer location C. verify the provider's ability to protect the organization's data D. evaluate options to recover if the data center becomes unreachable
Correct Answer: A Explanation/Reference:
A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager's FIRST course of action? A. Review the current security policy. B. Inform senior management of the new regulation. C. Update the security incident management process. D. Determine impact to the business.
Correct Answer: B Explanation/Reference:
A new system has been developed that does not comply with password-aging rules. This noncompliance can BEST be identified through: A. a business impact analysis B. an internal audit assessment C. an incident management process D. a progressive series of warnings
Correct Answer: C Explanation/Reference:
An organization has a policy in which all criminal activity is prosecuted. What is MOST important for the information security manager to ensure when an employee is suspected of using a company computer to commit fraud? A. The forensics process is immediately initiated B. The incident response plan is initiated C. The employee's log files are backed-up D. Senior management is informed of the situation
Correct Answer: A Explanation/Reference:
After detecting an advanced persistent threat (APT), which of the following should be the information security manager's FIRST step? A. Notify management B. Contain the threat C. Remove the threat D. Perform root-cause analysis
Correct Answer: A Explanation/Reference:
After logging in to a web application, further password credentials are required at various application points. Which of the following is the PRIMARY reason for such an approach? A. To ensure access is granted to the authorized person B. To enforce strong two-factor authentication C. To ensure session management variables are secure D. To implement single sign-on
Correct Answer: D Explanation/Reference:
An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization's information security manager? A. The change did not include a proper assessment of risk. B. Documentation of the change was made after implementation. C. The information security manager did not review the change prior to implementation. D. The operations team implemented the change without regression testing.
Correct Answer: B Explanation/Reference:
An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review? A. Intrusion detection system B. SIEM tool C. Antivirus software D. File integrity monitoring software
Correct Answer: A Explanation/Reference:
An organization has decided to implement a security information and event management (SIEM) system. It is MOST important for the organization to consider: A. industry best practices. B. data ownership. C. log sources. D. threat assessments.
Correct Answer: C Explanation/Reference:
An organization is considering whether to allow employees to use personal computing devices for business purposes. To BEST facilitate senior management's decision, the information security manager should: A. map the strategy to business objectives B. perform a cost-benefit analysis C. conduct a risk assessment D. develop a business case
Correct Answer: D Explanation/Reference:
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control? A. Requiring the backup of the organization's data by the user B. Establishing the authority to remote wipe C. Monitoring how often the smartphone is used D. Developing security awareness training
Correct Answer: C Explanation/Reference:
An organization shares customer information across its globally dispersed branches. Which of the following should be the GREATEST concern to information security management? A. Cross-cultural differences between branches B. Conflicting data protection regulations C. Insecure wide area networks (WANs) D. Decentralization of information security
Correct Answer: A Explanation/Reference:
During which phase of an incident response process should corrective actions to the response procedure be considered and implemented? A. Eradication B. Review C. Containment D. Identification
Correct Answer: D Explanation/Reference:
During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address: A. baseline security controls. B. cost-benefit analyses. C. benchmarking security metrics. D. security objectives.
Correct Answer: A Explanation/Reference:
In an organization that has undergone an expansion through an acquisition which of the following would BEST secure the enterprise network? A. Using security groups B. Log analysis od system access C. Business or role-based segmentation D. Encryption of data traversing networks
Correct Answer: D Explanation/Reference:
In which of the following ways can an information security manager BEST ensure that security controls are adequate for supporting business goals and objectives? A. Reviewing results of the annual company external audit B. Adopting internationally accepted controls C. Enforcing strict disciplinary procedures in case of noncompliance D. Using the risk management process
Correct Answer: D Explanation/Reference:
Most security vulnerabilities in software exit because: A. security features are not tested adequately. B. software has undocumented features. C. security is not properly designed. D. software is developed without adherence to standards.
Correct Answer: C Explanation/Reference:
Segregation of duties is a security control PRIMARILY used to: A. establish dual check. B. establish hierarchy. C. limit malicious behavior. D. decentralize operations.
Correct Answer: C Explanation/Reference:
Spoofing should be prevented because it may be used to: A. assemble information, track traffic, and identify network vulnerabilities. B. predict which way a program will branch when an option is presented. C. gain illegal entry to a secure system by faking the sender's address. D. capture information such as password traveling through the network.
Correct Answer: B Explanation/Reference:
The BEST way to mitigate the risk associated with a social engineering attack is to: A. deploy an effective intrusion detection system (IDS) B. perform a user-knowledge gap assessment of information security practices C. perform a business risk assessment of the email filtering system D. implement multi-factor authentication on critical business systems
Correct Answer: C Explanation/Reference:
The MAIN reason for continuous monitoring of a security strategy is to: A. optimize resource allocation. B. confirm benefits are being realized. C. evaluate the implementation of the strategy. D. allocate funds for information security
Correct Answer: D Explanation/Reference:
The PRIMARY advantage of single sign-on (SSO) is that it will: A. support multiple authentication mechanisms. B. increase the security related applications. C. strengthen user password. D. increase efficiency of access management.
Correct Answer: A Explanation/Reference:
The PRIMARY reason for creating a business case when proposing an information security project is to: A. establish the value of the project in relation to business objectives B. establish the value of the project with regard to regulatory compliance C. ensure relevant business parties are involved in the project D. ensure comprehensive security controls are identified
Correct Answer: D Explanation/Reference:
The PRIMARY reason for using information security metrics is to: A. achieve senior management commitment. B. ensure alignment with corporate requirements. C. adhere to legal and regulatory requirements. D. monitor the effectiveness of controls.
Correct Answer: D Explanation/Reference:
The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the: A. information security manager B. escalation procedures C. disaster recovery plan D. chain of custody
Correct Answer: C Explanation/Reference:
To ensure IT equipment meets organizational security standards, the MOST efficient approach is to: A. assess security during equipment deployment. B. ensure compliance during user acceptance testing. C. assess the risks of all new equipment. D. develop an approved equipment list.
Correct Answer: D Explanation/Reference:
Utilizing external resources for highly technical information security tasks allows an information security manager to: A. distribute technology risk. B. leverage limited resources. C. outsource responsibility. D. transfer business risk.
Correct Answer: B Explanation/Reference:
Which of the following change management procedures is MOST likely to cause concern to the information security manager? A. Fallback processes are tested the weekend before changes are made. B. The development manager migrates programs into production. C. A manual rather than an automated process is used to compare program versions. D. Users are not notified of scheduled system changes.
Correct Answer: D Explanation/Reference:
Which of the following function is the MOST critical when initiating the removal of system access for terminated employees? A. Human resources B. Legal C. Help desk D. Information security
Correct Answer: A Explanation/Reference:
When considering whether to adopt a new information security framework, an organization's information security manager should FIRST: A. compare the framework with the current business strategy B. perform a technical feasibility analysis C. perform a financial viability study D. analyze the framework's legal implications and business impact
Correct Answer: A Explanation/Reference:
When defining responsibilities with a cloud computing vendor, which of the following should be regarded as a shared responsibility between user and provider? A. Data ownership B. Access log review C. Application logging D. Incident response
Correct Answer: C Explanation/Reference:
Which of the following analyses will BEST identify the external influences to an organization's information security? A. Gap analysis B. Business impact analysis C. Threat analysis D. Vulnerability analysis.
Correct Answer: C Explanation/Reference:
Which of the following is a potential indicator of inappropriate Internet use by staff? A. Increased help desk calls for password resets B. Reduced number of pings on firewalls C. Increased reports of slow system performance D. Increased number of weakness from vulnerability scans
Correct Answer: A Explanation/Reference:
Which of the following is done PRIMARILY to address the integrity of information? A. Assignment of appropriate control permissions B. Implementation of an Internet security application C. Implementation of a duplex server system D. Encryption of email
Correct Answer: B Explanation/Reference:
Which of the following is the BEST approach when using sensitive customer data during the testing phase of a systems development project? A. Establish the test environment on a separate network. B. Sanitize customer data. C. Monitor the test environment for data loss. D. Implement equivalent controls to those on the source system.
Correct Answer: B Explanation/Reference:
Which of the following is the BEST defense against distributed denial of service (DDoS) attacks? A. Multiple and redundant paths B. Well-configured routers and firewalls C. Regular patching D. Intruder-detection lockout
Correct Answer: D Explanation/Reference:Reference https://resources.infosecinstitute.com/importance-effective-vpn-remote-access-policy/#gref
Which of the following is the GREATEST security threat when an organization allows remote access to a virtual private network (VPN)? A. Client logins are subject to replay attack B. Compromised VPN clients could impact the network C. Attackers could compromise the VPN gateway D. VPN traffic could be sniffed and captured
Correct Answer: D Explanation/Reference:
Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)? A. Return on investment B. Organizational culture C. Compliance requirements D. Criticality of information
Correct Answer: C Explanation/Reference:
Which of the following is the PRIMARY benefit of implementing a maturity model for information security management? A. Information security management costs will be optimized. B. Information security strategy will be in line with industry best practice. C. Gaps between current and desirable levels will be addressed. D. Staff awareness of information security compliance will be promoted.
Correct Answer: D Explanation/Reference:
Which of the following outsourced services has the GREATEST need for security monitoring? A. Enterprise infrastructure B. Application development C. Virtual private network (VPN) services D. Web site hosting
Correct Answer: A Explanation/Reference:
Which of the following provides the MOST comprehensive understanding of an organization's information security posture? A. Risk management metrics B. External audit findings C. Results of vulnerability assessments D. The organization's security incident trends
Correct Answer: A Explanation/Reference:
Which of the following will BEST help to proactively prevent the exploitation of vulnerabilities in operating system software? A. Patch management B. Threat management C. Intrusion detection system D. Anti-virus software
Correct Answer: D Explanation/Reference:
Which of the following would BEST assist an IS manager in gaining strategic support from executive management? A. Annual report of security incidents within the organization B. Research on trends in global information security breaches C. Rating of the organization's security, based on international standards D. Risk analysis specific to the organization