CISM SET 8
713. Which of the following is the MOST critical factor for information security program success? A. A comprehensive risk assessment program for information security B. The information security manager's knowledge of the business C. Ongoing audits and addressing open items D. Security staff with appropriate training and adequate resources
A. A comprehensive risk assessment program for information security
752. What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes? A. Access is granted based on task requirements. B. Information assets are classified appropriately. C. Security staff turnover is reduced. D. Security incident reporting procedures are followed.
A. Access is granted based on task requirements
797. Which of the following BEST indicates that information assets are classified accurately? A. An accurate and complete information asset catalog B. Appropriate assignment of information asset owners C. Appropriate prioritization of information risk treatment D. Increased compliance with information security policy
A. An accurate and complete information asset catalog
774. When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates? A. Business process owner B. Business continuity coordinator C. Information security manager D. Senior management
A. Business process owner
706. Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident? A. Capability to take a snapshot of virtual machines B. Capability of online virtual machine analysis C. Availability of web application firewall logs D. Availability of current infrastructure documentation
A. Capability to take a snapshot of virtual machines
791. Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations? A. Containment B. Identification C. Preparation D. Recovery
A. Containment
724. During which of the following phases should an incident response team document actions required to remove the threat that caused the incident? A. Eradication B. Identification C. Containment D. Post-incident review
A. Eradication
726. An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take? A. Evaluate the information security laws that apply to the acquired company B. Apply the existing information security program to the acquired company C. Merge the two existing information security programs D. Determine which country's information security regulations will be used
A. Evaluate the information security laws that apply to the acquired company
738. Which of the following will provide the MOST guidance when deciding the level of protection for an information asset? A. Impact on information security program B. Cost of controls C. Impact to business function D. Cost to replace
A. Impact on information security program
765. Which of the following is an example of risk mitigation? A. Improving security controls B. Discontinuing the activity associated with the risk C. Performing a cost-benefit analysis D. Purchasing insurance
A. Improving security controls
786. An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns? A. Integrate information security risk assessments into the procurement process. B. Invite IT members into regular procurement team meetings to influence best practice. C. Enforce the right to audit in procurement contracts with SaaS vendors. D. Provide regular information security training to the procurement team.
A. Integrate information security risk assessments into the procurement process.
781. IT projects have gone over budget with too many security controls being added post- production. Which of the following would MOST help to ensure that relevant to a project? A. Involving information security at each stage of project management B. Creating a data classification framework and providing it to stakeholders C. Identifying responsibilities during the project business case analysis D. Providing stakeholders with minimum information security requirements
A. Involving information security at each stage of project management
788. Which of the following is MOST effective for communicating forward-looking trends within security reporting? A. Key risk indicators (KRIs) B. Key performance indicators (KPIs) C. Key control indicators (KCIs) D. Key goal indicators (KGIs)
A. Key risk indicators (KRIs)
715. Which of the following is the MOST important consideration when establishing an organization's information security governance committee? A. Members represent functions across the organization B. Members have knowledge of information security controls C. Members are rotated periodically D. Members are business risk owners
A. Members represent functions across the organization
731. Which of the following is the BEST way to rigorously test a disaster recovery plan (DRP) for a mission-critical system without disrupting business operations? A. Parallel testing B. Simulation testing C. Checklist review D. Structured walk-through
A. Parallel testing
736. An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance? A. Perform a gap analysis. B. Consult with senior management on the best course of action. C. Implement a program of work to comply with the new legislation. D. Understand the cost of noncompliance.
A. Perform a gap analysis
751. Due to changes in an organizations environment, security controls may no longer be adequate. What is the information security managers BEST course of action? A. Perform a new risk assessment. B. Review the previous risk assessment and countermeasures. C. Transfer the new risk to a third party. D. Evaluate countermeasures to mitigate new risks.
A. Perform a new risk assessment
737. An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST? A. Perform a risk assessment on the new technology. B. Obtain legal counsels opinion on the standard's applicability to regulations. C. Determine whether the organization can benefit from adopting the new standard. D. Review industry specialists analyses of the new standard.
A. Perform a risk assessment on the new technology
701. An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors? A. Perform security code reviews on the entire application B. Scan the entire application using a vulnerability scanning tool C. Monitor Internet traffic for sensitive information leakage D. Run the application from a high-privileged account on a test system
A. Perform security code reviews on the entire application
733. Which of the following BEST facilitates an information security managers efforts to obtain senior management commitment for an information security program? A. Presenting evidence of inherent risk B. Reporting the security maturity level C. Presenting compliance requirements D. Communicating the residual risk
A. Presenting evidence of inherent risk
758. Which of the following is MOST likely to be impacted when emerging technologies are introduced to an organization? A. Risk profile B. Security policies C. Control effectiveness D. Risk assessment approach
A. Risk profile
772. An incident response team has been assembled from a group of experienced individuals. Which type of exercise would be MOST beneficial for the team at the first drill? A. Tabletop exercise B. Red team exercise C. Disaster recovery exercise D. Black box penetration test
A. Tabletop exercise
754. Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security? A. To alert on unacceptable risk B. To identity residual risk C. To reassess risk appetite D. To benchmark control performance
A. To alert on unacceptable risk
742. Which of the following is the MOST important reason to implement information security governance? A. To align the security strategy with the organizations strategy B. To monitor the performance of information security resources C. To monitor the achievement of business goals and objectives D. To provide adequate resources to achieve business goals
A. To align the security strategy with the organizations strategy
705. In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability. Before relying on this certification, it is MOST important that the information security manager confirms that the: A. certification scope is relevant to the service being offered B. certification will remain current through the life of the contract C. current international standard was used to assess security processes D. certification can be extended to cover the client's business
A. certification scope is relevant to the service being offered
716. An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is MOST important for the security manager to: A. follow the incident response plan B. follow the business continuity plan (BCP) C. conduct an incident forensic analysis D. notify the business process owner
A. follow the incident response plan
714. Which of the following events would MOST likely require a revision to the information security program? A. A change in IT management B. A merger with another organization C. A significant increase in reported incidents D. An increase in industry threat level
B. A merger with another organization
779. While classifying information assets, an information security manager notices that several production databases do not have owners assigned to them. What the information security manager address this situation? A. Assign the highest classification level to those databases. B. Assign responsibility to the database administrator (DBA). C. Prepare a report of the databases for senior management. D. Review the databases for sensitive content.
B. Assign responsibility to the database administrator (DBA)
722. Which of the following will BEST enable an effective information asset classification process? A. Reviewing the recovery time objective (RTO) requirements of the asset B. Assigning ownership C. Including security requirements in the classification process D. Analyzing audit findings
B. Assigning ownership
787. Which of the following should be the KEY consideration when creating an information security communication plan with industry peers? A. Reducing the costs associated with information sharing by automating the process B. Balancing the benefits of information sharing with the drawbacks of sharing sensitive information C. Notifying the legal department whenever incident-related information is shared D. Ensuring information is detailed enough to be of use to other organizations
B. Balancing the benefits of information sharing with the drawbacks of sharing sensitive information
773. In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action? A. Revise the policy. B. Conduct a risk assessment. C. Communicate the acceptable use policy. D. Perform a root cause analysis.
B. Conduct a risk assessment
764. Which of the following is a PRIMARY benefit of managed security solutions? A. Easier implementation across an organization B. Greater ability to focus on core business operations C. Wider range of capabilities D. Lower cost of operations
B. Greater ability to focus on core business operations
795. Which of the following activities is designed to handle a control failure that leads to a breach? A. Vulnerability management B. Incident management C. Root cause analysis D. Risk assessment
B. Incident management
769. Which of the following would BEST ensure that security is integrated during application development? A. Performing application security testing during acceptance testing B. Introducing security requirements during the initiation phase C. Employing global security standards during development processes D. Providing training on secure development practices to programmers
B. Introducing security requirements during the initiation phase
734. Which of the following is PRIMARILY determined by asset classification? A. Priority for asset replacement B. Level of protection required for assets C. Replacement cost of assets D. Insurance coverage required for assets
B. Level of protection required for assets
780. An organizations research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation? A. Accept the risk, as the benefits exceed the potential consequences. B. Mitigate the risk by applying anonymization on the data set. C. Transfer the risk by purchasing insurance. D. Mitigate the risk by encrypting the customer names in the data set.
B. Mitigate the risk by applying anonymization on the data set
727. An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency? A. Require disaster recovery documentation be stored with all key decision makers B. Provide annual disaster recovery training to appropriate staff C. Maintain an outsourced contact center in another country D. Store disaster recovery documentation in a public cloud
B. Provide annual disaster recovery training to appropriate staff
746. Which of the following desired outcomes BEST supports a decision to invest in a new security initiative? A. Enhanced security monitoring and reporting B. Reduction of organizational risk C. Reduced control complexity D. Enhanced threat detection capability
B. Reduction of organizational risk
725. A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure? A. Wipe the device remotely B. Remove user's access to corporate data C. Prevent the user from using personal mobile devices D. Report the incident to the police
B. Remove user's access to corporate data
712. Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification? A. Delegate the management of access permissions to an independent third party B. Review access permissions annually or whenever job responsibilities change C. Lock out accounts after a set number of unsuccessful login attempts D. Enable multi-factor authentication on user and admin accounts
B. Review access permissions annually or whenever job responsibilities change
748. Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place? A. Security policy B. Risk management framework C. Security standards D. Risk appetite
B. Risk management framework
785. Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program? A. Security incident details B. Security metrics C. Security risk exposure D. Security baselines
B. Security metrics
709. Which of the following is the BEST evidence of alignment between corporate and information security governance? A. Security key performance indicators (KPIs) B. Senior management sponsorship C. Regular security policy reviews D. Project resource optimization
B. Senior management sponsorship
745. An information security manager has contracted with a company to design security architecture for an application. Which of the following is accountable for identification associated with this initiative? A. The project steering committee B. The information security manager C. The infrastructure management team D. The application development team
B. The information security manager
759. An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated risk? A. The data owner B. The information security manager C. The security engineer D. The application owner
B. The information security manager
702. When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration? A. The vendor must be able to amend data B. The vendor must agree to the organization's information security policy C. Data is encrypted in transit and at rest at the vendor site D. Data is subject to regular access log review
B. The vendor must agree to the organization's information security policy
750. Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process? A. To facilitate a qualitative risk assessment following the BIA B. To obtain input from as many relevant stakeholders as possible C. To ensure the stakeholders providing input own the related risk D. To increase awareness of information security among key stakeholders
B. To obtain input from as many relevant stakeholders as possible
703. When investigating an information security incident details of the incident should be shared: A. widely to demonstrate positive intent B. only as needed C. only with management D. only with internal audit
B. only as needed
790. Network isolation techniques are immediately implemented after a security breach to. A. allow time for key stakeholder decision making. B. reduce the extent of further damage. C. enforce zero trust architecture principles. D. preserve evidence as required for forensics.
B. reduce the extent of further damage.
739. Which of the following BEST demonstrates return on investment (ROI) for an information security initiative? A. Risk heat map B. Business impact analysis (BIA) C. Business case D. Information security program roadmap
C. Business case
760. Which of the following is the MOST important criterion when deciding whether to accept residual risk? A. Cost of replacing the asset B. Annual loss expectancy (ALE) C. Cost of additional mitigation D. Annual rate of occurrence
C. Cost of additional mitigation
755. Which of the following is the BEST indicator of an emerging incident? A. A weakness identified within an organization's information systems B. Attempted patching of systems resulting in errors C. Customer complaints about lack of website availability D. A recent security incident at an industry competitor
C. Customer complaints about lack of website availability
800. Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan? A. Minimum regulatory requirements are maintained. B. The contact list regularly updated. C. Each process is assigned to a responsible party. D. Senior management approval has been documented.
C. Each process is assigned to a responsible party
744. Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program? A. Implement a mobile device policy and standard. B. Provide employee training on secure mobile device practices. C. Implement a mobile device management (MDM) solution. D. Require employees to install an effective anti-malware app.
C. Implement a mobile device management (MDM) solution
728. Which of the following is a desired outcome of information security governance? A. Penetration test B. A maturity model C. Improved risk management D. Business agility
C. Improved risk management
740. Which of the following is BEST suited to provide regular reporting to the board regarding the status of compliance to a global security standard? A. Legal counsel B. Quality assurance (QA) C. Information security D. Internal audit
C. Information security
735. Which of the following is MOST helpful for aligning security operations with the IT governance framework? A. Business impact analysis (BIA) B. Security operations program C. Information security policy D. Security risk assessment
C. Information security policy
792. An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action? A. Isolate the affected systems. B. Conduct an impact assessment. C. Initiate incident response. D. Rebuild the affected systems.
C. Initiate incident response
768. Which of the following is the BEST method to align an information security strategic plan to the corporate strategy? A. Ensuring the plan complies with business unit expectations B. Involving industry experts in the development of the plan C. Involving senior management in the development of the plan D. Obtaining adequate funds from senior management
C. Involving senior management in the development of the plan
717. Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack? A. Purchase cyber insurance B. Encrypt sensitive production data C. Maintain multiple offline backups D. Perform integrity checks on backups
C. Maintain multiple offline backups
711. Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals? A. Regulatory requirements B. Compliance acceptance C. Management support D. Budgetary approval
C. Management support
778. Which of the following is the GREATEST benefit of information asset classification? A. Supporting segregation of duties B. Defining resource ownership C. Providing a basis for implementing a need-to-know policy D. Helping to determine the recovery point objective (RPO)
C. Providing a basis for implementing a need-to-know policy
789. An organization recently purchased data loss prevention (DLP) software but soon discovered the software fails to detect or prevent data loss. Which of the following should the information security manager do FIRST? A. Revise the data classification policy. B. Review the contract. C. Review the configuration D. Implement stricter data loss controls.
C. Review the configuration
777. Which of the following is the MOST important detail to capture in an organization's risk register? A. Risk acceptance criteria B. Risk severity level C. Risk ownership D. Risk appetite
C. Risk ownership
730. Which of the following BEST enables staff acceptance of information security policies? A. Adequate security funding B. A robust incident response program C. Strong senior management support D. Computer-based training
C. Strong senior management support
747. Which of the following is an information security managers MOST important consideration when exploring the use of a third-party provider to handle an IT function? A. The provider carries cyber insurance to cover security breaches. B. The provider agrees to provide historical security incident data. C. The providers security processes align with the organizations. D. The provider has undergone an independent security review.
C. The providers security processes align with the organizations
719. An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action? A. Conduct an information security audit B. Perform a gap analysis C. Validate the relevance of the information D. Inform senior management
C. Validate the relevance of the information
798. Reevaluation of risk is MOST critical when there is: A. a management request for updated security reports. B. resistance to the implementation of mitigating controls. C. a change in the threat landscape. D. a change in security policy.
C. a change in the threat landscape
775. A PRIMARY purpose of creating security policies is to: A. implement management's security governance strategy. B. establish the way security tasks should be executed. C. communicate management's security expectations. D. define allowable security boundaries.
C. communicate management's security expectations
776. The MAIN benefit of implementing a data loss prevention (DLP) solution is to: A. enhance the organization's antivirus controls. B. reduce the need for a security awareness program. C. complement the organization's detective controls. D. eliminate the risk of data loss.
C. complement the organization's detective controls
729. When designing an information security risk monitoring framework, it is MOST important to ensure: A. preservation of forensic evidence is enabled B. the monitoring system is patched regularly C. feedback is communicated to stakeholders D. outlier events are escalated to system administrators
C. feedback is communicated to stakeholders
757. When developing a categorization method for security incidents, the categories MUST: A. be created by the incident hander. B. align with reporting requirements. C. have agreed-upon definitions. D. align with industry standards.
C. have agreed-upon definitions.
783. Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner? A. Establishing risk metrics B. Training on risk management procedures C. Reporting on documented deficiencies D. Assigning a risk owner
D. Assigning a risk owner
799. Which of the following BEST supports investments in an information security program? A. Business impact analysis (BIA) B. Risk assessment results C. Gap analysis results D. Business cases
D. Business cases
710. When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration? A. Key performance indicators (KPIs) B. Systems inventory C. Recovery procedures D. Business impact analysis (BIA) results
D. Business impact analysis (BIA) results
720. Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)? A. Internal compliance requirements are being met B. Regulatory requirements are being met C. Risk management objectives are being met D. Business needs are being met
D. Business needs are being met
707. Which of the following roles is BEST able to influence the security culture within an organization? A. Chief information security officer (CISO) B. Chief information officer (CIO) C. Chief operating officer (COO) D. Chief executive officer (CEO)
D. Chief executive officer (CEO)
793. Which of the following has the GREATEST positive impact on the ability to execute a disaster recovery plan (DRP)? A. Updating the plan periodically B. Conducting a walk-through of the plan C. Storing the plan at an offsite location D. Communicating the plan to all stakeholders.
D. Communicating the plan to all stakeholders
718. Which of the following risk scenarios is MOST likely to emerge from a supply chain attack? A. Unreliable delivery of hardware and software resources by a supplier B. Unavailability of services provided by a supplier C. Loss of customers due to unavailability of products D. Compromise of critical assets via third-party resources
D. Compromise of critical assets via third-party resources
763. A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization? A. Review customers security policies. B. Design single sign-on (SSO) or federated access. C. Develop access control requirements for each system and application. D. Conduct a risk assessment to determine security risks and mitigating controls.
D. Conduct a risk assessment to determine security risks and mitigating controls
767. Following a successful attack, an information security manager should be confident the malware has not continued to spread at the completion of which incident response phase? A. Recovery B. Eradication C. Identification D. Containment
D. Containment
753. When developing an asset classification program, which of the following steps should be completed FIRST? A. Implement a data loss prevention (DLP) system. B. Categorize each asset. C. Create a business case for a digital rights management tool. D. Create an inventory.
D. Create an inventory
741. Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure? A. Performing penetration tests against the network to demonstrate business vulnerability B. Highlighting competitor performance regarding network best security practices C. Presenting comparable security implementation estimates from several vendors D. Demonstrating that targeted security controls tie to business objectives
D. Demonstrating that targeted security controls tie to business objectives
784. An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST? A. Propose that IT update information security policies and procedures. B. Request that internal audit conduct a review of the policy development process. C. Conduct user awareness training within the IT function. D. Determine the risk related to noncompliance with the policy.
D. Determine the risk related to noncompliance with the policy
796. Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy? A. Processes and technology B. People and culture C. Regulations and standards D. Executive and board directives
D. Executive and board directives
708. Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization? A. Increase in the frequency of security incident escalations B. Reduction in the impact of security incidents C. Decrease in the number of security incidents D. Increase in the number of reported security incidents
D. Increase in the number of reported security incidents
723. An information security manager has been notified about a compromised endpoint device. Which of the following is the BEST course of action to prevent further damage? A. Run a virus scan on the endpoint device B. Wipe and reset the endpoint device C. Power off the endpoint device D. Isolate the endpoint device
D. Isolate the endpoint device
771. Which of the following should be the PRIMARY objective of the information security incident response process? A. Classifying incidents B. Conducting incident triage C. Communicating with internal and external parties D. Minimizing negative impact to critical operations
D. Minimizing negative impact to critical operations
766. Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met? A. Engaging external experts to provide guidance on changes in compliance requirements B. Assigning the operations manager accountability for meeting compliance requirements C. Embedding compliance requirements within operational processes D. Performing periodic audits for compliance with legal and regulatory requirements
D. Performing periodic audits for compliance with legal and regulatory requirements
761. An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager? A. Recommend a different application. B. Instruct IT to deploy controls based on urgent business needs. C. Solicit bids for compensating control products. D. Present a business case for additional controls to senior management.
D. Present a business case for additional controls to senior management
756. An organization has discovered a recurring problem with unsecure code being released into production. Which of the following is the information security manager action? A. Implement segregation of duties between development and production. B. Increase the frequency of penetration testing. C. Review existing configuration management processes. D. Review existing change management processes.
D. Review existing change management processes
732. An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action? A. Review the business units function against the policy B. Revise the policy to accommodate the business unit C. Report the business unit for policy noncompliance D. Enforce sanctions on the business unit
D. Review the business units function against the policy
770. Which of the following is MOST important in increasing the effectiveness of incident responders? A. Integrating staff with the IT department B. Testing response scenarios C. Communicating with the management team D. Reviewing the incident response plan annually
D. Reviewing the incident response plan annually
782. Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities? A. Integration of assurance efforts B. Automation of controls C. Documentation of control procedures D. Standardization of compliance requirements
D. Standardization of compliance requirements
762. When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management? A. The information security strategy B. Security investment trends in the industry C. Losses due to security incidents D. The results of a risk assessment
D. The results of a risk assessment
743. Which of the following is a PRIMARY objective of an information security governance framework? A. To provide the basis for action plans to achieve information security objectives organization- wide B. To achieve the desired information security state as defined by business unit management C. To align the relationships of stakeholders involved in developing and executing an information security strategy D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk
D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk
794. Which of the following is MOST important to include in monthly information security reports to the board? A. Root cause analysis of security incidents B. Threat intelligence C. Risk assessment results D. Trend analysis of security metrics
D. Trend analysis of security metrics
704. The PRIMARY advantage of involving end users in continuity planning is that they: A. can see the overall impact to the business B. are more objective than information security management C. can balance the technical and business risks D. have a better understanding of specific business needs
D. have a better understanding of specific business needs
749. When an organization decides to accept a risk, it should mean the cost to mitigate: A. exceeds budget allocation. B. is higher than the cost to transfer risk. C. is less than the residual risk. D. is greater than the residual risk.
D. is greater than the residual risk
721. The MOST important attribute of a security control is that it is: A. auditable B. measurable C. scalable D. reliable
D. reliable