CIS 425 Domain 1

Ace your homework & exams now with Quizwiz!

S1-93 Which of the following choices would BEST align information security objectives to business objectives?

A business balanced scorecard

S1-125 It is MOST importation security architecture be aligned with which of the following

Business goals and objectives

S1-24 Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

Chief operating officer

S1-74 Which of the following BEST contributes to the development of an information security governance framework that supports the maturity model concept?

Continuous analysis monitoring and feedback

S1-192 Which of the following elements are the MOST essential to develop an information security strategy?

Current state and objectives

S1-146 Which of the following will require the MOST effort when supporting an operational information security program?

Reviewing and modifying procedures

S1-144 Which of the following factors is MOST important for the successful implementation of an organization's information security program?

Senior management support

S1-59 To justify its ongoing information security budget, which of the following would be of MOST use to the information security department?

Cost-benefit analysis

S1-22 Which creating an effective data-protection strategy, the information security manager must understand the flow of data and its protection at various stages. This is BEST achieved with:

a tailored methodology based on exposure

S1-41 Information security policy enforcement is the responsibility of the:

chief information security officer

S1-55 In order to highlight to management the importance of integrating information security in the business process, a newly hired information security officer should FIRST:

conduct a risk assessment

S1-42 An information security manager at a global organization has to ensure that the local information security program will initially be in compliance with the:

data privacy policy where data are collected

S1-135 Serious security incident typically lead to renewal focus on information security by management. To BEST use this attention, the information security manager should make the case to:

improving integration of business and information security processes

S1-75 The MOST complete business case for security solution is one that:

includes appropriate justification

S1-6 What is the MOST essential attribute of an effective key risk indicator (KRI)? The KRI:

is predictive of a risk event

S1-37 From an information security manager perspective, what is an immediate benefit of clearly defined roles and responsibilities?

Better accountability

S1-9 Which of the following is characteristic of centralized information security management?

Better adherence to policies

S1-38 Which of the following roles is responsible for legal and regulatory liability?

Board of directors and senior management

S1-58 Which of the following should an information security manager PRIMARILY use when proposing the implementation of security solution?

Business case

S1-157 Which of the following is the MOST important consideration for a control policy?

Life safety

S1-179 Which of the following would be BEST indicator that an organization has good governance?

Maturity level

S1-89 A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk. Which of the following would be the BEST approach of the information security manager?

Review of the risk assessment with executive management for final input

S1-45 Because goals define the strategic direction of the organization. Functional goals define the tactical direction of a business function. Security goals define the security direction of the organization. What is the MOST important relationship between these concepts?

Security goals should be derived from business goals

S1-14 Which of the following is MOST appropriate for inclusion in an information security strategy?

Security processes, methods, tools and techniques

S1-30 Which of the following is the MOST important factor when designing information security architecture?

Stakeholder requirements

S1-196 Which of the following challenges associated with information security documentation is MOST likely to affect a large established organization?

Standards change more slowly than the environment

S1-116 Who can BEST approve plans to implement an information security governance framework?

Steering committee

S1-184 What should be the PRIMARILY basis of a road map for implementing information security governance:

Strategy

S1-17 Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?

The data center manager has final sign-off on all security projects

S1-174 An organization has decided to implement governance, risk and compliance processes into several critical areas of the enterprise. Which of the following objectives is the MAIN one?

To improve risk managementterm-10

S1-187 Responsibility for information security and related activities involves multiple departments.

To mitigate the tendency for security gaps to exist between assurance functions

S1-159 Which of the following indicators is MOST likely to be of strategic value?

Trends in incident frequency

S1-191 Which of the following tasks should be information security management undertake FIRST while creating the information security strategy of the organization?

Understand the IT service portfolio

S1-96 An organization that appoints a chief information security officer:

acknowledges a commitment to legal responsibility for information security

S1-163 Which of the following BEST supports continuous improvement of the risk management process?

adoption of a maturity model

S1-128 New regulatory and legal compliance requirements that will have an effect on information security will MOST likely come from the:

affected department

S1-33 When an information security manager is developing a strategic plan for information security, the time line for the plan should be:

aligned with the business strategy

S1-3 The MOST appropriate role for senior management in supporting information security is the:

approval of policy statements and funding

S1-92 Information security should:

balance technical and business requirements

S1-119 The corporate information security policy should:

be straightforward and easy to understand

S1-84 The data access requirements for an application should be determined by the:

business owner

S1-47 The PRIMARY concern of an information security manager documenting a formal data retention policy is:

business requirements

S1-5 Information security governance is PRIMARILY driven by:

business strategy

S1-131 The FIRST step in developing a business case is to:

define the issues to be addressed

S1-134 The MOST important requirement for gaining management commitment to the information security program is to:

demonstrate support for desired outcomes

S1-78 An enterprise has been recently subject to a series of denial-of-service attacks due to a weakness in security. The information security manager needs to present a business case for increasing the investment in security. The MOST significant challenge in obtaining approval from senior management for the proposal is:

demonstrating value and benefits

S1-68 Obtaining senior management support for establishing a warm site can BEST be accomplished by:

developing a business case

S1-8 Determining which element of the confidentiality. integrity and availability (CIA) traid is MOST important is a necessary task when

developing a controls policy

S1-57 The FIRST step in developing an information security management program is to:

establish the need for creating the program

S1-31 An information security manager receives a report showing an increase in the number of security events. The MOST likely explanation is:

exploitation of vulnerability in the information system

S1-183 The purpose of an informative security strategy is to:

express the goals of an information security program and the plan to achieve them

S1-154 The MOST important basis for developing a business case is the:

feasibility and value proposition

S1-25 The MOST important element(s) to consider when developing a business case for a project is the:

feasibility and value proposition

S1-164 Which of the following is MOST important in the development of information security policies?

gathering stakeholder requirements

S1-133 A regulatory authority has just introduced a new regulation pertaining to the release of quarterly financial results. The FIRST task that the security officer should perform is to:

identify whether current controls are adequate

S1-101 The formal declaration of organizational information security goals and objectives should be found in the

information security policy

S1-72 Achieving compliance with a particular information security standard selected by management would BEST be described as a:

key performance indicator

S1-197 An information security manager if PRIMARILY responsible for:

managing the risk to the information infrastructure

S1-28 Senior management commitment and support for information security can BEST be enhanced through:

periodic review of alignment with business management goals

S1-107 Maturity levels are an agreement to determine the extent that sound practices have been implemented in an organization based on outcomes. Another approach that been developed to achieve essentially the same result is:

process performance and capabilities

S1-85 The PRIMARY purpose of an information security program is to:

provide protection to information assets consistent with business strategy and objectives

S1-108 The PRIMARY objective for information security program development should be:

reducing the impact of risk on the business

S1-114 Strategic alignment is PRIMARILY achieved when services provided by the information security department:

reflect the requirements of key business stakeholders

S1-147 A newly hired information security manager notes that existing information security practices and procedure appear ad hoc. Based on this observation, the next action should be to:

review the corporate standards

S1-175 The acceptable limits defined by organizational standards are PRIMARILY determined by:

risk appetite

S1-26 Acceptable levels of information security risk determined by:

the steering committee

S1-10 Successful implementation of information security governance will FIRST require:

updated security policies

S1-86 Effective governance of enterprise security is BEST ensured by:

using a top-down approach

S1-106 Which of the following is the MOST effective approach to identify events that may affect information security across a large multinational enterprise?

Develop communication channels throughout the enterprise

S1-188 An information security manager wants to implement a security information and event management (SIEM) system not funded in the current budget. Which of the following choices is MOST likely to persuade management of this need?

A well-developed business case

S1-76 Which of the following choices is a necessary attribute of an effective information security governance framework?

An organizational structure with minimal conflicts of interest, with sufficient resources and defined responsibilities

S1-32 Which of the following is the MOST appropriate task for a chief information security officer to perform?

Develop an information security strategy

S1-182 Which of the following choices is MOST likely to ensure that responsibilities are carried out?

Assigned accountability

S1-70 There is a concern that lack of detail in the recovery plan may prevent an organization from meeting its required time objectives when a security incident strikes. Which of the following is MOST likely to ensure the recovery time objectives would be met?

Delegation of authority in recovery execution

S1-193 Requirements for an information security program should be based PRIMARILY on which of the following choices?

Desired outcomes

S1-181 An organization has decided to implement bring your own device (BYOD) for laptops and mobile phones. What should the information security manger focus on FIRST?

Determining an information security strategy for BYOD

S1-122 Which of the following is the MOST important consideration when developing an information security strategy?

Effectiveness of risk mitigation

S1-151 Which of the following is the MOST important outcome of an information security strategy?

Ensuring that residual risk is at an acceptable level

S1-110 Which of the following is the MOST important objective of an information security strategy review?

Ensuring the information security strategy is aligned with organizational goals

S1-16 Which of the following roles would represent a conflict of interest for an information security manager?

Final approval of information security policies

S1-19 Which of the following is MOST likely to be discretionary?

Guidelines

S1-194 Which of the following choices is the BEST indication that the information security manager is achieving the objective of value delivery?

Having a high resource utilization

S1-160 Which of the following is the MOST cost-effective approach to achieve strategic alignment?

Periodically survey management

S1-64 Which of the following choices is the MOST likely cause of significant inconsistencies in system configuration?

Inadequate governance

S1-71 Which of the following is the BEST justification to convince management to invest in an information security program?

Increased business value

S1-21 Which of the following are seldom changed in responses to technological changes?

Policies

S1-94 What is the MAIN risk when there is no user management representation on the information security steering committee?

Information security plans are not aligned with business requirements

S1-158 Senior management has expressed some concern about the effectiveness of the information security program. What can the information security manager do to gain the support of senior management for the program?

Interview senior management to address their concerns with the program

S1-97 The director of auditing has a recommended a specific information security monitoring solution to the information security manager. What should be information security manger do FIRST?

Perform an assessment to determine correlation with business goals and objectives

S1-36 Which of the following would BEST prepare an information security manager for regulatory reviews?

Perform self-assessments using regulatory guidelines and reports

S1-123 Which of the following is the MOST effective way to measure strategic alignment of an information security program?

Survey business stakeholders

S1-142 Which of the following is the PRIMARY reason to change policies during program development?

The policies no longer reflect management intent and direction

S1-100 Which of the following metrics will provide the BEST indication of organizational risk?

The extent of unplanned business interruptions

S1-173 What is the MOST important consideration when developing a business case for an information security investment?

The implementation benefits

S1-161 Which of the following is PRIMARILY related to the emergence of governance, risk and compliance?

The integration of assurance-related activities

S1-12 Which of the following factors is the MOST significant in determining an organization's risk appetite?

The organizational culture

S1-176 What is the MOST likely reason that an organizational policy can be eliminated?

There is no credible threat

S1-195 Which of the following internal or external influences on an organization is the MOST difficult to estimate?

Threat landscape


Related study sets

MIST 5775 Quiz 1: Fundamental CTI Concepts

View Set

Complete IELTS Bands 6.5-7.5, Unit 1 Word List

View Set

Past Tests Questions: Final review

View Set

Macroeconomics exam 2 study guide

View Set

LSB 3213 Chapter 33: Agency Liability and Termination

View Set

Point of View and Purpose in Informational Texts

View Set