NEW QUESTION 1

Which of the following information may be found in table top exercises for incident response?

• A. Security budget augmentation
• B. Process improvements
• C. Real-time to remediate
• D. Security control selection

Answer: B

NEW QUESTION 2

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

• A. Identify threats, risks, impacts and vulnerabilities
• B. Decide how to manage risk
• C. Define the budget of the Information Security Management System
• D. Define Information Security Policy

Answer: D

NEW QUESTION 3

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

• A. International Organization for Standardizations – 27004 (ISO-27004)
• B. Payment Card Industry Data Security Standards (PCI-DSS)
• C. Control Objectives for Information Technology (COBIT)
• D. International Organization for Standardizations – 27005 (ISO-27005)

Answer: A

NEW QUESTION 4

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

• A. It allows executives to more effectively monitor IT implementation costs
• B. Implementation of it eases an organization’s auditing and compliance burden
• C. Information Security (IS) procedures often require augmentation with other standards
• D. It provides for a consistent and repeatable staffing model for technology organizations

Answer: B

NEW QUESTION 5

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

• A. The need to change accounting periods on a regular basis.
• B. The requirement to post entries for a closed accounting period.
• C. The need to create and modify the chart of accounts and its allocations.
• D. The lack of policies and procedures for the proper segregation of duties.

Answer: D

NEW QUESTION 6

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

• A. Poses a strong technical background
• B. Understand all regulations affecting the organization
• C. Understand the business goals of the organization
• D. Poses a strong auditing background

Answer: C

NEW QUESTION 7

A method to transfer risk is to:

• A. Implement redundancy
• B. move operations to another region
• C. purchase breach insurance
• D. Alignment with business operations

Answer: C

NEW QUESTION 8

What is the BEST reason for having a formal request for proposal process?

• A. Creates a timeline for purchasing and budgeting
• B. Allows small companies to compete with larger companies
• C. Clearly identifies risks and benefits before funding is spent
• D. Informs suppliers a company is going to make a purchase

Answer: C

NEW QUESTION 9

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

• A. The CISO does not report directly to the CEO of the organization
• B. The CISO reports to the IT organization
• C. The CISO has not implemented a policy management framework
• D. The CISO has not implemented a security awareness program

Answer: B

NEW QUESTION 10

Risk is defined as:

• A. Threat times vulnerability divided by control
• B. Advisory plus capability plus vulnerability
• C. Asset loss times likelihood of event
• D. Quantitative plus qualitative impact

Answer: A

NEW QUESTION 11

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

• A. Trusted and untrusted networks
• B. Type of authentication
• C. Storage encryption
• D. Log retention

Answer: A

NEW QUESTION 12

Who in the organization determines access to information?

• A. Legal department
• B. Compliance officer
• C. Data Owner
• D. Information security officer

Answer: C

NEW QUESTION 13

At which point should the identity access management team be notified of the termination of an employee?

• A. At the end of the day once the employee is off site
• B. During the monthly review cycle
• C. Immediately so the employee account(s) can be disabled
• D. Before an audit

Answer: C

NEW QUESTION 14

How often should an environment be monitored for cyber threats, risks, and exposures?

• A. Weekly
• B. Monthly
• C. Quarterly
• D. Daily

Answer: D

NEW QUESTION 15

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
Which group of people should be consulted when developing your security program?

• A. Peers
• B. End Users
• C. Executive Management
• D. All of the above

Answer: :D

NEW QUESTION 16

Information security policies should be reviewed:

• A. by stakeholders at least annually
• B. by the CISO when new systems are brought online
• C. by the Incident Response team after an audit
• D. by internal audit semiannually

Answer: A

NEW QUESTION 17
......