Abnormal server communication from inside the organization to external parties may be monitored to

Which of the following is the PRIMARY objective of defining a severity hierarchy for security incidents?

A. To prioritize available incident response resources

B. To streamline the risk analysis process

C. To facilitate root cause analysis of incidents

D. To facilitate the classification of an organization's IT assets

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the system?

A. Remove all signs of the intrusion from the OS and application.

B. Restore the application and data from a forensic copy.

C. Restore the OS, patches, and application from a backup.

D. Install the OS, patches, and application from the original source.

Which of the following is the BEST justification for making a revision to a password policy?

A. Audit recommendation

B. Vendor recommendation

C. Industry best practice

D. A risk assessment

When supporting an organization's privacy officer, which of the following is the information security manager's PRIMARY role regarding privacy requirements?

A. Monitoring the transfer of private data

B. Determining data classification

C. Conducting privacy awareness programs

D. Ensuring appropriate controls are in place

Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?

A. The URL of the 6-commerce server

B. The browser's indication of SSL use

C. The IP address of the e-commerce server

D. The certificate of the e-commerce server

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify, What is the BEST way to help ensure similar incidents are identified more quickly in the future?

A. Establish performance metrics for the team.

B. Perform a threat analysis.

C. Perform a post-incident review.

D. Implement a SIEM solution.

Of the following, who should the security manager consult FIRST when determining the severity level of a security incident involving a third-party vendor?

A. Business partners

B. Risk manager

C. Business process owners

D. IT process owners

When determining an acceptable risk level, which of the following is the MOST important consideration?

A. System criticalities

B. Threat profiles

C. Risk matrices

D. Vulnerability scores

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

A. Maximum tolerable outage (MTO)

B. Recovery time objective (RTO)

C. Available annual budget

D. Cost-benefit analysis of mitigating controls

Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?

A. Percentage of outstanding high-risk audit issues

B. Number of successful disaster recovery tests

C. Frequency of updates to system software

D. Number of incidents resulting in disruptions

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A. Non-standard event logs

B. Access to the hardware

C. Compressed customer data

D. Data encryption

When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?

A. Threat metrics

B. Audit reports

C. Access logs

D. Access lists

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

A. IT strategy

B. Risk mitigation strategy

C. Security 'strategy

D. Recovery strategy

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

A. Restrict application network access temporarily.

B. Consult with the business owner.

C. Include security requirements in the contract.

D. Update the risk register.

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

A. Monitor the effectiveness of controls.

B. Review the risk probability and impact.

C. Update the risk assessment framework.

D. Review the inherent risk level.

Which of the following processes can be used to remediate identified technical vulnerabilities?

A. Conducting a risk assessment

B. Enforcing baseline configurations

C. Performing penetration testing

D. Updating the business impact analysis (BIA)

Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

A. Regular reporting to senior management

B. Automation of security controls

C. Well-documented security policies and procedures

D. Supportive tone at the top regarding security

Which of the following should be the PRIMARY outcome of an information security program?

A. Threat reduction

B. Strategic alignment

C. Risk elimination

D. Cost reduction

In a multinational organization, local security regulations should be implemented over global security policy because:

A. deploying awareness of local regulations is more practical than of global policy

B. business objectives are defined by local business unit managers.

C. global security policies include unnecessary controls for local businesses.

D. requirements of local regulations take precedence

Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

A. Balanced scorecard

B. Benchmarking

C. Risk matrix

D. Heat map

Which of the following should be determined FIRST when preparing a risk communication plan?

A. Target audience

B. Communication channel

C. Reporting frequency

D. Reporting content

Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?

A. To justify information security program activities

B. To ensure that the mitigation effort does not exceed the asset value

C. To ensure that benefits are aligned with business strategies

D. To present a realistic information security budget

Which of the following would BEST help an organization's ability to manage advanced persistent threats (APT)?

A. Having network detection tools in place

B. Increasing the information security budget

C. Having a skilled information security team

D. Using multiple security vendors

A n employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

A. Initiate a device reset.

B. Initiate incident response.

C. Conduct a risk assessment.

D. Disable remote access.

Which of the following is the BEST way to strengthen the alignment of an information security program with business strategy?

A. Providing organizational training on information security policies

B. Increasing the frequency of control assessments

C. Establishing an information security steering committee

D. Increasing budget for risk assessments

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

A. Demonstrated return on security investment

B. Reduction in inherent risk

C. Review of security metrics trends

D. Results of an emerging threat analysis

Which of the following is the MAJOR advantage of conducting a post-incident review? The review:

A. provides continuous process improvement.

B. facilitates reporting on actions taken during the incident process.

C. helps identify current and desired level of risk.

D. helps develop business cases for security monitoring tools.