3 Months Free Update
3 Months Free Update
3 Months Free Update
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:
During the last decade, what trend has caused the MOST serious issues in relation to physical security?
Where does bottom-up financial planning primarily gain information for creating budgets?
Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?
A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?
Which of the following information would MOST likely be reported at the board-level within an organization?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?
A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.
Which of the following international standards can be BEST used to define a Risk Management process in an organization?
What is the relationship between information protection and regulatory compliance?
The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:
When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?
Why is it vitally important that senior management endorse a security policy?
An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?
Which of the following are primary concerns for management with regard to assessing internal control objectives?
At which point should the identity access management team be notified of the termination of an employee?
Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
Security related breaches are assessed and contained through which of the following?
An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network
(WAN). Which of the following would BEST ensure network continuity?
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because
A missing/ineffective security control is identified. Which of the following should be the NEXT step?
Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?
Creating a secondary authentication process for network access would be an example of?
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?
Which of the following can the company implement in order to avoid this type of security issue in the future?
When managing the critical path of an IT security project, which of the following is MOST important?
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?
When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?
Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?
You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?
Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?