3 Months Free Update
3 Months Free Update
3 Months Free Update
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?
When analyzing and forecasting a capital expense budget what are not included?
When updating the security strategic planning document what two items must be included?
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?
Which of the following information may be found in table top exercises for incident response?
When managing the critical path of an IT security project, which of the following is MOST important?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
Risk appetite is typically determined by which of the following organizational functions?
Which of the following is the MOST important component of any change management process?
Which of the following best summarizes the primary goal of a security program?
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?
Which of the following methodologies references the recommended industry standard that Information security project managers should follow?
Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?
As the CISO for your company you are accountable for the protection of information resources commensurate with:
In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
Security related breaches are assessed and contained through which of the following?
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
What is a key policy that should be part of the information security plan?
A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:
A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information required?
When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?
When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)
Which of the following statements about Encapsulating Security Payload (ESP) is true?
Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?
Which of the following best describes the sensors designed to project and detect a light beam across an area?
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?
The success of the Chief Information Security Officer is MOST dependent upon:
In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?
The alerting, monitoring and life-cycle management of security related events is typically handled by the
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
Credit card information, medical data, and government records are all examples of:
Quantitative Risk Assessments have the following advantages over qualitative risk assessments:
At which point should the identity access management team be notified of the termination of an employee?
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?
When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?
You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?
To have accurate and effective information security policies how often should the CISO review the organization policies?
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of: