Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?
#211
Answer: D✅ Correct❌ Incorrect
An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
#212
Answer: A✅ Correct❌ Incorrect
How does an organization's information security steering committee facilitate the achievement of information security program objectives?
#213
Answer: B✅ Correct❌ Incorrect
Which of the following is the BEST reason to consolidate security operations teams across a global organization?
#214
Answer: B✅ Correct❌ Incorrect
The business value of an information asset is derived from:
#215
Answer: C✅ Correct❌ Incorrect
Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?
#216
Answer: D✅ Correct❌ Incorrect
Which of the following is the PRIMARY purpose of implementing information security standards?
#217
Answer: D✅ Correct❌ Incorrect
Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?
#218
Answer: A✅ Correct❌ Incorrect
The MOST effective tools for responding to new and advanced attacks are those that detect attacks based on:
#219
Answer: A✅ Correct❌ Incorrect
When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:
#220
Answer: D✅ Correct❌ Incorrect
Which of the following is the PRIMARY benefit of implementing an information security governance framework?
#221
Answer: D✅ Correct❌ Incorrect
Which of the following is the BEST way to prevent insider threats?
#222
Answer: C✅ Correct❌ Incorrect
Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?
#223
Answer: D✅ Correct❌ Incorrect
An organization is conducting a post-incident review to determine the root cause of an information security incident. Which of the following situations would be
MOST harmful to this investigation?
#224
Answer: C✅ Correct❌ Incorrect
When building support for an information security program, which of the following elements is MOST important?
#225
Answer: D✅ Correct❌ Incorrect
An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager's FIRST step?
#226
Answer: B✅ Correct❌ Incorrect
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
#227
Answer: A✅ Correct❌ Incorrect
Which of the following should an information security manager do FIRST upon learning of a new ransomware targeting a particular line of business?
#228
Answer: C✅ Correct❌ Incorrect
Which of the following should be the PRIMARY objective when establishing a new information security program?
#229
Answer: C✅ Correct❌ Incorrect
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
#230
Answer: D✅ Correct❌ Incorrect
Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
#231
Answer: D✅ Correct❌ Incorrect
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
#232
Answer: D✅ Correct❌ Incorrect
Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?
#233
Answer: B✅ Correct❌ Incorrect
An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?
#234
Answer: A✅ Correct❌ Incorrect
Which of the following is the MOST important consideration when selecting members for an information security steering committee?
#235
Answer: D✅ Correct❌ Incorrect
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
#236
Answer: C✅ Correct❌ Incorrect
Which of the following has the GREATEST positive impact on the ability to execute a disaster recovery plan (DRP)?
#237
Answer: B✅ Correct❌ Incorrect
Which of the following is MOST important to include in monthly information security reports to the board?
#238
Answer: D✅ Correct❌ Incorrect
Which of the following activities is designed to handle a control failure that leads to a breach?
#239
Answer: B✅ Correct❌ Incorrect
Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?