Join the discussion
Question 1/274
Which of the following has the GREATEST impact on the implementation of an information security governance model?
Correct Answer: B
Add Comments
- Other Question (274q)
- Q1. Which of the following has the GREATEST impact on the implementation of an information sec...
- Q2. Security related breaches are assessed and contained through which of the following?...
- Q3. You have purchased a new insurance policy as part of your risk strategy. Which of the foll...
- Q4. Scenario: As you begin to develop the program for your organization, you assess the corpor...
- Q5. You are just hired as the new CISO and are being briefed on all the Information Security p...
- Q6. Which of the following is the MOST effective way to measure the effectiveness of security ...
- Q7. Involvement of senior management is MOST important in the development of:...
- Q8. An organization licenses and uses personal information for business operations, and a serv...
- Q9. What should an organization do to ensure that they have a sound Business Continuity (BC) P...
- Q10. You are just hired as the new CISO and are being briefed on all the Information Security p...
- Q11. In effort to save your company money which of the following methods of training results in...
- Q12. As a new CISO at a large healthcare company you are told that everyone has to badge in to ...
- Q13. Which of the following is MOST important when dealing with an Information Security Steerin...
- Q14. An organization's Information Security Policy is of MOST importance because...
- Q15. Which of the following is considered the foundation for the Enterprise Information Securit...
- Q16. Scenario: Most industries require compliance with multiple government regulations and/or i...
- Q17. Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web...
- Q18. The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Ann...
- Q19. A system was hardened at the Operating System level and placed into the production environ...
- Q20. The process of creating a system which divides documents based on their security level to ...
- Q21. Which of the following is considered the MOST effective tool against social engineering?...
- Q22. Control Objectives for Information and Related Technology (COBIT) is which of the followin...
- Q23. The amount of risk an organization is willing to accept in pursuit of its mission is known...
- Q24. Which of the following methods are used to define contractual obligations that force a ven...
- Q25. The network administrator wants to strengthen physical security in the organization. Speci...
- Q26. Which of the following is a major benefit of applying risk levels?...
- Q27. Risk appetite directly affects what part of a vulnerability management program?...
- Q28. How often should the SSAE16 report of your vendors be reviewed?...
- Q29. A global health insurance company is concerned about protecting confidential information. ...
- Q30. Scenario: Your organization employs single sign-on (user name and password only) as a conv...
- Q31. When creating a vulnerability scan schedule, who is the MOST critical person to communicat...
- Q32. Information Security is often considered an excessive, after-the-fact cost when a project ...
- Q33. Risk that remains after risk mitigation is known as_____________....
- Q34. Scenario: A CISO has several two-factor authentication systems under review and selects th...
- Q35. Scenario: An organization has recently appointed a CISO. This is a new role in the organiz...
- Q36. Which International Organization for Standardization (ISO) below BEST describes the perfor...
- Q37. An organization is required to implement background checks on all employees with access to...
- Q38. The Information Security Management program MUST protect:...
- Q39. If your organization operates under a model of "assumption of breach", you should:...
- Q40. What should an organization do to ensure that they have a sound Business Continuity (BC) P...
- Q41. Your IT auditor is reviewing significant events from the previous year and has identified ...
- Q42. You are the CISO of a commercial social media organization. The leadership wants to rapidl...
- Q43. SCENARIO: Critical servers show signs of erratic behavior within your organization's intra...
- Q44. During a cyber incident, which non-security personnel might be needed to assist the securi...
- Q45. Which of the following is the MAIN security concern for public cloud computing?...
- Q46. As the CISO, you are the project sponsor for a highly visible log management project. The ...
- Q47. When dealing with a risk management process, asset classification is important because it ...
- Q48. Assigning the role and responsibility of Information Assurance to a dedicated and independ...
- Q49. Which of the following is the PRIMARY purpose of International Organization for Standardiz...
- Q50. During the last decade, what trend has caused the MOST serious issues in relation to physi...
- Q51. Which of the following represents the best method of ensuring business unit alignment with...
- Q52. When obtaining new products and services, why is it essential to collaborate with lawyers,...
- Q53. Creating a secondary authentication process for network access would be an example of?...
- Q54. Security related breaches are assessed and contained through which of the following?...
- Q55. Which of the following is the MOST important goal of risk management?...
- Q56. Which of the following is the MAIN reason to follow a formal risk management process in an...
- Q57. Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct a...
- Q58. Which of the following intellectual Property components is focused on maintaining brand re...
- Q59. You have been hired as the Information System Security Officer (ISSO) for a US federal gov...
- Q60. A new CISO just started with a company and on the CISO's desk is the last complete Informa...
- Q61. Which of the following provides an audit framework?...
- Q62. Which International Organization for Standardization (ISO) below BEST describes the perfor...
- Q63. Why is it vitally important that senior management endorse a security policy?...
- Q64. Which of the following BEST describes an international standard framework that is based on...
- Q65. Which of the following is a fundamental component of an audit record?...
- Q66. An organization licenses and uses personal information for business operations, and a serv...
- Q67. A CISO implements smart cards for credential management, and as a result has reduced costs...
- Q68. Involvement of senior management is MOST important in the development of:...
- Q69. SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct a...
- Q70. An organization has defined a set of standard security controls. This organization has als...
- Q71. Which of the following is a countermeasure to prevent unauthorized database access from we...
- Q72. You have implemented a new security control. Which of the following risk strategy options ...
- Q73. Which of the following provides an audit framework?...
- Q74. You have recently drafted a revised information security policy. From whom should you seek...
- Q75. Scenario: Most industries require compliance with multiple government regulations and/or i...
- Q76. Which of the following is a term related to risk management that represents the estimated ...
- Q77. Your incident handling manager detects a virus attack in the network of your company. You ...
- Q78. The company decides to release the application without remediating the high-risk vulnerabi...
- Q79. A recommended method to document the respective roles of groups and individuals for a give...
- Q80. What type of attack requires the least amount of technical equipment and has the highest s...
- Q81. An IT auditor has recently discovered that because of a shortage of skilled operations per...
- Q82. Scenario: Most industries require compliance with multiple government regulations and/or i...
- Q83. Your IT auditor is reviewing significant events from the previous year and has identified ...
- Q84. In which of the following cases, would an organization be more prone to risk acceptance vs...
- Q85. After a risk assessment is performed, a particular risk is considered to have the potentia...
- Q86. Which of the following is considered the foundation for the Enterprise Information Securit...
- Q87. An information security department is required to remediate system vulnerabilities when th...
- Q88. Your company has a "no right to privacy" notice on all logon screens for your information ...
- Q89. The amount of risk an organization is willing to accept in pursuit of its mission is known...
- Q90. Which of the following conditions would be the MOST probable reason for a security project...
- Q91. The single most important consideration to make when developing your security program, pol...
- Q92. Which of the following is a critical operational component of an Incident Response Program...
- Q93. You have recently drafted a revised information security policy. From whom should you seek...
- Q94. Creating good security metrics is essential for a CISO. What would be the BEST sources for...
- Q95. An anonymity network is a series of?
- Q96. A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:...
- Q97. To make sure that the actions of all employees, applications, and systems follow the organ...
- Q98. Which of the following best summarizes the primary goal of a security program?...
- Q99. Which of the following reports should you as an IT auditor use to check on compliance with...
- Q100. What is the term describing the act of inspecting all real-time Internet traffic (i.e., pa...
- Q101. When dealing with risk, the information security practitioner may choose to:...
- Q102. Scenario: As you begin to develop the program for your organization, you assess the corpor...
- Q103. A business unit within your organization intends to deploy a new technology in a manner th...
- Q104. As a CISO you need to understand the steps that are used to perform an attack against a ne...
- Q105. What type of attack requires the least amount of technical equipment and has the highest s...
- Q106. IT control objectives are useful to IT auditors as they provide the basis for understandin...
- Q107. An organization is looking for a framework to measure the efficiency and effectiveness of ...
- Q108. A missing/ineffective security control is identified. Which of the following should be the...
- Q109. This occurs when the quantity or quality of project deliverables is expanded from the orig...
- Q110. Smith, the project manager for a larger multi-location firm, is leading a software project...
- Q111. Which of the following is a strong post designed to stop a car?...
- Q112. An organization's firewall technology needs replaced. A specific technology has been selec...
- Q113. When gathering security requirements for an automated business process improvement program...
- Q114. What is the primary reason for performing vendor management?...
- Q115. When choosing a risk mitigation method what is the MOST important factor?...
- Q116. Who should be involved in the development of an internal campaign to address email phishin...
- Q117. You are the Chief Information Security Officer of a large, multinational bank and you susp...
- Q118. What is the MOST critical output of the incident response process?...
- Q119. Which of the following is a symmetric encryption algorithm?...
- Q120. Knowing the potential financial loss an organization is willing to suffer if a system fail...
- Q121. Scenario: An organization has made a decision to address Information Security formally and...
- Q122. Which of the following most commonly falls within the scope of an information security gov...
- Q123. The framework that helps to define a minimum standard of protection that business stakehol...
- Q124. SCENARIO: A CISO has several two-factor authentication systems under review and selects th...
- Q125. What are the primary reasons for the development of a business case for a security project...
- Q126. The company decides to release the application without remediating the high-risk vulnerabi...
- Q127. You are having a penetration test done on your company network and the leader of the team ...
- Q128. The Board of Directors of a publicly-traded company is concerned about the security implic...
- Q129. During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was origina...
- Q130. What are the three stages of an identity and access management system?...
- Q131. When entering into a third party vendor agreement for security services, at what point in ...
- Q132. Who is responsible for securing networks during a security incident?...
- Q133. Ensuring that the actions of a set of people, applications and systems follow the organiza...
- Q134. You have a system with 2 identified risks. You determine the probability of one risk occur...
- Q135. The PRIMARY objective for information security program development should be:...
- Q136. An application vulnerability assessment has identified a security flaw in an application. ...
- Q137. Scenario: An organization has recently appointed a CISO. This is a new role in the organiz...
- Q138. Which of the following best describes the purpose of the International Organization for St...
- Q139. Bob waits near a secured door, holding a box. He waits until an employee walks up to the s...
- Q140. Scenario: You are the CISO and have just completed your first risk assessment for your org...
- Q141. When you develop your audit remediation plan what is the MOST important criteria?...
- Q142. Which of the following is considered one of the most frequent failures in project manageme...
- Q143. Creating good security metrics is essential for a CISO. What would be the BEST sources for...
- Q144. SCENARIO: Critical servers show signs of erratic behavior within your organization's intra...
- Q145. Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of...
- Q146. The new CISO was informed of all the Information Security projects that the organization h...
- Q147. What is the first thing that needs to be completed in order to create a security program f...
- Q148. Which of the following is a MAJOR consideration when an organization retains sensitive cus...
- Q149. Which of the following methodologies references the recommended industry standard that Inf...
- Q150. Your company has a "no right to privacy" notice on all logon screens for your information ...
- Q151. While designing a secondary data center for your company what document needs to be analyze...
- Q152. Your penetration testing team installs an in-line hardware key logger onto one of your net...
- Q153. Which of the following set of processes is considered to be one of the cornerstone cycles ...
- Q154. A CISO implements smart cards for credential management, and as a result has reduced costs...
- Q155. An audit was conducted and many critical applications were found to have no disaster recov...
- Q156. An anonymity network is a series of?
- Q157. Which of the following is a symmetric encryption algorithm?...
- Q158. A CISO sees abnormally high volumes of exceptions to security requirements and constant pr...
- Q159. How often should an environment be monitored for cyber threats, risks, and exposures?...
- Q160. A security officer wants to implement a vulnerability scanning program. The officer is unc...
- Q161. Within an organization's vulnerability management program, who has the responsibility to i...
- Q162. As the Chief Information Security Officer, you are performing an assessment of security po...
- Q163. A person in your security team calls you at night and informs you that one of your web app...
- Q164. Scenario: The new CISO was informed of all the Information Security projects that the sect...
- Q165. You are just hired as the new CISO and are being briefed on all the Information Security p...
- Q166. What are the primary reasons for the development of a business case for a security project...
- Q167. An anonymity network is a series of?
- Q168. What two methods are used to assess risk impact?...
- Q169. A university recently hired a CISO. One of the first tasks is to develop a continuity of o...
- Q170. What are the three stages of an identity and access management system?...
- Q171. A CISO sees abnormally high volumes of exceptions to security requirements and constant pr...
- Q172. The success of the Chief Information Security Officer is MOST dependent upon:...
- Q173. Information Security is often considered an excessive, after-the-fact cost when a project ...
- Q174. A CISO sees abnormally high volumes of exceptions to security requirements and constant pr...
- Q175. The newly appointed CISO of an organization is reviewing the IT security strategic plan. W...
- Q176. Which of the following refers to the quantity or quality of project deliverables expanding...
- Q177. An information security department is required to remediate system vulnerabilities when th...
- Q178. A new CISO just started with a company and on the CISO's desk is the last complete Informa...
- Q179. The ultimate goal of an IT security projects is:...
- Q180. When an organization claims it is secure because it is PCI-DSS certified, what is a good f...
- Q181. Your company has limited resources to spend on security initiatives. The Chief Financial O...
- Q182. Which business stakeholder is accountable for the integrity of a new information system?...
- Q183. The remediation of a specific audit finding is deemed too expensive and will not be implem...
- Q184. Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of__...
- Q185. When analyzing and forecasting an operating expense budget what are not included?...
- Q186. As a CISO you need to understand the steps that are used to perform an attack against a ne...
- Q187. An employee successfully avoids becoming a victim of a sophisticated spear phishing attack...
- Q188. SQL injection is a very popular and successful injection attack method. Identify the basic...
- Q189. In which of the following cases, would an organization be more prone to risk acceptance vs...
- Q190. Information Security is often considered an excessive, after-the-fact cost when a project ...
- Q191. Which of the following is the PRIMARY purpose of International Organization for Standardiz...
- Q192. Which of the following most commonly falls within the scope of an information security gov...
- Q193. An organization information security policy serves to___________________....
- Q194. SCENARIO: A CISO has several two-factor authentication systems under review and selects th...
- Q195. During the course of a risk analysis your IT auditor identified threats and potential impa...
- Q196. Which of the following items of a computer system will an anti-virus program scan for viru...
- Q197. The security team has investigated the theft/loss of several unencrypted laptop computers ...
- Q198. What is one key difference between Capital expenditures and Operating expenditures?...
- Q199. Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber secu...
- Q200. A severe security threat has been detected on your corporate network. As CISO you quickly ...
- Q201. From the CISO's perspective in looking at financial statements, the statement of retained ...
- Q202. As the CISO, you have been tasked with the execution of the company's key management progr...
- Q203. The implementation of anti-malware and anti-phishing controls on centralized email servers...
- Q204. Which of the following represents the BEST method of ensuring security program alignment t...
- Q205. What is the relationship between information protection and regulatory compliance?...
- Q206. Scenario: An organization has made a decision to address Information Security formally and...
- Q207. Risk appetite is typically determined by which of the following organizational functions?...
- Q208. At which point should the identity access management team be notified of the termination o...
- Q209. Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?...
- Q210. As the CISO you need to write the IT security strategic plan. Which of the following is th...
- Q211. What is the BEST way to achieve on-going compliance monitoring in an organization?...
- Q212. A global retail organization is looking to implement a consistent Disaster Recovery and Bu...
- Q213. Which of the following provides an independent assessment of a vendor's internal security ...
- Q214. When operating under severe budget constraints a CISO will have to be creative to maintain...
- Q215. The ability to hold intruders accountable in a court of law is important. Which of the fol...
- Q216. Your organization provides open guest wireless access with no captive portals. What can yo...
- Q217. When choosing a risk mitigation method what is the MOST important factor?...
- Q218. A company wants to fill a Chief Information Security Officer position in the organization....
- Q219. Which of the following methods are used to define contractual obligations that force a ven...
- Q220. Who is responsible for securing networks during a security incident?...
- Q221. A person in your security team calls you at night and informs you that one of your web app...
- Q222. A security professional has been promoted to be the CISO of an organization. The first tas...
- Q223. When selecting a security solution with reoccurring maintenance costs after the first year...
- Q224. If your organization operates under a model of "assumption of breach", you should:...
- Q225. A newly appointed security officer finds data leakage software licenses that had never bee...
- Q226. As a new CISO at a large healthcare company you are told that everyone has to badge in to ...
- Q227. The security team has investigated the theft/loss of several unencrypted laptop computers ...
- Q228. Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct a...
- Q229. An organization is required to implement background checks on all employees with access to...
- Q230. When a critical vulnerability has been discovered on production systems and needs to be fi...
- Q231. Which of the following are the MOST important factors for proactively determining system v...
- Q232. Which of the following is a fundamental component of an audit record?...
- Q233. The CIO of an organization has decided to assign the responsibility of internal IT audit t...
- Q234. In which of the following cases, would an organization be more prone to risk acceptance vs...
- Q235. When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most ...
- Q236. The patching and monitoring of systems on a consistent schedule is required by?...
- Q237. The process for identifying, collecting, and producing digital information in support of l...
- Q238. In effort to save your company money which of the following methods of training results in...
- Q239. An organization has implemented a change management process for all changes to the IT prod...
- Q240. You work as a project manager for TYU project. You are planning for risk mitigation. You n...
- Q241. Which of the following is MOST likely to be discretionary?...
- Q242. In accordance with best practices and international standards, how often is security aware...
- Q243. A security officer wants to implement a vulnerability scanning program. The officer is unc...
- Q244. Developing effective security controls is a balance between:...
- Q245. Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of...
- Q246. What oversight should the information security team have in the change management process ...
- Q247. ABC Limited has recently suffered a security breach with customers' social security number...
- Q248. Which of the following provides an audit framework?...
- Q249. Scenario: An organization has made a decision to address Information Security formally and...
- Q250. The PRIMARY objective of security awareness is to:...
- Q251. Scenario: Your company has many encrypted telecommunications links for their world-wide op...
- Q252. What is the primary reason for performing vendor management?...
- Q253. Annual Loss Expectancy is derived from the function of which two factors?...
- Q254. Within an organization's vulnerability management program, who has the responsibility to i...
- Q255. In terms of supporting a forensic investigation, it is now imperative that managers, first...
- Q256. You have implemented a new security control. Which of the following risk strategy options ...
- Q257. Ensuring that the actions of a set of people, applications and systems follow the organiza...
- Q258. The new CISO was informed of all the Information Security projects that the organization h...
- Q259. Which of the following defines the boundaries and scope of a risk assessment?...
- Q260. What is the SECOND step to creating a risk management methodology according to the Nationa...
- Q261. Providing oversight of a comprehensive information security program for the entire organiz...
- Q262. Which of the following statements about Encapsulating Security Payload (ESP) is true?...
- Q263. When dealing with risk, the information security practitioner may choose to:...
- Q264. An organization has a stated requirement to block certain traffic on networks. The impleme...
- Q265. When managing the critical path of an IT security project, which of the following is MOST ...
- Q266. Which of the following tests is an IS auditor performing when a sample of programs is sele...
- Q267. A system is designed to dynamically block offending Internet IP-addresses from requesting ...
- Q268. Which of the following can the company implement in order to avoid this type of security i...
- Q269. Scenario: You are the CISO and have just completed your first risk assessment for your org...
- Q270. A customer of a bank has placed a dispute on a payment for a credit card account. The bank...
- Q271. An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The cipher te...
- Q272. Which of the following is a weakness of an asset or group of assets that can be exploited ...
- Q273. The process of creating a system which divides documents based on their security level to ...
- Q274. What is the THIRD state of the Tuckman Stages of Group Development?...
