In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Which of the following is a symmetric encryption algorithm?

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Which wireless encryption technology makes use of temporal keys?

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Which of the following statements about Encapsulating Security Payload (ESP) is true?

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Physical security measures typically include which of the following components?

Which of the following is the MAIN security concern for public cloud computing?

Which of the following backup sites takes the longest recovery time?

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

The process of identifying and classifying assets is typically included in the

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.

What Security Operations Center (SOC) model does this BEST describe?

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.

Which control is MOST important to protect AI products?

An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.

What is the MOST likely reason why the sensitive data was posted?

What key technology can mitigate ransomware threats?

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

A bastion host should be placed:

What organizational structure combines the functional and project structures to create a hybrid of the two?

When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:

Which of the following is considered the MOST effective tool against social engineering?

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.

Which of the following is NOT documented in the SSP?

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.

Which is the BEST type of risk that defines this event?

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.

Which metric would meet the requirement?

A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy.

What is the MOST effective method of risk analysis to provide the CFO with the information required?

An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.

What should the auditor’s NEXT step be?

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

During a cyber incident, which non-security personnel might be needed to assist the security team?

Many successful cyber-attacks currently include:

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

Which of the following is the MOST important to share with an Information Security Steering Committee:

Who should be involved in the development of an internal campaign to address email phishing?

What is a key policy that should be part of the information security plan?

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

How often should the SSAE16 report of your vendors be reviewed?

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

Which of the following is the MOST important component of any change management process?

Which of the following is considered one of the most frequent failures in project management?

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

When managing the critical path of an IT security project, which of the following is MOST important?

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

When should IT security project management be outsourced?

Which of the following are not stakeholders of IT security projects?

To get an Information Security project back on schedule, which of the following will provide the MOST help?

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

When is an application security development project complete?

Which of the following information may be found in table top exercises for incident response?

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

From an information security perspective, information that no longer supports the main purpose of the business should be:

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

What role should the CISO play in properly scoping a PCI environment?

The single most important consideration to make when developing your security program, policies, and processes is:

Which of the following most commonly falls within the scope of an information security governance steering committee?

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

What is the main purpose of the Incident Response Team?

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

When choosing a risk mitigation method what is the MOST important factor?

Which of the following intellectual Property components is focused on maintaining brand recognition?

What is the first thing that needs to be completed in order to create a security program for your organization?

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Which of the following is the MOST important for a CISO to understand when identifying threats?

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

Which of the following is MOST important when dealing with an Information Security Steering committee:

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

When managing the security architecture for your company you must consider:

If your organization operates under a model of "assumption of breach", you should:

Which of the following has the GREATEST impact on the implementation of an information security governance model?

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

The risk found after a control has been fully implemented is called:

You have implemented the new controls. What is the next step?

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

The effectiveness of an audit is measured by?

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

How often should an environment be monitored for cyber threats, risks, and exposures?

At which point should the identity access management team be notified of the termination of an employee?

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

The patching and monitoring of systems on a consistent schedule is required by?

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Which of the following is a fundamental component of an audit record?

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

The amount of risk an organization is willing to accept in pursuit of its mission is known as

A newly-hired CISO needs to understand the organization’s financial management standards for business units

and operations. Which of the following would be the best source of this information?

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Simon had all his systems administrators implement hardware and software firewalls to ensure network

security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized

traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker

group was able to get into the network and modify files hosted on the company's website. After searching

through the firewall and server logs, no one could find how the attackers were able to get in. He decides that

the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts

administrators when a critical file is altered. What tool could Simon and his administrators implement to

accomplish this?

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Annual Loss Expectancy is derived from the function of which two factors?

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.

Which of the following needs to be performed NEXT?

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

Which type of physical security control scan a person’s external features through a digital video camera before

granting access to a restricted area?

Which of the following is the MOST important reason for performing assessments of the security portfolio?

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals

the increasing need to address security consistently at the enterprise level. This new CISO, while confident with

skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the

CISO’s approach to security?

During the last decade, what trend has caused the MOST serious issues in relation to physical security?

When updating the security strategic planning document what two items must be included?

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Which of the following defines the boundaries and scope of a risk assessment?

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When formulating the remediation plan, what is a required input?

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?