Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

What type of control is being implemented by supervisors and data owners?

Which of the following is the MOST effective method for discovering common technical vulnerabilities within the

IT environment?

A newly-hired CISO needs to understand the organization’s financial management standards for business units

and operations. Which of the following would be the best source of this information?

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

How can you reduce the administrative burden of distributing symmetric keys for your employer?

Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?

What organizational structure combines the functional and project structures to create a hybrid of the two?

A bastion host should be placed:

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets.

What is the MAIN goal of threat hunting to the SecOps Manager?

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

Who should be involved in the development of an internal campaign to address email phishing?

Which of the following are the triple constraints of project management?

What are the common data hiding techniques used by criminals?

What does RACI stand for?

When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?

What is a key policy that should be part of the information security plan?

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Physical security measures typically include which of the following components?

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

The process of creating a system which divides documents based on their security level to manage access to private data is known as

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

The process of identifying and classifying assets is typically included in the

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Which of the following backup sites takes the longest recovery time?

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

A stakeholder is a person or group:

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Which of the following is a major benefit of applying risk levels?

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

To get an Information Security project back on schedule, which of the following will provide the MOST help?

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

What is the main purpose of the Incident Response Team?

What is a difference from the list below between quantitative and qualitative Risk Assessment?

Risk is defined as:

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

Which of the following is a benefit of information security governance?

What is the definition of Risk in Information Security?

Which of the following has the GREATEST impact on the implementation of an information security governance model?

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

One of the MAIN goals of a Business Continuity Plan is to

Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

File Integrity Monitoring (FIM) is considered a

At what level of governance are individual projects monitored and managed?

Where does bottom-up financial planning primarily gain information for creating budgets?

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Creating a secondary authentication process for network access would be an example of?

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because