What should be the information security manager’s MOST important consideration when planning a disaster recovery test?

A. Documented escalation processes
B. Organization-wide involvement
C. Impact to production systems
D. Stakeholder notification procedures

Which of the following is MOST effective against system intrusions?

A. Two-factor authentication
B. Continuous monitoring
C. Layered protection
D. Penetration testing

An organization’s HR department would like to outsource its employee system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

A. Explain security issues associated with the solution to management
B. Determine how to securely implement the solution
C. Ensure the service provider has the appropriate certifications
D. Ensure a security audit is performed of the service provider

The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:

A. status of the security posture
B. probability of future incidents
C. cost-benefit of security controls
D. risk acceptance criteria

A policy has been established requiring users to install mobile device management (MDM) software on their personal devices. Which of the following would BEST mitigate the risk created by noncompliance with this policy?

A. Issuing warnings and documenting noncompliance
B. Requiring users to sign off on terms and conditions
C. Issuing company-configured mobile devices
D. Disabling remote access from the mobile device

The MOST important factors in determining the scope and timing for testing a business continuity plan are:

A. the importance of the functional to be tested and the cost of testing
B. the experience level of personnel and the function location
C. prior testing results and the degree of detail of the business continuity plan
D. manual processing capabilities and the test location

Which of the following roles should be PRIMARILY responsible for assigning sensitivity levels to an organization’s financial and payroll databases?

A. Data owner
B. Database administrator
C. Systems administrator
D. Information security manager

Which of the following is an example of a change to the external threat landscape?

A. Infrastructure changes to the organization have been implemented
B. Organizational security standards have been modified
C. A commonly used encryption algorithm has been compromised
D. New legislation has been enacted in a region where the organization does business

Calculation of the recovery time objective (RTO) is necessary to determine the:

A. time required to restore files
B. priority of restoration
C. point of synchronization
D. annual loss expectancy (ALE)

Which is MOST important when contracting an external party to perform a penetration test?

A. Provide network documentation
B. Obtain approval from IT management
C. Define the project scope
D. Increase the frequency of log reviews