Which of the following would present the GREATEST need to revise information security policies?

A. A merger with a competing company
B. An increase in reported incidents
C. Implementation of a new firewall
D. Changes in standards and procedures

Which of the following would BEST help to ensure compliance with an organization’s information security requirements by an IT service provider?

A. Requiring an external security audit of the IT service provider
B. Defining information security requirements with internal IT
C. Requiring regular reporting from the IT service provider
D. Defining the business recovery plan with the IT service provider

When an operating system is being hardened, it is MOST important for an information security manager to ensure that:

A. system logs are activated
B. default passwords are changed
C. file access is restricted
D. anonymous access is removed

Which of the following would be an information security manager’s PRIMARY challenge when deploying a Bring Your Own Device (BYOD) mobile program in an enterprise?

A. End user acceptance
B. Configuration management
C. Mobile application control
D. Disparate device security

In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:

A. segregation of duties policy
B. size of the IT security function
C. reporting line of the chief information security officer (CISO)
D. existence of an IT steering committee

Which of the following tools BEST demonstrates the effectiveness of the information security program?

A. Key risk indicators (KRIs)
B. Management satisfaction surveys
C. Risk heat map
D. A security balanced scorecard

Which of the following should be an information security manager’s MOST important consideration when conducting a physical security review of a potential outsourced data center?

A. Distance of the data center from the corporate office
B. Availability of network circuit connections
C. Environment factors of the surrounding location
D. Proximity to law enforcement

The PRIMARY benefit of integrating information security activities into change management processes is to:

A. ensure required controls are included in changes
B. protect the organization from unauthorized changes
C. provide greater accountability for security-related changes in the business
D. protect the business from collusion and compliance threats

When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:

A. using https in place of http
B. coding standards and code review
C. consolidating multiple sites into a single portal
D. hardening of the web server’s operating system

Which of the following BEST supports the risk assessment process to determine critically of an asset?

A. Business impact analysis (BIA)
B. Residual risk analysis
C. Vulnerability assessment
D. Threat assessment