An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:

A. prepare for criminal prosecution.
B. document lessons learned.
C. evaluate the impact.
D. update information security policies.

Which of the following should be the PRIMARY focus of a post-incident review following a successful response to a cybersecurity incident?

A. Which control failures contributed to the incident
B. How incident response processes were executed
C. What attack vectors were utilized
D. When business operations were restored

During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?

A. Updating configuration baselines to allow exceptions
B. Conducting periodic vulnerability scanning
C. Providing annual information security awareness training
D. Implementing a strict change control process

Which of the following is the PRIMARY responsibility of the information security manager when an organization implements the use of personally-owned devices on the corporate network?

A. Requiring remote wipe capabilities
B. Enforcing defined policy and procedures
C. Conducting security awareness training
D. Encrypting the data on mobile devices

An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would BEST enable the information security manager to address this concern?

A. Incident classification
B. Vulnerability assessment
C. Incident response
D. Forensic analysis

A large number of exceptions to an organization's information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manager to:

A. introduce strong authentication on devices.
B. reject new exception requests.
C. update the information security policy.
D. require authorization to wipe lost devices.

When aligning an organization's information security program with other risk and control activities, it is MOST important to:

A. develop an information security governance framework.
B. have information security management report to the chief risk officer.
C. ensure adequate financial resources are available.
D. integrate security within the system development life cycle.

An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:

A. prohibit remote access to the site.
B. periodically recertify access rights.
C. enforce document lifecycle management.
D. conduct a vulnerability assessment.

Which of the following is MOST important to the successful development of an information security strategy?

A. A well-implemented governance framework
B. Current state and desired objectives
C. An implemented development life cycle process
D. Approved policies and standards

Which of the following is the MOST effective approach for delivering security incident response training?

A. Perform role-playing exercises to simulate real-world incident response scenarios.
B. Engage external consultants to present real-world examples within the industry.
C. Include incident response training within new staff orientation.
D. Provide on-the-job training and mentoring for the incident response team.