Which of the following is the MOST effective approach to communicate general information security responsibilities across an organization?

A. Require staff to sign confidentiality agreements.
B. Develop a RACI matrix for the organization.
C. Specify information security responsibilities in job descriptions.
D. Provide regular security awareness training.

An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to:

A. assess the security policy of the competitor.
B. assess the key technical controls of the competitor.
C. conduct a penetration test of the competitor.
D. perform a security gap analysis on the competitor.

An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?

A. Communicate social media usage requirements and monitor compliance.
B. Block workplace access to social media sites and monitor employee usage.
C. Train employees how to set up privacy rules on social media sites.
D. Scan social media sites for company-related information.

Which of the following is the BEST reason to separate short-term from long-term plans within an information security roadmap?

A. To allow for reactive initiatives
B. To update the roadmap according to current risks
C. To allocate resources for initiatives
D. To facilitate business plan reporting to management

The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:

A. including the CIO in the information security steering committee
B. conducting benchmarking with industry best practices
C. including information security metrics in the organizational metrics
D. performing periodic internal audits of the information security program

Which of the following is the FIRST step required to achieve effective performance measurement?

A. Select and place sensors
B. Implement control objectives
C. Validate and calibrate metrics
D. Define meaningful metrics

Which of the following is the MAIN concern when securing emerging technologies?

A. Applying the corporate hardening standards
B. Integrating with existing access controls
C. Unknown vulnerabilities
D. Compatibility with legacy systems

Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?

A. Storage as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Infrastructure as a Service (IaaS)

Which of the following is MOST likely to increase end user security awareness in an organization?

A. Simulated phishing attacks
B. Security objectives included in job descriptions
C. Red team penetration testing
D. A dedicated channel for reporting suspicious emails

Which of the following is the MOST challenging aspect of securing Internet of Things (IoT) devices?

A. Training staff on IoT architecture
B. Updating policies to include IoT devices
C. Managing the diversity of IoT architecture
D. Evaluating the reputations of IoT vendors