Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9
During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?
An information security program is BEST positioned for success when it is closely aligned with:
Which of the following should be the PRIMARY consideration for an information security manager when designing security controls for a newly acquired business application?
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
Which of the following BEST supports effective communication during information security incidents?
Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?
An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?
When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
Which of the following is the MOST significant contributor to the success of incident response efforts during a major breach?
A new type of ransomware has infected an organization ' s network. Which of the following would have BEST enabled the organization to detect this situation?
The MOST important element in achieving executive commitment to an information security governance program is:
When mitigation is the chosen risk treatment, which of the following roles is responsible for effective implementation of the chosen treatment?
An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?
What should an information security manager verify FIRST when reviewing an information asset management program?