Once a suite of security controls has been successfully implemented for an organization ' s business units, it is MOST important for the information security manager to:
Which of the following is the MOST important security consideration when planning to use a cloud service provider in a different country?
Which of the following would MOST effectively ensure that a new server is appropriately secured?
After detecting an advanced persistent threat, which of the following should be the information security manager’s FIRST step?
What is the PRIMARY objective of implementing standard security configurations?
Which of the following is a PRIMARY reason for senior management to review reports on information security?
An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?
Which of the following is the BEST method to protect the confidentiality of data transmitted over the Internet?
Who has the PRIMARY authority to decide if additional risk treatments are required to mitigate an identified risk?
Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?
Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?
Which of the following would provide the MOST effective security outcome in an organizations contract management process?
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
To help ensure that an information security training program is MOST effective, its contents should be:
Which type of system is MOST effective for prioritizing cyber incidents based on impact and tracking them until they are closed?
Which of the following BEST enables staff acceptance of information security policies?
Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
Which of the following is MOST important when designing an information security governance framework?