An organization is performing due diligence when selecting a third party. Which of the following is MOST helpful to reduce the risk of unauthorized sharing of information during this process?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
What should an information security manager do FIRST when an organization is planning to use a third-party cloud computing service for a critical business process?
Which of the following backup methods requires the MOST time to restore data for an application?
A security review identifies that confidential information on the file server has been accessed by unauthorized users in the organization. Which of the following should the information security manager do FIRST?
Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
Which of the following is MOST effective in monitoring an organization ' s existing risk?
Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
A hacking group has posted an organization’s employee data on social media. What should the information security manager do FIRST?
Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?
Which of the following would provide the BEST evidence to senior management that security control performance has improved?
Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?
Which of the following should an information security manager do FIRST when there is a conflict between the organization ' s information security policy and a local regulation?
Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
An information security manager has become aware that system administrators are not changing server administrator accounts from the default usernames. A policy has been created and approved by business managers to require these changes. Which of the following should be the information security manager’s FIRST course of action?
Which of the following BEST indicates that information security governance and corporate governance are integrated?
An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?
Which of the following is MOST important for the improvement of a business continuity plan (BCP)?
Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?