An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

A.

Management Control

B.

Technical Control

C.

Training Control

D.

Operational Control

The regular review of a firewall ruleset is considered a

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

A.

Failed to identify all stakeholders and their needs

B.

Deployed the encryption solution in an inadequate manner

C.

Used 1024 bit encryption when 256 bit would have sufficed

D.

Used hardware encryption instead of software encryption

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

A.

Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data

B.

Create separate controls for the business units based on the types of business and functions they perform

C.

Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

D.

Provide the business units with control mandates and schedules of audits for compliance validation

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

A.

Time zone differences

B.

Compliance to local hiring laws

C.

Encryption import/export regulations

D.

Local customer privacy laws

Which of the following is considered a project versus a managed process?

A.

monitoring external and internal environment during incident response

B.

ongoing risk assessments of routine operations

C.

continuous vulnerability assessment and vulnerability repair

D.

installation of a new firewall system

Which of the following can the company implement in order to avoid this type of security issue in the future?

A.

Network based intrusion detection systems

B.

A security training program for developers

C.

A risk management process

D.

A audit management process

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

A.

Tell the team to do their best and respond to each alert

B.

Tune the sensors to help reduce false positives so the team can react better

C.

Request additional resources to handle the workload

D.

Tell the team to only respond to the critical and high alerts