Devising controls for information security is a balance between?
C
Reference:
https://www.cybok.org/media/downloads/cybok_version_1.0.pdf
From the CISOs perspective in looking at financial statements, the statement of retained earnings of
an organization:
D
Reference:
https://www.investopedia.com/terms/s/statement-of-retained-earnings.asp
An organization has decided to develop an in-house BCM capability. The organization has
determined it is best to follow a BCM standard published by the International Organization for
Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?
C
Reference:
https://www.smartsheet.com/content/iso-22301-business-continuity-guide
What is an approach to estimating the strengths and weaknesses of alternatives used to determine
options, which provide the BEST approach to achieving benefits while preserving savings called?
D
Reference:
https://artsandculture.google.com/entity/cost%E2%80%93benefit-
analysis/m020w0x?hl=en
When managing a project, the MOST important activity in managing the expectations of stakeholders
is:
B
Reference:
https://www.greycampus.com/blog/project-management/stakeholder-management-
what-is-it-and-why-is-it-so-important
What are the common data hiding techniques used by criminals?
D
Reference:
https://cisomag.eccouncil.org/challenges-and-applications-of-digital-forensics/
An auditor is reviewing the security classifications for a group of assets and finds that many of the
assets are not correctly classified.
What should the auditors NEXT step be?
C
In defining a strategic security plan for an organization, what should a CISO first analyze?
D
Reference:
https://securityintelligence.com/the-importance-of-building-an-information-security-
strategic-plan/
You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information
Officer (CIO). The CIOs first mandate to you is to develop a cybersecurity compliance framework that
will meet all the stores compliance requirements.
Which of the following compliance standard is the MOST important to the organization?
D
Reference:
https://searchcompliance.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-
Data-Security-Standard
Which of the following is the MOST effective method to counter phishing attacks?
A
Reference:
https://aware.eccouncil.org/4-best-ways-to-stop-phishing-with-security-awareness.html
What is a key policy that should be part of the information security plan?
C
Reference:
https://www.exabeam.com/information-security/information-security-policy/
A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO)
receives impact data in financial terms to use as input to select the proper level of coverage in a new
cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information
required?
D
As the CISO, you are the project sponsor for a highly visible log management project. The objective of
the project is to centralize all the enterprise logs into a security information and event management
(SIEM) system. You requested the results of the performance quality audits activity.
The performance quality audit activity is done in what project management process group?
A
Reference:
https://blog.masterofproject.com/executing-process-group-project-
management/#:~:text=Executing%20Process%20Group%20Activity%20%2310,of%20the%20project
%20are%20met
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor
security operations during off-hours. To reduce the impact of staff shortages and increase coverage
during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?
A
Reference:
https://www.techtarget.com/searchsecurity/tip/Benefits-of-virtual-SOCs-Enterprise-run-
vs-fully-managed
What is the primary difference between regulations and standards?
C