An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
Who should be responsible for determining the level of data classification required for an application related to a new line of business?
Which of the following control types should be considered FIRST for aligning employee behavior with an organization ' s information security objectives?
For an enterprise implementing a bring your own device program, which of the following would provide the BEST security for corporate data residing on unsecured mobile devices?
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?
Which of the following would BEST ensure that security is integrated during application development?
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
Which of the following is the MOST common cause of cybersecurity breaches?
How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
Which of the following is MOST effective in monitoring an organization ' s existing risk?
Which of the following should be done NEXT following senior management ' s decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?
Penetration testing is MOST appropriate when a:
Of the following, who is accountable for ensuring the incident response plan is tested?
Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?
Which of the following is the MOST essential element of an information security program?
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
The PRIMARY reason to properly classify information assets is to determine:
The GREATEST benefit of an effective information security awareness program is the organization’s ability to:
Which of the following is an information security manager ' s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
Which of the following is the BEST approach for data owners to use when defining access privileges for users?
Define access privileges based on user roles.
Adopt user account settings recommended by the vendor.
Perform a risk assessment of the users ' access privileges.