CISM Exam Dumps | Which of the following should be the FIRST step in developing an information security strategy?

<< Prev Question Next Question >>

Question 229/257

Which of the following should be the FIRST step in developing an information security strategy?

A. Determine acceptable levels of information security risk

B. Create a roadmap to identify security baselines and controls

C. Perform a gap analysis based on the current state

D. Identify key stakeholders to champion information security

Question List (257q): Question 1: Which of the following presents the GREATEST challenge to th...; Question 2: Implementing the principle of least privilege PRIMARILY requ...; Question 3: Which of the following is the MOST important criterion when ...; Question 4: Which of the following BEST describes a buffer overflow?...; 1 commentQuestion 5: Which of the following roles is BEST able to influence the s...; Question 6: Which of the following is MOST important to have in place as...; Question 7: In a business proposal, a potential vendor promotes being ce...; Question 8: Which of the following is the FIRST step when conducting a p...; Question 9: In order to gain organization-wide support for an informatio...; Question 10: The MOST important reason for having an information security...; Question 11: Which of the following is the PRIMARY reason for granting a ...; 1 commentQuestion 12: To confirm that a third-party provider complies with an orga...; 1 commentQuestion 13: An organization's HR department requires that employee accou...; Question 14: Which of the following is the GREATEST benefit of informatio...; Question 15: Which of the following is the BEST method for determining wh...; Question 16: An information security manager is assisting in the developm...; 1 commentQuestion 17: An incident management team is alerted ta a suspected securi...; Question 18: Which of the following is the BEST way to determine if an in...; 1 commentQuestion 19: Which of the following BEST helps to ensure a risk response ...; Question 20: Which of the following methods is the BEST way to demonstrat...; 1 commentQuestion 21: An information security manager has been tasked with develop...; Question 22: Which of the following is the MOST effective way to detect s...; Question 23: Which of the following is BEST used to determine the maturit...; Question 24: An employee clicked on a link in a phishing email, triggerin...; Question 25: A security incident has been reported within an organization...; 1 commentQuestion 26: The effectiveness of an information security governance fram...; 1 commentQuestion 27: An information security manager has identified that security...; Question 28: A PRIMARY benefit of adopting an information security framew...; Question 29: Which of the following should include contact information fo...; Question 30: Which of the following should be the PRIMARY basis for an in...; Question 31: Which of the following should be done FIRST once a cybersecu...; Question 32: When assigning a risk owner, the MOST important consideratio...; Question 33: An organization provides notebook PCs, cable wire locks, sma...; Question 34: Which of the following is the BEST way to assess the risk as...; Question 35: Which of the following is the MOST effective way to demonstr...; 1 commentQuestion 36: Which of the following provides the BEST assurance that secu...; Question 37: Which of the following Is MOST useful to an information secu...; Question 38: Which of the following is the MOST important outcome of effe...; Question 39: An organization recently updated and published its informati...; Question 40: Which of the following will BEST enable an effective informa...; Question 41: An organization is considering the feasibility of implementi...; Question 42: Which of the following should be the PRIMARY basis for a sev...; Question 43: The MAIN benefit of implementing a data loss prevention (DLP...; Question 44: An organization plans to leverage popular social network pla...; Question 45: For which of the following is it MOST important that system ...; Question 46: After a recovery from a successful malware attack, instances...; 2 commentQuestion 47: An organization is close to going live with the implementati...; Question 48: Which of the following will ensure confidentiality of conten...; Question 49: An information security manager wants to document requiremen...; Question 50: An information security manager is MOST likely to obtain app...; Question 51: Which of the following is the MOST effective way to ensure t...; Question 52: Which of the following is MOST important for building 4 robu...; Question 53: Which of the following BEST facilitates effective strategic ...; Question 54: Which of the following would be MOST helpful when creating i...; Question 55: Management decisions concerning information security investm...; Question 56: Which of the following is BEST to include in a business case...; Question 57: Which of the following defines the triggers within a busines...; Question 58: Penetration testing is MOST appropriate when a:...; Question 59: A business requires a legacy version of an application to op...; Question 60: A newly appointed information security manager of a retailer...; Question 61: Which of the following is the BEST evidence of alignment bet...; 1 commentQuestion 62: Which of the following is the PRIMARY benefit of implementin...; Question 63: Which of the following is the sole responsibility of the cli...; Question 64: The PRIMARY objective of a post-incident review of an inform...; Question 65: An organization has acquired a company in a foreign country ...; Question 66: What should be the FIRST step when an Internet of Things (lo...; Question 67: Which of the following would be MOST useful to help senior m...; Question 68: Which of the following is the PRIMARY benefit of an informat...; Question 69: An organization is going through a digital transformation pr...; Question 70: An organization's information security manager is performing...; Question 71: When preventive controls to appropriately mitigate risk are ...; Question 72: Network isolation techniques are immediately implemented aft...; Question 73: Which of the following should be the PRIMARY basis for deter...; Question 74: To effectively manage an organization's information security...; Question 75: An organization has introduced a new bring your own device (...; Question 76: An information security manager learns of a new standard rel...; Question 77: Which is following should be an information security manager...; Question 78: Which of the following metrics BEST measures the effectivene...; Question 79: Which of the following is the PRIMARY role of an information...; Question 80: When an organization experiences a disruptive event, the bus...; Question 81: Which of the following presents the GREATEST risk associated...; Question 82: Which of the following BEST facilitates the effectiveness of...; Question 83: From an information security perspective, legal issues assoc...; Question 84: An organization's quality process can BEST support security ...; 1 commentQuestion 85: Which of the following is MOST helpful for protecting an ent...; Question 86: When deciding to move to a cloud-based model, the FIRST cons...; Question 87: Which of the following is MOST important in order to obtain ...; Question 88: The PRIMARY purpose for continuous monitoring of security co...; Question 89: The MOST appropriate time to conduct a disaster recovery tes...; Question 90: Which of the following has the GREATEST influence on the suc...; Question 91: An employee has just reported the loss of a personal mobile ...; Question 92: Which of the following BEST indicates that an organization h...; Question 93: Which of the following is MOST important to include in an in...; Question 94: Reviewing which of the following would be MOST helpful when ...; Question 95: Which of the following would provide the BEST evidence to se...; Question 96: Which of the following BEST enables an organization to enhan...; Question 97: Which of the following metrics provides the BEST evidence of...; Question 98: An organization is planning to outsource the execution of it...; Question 99: An information security manager learns through a threat inte...; Question 100: Which of the following BEST indicates that information asset...; Question 101: An organization that conducts business globally is planning ...; Question 102: The MOST important information for influencing management's ...; Question 103: What is the PRIMARY benefit to an organization when informat...; Question 104: Which of the following would BEST enable the timely executio...; Question 105: An organization needs to comply with new security incident r...; Question 106: Which of the following is the MOST appropriate metric to dem...; Question 107: Which of the following is MOST effective in monitoring an or...; Question 108: Which of the following should be triggered FIRST when unknow...; Question 109: Which of the following is the PRIMARY role of the informatio...; Question 110: Which is MOST important to identify when developing an effec...; Question 111: Which of the following documents should contain the INITIAL ...; Question 112: Which of the following is the MOST important constraint to b...; Question 113: Which of the following would BEST help to ensure compliance ...; Question 114: A risk owner has accepted a large amount of risk due to the ...; Question 115: Which of the following is the BEST way to ensure the busines...; Question 116: Which of the following sources is MOST useful when planning ...; Question 117: Following an employee security awareness training program, w...; 1 commentQuestion 118: A cloud application used by an organization is found to have...; Question 119: A PRIMARY purpose of creating security policies is to:...; Question 120: Which of the following will provide the MOST guidance when d...; 1 commentQuestion 121: Which of the following is MOST helpful for aligning security...; Question 122: The PRIMARY advantage of single sign-on (SSO) is that it wil...; Question 123: Which of the following should an information security manage...; Question 124: Which of the following would be the BEST way for an informat...; Question 125: Which of the following analyses will BEST identify the exter...; Question 126: Of the following, whose input is of GREATEST importance in t...; Question 127: Which of the following should be the PRIMARY objective of an...; Question 128: An organization has identified a large volume of old data th...; Question 129: IT projects have gone over budget with too many security con...; Question 130: Which of the following would be MOST useful to a newly hired...; Question 131: Which of the following will have the GREATEST influence on t...; Question 132: Which of the following provides an information security mana...; Question 133: Which of the following would MOST effectively ensure that a ...; Question 134: A balanced scorecard MOST effectively enables information se...; Question 135: When establishing metrics for an information security progra...; Question 136: Which of the following BEST enables an organization to opera...; Question 137: Which of the following would be an information security mana...; Question 138: An information security manager has been notified about a co...; Question 139: An organization is in the process of acquiring a new company...; Question 140: Of the following, who is MOST appropriate to own the risk as...; Question 141: Which of the following should be the PRIMARY focus of a stat...; Question 142: Which of the following elements of a service contract would ...; Question 143: Which of the following should be given the HIGHEST priority ...; Question 144: A common drawback of email software packages that provide na...; Question 145: The GREATEST challenge when attempting data recovery of a sp...; Question 146: An organization is implementing an information security gove...; Question 147: Which of the following is the PRIMARY objective of a cyber r...; Question 148: Which of the following BEST enables an organization to maint...; Question 149: Which of the following is MOST important to convey to employ...; Question 150: Which of the following is the GREATEST concern resulting fro...; Question 151: In addition to executive sponsorship and business alignment,...; Question 152: Which of the following is MOST important to the effectivenes...; Question 153: Which of the following service offerings in a typical Infras...; Question 154: A risk assessment exercise has identified the threat of a de...; Question 155: Information security controls should be designed PRIMARILY b...; 1 commentQuestion 156: Which of the following risk scenarios is MOST likely to emer...; Question 157: Which of the following should an information security manage...; Question 158: An organization has decided to outsource IT operations. Whic...; Question 159: To improve the efficiency of the development of a new softwa...; Question 160: Which of the following is the BEST indication of information...; Question 161: When creating an incident response plan, the PRIMARY benefit...; Question 162: Which of the following should an information security manage...; Question 163: Within the confidentiality, integrity, and availability (CIA...; Question 164: When determining an acceptable risk level which of the follo...; Question 165: An organization is about to purchase a rival organization. T...; Question 166: Which of the following is the PRIMARY reason to assign a ris...; Question 167: A Seat a-hosting organization's data center houses servers, ...; Question 168: Which of the following is a PRIMARY benefit of managed secur...; Question 169: Due to specific application requirements, a project team has...; Question 170: Which of the following would be MOST effective in gaining se...; Question 171: An organization faces severe fines and penalties if not in c...; Question 172: Which of the following is the BEST way for an organization t...; Question 173: Which of the following is an information security manager's ...; Question 174: An organization is increasingly using Software as a Service ...; Question 175: Which of the following has the MOST influence on the inheren...; Question 176: Which of the following is MOST critical when creating an inc...; Question 177: Which of the following is the BEST approach when creating a ...; Question 178: When developing an asset classification program, which of th...; Question 179: When developing a business case to justify an information se...; Question 180: Which of the following MUST be defined in order for an infor...; Question 181: Which of the following is the GREATEST inherent risk when pe...; Question 182: Which of the following is the BEST indication of an effectiv...; Question 183: A security incident has been reported within an organization...; Question 184: Which of the following plans should be invoked by an organiz...; Question 185: Which of the following should be the FIRST step to gain appr...; Question 186: The MAIN reason for having senior management review and appr...; Question 187: Which of the following BEST determines the allocation of res...; Question 188: Which of the following is the BEST way to obtain support for...; Question 189: An information security manager has identified that privileg...; Question 190: In order to understand an organization's security posture, i...; Question 191: Which of the following BEST enables an organization to effec...; Question 192: Which of the following is the BEST tool to monitor the effec...; 1 commentQuestion 193: Which of the following BEST supports effective communication...; Question 194: During which of the following phases should an incident resp...; Question 195: Which of the following is the PRIMARY benefit of implementin...; Question 196: Which of the following is the BEST justification for making ...; Question 197: Which of the following provides the MOST comprehensive insig...; Question 198: Which of the following is the BEST way to contain an SQL inj...; Question 199: Reevaluation of risk is MOST critical when there is:...; Question 200: For the information security manager, integrating the variou...; Question 201: In a call center, the BEST reason to conduct a social engine...; Question 202: An organization finds it necessary to quickly shift to a wor...; Question 203: Which of the following is the BEST method to protect against...; Question 204: When drafting the corporate privacy statement for a public w...; Question 205: Which of the following is MOST important to include in month...; 1 commentQuestion 206: Which of the following would BEST help to ensure appropriate...; Question 207: Which of the following is the MOST important factor in an or...; Question 208: Which of the following is MOST helpful for determining which...; Question 209: An information security team is planning a security assessme...; Question 210: The information security manager of a multinational organiza...; Question 211: The contribution of recovery point objective (RPO) to disast...; Question 212: Which of the following provides the MOST useful information ...; Question 213: While classifying information assets an information security...; Question 214: Which of the following is the BEST way to enhance training f...; Question 215: An online bank identifies a successful network attack in pro...; Question 216: Which of the following presents the GREATEST challenge to a ...; Question 217: How does an incident response team BEST leverage the results...; Question 218: Which of the following should an information security manage...; Question 219: When choosing the best controls to mitigate risk to acceptab...; Question 220: Which of the following metrics is MOST appropriate for evalu...; Question 221: The MOST important element in achieving executive commitment...; Question 222: An organization permits the storage and use of its critical ...; Question 223: Which of the following BEST demonstrates that an anti-phishi...; Question 224: Who is BEST suited to determine how the information in a dat...; Question 225: Which of the following would BEST demonstrate the status of ...; Question 226: A post-incident review identified that user error resulted i...; Question 227: Which of the following is MOST important to ensuring informa...; Question 228: Which of the following is the BEST way to ensure the organiz...; Question 229: Which of the following should be the FIRST step in developin...; Question 230: Which of the following messages would be MOST effective in o...; Question 231: Which of the following is the FIRST step to establishing an ...; Question 232: Which of the following is the BEST justification for making ...; Question 233: Which of the following is MOST important when conducting a f...; 1 commentQuestion 234: Which of the following would BEST ensure that security is in...; 1 commentQuestion 235: Which of the following is the PRIMARY reason to monitor key ...; Question 236: What should be an information security manager's MOST import...; Question 237: Which of the following is the MOST important function of an ...; Question 238: When developing a categorization method for security inciden...; Question 239: Which of the following is the PRIMARY objective of incident ...; Question 240: Which of the following is the BEST way to determine the effe...; Question 241: The PRIMARY benefit of introducing a single point of adminis...; Question 242: The effectiveness of an incident response team will be GREAT...; Question 243: Recovery time objectives (RTOs) are BEST determined by:...; Question 244: An organization has remediated a security flaw in a system. ...; Question 245: Which of the following BEST supports information security ma...; Question 246: A penetration test was conducted by an accredited third part...; Question 247: Which of the following is the MOST important consideration w...; Question 248: An organization is leveraging tablets to replace desktop com...; Question 249: A multinational organization is required to follow governmen...; Question 250: Which of the following should be the GREATEST concern for an...; 1 commentQuestion 251: An intrusion has been detected and contained. Which of the f...; Question 252: What type of control is being implemented when a security in...; Question 253: In the context of developing an information security strateg...; 1 commentQuestion 254: Which of the following is MOST useful to an information secu...; Question 255: Which of the following is the BEST way to ensure the capabil...; Question 256: Which of the following should be the MOST important consider...; Question 257: The PRIMARY advantage of involving end users in continuity p...

Question 229/257

LEAVE A REPLY

Download PDF File