Page : 1/11
1. Which of the following best describes the term "Third-Party Risk"?
2. In the context of information security frameworks, what is the primary goal of ISO/IEC 27001?
3. Which of the following scenarios BEST illustrates the concept of a "Man in the Middle" (MitM) attack?
4. In the context of access control, what does the term "Authentication" refer to?
5. A company is planning to expand its operations internationally and is concerned about the varied data protection laws in different countries. What is the most effective strategy for managing these legal and regulatory compliance risks?
Page : 2/11
6. Which of the following best describes the concept of "Separation of Duties"?
7. In the context of information security, what does "Confidentiality" aim to prevent?
8. Your organization has identified a risk with a high impact but low likelihood. Which of the following is the MOST appropriate risk response?
9. What principle is primarily concerned with ensuring that data is only accessible to those authorized to view it?
10. Which of the following is a PRIMARY goal of information security governance?
Page : 3/11
11. What is the primary purpose of conducting a vulnerability assessment?
12. What does the term "Due Diligence" refer to in the context of information security?
13. Which of the following best describes the purpose of compliance with legal and regulatory requirements in information security?
14. Which of the following best exemplifies the concept of "Tailgating" in a physical security context?
15. Who has the primary responsibility of determining the classification level for information?
Page : 4/11
16. What is the PRIMARY purpose of risk management in information security?
17. What is the primary purpose of the "Data Owner" role in information security?
18. Which group causes the most risk of fraud and computer compromises?
19. Which of the following best exemplifies ethical behavior in information security?
20. What does 'availability' in the CIA Triad refer to?
Page : 5/11
21. What is the primary goal of an information security governance program?
22. Which of the following is NOT a primary objective of implementing security controls based on the CIA Triad?
23. Which of the following is a key benefit of implementing an effective Security Awareness Training program?
24. Which of the following BEST describes the purpose of risk analysis in an organization's security and risk management process?
25. What should management consider the most when classifying data?
Page : 6/11
26. Which of the following best defines "Social Engineering"?
27. If different user groups with different security access levels need to access the same information, which of the following actions should management take?
28. Who is ultimately responsible for making sure data is classified and protected?
29. Which of the following is a key component of a "Security Awareness Program"?
30. Which of the following incidents would MOST likely trigger the activation of a Disaster Recovery Plan (DRP)?
Page : 7/11
31. Which of the following best describes the purpose of risk management in an organization's security strategy?
32. What is the primary purpose of implementing the principle of least privilege?
33. Which of the following best describes the primary purpose of implementing security governance within an organization?
34. Which of the following is an essential element of effective information security governance?
35. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
Page : 8/11
36. What role does an Incident Response Team play in an organization's security posture?
37. What is the primary goal of the CIA Triad in information security?
38. What is the primary function of a Security Information and Event Management (SIEM) system?
39. Which of the following best describes a Security Policy?
40. An organization is evaluating its incident response plan (IRP) and aims to align it with best practices. Which of the following is a critical element that should be included to enhance the effectiveness of the IRP?
Page : 9/11
41. Which of the following scenarios exemplifies the concept of "Defense in Depth"?
42. In the context of risk management, what is the significance of "Risk Appetite" in determining an organization's security investment?
43. What is the primary purpose of encryption in cybersecurity?
44. What is the primary purpose of a Business Impact Analysis (BIA)?
45. What is the primary objective of a Data Classification Policy?
Page : 10/11
46. Which of the following BEST describes the goal of a Risk Appetite Statement?
47. What is the main goal of an Incident Response Plan (IRP)?
48. What is the main difference between qualitative and quantitative risk assessment?
49. What is the primary goal of compliance in the context of information security?
50. Which of the following best describes the concept of 'integrity' in the context of information security?
Page : 11/11
51. Which of the following is an example of a physical security control?