Page : 1/11
1. In the context of risk management, what is the significance of "Risk Appetite" in determining an organization's security investment?
2. In the context of information security, what does "Confidentiality" aim to prevent?
3. Which of the following is a key benefit of implementing an effective Security Awareness Training program?
4. What is the primary goal of the CIA Triad in information security?
5. Which of the following best describes a Security Policy?
Page : 2/11
6. What is the primary purpose of conducting a vulnerability assessment?
7. Which of the following BEST describes the goal of a Risk Appetite Statement?
8. Which group causes the most risk of fraud and computer compromises?
9. Which of the following is NOT a primary objective of implementing security controls based on the CIA Triad?
10. Which of the following is a PRIMARY goal of information security governance?
Page : 3/11
11. Which of the following best describes the concept of "Separation of Duties"?
12. Which of the following incidents would MOST likely trigger the activation of a Disaster Recovery Plan (DRP)?
13. What is the primary purpose of encryption in cybersecurity?
14. Which of the following best exemplifies the concept of "Tailgating" in a physical security context?
15. Your organization has identified a risk with a high impact but low likelihood. Which of the following is the MOST appropriate risk response?
Page : 4/11
16. Which of the following best defines "Social Engineering"?
17. What is the PRIMARY purpose of risk management in information security?
18. What is the main goal of an Incident Response Plan (IRP)?
19. What is the primary purpose of implementing the principle of least privilege?
20. What does the term "Due Diligence" refer to in the context of information security?
Page : 5/11
21. Which of the following best describes the term "Third-Party Risk"?
22. Who is ultimately responsible for making sure data is classified and protected?
23. Which of the following scenarios exemplifies the concept of "Defense in Depth"?
24. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
25. Which of the following best describes the purpose of risk management in an organization's security strategy?
Page : 6/11
26. What role does an Incident Response Team play in an organization's security posture?
27. Which of the following is a key component of a "Security Awareness Program"?
28. What is the primary purpose of the "Data Owner" role in information security?
29. Which of the following is an example of a physical security control?
30. In the context of access control, what does the term "Authentication" refer to?
Page : 7/11
31. What is the primary function of a Security Information and Event Management (SIEM) system?
32. What should management consider the most when classifying data?
33. In the context of information security frameworks, what is the primary goal of ISO/IEC 27001?
34. Which of the following best describes the primary purpose of implementing security governance within an organization?
35. Which of the following scenarios BEST illustrates the concept of a "Man in the Middle" (MitM) attack?
Page : 8/11
36. Which of the following best describes the purpose of compliance with legal and regulatory requirements in information security?
37. A company is planning to expand its operations internationally and is concerned about the varied data protection laws in different countries. What is the most effective strategy for managing these legal and regulatory compliance risks?
38. What principle is primarily concerned with ensuring that data is only accessible to those authorized to view it?
39. What is the primary purpose of a Business Impact Analysis (BIA)?
40. An organization is evaluating its incident response plan (IRP) and aims to align it with best practices. Which of the following is a critical element that should be included to enhance the effectiveness of the IRP?
Page : 9/11
41. If different user groups with different security access levels need to access the same information, which of the following actions should management take?
42. Which of the following BEST describes the purpose of risk analysis in an organization's security and risk management process?
43. What is the primary goal of an information security governance program?
44. What is the primary goal of compliance in the context of information security?
45. What is the main difference between qualitative and quantitative risk assessment?
Page : 10/11
46. Which of the following best exemplifies ethical behavior in information security?
47. Who has the primary responsibility of determining the classification level for information?
48. What does 'availability' in the CIA Triad refer to?
49. What is the primary objective of a Data Classification Policy?
50. Which of the following is an essential element of effective information security governance?
Page : 11/11
51. Which of the following best describes the concept of 'integrity' in the context of information security?