Page : 1/11
1. Which of the following BEST describes the purpose of risk analysis in an organization's security and risk management process?
2. An organization is evaluating its incident response plan (IRP) and aims to align it with best practices. Which of the following is a critical element that should be included to enhance the effectiveness of the IRP?
3. Which of the following BEST describes the goal of a Risk Appetite Statement?
4. Which of the following best exemplifies ethical behavior in information security?
5. Which of the following best exemplifies the concept of "Tailgating" in a physical security context?
Page : 2/11
6. Which of the following best describes the purpose of risk management in an organization's security strategy?
7. Which of the following best describes the purpose of compliance with legal and regulatory requirements in information security?
8. If different user groups with different security access levels need to access the same information, which of the following actions should management take?
9. Which of the following best describes the concept of "Separation of Duties"?
10. Which of the following best describes the term "Third-Party Risk"?
Page : 3/11
11. What is the main difference between qualitative and quantitative risk assessment?
12. Who is ultimately responsible for making sure data is classified and protected?
13. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
14. In the context of information security frameworks, what is the primary goal of ISO/IEC 27001?
15. A company is planning to expand its operations internationally and is concerned about the varied data protection laws in different countries. What is the most effective strategy for managing these legal and regulatory compliance risks?
Page : 4/11
16. Which of the following best defines "Social Engineering"?
17. Which of the following best describes the primary purpose of implementing security governance within an organization?
18. What does the term "Due Diligence" refer to in the context of information security?
19. In the context of access control, what does the term "Authentication" refer to?
20. Your organization has identified a risk with a high impact but low likelihood. Which of the following is the MOST appropriate risk response?
Page : 5/11
21. Which of the following best describes the concept of 'integrity' in the context of information security?
22. Which of the following best describes a Security Policy?
23. What should management consider the most when classifying data?
24. Which of the following is a PRIMARY goal of information security governance?
25. Who has the primary responsibility of determining the classification level for information?
Page : 6/11
26. Which of the following is a key benefit of implementing an effective Security Awareness Training program?
27. What is the primary purpose of a Business Impact Analysis (BIA)?
28. What is the primary function of a Security Information and Event Management (SIEM) system?
29. What is the primary goal of the CIA Triad in information security?
30. What is the primary purpose of conducting a vulnerability assessment?
Page : 7/11
31. In the context of risk management, what is the significance of "Risk Appetite" in determining an organization's security investment?
32. Which of the following is an example of a physical security control?
33. In the context of information security, what does "Confidentiality" aim to prevent?
34. Which of the following scenarios exemplifies the concept of "Defense in Depth"?
35. What is the primary purpose of the "Data Owner" role in information security?
Page : 8/11
36. What is the primary purpose of implementing the principle of least privilege?
37. What is the PRIMARY purpose of risk management in information security?
38. What is the primary purpose of encryption in cybersecurity?
39. What role does an Incident Response Team play in an organization's security posture?
40. Which of the following is NOT a primary objective of implementing security controls based on the CIA Triad?
Page : 9/11
41. What is the main goal of an Incident Response Plan (IRP)?
42. What principle is primarily concerned with ensuring that data is only accessible to those authorized to view it?
43. Which of the following is a key component of a "Security Awareness Program"?
44. What does 'availability' in the CIA Triad refer to?
45. Which of the following incidents would MOST likely trigger the activation of a Disaster Recovery Plan (DRP)?
Page : 10/11
46. Which of the following scenarios BEST illustrates the concept of a "Man in the Middle" (MitM) attack?
47. What is the primary objective of a Data Classification Policy?
48. Which of the following is an essential element of effective information security governance?
49. What is the primary goal of compliance in the context of information security?
50. Which group causes the most risk of fraud and computer compromises?
Page : 11/11
51. What is the primary goal of an information security governance program?