Page : 1/11
1. What is the primary goal of compliance in the context of information security?
2. Which of the following incidents would MOST likely trigger the activation of a Disaster Recovery Plan (DRP)?
3. What is the primary purpose of conducting a vulnerability assessment?
4. Who is ultimately responsible for making sure data is classified and protected?
5. Which of the following best describes the concept of 'integrity' in the context of information security?
Page : 2/11
6. Which of the following scenarios exemplifies the concept of "Defense in Depth"?
7. What is the primary purpose of implementing the principle of least privilege?
8. Which of the following best describes the term "Third-Party Risk"?
9. Which of the following scenarios BEST illustrates the concept of a "Man in the Middle" (MitM) attack?
10. Which of the following is a PRIMARY goal of information security governance?
Page : 3/11
11. Which of the following is a key component of a "Security Awareness Program"?
12. What does the term "Due Diligence" refer to in the context of information security?
13. What should management consider the most when classifying data?
14. An organization is evaluating its incident response plan (IRP) and aims to align it with best practices. Which of the following is a critical element that should be included to enhance the effectiveness of the IRP?
15. What does 'availability' in the CIA Triad refer to?
Page : 4/11
16. If different user groups with different security access levels need to access the same information, which of the following actions should management take?
17. Which of the following best describes the purpose of compliance with legal and regulatory requirements in information security?
18. What role does an Incident Response Team play in an organization's security posture?
19. Which of the following is a key benefit of implementing an effective Security Awareness Training program?
20. Which of the following is an example of a physical security control?
Page : 5/11
21. What is the primary purpose of a Business Impact Analysis (BIA)?
22. Which of the following is an essential element of effective information security governance?
23. What is the primary objective of a Data Classification Policy?
24. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
25. Who has the primary responsibility of determining the classification level for information?
Page : 6/11
26. What is the PRIMARY purpose of risk management in information security?
27. What principle is primarily concerned with ensuring that data is only accessible to those authorized to view it?
28. What is the primary goal of the CIA Triad in information security?
29. Which of the following best defines "Social Engineering"?
30. Which of the following is NOT a primary objective of implementing security controls based on the CIA Triad?
Page : 7/11
31. Which of the following best exemplifies ethical behavior in information security?
32. In the context of information security frameworks, what is the primary goal of ISO/IEC 27001?
33. What is the main goal of an Incident Response Plan (IRP)?
34. What is the main difference between qualitative and quantitative risk assessment?
35. Which of the following best exemplifies the concept of "Tailgating" in a physical security context?
Page : 8/11
36. Which group causes the most risk of fraud and computer compromises?
37. In the context of information security, what does "Confidentiality" aim to prevent?
38. Your organization has identified a risk with a high impact but low likelihood. Which of the following is the MOST appropriate risk response?
39. Which of the following BEST describes the goal of a Risk Appetite Statement?
40. Which of the following BEST describes the purpose of risk analysis in an organization's security and risk management process?
Page : 9/11
41. Which of the following best describes a Security Policy?
42. What is the primary purpose of the "Data Owner" role in information security?
43. A company is planning to expand its operations internationally and is concerned about the varied data protection laws in different countries. What is the most effective strategy for managing these legal and regulatory compliance risks?
44. What is the primary goal of an information security governance program?
45. Which of the following best describes the primary purpose of implementing security governance within an organization?
Page : 10/11
46. In the context of access control, what does the term "Authentication" refer to?
47. In the context of risk management, what is the significance of "Risk Appetite" in determining an organization's security investment?
48. What is the primary function of a Security Information and Event Management (SIEM) system?
49. Which of the following best describes the purpose of risk management in an organization's security strategy?
50. Which of the following best describes the concept of "Separation of Duties"?
Page : 11/11
51. What is the primary purpose of encryption in cybersecurity?