What is a key policy that should be part of the information security plan?
C
Reference:
https://www.exabeam.com/information-security/information-security-policy/
A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO)
receives impact data in financial terms to use as input to select the proper level of coverage in a new
cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information
required?
D
As the CISO, you are the project sponsor for a highly visible log management project. The objective of
the project is to centralize all the enterprise logs into a security information and event management
(SIEM) system. You requested the results of the performance quality audits activity.
The performance quality audit activity is done in what project management process group?
A
Reference:
https://blog.masterofproject.com/executing-process-group-project-
management/#:~:text=Executing%20Process%20Group%20Activity%20%2310,of%20the%20project
%20are%20met
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor
security operations during off-hours. To reduce the impact of staff shortages and increase coverage
during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?
A
Reference:
https://www.techtarget.com/searchsecurity/tip/Benefits-of-virtual-SOCs-Enterprise-run-
vs-fully-managed
What is the primary difference between regulations and standards?
C
The Board of Directors of a publicly-traded company is concerned about the security implications of a
strategic project that will migrate 50% of the organizations information technology assets to the
cloud. They have requested a briefing on the project plan and a progress report of the security
stream of the project. As the CISO, you have been tasked with preparing the report for the Chief
Executive Officer to present.
Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?
A
Reference:
https://www.pmi.org/learning/library/earned-value-management-systems-analysis-
8026#:~:text=The%20cost%20variance%20is%20defined,the%20project%20is%20on%20budget
Optical biometric recognition such as retina scanning provides access to facilities through reading the
unique characteristics of a persons eye.
However, authorization failures can occur with individuals who have?
A
A bastion host should be placed:
C
Reference:
https://www.skillset.com/questions/a-bastion-host-is-which-of-the-following
A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to
make better decisions on protecting information and assets.
What is the MAIN goal of threat hunting to the SecOps Manager?
A
Reference:
https://www.techtarget.com/searchsecurity/feature/7-SecOps-roles-and-responsibilities-
for-the-modern-enterprise
Which of the following are the triple constraints of project management?
C
Reference:
https://www.teamgantt.com/blog/triple-constraint-project-
management#:~:text=Each%20side%20or%20point%20of,scope%2C%20time%2C%20and%20cost
What key technology can mitigate ransomware threats?
A
Reference:
https://cloud.google.com/blog/products/identity-security/5-pillars-of-protection-to-
prevent-ransomware-attacks
What does RACI stand for?
C
Reference:
https://www.google.com/search?q=What+does+RACI+stand+for&oq=What+does+RACI+stand+for&
aqs=edge..69i57.220j0j4&sourceid=chrome&ie=UTF-8
The primary responsibility for assigning entitlements to a network share lies with which role?
B
Reference:
https://resources.infosecinstitute.com/certification/data-and-system-ownership/
What organizational structure combines the functional and project structures to create a hybrid of
the two?
D
Reference:
https://www.knowledgehut.com/tutorials/project-management/organization-structures
XYZ is a publicly-traded software development company.
Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?
C
Reference:
https://www.eccouncil.org/information-security-management/