- (Exam Topic 6)
ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.
Which metric would meet the requirement?

1. A. Number of times third parties access critical information systems
2. B. Number of systems with known vulnerabilities
3. C. Number of users with elevated privileges
4. D. Number of websites with weak or misconfigured certificates

Correct Answer: C

- (Exam Topic 1)
An organization information security policy serves to

1. A. establish budgetary input in order to meet compliance requirements
2. B. establish acceptable systems and user behavior
3. C. define security configurations for systems
4. D. define relationships with external law enforcement agencies

Correct Answer: B

- (Exam Topic 3)
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

1. A. The company lacks a risk management process
2. B. The company does not believe the security vulnerabilities to be real
3. C. The company has a high risk tolerance
4. D. The company lacks the tools to perform a vulnerability assessment

Correct Answer: C

- (Exam Topic 6)
You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.
Which of the following compliance standard is the MOST important to the organization?

1. A. The Federal Risk and Authorization Management Program (FedRAMP)
2. B. ISO 27002
3. C. NIST Cybersecurity Framework
4. D. Payment Card Industry (PCI) Data Security Standard (DSS)

Correct Answer: D
Reference:
https://searchcompliance.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard

- (Exam Topic 3)
Which of the following is the BEST indicator of a successful project?

1. A. it is completed on time or early as compared to the baseline project plan
2. B. it meets most of the specifications as outlined in the approved project definition
3. C. it comes in at or below the expenditures planned for in the baseline budget
4. D. the deliverables are accepted by the key stakeholders

Correct Answer: D