Which of the following is the MOST effective way to prevent information security incidents?

1. A. Implementing a security information and event management (SIEM) tool
2. B. Implementing a security awareness training program for employees
3. C. Deploying a consistent incident response approach
4. D. Deploying intrusion detection tools in the network environment

Correct Answer: B
The most effective way to prevent information security incidents is to implement a security awareness training program for employees. Security awareness training provides employees with the knowledge and skills they need to identify potential security threats and protect their systems from unauthorized access and malicious activity. Security awareness training also helps to ensure that employees understand their roles and responsibilities when it comes to information security, and can help to reduce the risk of information security incidents by making employees more aware of potential risks. Additionally, implementing a security information and event management (SIEM) tool, deploying a consistent incident response approach, and deploying intrusion detection tools in the network environment can also help to reduce the risk of security incidents

Which of the following is MOST important when conducting a forensic investigation?

1. A. Analyzing system memory
2. B. Documenting analysis steps
3. C. Capturing full system images
4. D. Maintaining a chain of custody

Correct Answer: D

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

1. A. best practices.
2. B. control framework
3. C. regulatory requirements.
4. D. cost-benefit analysis,

Correct Answer: C

The PRIMARY objective of performing a post-incident review is to:

1. A. re-evaluate the impact of incidents.
2. B. identify vulnerabilities.
3. C. identify control improvements.
4. D. identify the root cause.

Correct Answer: D
The primary objective of performing a post-incident review is to identify the root cause of the incident. This information is used to develop and implement corrective actions to prevent similar incidents from occurring in the future. The post-incident review process may also include a re-evaluation of the impact of the incidents, the identification of vulnerabilities, and the identification of control improvements, but the primary objective is to determine the root cause of the incident. By understanding the root cause, the organization can take proactive steps to prevent similar incidents from occurring in the future and improve the overall security posture of the organization.

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

1. A. The application does not use a secure communications protocol
2. B. The application is configured with restrictive access controls
3. C. The business process has only one level of error checking
4. D. Server-based malware protection is not enforced

Correct Answer: B
The greatest concern for an information security manager in this situation would be the security of the data that is being processed by the third-party service provider working from a remote site. This could be a concern because the data may not be adequately protected from unauthorized access, manipulation, or theft. A secure communications protocol should be used to ensure the confidentiality and integrity of the data in transit. Additionally, the information security manager should ensure that the third-party service provider has appropriate security controls in place to protect the data, such as access controls, error checking, and malware protection. This information can be found in the ISACA's Certified Information Security Manager (CISM) Study Manual, Section 5.2.