Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

1. A. Adopt the cloud provider's incident response procedures.
2. B. Transfer responsibility for incident response to the cloud provider.
3. C. Continue using the existing incident response procedures.
4. D. Revise incident response procedures to encompass the cloud environment.

Correct Answer: D

Which of the following should be the PRIMARY objective of an information security governance framework?

1. A. Provide a baseline for optimizing the security profile of the organization.
2. B. Demonstrate senior management commitment.
3. C. Demonstrate compliance with industry best practices to external stakeholders.
4. D. Ensure that users comply with the organization's information security policies.

Correct Answer: A
According to the Certified Information Security Manager (CISM) Study Manual, "The primary objective of information security governance is to provide a framework for managing and controlling information security practices and technologies at an enterprise level. Its goal is to manage and reduce risk through a process of identification, assessment, and management of those risks."
While demonstrating senior management commitment, compliance with industry best practices, and ensuring user compliance with policies are all important aspects of information security governance, they are not the primary objective. The primary objective is to manage and reduce risk by establishing a framework for managing and controlling information security practices and technologies at an enterprise level.

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

1. A. Regulatory requirements are being met.
2. B. Internal compliance requirements are being met.
3. C. Risk management objectives are being met.
4. D. Business needs are being met.

Correct Answer: D

Which of the following is the BEST indication of effective information security governance?

1. A. Information security is considered the responsibility of the entire information security team.
2. B. Information security controls are assigned to risk owners.
3. C. Information security is integrated into corporate governance.
4. D. Information security governance is based on an external security framework.

Correct Answer: C

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

1. A. Multi-factor authentication
2. B. Digital encryption
3. C. Data masking
4. D. Digital signatures

Correct Answer: B