Question 1

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

Accepted Answer

Scanning a representative sample of systems allows the security officer to get a realistic view of the organization's vulnerability state without being overwhelmed by data from scanning the entire infrastructure.

Question 2

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Accepted Answer

Deploying countermeasures and compensation controls is a cost-effective way to mitigate the risk temporarily while working within budget constraints, allowing the system to remain operational.

Question 3

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Accepted Answer

Information Security teams are typically responsible for monitoring and reviewing network intrusion detection system logs to ensure the security of the organization's systems.

Question 4

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Accepted Answer

The CISO's first priority should be to review the recommendations and follow up to see if audit implemented the changes. This will help the CISO to understand the current state of the company's information security program and to identify any areas that need improvement.

Question 5

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it___________

Accepted Answer

Deploying an IPS in-line with blocking mode allows it to actively monitor and block malicious traffic in real-time, providing maximum protection.

Question 6

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

Accepted Answer

A vulnerability is a weakness in an asset or group of assets that can be exploited by one or more threats.

Question 7

When should IT security project management be outsourced?

Accepted Answer

When the benefits of outsourcing outweigh the inherent risks of outsourcing

Question 8

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

Accepted Answer

Organizational controls involve structuring roles and responsibilities within an organization to ensure security and compliance, such as assigning Information Assurance to a dedicated group.

Question 9

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

Accepted Answer

Defining the Information Security Policy is the first step as it sets the direction and framework for the entire Information Security Management System (ISMS) and guides subsequent actions.

Question 10

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Accepted Answer

Encryption import/export regulations can significantly impact the implementation of encryption technologies across different countries due to varying legal restrictions and requirements.

Question 11

Which of the following activities is the MAIN purpose of the risk assessment process?

Accepted Answer

The main purpose of the risk assessment process is to calculate the risks to which assets are exposed in their current setting, allowing organizations to understand potential threats and vulnerabilities.

Question 12

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

Accepted Answer

Conducting periodic tabletop exercises helps refine the BC plan by simulating scenarios and identifying gaps or areas for improvement.

Question 13

The risk found after a control has been fully implemented is called:

Accepted Answer

Residual risk is the risk that remains after all control measures have been applied.

Question 14

Creating a secondary authentication process for network access would be an example of?

Accepted Answer

The answer of Creating a secondary authentication process for network...

Question 15

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

Accepted Answer

The number of successful social engineering attempts on the call center is a direct measure of how well employees are applying their security awareness training, making it a relevant KPI for the effectiveness of the program.

Question 16

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Accepted Answer

External penetration testing by a qualified third party is the most effective way to measure the effectiveness of security controls on a perimeter network because it simulates real-world attacks and identifies vulnerabilities that may not be detected by other methods.

Question 17

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

Accepted Answer

Phishing tests are directly related to assessing the effectiveness of a Security Awareness Program, as they measure how well employees can recognize and respond to phishing attempts.

Question 18

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Accepted Answer

Conducting a thorough risk assessment will help identify the specific vulnerabilities and their potential impact, allowing for informed decision-making on how to address the issue effectively.

Question 19

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Accepted Answer

COBIT is designed to help organizations meet regulatory compliance and improve IT governance, which can ease auditing and compliance burdens.

Question 20

Which of the following BEST describes an international standard framework that is based on the security model Information Technology-Code of Practice for Information Security Management?

Accepted Answer

ISO 27001 is an international standard that provides a framework for an information security management system (ISMS) and is based on the security model Information Technology-Code of Practice for Information Security Management.

Exam 2: Certified Network Defender