need answer and explanation for each question

1. What is the FIRST line of defense against criminal insider activities?

A. Signing security agreements by critical personnel

B. Stringent and enforced access controls

C. Validating the integrity of personnel

D. Monitoring employee activities

2. Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

A. Recovery strategy

B. Risk mitigation strategy

C. Security strategy

D. IT strategy

3. Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan?

A. When recovery time objectives (RTOs) are not met

B. When missing information impacts recovery from an incident

C. Before an internal audit of the incident response process

D. At intervals indicated by industry best practice

4. Which of the following should be the MOST important consideration when prioritizing risk remediation?

A. Evaluation of risk

B. Duration of exposure

C. Comparison to risk appetite

D. Impact of compliance

5. An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:

A. transfer the risk to a third party.

B. determine appropriate countermeasures.

C. report to management.

D. quantify the aggregated risk.

6. An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action?

A. Block access to the cloud storage service

B. Determine the classification level of the information

C. Seek business justification from the employee

D. Inform higher management of a security breach

7. A measure of the effectiveness of the incident response capabilities of an organization is the:

A. number of incidents detected.

B. number of employees receiving incident response training.

C. reduction of the annual loss expectancy (ALE).

D. time to closure of incidents.

8. An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers, and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?

A. Separate security controls for applications, platforms, programs, and endpoints

B. Multi-factor login requirements for cloud service applications, timeouts, and complex passwords

C. Deployment of nested firewalls within the infrastructure

D. Strict enforcement of role-based access control (RBAC)

9. Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

A. escalate concerns for conflicting access rights to management.

B. review access rights as the acquisition integration occurs.

C. implement consistent access control standards.

D. perform a risk assessment of the access rights.

10. After a server has been attacked, which of the following is the BEST course of action?

A. Isolate the system.

B. Initiate incident response.

C. Conduct a security audit.

D. Review vulnerability assessment.

11. In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A. Non-standard event logs

B. Access to the hardware

C. Data encryption

D. Compressed customer data