need detailed answer for each question:

Following a successful attack, an information security manager should be confident the malware has not continued to spread at the completion of which incident response phase?

• A. Recovery
• B. Eradication
• C. Identification
• D. Containment

Which of the following is MOST important in increasing the effectiveness of incident responders?

• A. Integrating staff with the IT department
• B. Testing response scenarios
• C. Communicating with the management team
• D. Reviewing the incident response plan annually

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?

• A. Revise the policy.
• B. Conduct a risk assessment.
• C. Communicate the acceptable use policy.
• D. Perform a root cause analysis.

While classifying information assets, an information security manager notices that several production databases do not have owners assigned to them. What the information security manager address this situation?

• A. Assign the highest classification level to those databases.
• B. Assign responsibility to the database administrator (DBA).
• C. Prepare a report of the databases for senior management.
• D. Review the databases for sensitive content.

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

• A. Integration of assurance efforts
• B. Automation of controls
• C. Documentation of control procedures
• D. Standardization of compliance requirements

Which of the following is MOST important to include in monthly information security reports to the board?

• A. Root cause analysis of security incidents
• B. Threat intelligence
• C. Risk assessment results
• D. Trend analysis of security metrics

Which of the following BEST supports investments in an information security program?

• A. Business impact analysis (BIA)
• B. Risk assessment results
• C. Gap analysis results
• D. Business cases

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

• A. contract clauses comply with the organization's information security policy.
• B. security metrics are included in the service level agreement (SLA).
• C. the information security policy of the third-party service provider is reviewed.
• D. right to audit is included in the service level agreement (SLA).

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

• A. Gap assessment
• B. Vulnerability scan report
• C. Maturity assessment
• D. Security risk analysis

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

• A. Document risk acceptances.
• B. Conduct an information security audit.
• C. Assess the consequences of noncompliance.
• D. Revise the organization's security policy.

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

• A. Require vendors to complete information security questionnaires.
• B. Request customer references from the vendor.
• C. Verify that information security requirements are included in the contract.
• D. Review the results of the vendor's independent control reports.

Which of the following should an information security manager do FIRST upon learning of noncompliance with an impending information security regulatory change?

• A. Conduct a business impact and vulnerability analysis.
• B. Report the noncompliance to senior management.
• C. Assess the risk and cost of noncompliance.
• D. Implement the correct measures to become compliant.

Who is accountable for ensuring risk mitigation is effective?

• A. Application owner
• B. Business owner
• C. Risk owner
• D. Control owner

Which of the following parties should be responsible for determining access levels to an application that processes client information?

• A. The identity and access management team
• B. The business client
• C. The information security team
• D. Business unit management

What should be an information security manager's MOST important consideration when developing a multi-year plan?

• A. Ensuring contingency plans are in place for potential information security risks
• B. Ensuring alignment with the plans of other business units
• C. Demonstrating projected budget increases year after year
• D. Allowing the information security program to expand its capabilities

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

• A. Information security manager
• B. External consultant
• C. Business continuity coordinator
• D. Information owner

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

• A. Skills required for the incident response team
• B. A detailed incident notification process
• C. A list of external resources to assist with incidents
• D. Service level agreements (SLAs)