LDR514 | Questions and answers | latest update
Save
Terms in this set (385)
Question: A newly appointed security Answer: C
manager is tasked with creating the
organization's first formal security Rationale: Strategic planning foundations
strategic plan. According to the emphasize that creating effective security strategic
Strategic Planning Foundations plans requires a fundamental understanding of the
guidance, what should be the business and a deep understanding of the threat
manager's FIRST priority before landscape before moving into specific initiatives,
drafting specific security initiatives? roadmaps, or policies.
Options:
A) A. Select a control framework
(e.g., NIST CSF) and map all existing
controls
B) B. Create detailed project plans
and a multiyear security roadmap
C) C. Develop a fundamental
understanding of the business and
the threat landscape
D) D. Draft security policies and
standards to define expected
behaviors
,Question: Which of the following Answer: B
BEST describes the role of alignment
in a security strategic plan as Rationale: The materials state that a security
outlined in the reference materials? program and policies must align with the
organization's overall mission, goals, objectives,
Options: and culture, and that strategic plans should
A) A. Ensuring all security projects resonate with customers and business partners.
are completed within the same fiscal
year
B) B. Ensuring the security program
aligns with the organization's mission,
goals, objectives, and culture
C) C. Ensuring the security roadmap
is strictly driven by current technical
vulnerabilities
D) D. Ensuring the security team's
objectives are independent of
business priorities to maintain
objectivity
Question: In the context of strategic Answer: threat
planning foundations, security
leaders are expected to understand Rationale: The course description explicitly states
both business goals and the [BLANK] that successful security leaders need a deep
landscape, including threat actors, understanding of business goals and strategy,
business threats, and attacker tactics, coupled with knowledge of the threat landscape,
techniques, and procedures. including threat actors, business threats, and
attacker TTPs.
,Question: According to the Strategic Answer: B
Planning Foundations described in
the course, what are the two Rationale: The Strategic Planning Foundations
fundamental types of understanding section states that creating security strategic plans
a security leader must have before requires both a fundamental understanding of the
creating an effective security business and a deep understanding of the threat
strategic plan? landscape. This dual perspective ensures that
security work is placed in the appropriate business
Options: context and is informed by relevant threats,
A) A deep understanding of security attacker tactics, techniques, and procedures. The
technologies and regulatory other options list important skills but are not
compliance requirements identified as the foundational requirements for
B) A deep understanding of the strategic planning in the referenced material.
business and a deep understanding
of the threat landscape
C) A deep understanding of project
management and budgeting
practices
D) A deep understanding of
enterprise architecture and software
development lifecycles
, Question: A CISO is preparing a Answer: D
business case to gain executive
support and funding for a new multi- Rationale: The materials describe a business case
year security strategy. Based on the as including a problem statement, current state,
strategic planning guidance, which desired future state, requirements, approach, and a
element is MOST critical to include to plan/roadmap, and emphasize understanding
secure buy-in from senior leadership business priorities and marketing the security
and steering committees? program effectively to executives.
Options:
A) A. A detailed list of all security
tools to be purchased over the next
three years
B) B. A highly technical description of
attacker TTPs without business
context
C) C. A summary of security team
accomplishments over the past year
D) D. A clear articulation of the
problem, current state, desired future
state, and a roadmap that supports
business priorities
Save
Terms in this set (385)
Question: A newly appointed security Answer: C
manager is tasked with creating the
organization's first formal security Rationale: Strategic planning foundations
strategic plan. According to the emphasize that creating effective security strategic
Strategic Planning Foundations plans requires a fundamental understanding of the
guidance, what should be the business and a deep understanding of the threat
manager's FIRST priority before landscape before moving into specific initiatives,
drafting specific security initiatives? roadmaps, or policies.
Options:
A) A. Select a control framework
(e.g., NIST CSF) and map all existing
controls
B) B. Create detailed project plans
and a multiyear security roadmap
C) C. Develop a fundamental
understanding of the business and
the threat landscape
D) D. Draft security policies and
standards to define expected
behaviors
,Question: Which of the following Answer: B
BEST describes the role of alignment
in a security strategic plan as Rationale: The materials state that a security
outlined in the reference materials? program and policies must align with the
organization's overall mission, goals, objectives,
Options: and culture, and that strategic plans should
A) A. Ensuring all security projects resonate with customers and business partners.
are completed within the same fiscal
year
B) B. Ensuring the security program
aligns with the organization's mission,
goals, objectives, and culture
C) C. Ensuring the security roadmap
is strictly driven by current technical
vulnerabilities
D) D. Ensuring the security team's
objectives are independent of
business priorities to maintain
objectivity
Question: In the context of strategic Answer: threat
planning foundations, security
leaders are expected to understand Rationale: The course description explicitly states
both business goals and the [BLANK] that successful security leaders need a deep
landscape, including threat actors, understanding of business goals and strategy,
business threats, and attacker tactics, coupled with knowledge of the threat landscape,
techniques, and procedures. including threat actors, business threats, and
attacker TTPs.
,Question: According to the Strategic Answer: B
Planning Foundations described in
the course, what are the two Rationale: The Strategic Planning Foundations
fundamental types of understanding section states that creating security strategic plans
a security leader must have before requires both a fundamental understanding of the
creating an effective security business and a deep understanding of the threat
strategic plan? landscape. This dual perspective ensures that
security work is placed in the appropriate business
Options: context and is informed by relevant threats,
A) A deep understanding of security attacker tactics, techniques, and procedures. The
technologies and regulatory other options list important skills but are not
compliance requirements identified as the foundational requirements for
B) A deep understanding of the strategic planning in the referenced material.
business and a deep understanding
of the threat landscape
C) A deep understanding of project
management and budgeting
practices
D) A deep understanding of
enterprise architecture and software
development lifecycles
, Question: A CISO is preparing a Answer: D
business case to gain executive
support and funding for a new multi- Rationale: The materials describe a business case
year security strategy. Based on the as including a problem statement, current state,
strategic planning guidance, which desired future state, requirements, approach, and a
element is MOST critical to include to plan/roadmap, and emphasize understanding
secure buy-in from senior leadership business priorities and marketing the security
and steering committees? program effectively to executives.
Options:
A) A. A detailed list of all security
tools to be purchased over the next
three years
B) B. A highly technical description of
attacker TTPs without business
context
C) C. A summary of security team
accomplishments over the past year
D) D. A clear articulation of the
problem, current state, desired future
state, and a roadmap that supports
business priorities
