GIAC Strategic Planning, Policy, and Leadership (GSTRT) (GSTRT) Free Practice Test

Question 1

What is the primary purpose of including a policy exception process in a cybersecurity policy?
Response:

A. To provide a structured process for requesting deviations from the policy under specific circumstances

B. To avoid having to enforce the policy

C. To allow employees to bypass the policy

D. To minimize policy updates

Correct Answer: A

Question 2

How does aligning a security program with industry best practices, such as NIST or ISO standards, benefit the organization?
Response:

A. It limits the organization's ability to implement custom controls

B. It reduces the need for audits

C. It provides a strong foundation for security controls and ensures the program meets widely accepted standards

D. It increases the cost of the program

Correct Answer: C

Question 3

Which of the following is the best practice for maintaining the relevance of cybersecurity policies as technology evolves?
Response:

A. Limiting policy updates to only when a security incident occurs

B. Assuming that current policies will always be relevant

C. Writing policies that are deliberately vague

D. Conducting regular policy reviews and incorporating feedback from IT, legal, and compliance teams

Correct Answer: D

Question 4

What is a common mistake leaders make when implementing organizational change in cybersecurity?
Response:

A. Not addressing the concerns and fears of the team members

B. Setting realistic goals and expectations

C. Over-communicating the benefits of the change

D. Encouraging team members to participate in decision-making

Correct Answer: A

Question 5

During a security program analysis, you discover that the organization's incident response process is slow, leading to extended downtime during cyberattacks. The executive team is concerned about the financial impact of these delays. How would you address this issue to improve the incident response process and minimize downtime in the future?
Response:

A. Rely solely on external vendors for incident response

B. Implement a formal incident response plan with clear roles, conduct regular incident response drills, and invest in automated tools to accelerate detection and response

C. Assign all incident response duties to a single employee to streamline the process

D. Ignore the delays since no major breaches have occurred

Correct Answer: B

Question 6

What is the benefit of aligning cybersecurity policies with international standards such as ISO 27001?
Response:

A. It reduces the need for internal audits

B. It increases the complexity of the policy

C. It limits the organization's flexibility to adopt emerging technologies

D. It ensures the policy meets global best practices and enhances the organization's credibility

Correct Answer: D

Question 7

Why is it important to understand the organization's key stakeholders when developing a cybersecurity strategy?
Response:

A. To prioritize the needs of the IT department

B. To avoid asking for stakeholder feedback

C. To simplify the cybersecurity program by excluding stakeholder input

D. To ensure the cybersecurity strategy addresses the concerns and priorities of individuals or groups who have a vested interest in the organization's success

Correct Answer: D

Welcome to TestSimulate

GIAC Strategic Planning, Policy, and Leadership (GSTRT) (GSTRT) Free Practice Test