GIAC Strategic Planning, Policy, and Leadership (GSTRT)

Question 1

Which of the following tools can help automate the enforcement of cybersecurity policies within an organization?
Response:

A. Physical security audits

B. Policy management software

C. Employee meetings

D. Printed policy handbooks

Correct Answer: B

Question 2

Which of the following is a critical step in ensuring that a cybersecurity program meets the needs of the business?
Response:

A. Implementing a one-size-fits-all security model across the organization

B. Excluding senior leadership from cybersecurity discussions

C. Involving business leaders and stakeholders in cybersecurity planning and strategy development

D. Avoiding discussions of cybersecurity with non-technical teams

Correct Answer: C

Question 3

Which of the following is the most important trait for a leader when managing organizational change?
Response:

A. Flexibility

B. Micromanagement

C. Fearlessness

D. Indifference

Correct Answer: A

Question 4

When developing a policy for handling sensitive customer data, what is the top priority?
Response:

A. Compliance with data protection regulations such as GDPR and CCPA

B. Cost-saving measures

C. Outsourcing all data processing to third-party vendors

D. Limiting customer data collection to email addresses only

Correct Answer: A

Question 5

Your organization has been monitoring an increasing number of phishing attacks targeting senior leadership. You've identified several incidents where executives nearly fell victim to these scams. What steps should you take to mitigate this specific threat?
Response:

A. Assume that executives will eventually fall victim and focus on remediation

B. Disable all email accounts to prevent phishing attacks

C. Implement targeted phishing awareness training for executives, deploy email filtering and anti-phishing technologies, and establish multi-factor authentication for sensitive accounts

D. Ignore the threat since no successful attacks have occurred yet

Correct Answer: C

Question 6

What is the benefit of using a maturity model to assess a security program?
Response:

A. It eliminates the need for risk assessments

B. It provides a structured framework for evaluating the program's progress and areas for improvement

C. It simplifies security processes by focusing on only one area

D. It reduces the organization's overall security budget

Correct Answer: B

Question 7

Which of the following is a critical factor when defining security policy enforcement mechanisms?
Response:

A. Clear communication of the consequences for non-compliance

B. Availability of automated enforcement tools

C. Employee resistance

D. Policy complexity

Correct Answer: A

Question 8

Your organization is facing a growing number of cyber threats, and you have been tasked with assessing the current security program to identify gaps and areas for improvement. After conducting a risk assessment, you find that the security program does not address recent developments in ransomware protection. What steps should you take to address this issue while aligning the program with the organization's values and risk tolerance?
Response:

A. Ignore ransomware protection since it has not caused any recent incidents

B. Delay any updates to the program until a ransomware attack occurs

C. Update the security program by implementing ransomware-specific defenses such as frequent data backups, network segmentation, and employee training on phishing attacks

D. Allocate the ransomware protection budget to other areas of security

Correct Answer: C

Question 9

What is the purpose of developing a "change champion" within a cybersecurity team?
Response:

A. To replace the project manager during the change initiative

B. To enforce the changes without feedback from the team

C. To remove the responsibility of change management from the leader

D. To serve as a leader within the team who advocates for the change and supports others in the transition

Correct Answer: D

GIAC Strategic Planning, Policy, and Leadership (GSTRT) - GSTRT Exam Practice Test

Latest Update

Useful Links

Contact Us