GIAC GSTRT Actual Free Exam Questions & Community Discussion

Exam Code/Number: GSTRT
Exam Name/Title: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
Certification Provider: GIAC
Corresponding Certification: GIAC Certification

Exam Questions: 127
Updated On: Jun 02, 2026

Question #41

Your organization is developing a new security program to address both internal threats and compliance requirements. However, after initial development, you discover that the program does not adequately address insider threats. How would you revise the program to account for this gap?
Response:

A. Update the program to include measures such as employee background checks, access control monitoring, and security awareness training focused on detecting and preventing insider threats

B. Ignore the insider threat issue, as it hasn't been a problem in the past

C. Eliminate all employee access to sensitive systems

D. Implement a separate program to handle insider threats without revising the current security program

Discussion 0

Correct Answer: A Vote an answer

Question #42

What is the primary purpose of including a policy exception process in a cybersecurity policy?
Response:

A. To provide a structured process for requesting deviations from the policy under specific circumstances

B. To avoid having to enforce the policy

C. To minimize policy updates

D. To allow employees to bypass the policy

Discussion 0

Correct Answer: A Vote an answer

Question #43

What is the primary purpose of a cybersecurity policy review process?
Response:

A. To reduce the complexity of the policy

B. To simplify the policy so that it covers only basic security measures

C. To ensure the policy remains relevant to new threats and regulatory changes

D. To remove outdated sections without consulting stakeholders

Discussion 0

Correct Answer: C Vote an answer

Question #44

What is the purpose of including a "least privilege" principle in a cybersecurity policy?
Response:

A. To allow all users to access sensitive data

B. To prevent the use of administrative privileges by IT staff

C. To ensure that all users have the highest level of access

D. To restrict users' access to only the resources they need to perform their job duties

Discussion 0

Correct Answer: D Vote an answer

Question #45

When developing a password policy, which of the following recommendations is most effective in ensuring strong, secure passwords?
Response:

A. Encouraging employees to write down their passwords in a secure location

B. Enforcing the use of common passwords for ease of memorization

C. Allowing users to reset passwords every six months without complexity requirements

D. Requiring multi-factor authentication (MFA) in addition to passwords for added security

Discussion 0

Correct Answer: D Vote an answer

Question #46

You have just taken over as a manager of a cybersecurity team that has been struggling with meeting deadlines due to poor communication. Your initial assessment shows that team members are hesitant to share ideas and provide updates in meetings.
What is the most effective approach to improve communication and team performance?
Response:

A. Require all communication to be conducted via email and reviewed before meetings

B. Use an anonymous feedback system for team members to submit ideas without speaking in meetings

C. Introduce weekly team meetings that include time for idea sharing and feedback, and encourage one-on-one check-ins with team members

D. Implement a strict reporting structure where all updates go directly to you

Discussion 0

Correct Answer: C Vote an answer

Question #47

Why is it important to involve legal and compliance teams during the development of a cybersecurity program?
Response:

A. To ensure that the program meets legal and regulatory requirements

B. To allow the legal team to take control of security operations

C. To avoid making the program too strict

D. To delay the development of the program

Discussion 0

Correct Answer: A Vote an answer

Question #48

Your organization operates in the financial sector and has been receiving intelligence reports about a growing number of ransomware attacks targeting similar institutions. How should you adjust your cybersecurity strategy to mitigate the risk of a ransomware attack?
Response:

A. Ignore the reports since your organization hasn't been targeted yet

B. Strengthen your incident response plan, implement regular backups of critical data, perform network segmentation, and provide employee training on phishing prevention

C. Shut down all network connections to prevent an attack

D. Wait for an attack to occur before taking any action

Discussion 0

Correct Answer: B Vote an answer

Question #49

What is the best way to ensure employees are aware of changes to cybersecurity policies?
Response:

A. Sending an email with the updated policy and assuming everyone reads it

B. Posting the policy updates on a bulletin board without explanation

C. Relying on managers to verbally inform their teams

D. Implementing mandatory training sessions and providing clear communication channels to explain the updates

Discussion 0

Correct Answer: D Vote an answer

Question #50

When leading a cybersecurity team through a security policy change, which of the following should be a priority for the leader?
Response:

A. Focusing solely on the technical details of the change

B. Delegating the responsibility for implementing the change to the lowest-level employees

C. Ensuring clear communication about the change's purpose and how it aligns with the organization's goals

D. Ignoring feedback from stakeholders

Discussion 0

Correct Answer: C Vote an answer

Download Free GIAC GSTRT Demo

Simply submit your e-mail address below to get started with our free demo of your GIAC GSTRT exam.