GIAC GSTRT Actual Free Exam Questions & Community Discussion

Exam Code/Number: GSTRT
Exam Name/Title: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
Certification Provider: GIAC
Corresponding Certification: GIAC Certification

Exam Questions: 127
Updated On: Jun 02, 2026

Question #31

When drafting a cybersecurity policy, which of the following should be a primary focus?
Response:

A. Using industry-specific jargon to increase the policy's legitimacy

B. Writing the policy in highly technical terms

C. Ensuring that the policy is clear, concise, and understandable to all employees

D. Limiting the policy to management-level employees

Discussion 0

Correct Answer: C Vote an answer

Question #32

Which of the following is a common characteristic of insider threats?
Response:

A. They are always easy to detect

B. They only affect financial systems

C. They often involve individuals with legitimate access to critical systems and data

D. They can only occur in large organizations

Discussion 0

Correct Answer: C Vote an answer

Question #33

What is the key factor that helps reduce resistance to change in a cybersecurity team?
Response:

A. Enforcing strict deadlines for the change without team input

B. Providing no rationale for the change

C. Delegating all responsibilities to a third party

D. Offering clear, transparent communication about the reasons for the change and its benefits

Discussion 0

Correct Answer: D Vote an answer

Question #34

Which of the following strategies is most effective when leading a team through organizational change?
Response:

A. Making sudden changes to minimize resistance

B. Imposing the change without involving the team

C. Allowing the team to discover the change through observation

D. Engaging stakeholders and communicating the benefits of the change early and often

Discussion 0

Correct Answer: D Vote an answer

Question #35

Which of the following is a critical factor to consider when developing a business case for a cybersecurity program?
Response:

A. How much time the program takes to develop

B. The organization's historical security breaches

C. The potential return on investment (ROI) from implementing the security program

D. The amount of employee overtime needed

Discussion 0

Correct Answer: C Vote an answer

Question #36

Which of the following is a key consideration when performing a cost-benefit analysis of a security program?
Response:

A. The time it takes to train employees on the security program

B. The cost of implementing security measures versus the potential financial impact of a security breach

C. The salary of the security team

D. The upfront cost of security tools only

Discussion 0

Correct Answer: B Vote an answer

Question #37

Which of the following is a key characteristic of nation-state threat actors?
Response:

A. They primarily engage in website defacements

B. They lack significant resources and technical expertise

C. They often target critical infrastructure, government entities, and high-value intellectual property

D. They are primarily motivated by financial gain

Discussion 0

Correct Answer: C Vote an answer

Question #38

Which of the following best describes the primary focus of a vulnerability analysis in the context of understanding threats?
Response:

A. Identifying gaps in cybersecurity skills within the organization

B. Conducting phishing tests

C. Evaluating weaknesses in systems and software that could be exploited by threat actors

D. Creating a list of the organization's assets

Discussion 0

Correct Answer: C Vote an answer

Question #39

What is the primary purpose of developing a security program aligned with the organization's business objectives?
Response:

A. To increase the workload of the security team

B. To ensure the security program does not conflict with business goals

C. To reduce the overall security budget

D. To delay security improvements

Discussion 0

Correct Answer: B Vote an answer

Question #40

Your organization has experienced a series of minor security incidents, and you have been asked to perform a security program analysis to determine the root causes. You find that while the technical controls are strong, there is a lack of security awareness among employees. What steps should you take to address this issue and reduce the likelihood of future incidents?
Response:

A. Strengthen technical controls and ignore employee awareness

B. Implement a comprehensive security awareness program that includes regular training, phishing simulations, and clear communication of security policies

C. Fire employees who failed to follow security protocols

D. Post reminders about security policies without additional action

Discussion 0

Correct Answer: B Vote an answer

Download Free GIAC GSTRT Demo

Simply submit your e-mail address below to get started with our free demo of your GIAC GSTRT exam.