Which of the following should be define* I FIRST when creating an organization’s information security strategy?A . BudgetB . Policies and processesC . ObjectivesD . Organizational structures View Answer Answer: C...
Continue readingWhich of the following is MOST likely to result from a properly conducted post-incident review?
Which of the following is MOST likely to result from a properly conducted post-incident review?A . Breach information is provided to the organization’s key stakeholders and users.B . The cause of the incident is discovered and remediated.C . Forensic evidence is reviewed and provided to law enforcementD . The incident response team discovers inefficiencies...
Continue readingWhich of the following would BEST justify spending for a compensating control?
Which of the following would BEST justify spending for a compensating control?A . Risk analysisB . Vulnerability analysisC . Threats analysisD . Peer benchmarking View Answer Answer: C...
Continue readingBefore final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?A . Implement more stringent countermeasures.B . Evaluate whether an excessive level of control is being applied.C . Ask senior management to increase the acceptable risk levelsD...
Continue readingThe PRIMARY purpose of vulnerability assessments is to:
The PRIMARY purpose of vulnerability assessments is to:A . provide clear evidence that the system is sufficiently secure.B . test intrusion detection systems (IDS) and response proceduresC . detect deficiencies that could lead to a system compromise.D . determine the impact of potential threats, View Answer Answer: C...
Continue readingWhich of the following is a PRIMARY security responsibility of an information owner?
Which of the following is a PRIMARY security responsibility of an information owner?A . Testing information classification controlsB . Determining the controls associated with information classificationC . Maintaining the integrity of data in the information systemD . Deciding what level of classification the information requires View Answer Answer: D...
Continue readingThe success of a computer forensic investigation depends on the concept of:
The success of a computer forensic investigation depends on the concept of:A . chain of evidence.B . chain of attack.C . forensic chainD . evidence of attack. View Answer Answer: A...
Continue readingWhich of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?
Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?A . Change managementB . Problem managementC . Configuration managementD . Incident management View Answer Answer: A...
Continue readingWhich of the following is the GREATEST issue to consider?
A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?A . The organizations have different risk appetitesB . Differing security skills within the organizationsC . Confidential information could be leakedD . Differing security technologies View Answer Answer: D...
Continue readingWhich of the following is the BEST way for an information security manager to prevent this situation from reoccurring?
A third-party contract signed by a business unit manager failed to specify information security requirements. Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?A . Inform business unit management of the information security requirements.B . Provide information security training to the business unitsC ....
Continue reading