- All Exams Instant Download
What is the definition of Risk in Information Security?
What is the definition of Risk in Information Security?A . Risk = Probability x ImpactB . Risk = Impact x ThreatC . Risk = Threat x ProbabilityD . Risk = Financial Impact x ProbabilityView AnswerAnswer: A
What is the relationship between information protection and regulatory compliance?
What is the relationship between information protection and regulatory compliance?A . That all information in an organization must be protected equally.B . The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.C . There is no relationship between the...
Which of the following is a benefit of a risk-based approach to audit planning?
Which of the following is a benefit of a risk-based approach to audit planning?A . Resources are allocated to the areas of the highest concernB . Scheduling may be performed months in advanceC . Budgets are more likely to be met by the IT audit staffD . Staff will be...
This activity BEST demonstrates what part of a security program?
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?A . Compliance managementB . Audit validationC . Physical control testingD . Security awareness trainingView AnswerAnswer: A
Risk that remains after risk mitigation is known as_____________.
Risk that remains after risk mitigation is known as_____________.A . Accepted riskB . Residual riskC . Non-tolerated riskD . Persistent riskView AnswerAnswer: B
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD.
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of____________.A . Qualitative risk analysisB . Risk AppetiteC . Quantitative risk analysisD . Risk ToleranceView AnswerAnswer: C
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.A . Technical controlB . Management controlC . Procedural controlD . Administrative controlView AnswerAnswer: B
The Information Security Governance program MUST:
The Information Security Governance program MUST:A . integrate with other organizational governance processesB . show a return on investment for the organizationC . integrate with other organizational governance processesD . support user choice for Bring Your Own Device (BYOD)View AnswerAnswer: C
When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?
When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?A . EradicationB . EscalationC . ContainmentD . RecoveryView AnswerAnswer: C
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?A . How many credit records are stored?B . What is the value of the assets at risk?C . What is the scope...
