- All Exams Instant Download
What is the BEST way to achieve on-going compliance monitoring in an organization?
What is the BEST way to achieve on-going compliance monitoring in an organization?A . Only check compliance right before the auditors are scheduled to arrive onsite. B. Outsource compliance to a 3rd party vendor and let them manage the program. C. Have Compliance and Information Security partner to correct issues...
What is the NEXT logical step in applying the controls in the organization?
An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?A . Determine the risk tolerance B. Perform an asset classification C. Create...
What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?A . Scan a representative sample...
What does this selection indicate?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?A . A high threat...
When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it
When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy itA . In promiscuous mode and only detect malicious traffic. B. In-line and turn on blocking mode to stop malicious traffic. C. In promiscuous mode and block malicious traffic. D....
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?A . Determine appetite B. Evaluate risk avoidance criteria C. Perform a risk assessment D. Mitigate riskView AnswerAnswer: D
Which is the BEST type of risk that defines this event?
As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand. Which is the BEST type of risk that defines this event?A . Compliance...
Which of the following intellectual Property components is focused on maintaining brand recognition?
Which of the following intellectual Property components is focused on maintaining brand recognition?A . Trademark B. Patent C. Research Logs D. CopyrightView AnswerAnswer: A
When managing the security architecture for your company you must consider:
When managing the security architecture for your company you must consider:A . Security and IT Staff size B. Company Values C. Budget D. All of the aboveView AnswerAnswer: D
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than theA . Controlled mitigation effort B. Risk impact comparison C. Relative likelihood of event D. Comparative threat analysisView AnswerAnswer: C
