- All Exams Instant Download
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?A . The organization uses exclusively a quantitative process to measure riskB . The organization uses exclusively a qualitative process to measure riskC . The organization’s risk tolerance is highD . The organization’s...
The PRIMARY objective of security awareness is to:
The PRIMARY objective of security awareness is to:A . Ensure that security policies are read.B . Encourage security-conscious employee behavior.C . Meet legal and regulatory requirements.D . Put employees on notice in case follow-up action for noncompliance is necessaryView AnswerAnswer: B
What is a difference from the list below between quantitative and qualitative Risk Assessment?
What is a difference from the list below between quantitative and qualitative Risk Assessment?A . Quantitative risk assessments result in an exact number (in monetary terms)B . Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)C . Qualitative risk assessments map to business objectivesD ....
The FIRST step in establishing a security governance program is to?
The FIRST step in establishing a security governance program is to?A . Conduct a risk assessment.B . Obtain senior level sponsorship.C . Conduct a workshop for all end users.D . Prepare a security budget.View AnswerAnswer: B
Which of the following risk strategy options have you engaged in?
You have implemented a new security control. Which of the following risk strategy options have you engaged in?A . Risk AvoidanceB . Risk AcceptanceC . Risk TransferD . Risk MitigationView AnswerAnswer: D
Which of the following regulations is of MOST importance to be tracked and managed by this process?
A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?A . Information Technology Infrastructure Library (ITIL)B . International Organization for Standardization (ISO) standardsC . Payment Card Industry Data Security Standards (PCI-DSS)D ....
The Information Security Management program MUST protect:
The Information Security Management program MUST protect:A . all organizational assetsB . critical business processes and /or revenue streamsC . intellectual property released into the public domainD . against distributed denial of service attacksView AnswerAnswer: B
Which of the following is a critical operational component of an Incident Response Program (IRP)?
Which of the following is a critical operational component of an Incident Response Program (IRP)?A . Weekly program budget reviews to ensure the percentage of program funding remains constant.B . Annual review of program charters, policies, procedures and organizational agreements.C . Daily monitoring of vulnerability advisories relating to your organization’s...
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern forA . Confidentiality, Integrity and AvailabilityB . Assurance, Compliance and AvailabilityC . International...
Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?
Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?A . Reduction of budgetB . Decreased security awarenessC . Improper use of information resourcesD . Fines for regulatory non-complianceView AnswerAnswer: D
