- All Exams Instant Download
Which of the following is MOST likely to be discretionary?
Which of the following is MOST likely to be discretionary?A . PoliciesB . ProceduresC . GuidelinesD . StandardsView AnswerAnswer: C
One of the MAIN goals of a Business Continuity Plan is to
One of the MAIN goals of a Business Continuity Plan is toA . Ensure all infrastructure and applications are available in the event of a disasterB . Allow all technical first-responders to understand their roles in the event of a disasterC . Provide step by step plans to recover business...
To have accurate and effective information security policies how often should the CISO review the organization policies?
Topic 2, IS Management Controls and Auditing Management To have accurate and effective information security policies how often should the CISO review the organization policies?A . Every 6 monthsB . QuarterlyC . Before an auditD . At least once a yearView AnswerAnswer: D
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?A . Security officerB . Data ownerC . Vulnerability engineerD . System administratorView AnswerAnswer: D
What is the BEST way to achieve on-going compliance monitoring in an organization?
What is the BEST way to achieve on-going compliance monitoring in an organization?A . Only check compliance right before the auditors are scheduled to arrive onsite.B . Outsource compliance to a 3rd party vendor and let them manage the program.C . Have Compliance and Information Security partner to correct issues...
Which of the following are the MOST important factors for proactively determining system vulnerabilities?
Which of the following are the MOST important factors for proactively determining system vulnerabilities?A . Subscribe to vendor mailing list to get notification of system vulnerabilitiesB . Deploy Intrusion Detection System (IDS) and install anti-virus on systemsC . Configure firewall, perimeter router and Intrusion Prevention System (IPS)D . Conduct security...
Who must be informed of this incident?
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?A . Internal auditB . The data ownerC . All executive staffD . Government...
Which of the following is the MOST likely reason for the policy shortcomings?
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely...
Which of the following international standards can be BEST used to define a Risk Management process in an organization?
Which of the following international standards can be BEST used to define a Risk Management process in an organization?A . National Institute for Standards and Technology 800-50 (NIST 800-50)B . International Organization for Standardizations C 27005 (ISO-27005)C . Payment Card Industry Data Security Standards (PCI-DSS)D . International Organization for Standardizations...
Which of the following has the GREATEST impact on the implementation of an information security governance model?
Which of the following has the GREATEST impact on the implementation of an information security governance model?A . Organizational budgetB . Distance between physical locationsC . Number of employeesD . Complexity of organizational structureView AnswerAnswer: D
