The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?
- A . Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure
- B . Identify, quantify and prioritize risks against criteria for risk acceptance
- C . Identify, quantify and prioritize the scope of this risk assessment
- D . Identify, quantify and prioritize which controls are going to be used to mitigate risk
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?
- A . The network communication channel is secured by using encryption.
- B . The third party is certified against ISO/IEC 27001.
- C . The third party is certified for adhering to privacy protection controls.
- D . Your IT auditor has the right to audit the external party’s service management processes.
What needs to be decided prior to considering the treatment of risks?
- A . Criteria for determining whether or not the risk can be accepted
- B . How to apply appropriate controls to reduce the risks
- C . Mitigation plans
- D . The development of own guidelines
Who should be asked to check compliance with the information security policy throughout the company?
- A . Internal audit department
- B . External forensics investigators
- C . The same company that checks the yearly financial statement
A company’s webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
- A . Confidentiality
- B . Integrity
- C . Availability
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?
- A . The Certificate Authority (CA) is hacked.
- B . The certificate is invalid because it is on a Certificate Revocation List.
- C . The users lose their public keys.
- D . The HR department wants to be a Registration Authority (RA).
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
- A . Seize and investigate the private laptop of the employee
- B . Investigate the contents of the workstation of the employee
- C . Investigate the private mailbox of the employee
- D . Put a phone tap on the employee’s business phone
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
- A . Boardroom and general office space
- B . Computer room and storage facility
- C . Lobby and public restaurant
- D . Meeting rooms and Human Resource rooms