- All Exams Instant Download
The exposure factor of a threat to your organization is defined by?
The exposure factor of a threat to your organization is defined by?A . Annual loss expectancy minus current cost of controlsB . Percentage of loss experienced due to a realized threat eventC . Asset value times exposure factorD . Annual rate of occurrenceView AnswerAnswer: B
Which of the following are the MOST important factors for proactively determining system vulnerabilities?
Which of the following are the MOST important factors for proactively determining system vulnerabilities?A . Subscribe to vendor mailing list to get notification of system vulnerabilitiesB . Configure firewall, perimeter router and Intrusion Prevention System (IPS)C . Conduct security testing, vulnerability scanning, and penetration testingD . Deploy Intrusion Detection System...
What role should the CISO play in properly scoping a PCI environment?
What role should the CISO play in properly scoping a PCI environment?A . Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scopeB . Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environmentC . Validate the business units’ suggestions...
Which of the following is the MOST important benefit of an effective security governance process?
Which of the following is the MOST important benefit of an effective security governance process?A . Senior management participation in the incident response processB . Better vendor managementC . Reduction of security breachesD . Reduction of liability and overall risk to the organizationView AnswerAnswer: D
Which of the following risk strategy options have you engaged in?
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?A . Risk MitigationB . Risk AcceptanceC . Risk AvoidanceD . Risk TransferView AnswerAnswer: D
Quantitative Risk Assessments have the following advantages over qualitative risk assessments:
Quantitative Risk Assessments have the following advantages over qualitative risk assessments:A . They are subjective and can be completed more quicklyB . They are objective and express risk / cost in approximatesC . They are subjective and can express risk / cost real numbersD . They are objective and can...
Dataflow diagrams are used by IT auditors to:
Dataflow diagrams are used by IT auditors to:A . Graphically summarize data paths and storage processes.B . Order data hierarchicallyC . Highlight high-level data definitionsD . Portray step-by-step details of data generation.View AnswerAnswer: A
Which of the following most commonly falls within the scope of an information security governance steering committee?
Which of the following most commonly falls within the scope of an information security governance steering committee?A . Vetting information security policiesB . Approving access to critical financial systemsC . Interviewing candidates for information security specialist positionsD . Developing content for security awareness programsView AnswerAnswer: A
When dealing with a risk management process, asset classification is important because it will impact the overall:
When dealing with a risk management process, asset classification is important because it will impact the overall:A . Threat identificationB . Risk treatmentC . Risk monitoringD . Risk toleranceView AnswerAnswer: B
When choosing a risk mitigation method what is the MOST important factor?
When choosing a risk mitigation method what is the MOST important factor?A . Approval from the board of directorsB . Metrics of mitigation method successC . Cost of the mitigation is less than a riskD . Mitigation method complies with PCI regulationsView AnswerAnswer: C
