- All Exams Instant Download
Which of the following is a critical part of ensuring the program is successful?
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?A . Ensuring developers include risk control comments in codeB . Creating risk assessment templates based on specific threatsC . Providing a risk program governance structureD . Allowing for...
Which of the following international standards can be BEST used to define a Risk Management process in an organization?
Which of the following international standards can be BEST used to define a Risk Management process in an organization?A . International Organization for Standardizations C 27005 (ISO-27005)B . National Institute for Standards and Technology 800-50 (NIST 800-50)C . Payment Card Industry Data Security Standards (PCI-DSS)D . International Organization for Standardizations...
The FIRST step in establishing a security governance program is to?
The FIRST step in establishing a security governance program is to?A . Obtain senior level sponsorshipB . Conduct a workshop for all end users.C . Conduct a risk assessment.D . Prepare a security budget.View AnswerAnswer: A
The Information Security Management program MUST protect:
The Information Security Management program MUST protect:A . Against distributed denial of service attacksB . Intellectual property released into the public domainC . all organizational assetsD . critical business processes and/or revenue streamsView AnswerAnswer: D
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?A . When there is a variety of technologies deployed in the infrastructure.B . When it results in an overall lower cost of operating the security program.C . When there is...
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
When briefing senior management on the creation of a governance process, the MOST important aspect should be:A . knowledge required to analyze each issueB . information security metricsC . linkage to business area objectivesD . baseline against which metrics are evaluatedView AnswerAnswer: C
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?A . The organization uses exclusively a qualitative process to measure riskB . The organization’s risk tolerance is lowC . The organization uses exclusively a quantitative process to measure riskD . The organization’s...
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?A . ISO 27001B . ISO 27004C . PRINCE2D . ITILv3View AnswerAnswer: B
The establishment of a formal risk management framework and system authorization program is essential.
The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:A . Getting authority to operate the system from executive managementB . Contacting the Internet Service Provider for an IP scopeC . Changing the default passwordsD . Conducting...
One of the MAIN goals of a Business Continuity Plan is to_______________.
One of the MAIN goals of a Business Continuity Plan is to_______________.A . Ensure all infrastructure and applications are available in the event of a disasterB . Assign responsibilities to the technical teams responsible for the recovery of all dataC . Provide step by step plans to recover business processes...
