- All Exams Instant Download
Which of the following is considered the MOST effective tool against social engineering?
Which of the following is considered the MOST effective tool against social engineering?A . Anti-phishing toolsB . Anti-malware toolsC . Effective Security Vulnerability Management ProgramD . Effective Security awareness programView AnswerAnswer: D
Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?
Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?A . ThreatB . VulnerabilityC . Attack vectorD . ExploitationView AnswerAnswer: B
What is the definition of Risk in Information Security?
What is the definition of Risk in Information Security?A . Risk = Probability x ImpactB . Risk = Threat x ProbabilityC . Risk = Financial Impact x ProbabilityD . Risk = Impact x ThreatView AnswerAnswer: A
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD.
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example ofA . Risk ToleranceB . Qualitative risk analysisC . Risk AppetiteD . Quantitative risk analysisView AnswerAnswer: D
Credit card information, medical data, and government records are all examples of:
Credit card information, medical data, and government records are all examples of:A . Confidential/Protected InformationB . Bodily InformationC . Territorial InformationD . Communications InformationView AnswerAnswer: A
From an information security perspective, information that no longer supports the main purpose of the business should be:
From an information security perspective, information that no longer supports the main purpose of the business should be:A . assessed by a business impact analysis.B . protected under the information classification policy.C . analyzed under the data ownership policy.D . analyzed under the retention policyView AnswerAnswer: D
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?A . Susceptibility to attack, mitigation response time, and costB . Attack vectors, controls cost, and investigation staffing needsC . Vulnerability exploitation, attack recovery, and...
In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?
In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?A . High risk environments 6 months, low risk environments 12 monthsB . Every 12 monthsC . Every 18 monthsD . Every six monthsView AnswerAnswer: B
What immediate action should the information security manager take?
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?A . Enforce the existing security standards and do not allow the deployment of the new technology.B...
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?A . AwarenessB . ComplianceC . GovernanceD . ManagementView AnswerAnswer: C
