- All Exams Instant Download
Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?
Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?A . Vulnerability assessment resultsB . Application security policyC . A business caseD . Internal audit reportsView AnswerAnswer: C
An information security manager is reviewing the impact of a regulation on the organization’s human resources system.
An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:A . perform a gap analysis of compliance requirementsB . assess the penalties for noncompliance.C . review the organization s most recent audit reportD . determine...
A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that
A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is thatA . any alteration of the bid will invalidate the signature.B . the signature can be authenticated even if no encryption is used,C . the bid cannot be forged even if the...
What is the information security manager's BEST course of action?
Senior management learns of several web application security incidents and wants to know the exposure risk to the organization. What is the information security manager's BEST course of action?A . Perform a vulnerability assessment.B . Review audit logs from IT systems.C . Activate the incident response planD . Assess IT...
A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:
A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:A . remain unchanged to avoid variations across the organizationB . be updated to address emerging threats and vulnerabilities.C . be changed for different subsets of the systems to minimize impact,D...
Which of the following functions should remain internal?
Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?A . Data encryptionB . Data ownershipC . Data custodianD . Data monitoringView AnswerAnswer: B
What should the information security manager do NEXT?
A threat intelligence report indicates there has been a significant rise in the number of attacks targeting the industry. What should the information security manager do NEXT?A . Discuss the risk with senior management.B . Conduct penetration testing to identity vulnerabilities.C . Allocate additional resources to monitor perimeter security systems,D...
An information security manager s PRIMARY objective for presenting key risks to the board of directors is to:
An information security manager s PRIMARY objective for presenting key risks to the board of directors is to:A . re-evaluate the risk appetiteB . quantify reputational risksC . meet information security compliance requirements.D . ensure appropriate information security governance.View AnswerAnswer: A
Which of the following is the PRIMARY reason social media has become a popular target for attack?
Which of the following is the PRIMARY reason social media has become a popular target for attack?A . The reduced effectiveness of access controlsB . The accessibility of social media from multiple locationsC . The prevalence of strong perimeter protectionD . The element of trust created by social mediaView AnswerAnswer:...
Which of the following would provide nonrepudiation of electronic transactions?
Which of the following would provide nonrepudiation of electronic transactions?A . Two-factor authenticationB . Periodic reaccredinationsC . Third-party certificatesD . Receipt acknowledgmentView AnswerAnswer: D
