- All Exams Instant Download
Which of the following provides the BEST input to maintain an effective asset classification program?
Which of the following provides the BEST input to maintain an effective asset classification program?A . Business impact analysis (BIA)B . Annual toss expectancyC . Vulnerability assessmentD . Risk heat mapView AnswerAnswer: A
Which of the following is the BEST way to address this situation?
An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?A . Revise the information security strategy to meet executive management's expectations.B . Escalate noncompliance concerns to the internal audit managerC . Report the...
To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:
To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:A . criteria consistent with classification levelsB . efficient technical processing considerations,C . overall IT capacity and operational constraints,D . established guidelinesView AnswerAnswer: A
Which of the following is an information security manager’s BEST course of action when informed of decision to reduce funding for the information security program?
Which of the following is an information security manager’s BEST course of action when informed of decision to reduce funding for the information security program?A . Remove overlapping security controlsB . Prioritize security projects based on risk.C . Design key risk indicators (KRIs)D . Create a business case appeal decision.View...
Which of the following is MOST likely to result from a properly conducted post-incident review?
Which of the following is MOST likely to result from a properly conducted post-incident review?A . Breach information is provided to the organization's key stakeholders and us«rs.B . The cause of the incident is discovered and remediated.C . Forensic evidence is reviewed and provided to law enforcementD . The incident...
Which of the following would provide the MOST useful input when creating an information security program?
Which of the following would provide the MOST useful input when creating an information security program?A . Business caseB . Information security budgetC . Key risk indicators (KRls)D . Information security strategyView AnswerAnswer: D
Which of the following control type is the FIRST consideration for aligning employee behavior with an organization’s information security objectives?
Which of the following control type is the FIRST consideration for aligning employee behavior with an organization’s information security objectives?A . Physical security controlB . Directive securityC . Technical security controlsD . Logical access controlView AnswerAnswer: D
Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?
Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?A . Before-and-after heat mapsB . Analysis of recent incidentC . Detailed risk analysis of the treatmentsD . individual risk assessmentsView AnswerAnswer: A
Which of the following MOST effectively prevents internal users from modifying sensitive data?
Which of the following MOST effectively prevents internal users from modifying sensitive data?A . Network segmentationB . Role-based access controlsC . Multi-factor authentication -D . Acceptable use policiesView AnswerAnswer: B
Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?
Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?A . Disaster recovery planB . Identity and access managementC . Vendor’s information security policyD . A risk assessmentView AnswerAnswer: D
