What combination of business functions should be combined into one security zone?
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security. What combination of business functions should be combined into one security zone?A . Boardroom and...
What needs to be decided prior to considering the treatment of risks?
What needs to be decided prior to considering the treatment of risks?A . Criteria for determining whether or not the risk can be acceptedB . How to apply appropriate controls to reduce the risksC . Mitigation plansD . The development of own guidelinesView AnswerAnswer: A
What is the primary objective of the risk assessment?
The security manager of a global company has decided that a risk assessment needs to be completed across the company. What is the primary objective of the risk assessment?A . Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructureB . Identify, quantify and prioritize risks...
What is the most important classification aspect of the unit price of an object in a 24h webshop?
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification. What is the most important classification aspect...
What should be an important control in the contract?
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud. What should be an important control in the contract?A . The network communication channel...
Which is the main risk of PKI?
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential. Which is the main risk of PKI?A . The Certificate Authority (CA) is hacked.B . The certificate...
Which measure can be part of this protocol?
A protocol to investigate fraud by employees is being designed. Which measure can be part of this protocol?A . Seize and investigate the private laptop of the employeeB . Investigate the contents of the workstation of the employeeC . Investigate the private mailbox of the employeeD . Put a phone...
Who should be asked to check compliance with the information security policy throughout the company?
Who should be asked to check compliance with the information security policy throughout the company?A . Internal audit departmentB . External forensics investigatorsC . The same company that checks the yearly financial statementView AnswerAnswer: B