Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses "Number of successful phishing attacks" as a KRI, but it does not show an increase.
Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?

• A.The ratio of phishing emails to non-phishing emails
• B.The number of phishing attacks per employee
• C.The number of unsuccessful phishing attacks
• D.The percent of successful phishing attacks

Comment: *

Name: *

Email: *

Verification: *

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and require two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital's system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

• A.Privacy could be compromised as patient records can be viewed in uncontrolled areas.
• B.Device encryption has not been enabled and will result in a greater likelihood of data loss.
• C.The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
• D.Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
• E.Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.

Comment: *

Name: *

Email: *

Verification: *

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

• A.Physical penetration test of the datacenter to ensure there are appropriate controls.
• B.Penetration testing of the solution to ensure that the customer data is well protected.
• C.Security clauses are implemented into the contract such as the right to audit.
• D.Review of the organizations security policies, procedures and relevant hosting certifications.
• E.Code review of the solution to ensure that there are no back doors located in the software.

Comment: *

Name: *

Email: *

Verification: *

During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?

• A.Implementation guide
• B.Software development lifecycle
• C.Code repositories
• D.Roles matrix
• E.Security requirements traceability matrix

Comment: *

Name: *

Email: *

Verification: *

A company is concerned about disgruntled employees transferring its intellectual property data through covert channels. Which of the following tools would allow employees to write data into ICMP echo response packets?

• A.Burp Suite
• B.Jack the Ripper
• C.Thor
• D.Loki

Comment: *

Name: *

Email: *

Verification: *