An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

• A.Time zone differences
• B.Compliance to local hiring laws
• C.Encryption import/export regulations
• D.Local customer privacy laws

Comment: *

Name: *

Email: *

Verification: *

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

• A.Total loss expectancy multiplied by the total loss frequency
• B.Single loss expectancy multiplied by the annual rate of occurrence
• C.Value of the asset multiplied by the loss expectancy
• D.Replacement cost multiplied by the single loss expectancy

Comment: *

Name: *

Email: *

Verification: *

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

• A.Multi-factor authentication employing hard tokens
• B.Professional user education on phishing conducted by a reputable vendor
• C.Forcing password changes every 90 days
• D.Decreasing the number of employees with administrator privileges

Comment: *

Name: *

Email: *

Verification: *

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

• A.Fully trained network forensic experts to analyze all data right after the attack
• B.Expert forensics witness
• C.Comprehensive Log-Files from all servers and network devices affected during the attack
• D.Uninterrupted Chain of Custody

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a major benefit of applying risk levels?

• A.Risk appetite can increase within the organization once the levels are understood
• B.Risk management governance becomes easier since most risks remain low once mitigated
• C.Resources are not wasted on risks that are already managed to an acceptable level
• D.Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

Comment: *

Name: *

Email: *

Verification: *