The ability to demand the implementation and management of security controls on third parties providing services to an organization is

• A.Disaster recovery
• B.Vendor management
• C.Compliance management
• D.Security Governance

Comment: *

Name: *

Email: *

Verification: *

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

• A.Take the system off line until the budget is available
• B.Transfer financial resources from other critical programs
• C.Schedule an emergency meeting and request the funding to fix the issue
• D.Deploy countermeasures and compensating controls until the budget is available

Comment: *

Name: *

Email: *

Verification: *

An example of professional unethical behavior is:

• A.Storing client lists and other sensitive corporate internal documents on a removable thumb drive
• B.Gaining access to an affiliated employee's work email account as part of an officially sanctioned internal investigation
• C.Copying documents from an employer's server which you assert that you have an intellectual property claim to possess, but the company disputes
• D.Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

Comment: *

Name: *

Email: *

Verification: *

Regulatory requirements typically force organizations to implement ____________.

• A.Discretionary controls
• B.Financial controls
• C.Optional controls
• D.Mandatory controls

Comment: *

Name: *

Email: *

Verification: *

What type of attack requires the least amount of technical equipment and has the highest success rate?

• A.Operating system attacks
• B.Shrink wrap attacks
• C.War driving
• D.Social engineering

Comment: *

Name: *

Email: *

Verification: *