Which of the following can the company implement in order to avoid this type of security issue in the future?

• A.A security training program for developers
• B.A risk management process
• C.A audit management process
• D.Network based intrusion detection systems

Comment: *

Name: *

Email: *

Verification: *

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?

• A.Verify technical resources
• B.Verify capacity constraints
• C.Verify the scope of the project
• D.Verify the regulatory requirements

Comment: *

Name: *

Email: *

Verification: *

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

• A.Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses
• B.Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
• C.Vendor uses their own laptop and logins using two factor authentication with their own unique credentials
• D.Vendors uses their own laptop and logins with same admin credentials your security team uses

Comment: *

Name: *

Email: *

Verification: *

A Chief Information Security Officer received a list of high, medium, and low impact audit findings.
Which of the following represents the BEST course of action?

• A.If the findings do not impact regulatory compliance, review current security controls.
• B.If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
• C.if the findings impact regulatory compliance, remediate the high findings as quickly as possible.
• D.If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

Comment: *

Name: *

Email: *

Verification: *

XYZ is a publicly-traded software development company.
Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

• A.Chief Financial Officer (CFO)
• B.Chief Executive Officer (CEO)
• C.CISO
• D.Chief Software Architect (CIO)

Comment: *

Name: *

Email: *

Verification: *