Which of the following information would MOST likely be reported at the board-level within an organization?

• A.The capabilities of a security program in terms of staffing support
• B.System scanning trends and results as they pertain to insider and external threat sources
• C.The numbers and types of cyberattacks experienced by the organization since the last assembly of the membership
• D.Significant risks and security incidents that have been discovered since the last assembly of the membership

Comment: *

Name: *

Email: *

Verification: *

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

• A.It provides for a consistent and repeatable staffing model for technology organizations
• B.Information Security (IS) procedures often require augmentation with other standards
• C.Implementation of it eases an organization's auditing and compliance burden
• D.It allows executives to more effectively monitor IT implementation costs

Comment: *

Name: *

Email: *

Verification: *

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud.
Which of the following is the MOST likely reason for this fraud?

• A.Lack of compliance to the Payment Card Industry (PCI) standards
• B.Ineffective security awareness program
• C.Lack of technical controls when dealing with credit card data
• D.Security practices not in alignment with ISO 27000 frameworks

Comment: *

Name: *

Email: *

Verification: *

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

• A.Force a change of all passwords
• B.Enable monitoring on the VPN for suspicious activity
• C.Block access to the Employee-Self Service application via VPN
• D.Turn off VPN access for users originating from outside the country

Comment: *

Name: *

Email: *

Verification: *

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement.
What type of risk tolerance is Acme exhibiting?

• A.medium-high risk-tolerance
• B.moderate risk-tolerance
• C.high risk-tolerance
• D.low risk-tolerance

Comment: *

Name: *

Email: *

Verification: *