Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

• A.Application logs
• B.SNMP traps
• C.File integrity monitoring
• D.Syslog

Comment: *

Name: *

Email: *

Verification: *

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

• A.Mitigate risk
• B.Determine appetite
• C.Perform a risk assessment
• D.Evaluate risk avoidance criteria

Comment: *

Name: *

Email: *

Verification: *

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
What is the MOST logical course of action the CISO should take?

• A.Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed
• B.Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor
• C.Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
• D.Review the original solution set to determine if another system would fit the organization's risk appetite and budget regulatory compliance requirements

Comment: *

Name: *

Email: *

Verification: *

With respect to the audit management process, management response serves what function?

• A.determining whether or not resources will be allocated to remediate a finding
• B.adding controls to ensure that proper oversight is achieved by management
• C.revealing the "root cause" of the process failure and mitigating for all internal and external units
• D.placing underperforming units on notice for failing to meet standards

Comment: *

Name: *

Email: *

Verification: *

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

• A.Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data
• B.Create separate controls for the business based on the types of business and functions they perform
• C.Provide the business units with control mandates and schedules of audits for compliance validation
• D.Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

Comment: *

Name: *

Email: *

Verification: *