Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers."
Which group of people should be consulted when developing your security program?

• A.All of the above
• B.Executive Management
• C.Peers
• D.End Users

Comment: *

Name: *

Email: *

Verification: *

The primary purpose of a risk register is to:

• A.Develop plans for mitigating identified risks
• B.Coordinate the timing of scheduled risk assessments
• C.Maintain a log of discovered risks
• D.Track individual risk assessments

Comment: *

Name: *

Email: *

Verification: *

Your penetration testing team installs an in-line hardware key logger onto one of your network machines.
Which of the following is of major concern to the security organization?

• A.In-line hardware keyloggers are relatively inexpensive
• B.In-line hardware keyloggers don't comply to industry regulations
• C.In-line hardware keyloggers don't require physical access
• D.In-line hardware keyloggers are undetectable by software

Comment: *

Name: *

Email: *

Verification: *

A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.
This activity BEST demonstrates what part of a security program?

• A.Audit validation
• B.Compliance management
• C.Security awareness training
• D.Physical control testing

Comment: *

Name: *

Email: *

Verification: *

As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?

• A.Dual Control
• B.Separation of Duties
• C.Split Knowledge
• D.Least Privilege

Comment: *

Name: *

Email: *

Verification: *