As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?

• A.Dual Control
• B.Least Privilege
• C.Separation of Duties
• D.Split Knowledge

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important component of any change management process?

• A.Back-out procedures
• B.Management approval
• C.Scheduling
• D.Outage planning

Comment: *

Name: *

Email: *

Verification: *

The regular review of a firewall ruleset is considered a _______________________.

• A.Management control
• B.Organization control
• C.Procedural control
• D.Technical control

Comment: *

Name: *

Email: *

Verification: *

A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

• A.Dynamic deception
• B.Integrated security controls
• C.Moderate investment
• D.Passive monitoring

Comment: *

Name: *

Email: *

Verification: *

As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with third parties outside the organization. What protocol provides the ability to extend the network perimeter with the use of encapsulation and encryption?

• A.File Transfer Protocol (FTP)
• B.Virtual Private Network (VPN)
• C.Simple Mail Transfer Protocol
• D.Virtual Local Area Network (VLAN)

Comment: *

Name: *

Email: *

Verification: *