Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

• A.SNMP traps
• B.Syslog
• C.File integrity monitoring
• D.Application logs

Comment: *

Name: *

Email: *

Verification: *

Your incident response plan should include which of the following?

• A.Procedures for classification
• B.Procedures for litigation
• C.Procedures for charge-back
• D.Procedures for reclamation

Comment: *

Name: *

Email: *

Verification: *

Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has implemented remediation activities.
Which of the following is the MOST logical next step?

• A.Validate the effectiveness of applied controls
• B.Report the audit findings and remediation status to business stake holders
• C.Validate security program resource requirements
• D.Review security procedures to determine if they need modified according to findings

Comment: *

Name: *

Email: *

Verification: *

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization.
Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

• A.Download open source security tools and deploy them on your production network
• B.Download security tools from a trusted source and deploy to production network
• C.Download trial versions of commercially available security tools and deploy on your production network
• D.Download open source security tools from a trusted site, test, and then deploy on production network

Comment: *

Name: *

Email: *

Verification: *

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

• A.To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization
• B.To provide a common basis for developing organizational security standards
• C.To provide effective security management practice and to provide confidence in inter-organizational dealings
• D.To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

Comment: *

Name: *

Email: *

Verification: *