Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement.
What type of risk tolerance is Acme exhibiting?

• A.high risk-tolerance
• B.low risk-tolerance
• C.moderate risk-tolerance
• D.medium-high risk-tolerance

Comment: *

Name: *

Email: *

Verification: *

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

• A.Explain to the IT group that the IPS won't cause any network impact because it will fail open
• B.Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic
• C.Work with the IT group and tell them to put IPS in-line and say it won't cause any network impact
• D.Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

Comment: *

Name: *

Email: *

Verification: *

Creating a secondary authentication process for network access would be an example of?

• A.Defense in depth cost enumerated costs
• B.Anti-virus for mobile devices
• C.System hardening and patching requirements
• D.Nonlinearities in physical security performance metrics

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a major benefit of applying risk levels?

• A.Resources are not wasted on risks that are already managed to an acceptable level
• B.Risk management governance becomes easier since most risks remain low once mitigated
• C.Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology
• D.Risk appetite can increase within the organization once the levels are understood

Comment: *

Name: *

Email: *

Verification: *

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults.
Which of the following is a default community string?

• A.Public
• B.Administrator
• C.Execute
• D.Read

Comment: *

Name: *

Email: *

Verification: *