Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?

• A.The number of false positives increases
• B.The number of false negatives increases
• C.Active probing is missed
• D.Attack profiles are ignored

Comment: *

Name: *

Email: *

Verification: *

The MOST useful way to describe the objectives in the information security strategy is through:

• A.attributes and characteristics of the 'desired state."
• B.overall control objectives of the security program.
• C.mapping the IT systems to key business processes.
• D.calculation of annual loss expectations.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way to identify changes in an information security environment?

• A.Annual risk assessments
• B.Security baselining
• C.Continuous monitoring
• D.Business impact analysts

Comment: *

Name: *

Email: *

Verification: *

What should be the PRIMARY basis for defining the appropriate level of access control to information assets?

• A.Business needs
• B.Management requests
• C.Audit findings
• D.Compensating controls

Comment: *

Name: *

Email: *

Verification: *

The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:

• A.service level monitoring.
• B.penetration testing.
• C.periodically auditing.
• D.security awareness training.

Comment: *

Name: *

Email: *

Verification: *