For which of the following is it MOST important that system administrators be restricted to read-only access?

• A.Administrator user profiles
• B.System logging options
• C.Administrator log files
• D.User access log files

Comment: *

Name: *

Email: *

Verification: *

Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following is the manager s BEST course of action?

• A.Re-evaluate the risk treatment plan for the outstanding risk.
• B.Add the outstanding risk to the acquiring organization's risk registry
• C.Re-assess the outstanding risk of the acquired company.
• D.Perform a vulnerability assessment of the acquired company s infrastructure.

Comment: *

Name: *

Email: *

Verification: *

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

• A.define the circumstances where cryptography should be used.
• B.define cryptographic algorithms and key lengths.
• C.describe handling procedures of cryptographic keys.
• D.establish the use of cryptographic solutions.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?

• A.Never use open source tools
• B.Focus only on production servers
• C.Follow a linear process for attacks
• D.Do not interrupt production processes

Comment: *

Name: *

Email: *

Verification: *

When performing a qualitative risk analysis, which of the following will BEST produce reliable results?

• A.Estimated productivity losses
• B.Possible scenarios with threats and impacts
• C.Value of information assets
• D.Vulnerability assessment

Comment: *

Name: *

Email: *

Verification: *