Which of the following would BEST ensure the success of information security governance within an organization?

• A.Steering committees approve security projects
• B.Security policy training provided to all managers
• C.Security training available to all employees on the intranet
• D.Steering committees enforce compliance with laws and regulations

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the MOST important criteria when defining data retention policies?

• A.Capacity requirements
• B.Audit findings
• C.Regulatory requirements
• D.Industry best practices

Comment: *

Name: *

Email: *

Verification: *

An organization's information security strategy should be based on:

• A.managing risk relative to business objectives.
• B.managing risk to a zero level and minimizing insurance premiums.
• C.avoiding occurrence of risks so that insurance is not required.
• D.transferring most risks to insurers and saving on control costs.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY disadvantage of using a cold-site recovery facility is that it is:

• A.unavailable for testing during normal business hours.
• B.only available if not being used by the primary tenant.
• C.not possible to reserve test dates in advance.
• D.not cost-effective for testing critical applications at the site.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?

• A.Utilize an intrusion detection system.
• B.Establish minimum security baselines.
• C.Implement vendor recommended settings.
• D.Perform periodic penetration testing.

Comment: *

Name: *

Email: *

Verification: *