A risk management program would be expected to:

• A.remove all inherent risk.
• B.maintain residual risk at an acceptable level.
• C.implement preventive controls for every threat.
• D.reduce control risk to zero.

Comment: *

Name: *

Email: *

Verification: *

What is the BEST method for mitigating against network denial of service (DoS) attacks?

• A.Ensure all servers are up-to-date on OS patches
• B.Employ packet filtering to drop suspect packets
• C.Implement network address translation to make internal addresses nonroutable
• D.Implement load balancing for Internet facing devices

Comment: *

Name: *

Email: *

Verification: *

What is the BEST way to ensure users comply with organizational security requirements for password complexity?

• A.Include password construction requirements in the security standards
• B.Require each user to acknowledge the password requirements
• C.Implement strict penalties for user noncompliance
• D.Enable system-enforced password configuration

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to facilitate the alignment between an organization's information security program and business objectives?

• A.Information security is considered at the feasibility stage of all IT projects.
• B.The information security governance committee includes representation from key business areas.
• C.The chief executive officer reviews and approves the information security program.
• D.The information security program is audited by the internal audit department.

Comment: *

Name: *

Email: *

Verification: *

An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:

• A.references from other organizations.
• B.past experience of the engagement team.
• C.sample deliverable.
• D.methodology used in the assessment.

Comment: *

Name: *

Email: *

Verification: *