A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems, following should be the information security manager's PRIMARY concern?

• A.Business tolerance of downtime
• B.Adequacy of the incident response plan
• C.Availability of resources to implement controls
• D.Ability to test patches prior to deployment

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important element of an information security strategy?

• A.Defined objectives
• B.Time frames for delivery
• C.Adoption of a control framework
• D.Complete policies

Comment: *

Name: *

Email: *

Verification: *

An information security manager has observed multiple exceptions for a number of different security controls.
Which of the following should be the information security manager's FIRST course of action?

• A.Report the noncompliance to the board of directors.
• B.Inform respective risk owners of the impact of exceptions.
• C.Prioritize the risk and implement treatment options.
• D.Design mitigating controls for the exceptions.

Comment: *

Name: *

Email: *

Verification: *