An organization is considering a self-service solution for the deployment of virtualized development servers. Which of the following should be information security manager's PRIMARY concern?

• A.Ability to maintain server security baseline
• B.Segregation of servers from the production environment
• C.Generation of excessive security event logs
• D.Ability to remain current with patches

Comment: *

Name: *

Email: *

Verification: *

The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is:

• A.messages displayed at every logon.
• B.periodic security-related e-mail messages.
• C.an Intranet web site for information security.
• D.circulating the information security policy.

Comment: *

Name: *

Email: *

Verification: *

What should an information security team do FIRST when notified by the help desk that an employee's computer has been infected with malware?

• A.Take a forensic copy of the hard drive.
• B.Restore the files from a secure backup.
• C.Isolate the computer from the network.
• D.Use anti-malware software to clean the infected computer.

Comment: *

Name: *

Email: *

Verification: *

Acceptable risk is achieved when:

• A.residual risk is minimized.
• B.transferred risk is minimized.
• C.control risk is minimized.
• D.inherent risk is minimized.

Comment: *

Name: *

Email: *

Verification: *

An organization engages 4 third-party vendor to monitor and support a financial application under scrutiny by regulators. Maintaining strict data integrity and confidentiality for this application is critical to the business. Which of the following controls would MOST effectively manage risk to the organization?

• A.Implementing segregation of duties between systems and data
• B.Disabling vendor access and only re-enabling when access is needed
• C.Implementing periodic access reviews of vendor employees
• D.Activating access and data logging

Comment: *

Name: *

Email: *

Verification: *