Which of the following is a step in establishing a security policy?

• A.Developing platform-level security baselines
• B.Creating a RACI matrix
• C.Implementing a process for developing and maintaining the policy
• D.Developing configuration parameters for the network

Comment: *

Name: *

Email: *

Verification: *

When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?

• A.IP spoofing
• B.Man-in-the-middle attack
• C.Repudiation
• D.Trojan

Comment: *

Name: *

Email: *

Verification: *

A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GRF.ATEST weakness in recovery capability?

• A.Exclusive use of the hot site is limited to six weeks
• B.The hot site may have to be shared with other customers
• C.The time of declaration determines site access priority
• D.The provider services all major companies in the area

Comment: *

Name: *

Email: *

Verification: *

In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:

• A.develop an operational plan for achieving compliance with the legislation.
• B.identify systems and processes that contain privacy components.
• C.restrict the collection of personal information until compliant.
• D.identify privacy legislation in other countries that may contain similar requirements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to include when reporting information security risk to executive leadership?

• A.Risk analysis results and key risk indicators (KRIs)
• B.Information security risk management plans and control compliance
• C.Key performance objectives and budget trends
• D.Security awareness training participation and residual risk exposures

Comment: *

Name: *

Email: *

Verification: *