Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

• A.Well-documented security policies and procedures
• B.Supportive tone at the top regarding security
• C.Automation of security controls
• D.Regular reporting to senior management

Comment: *

Name: *

Email: *

Verification: *

An organization's information security strategy should be based on:

• A.managing risk relative to business objectives.
• B.managing risk to a zero level and minimizing insurance premiums.
• C.avoiding occurrence of risks so that insurance is not required.
• D.transferring most risks to insurers and saving on control costs.

Comment: *

Name: *

Email: *

Verification: *

What is the BEST defense against a Structured Query Language (SQL) injection attack?

• A.Regularly updated signature files
• B.A properly configured firewall
• C.An intrusion detection system
• D.Strict controls on input fields

Comment: *

Name: *

Email: *

Verification: *

Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?

• A.Update details within the risk register
• B.Assess the impact of the regulation.
• C.Reassess the organization's risk tolerance.
• D.Report the decision to the compliance officer.

Comment: *

Name: *

Email: *

Verification: *

To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

• A.is represented on the configuration control board.
• B.performance metrics have been met.
• C.roles and responsibilities have been defined.
• D.is a prerequisite for completion of major phases.

Comment: *

Name: *

Email: *

Verification: *