An organization is the victim of a targeted attack, and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?

• A.Web-application firewall (WAF)
• B.Network access control (NAC)
• C.Data leakage prevention (OLP)
• D.Security information event management (SIEM)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach to make strategic information security decisions?

• A.Establish an information security steering committee.
• B.Establish periodic senior management meetings.
• C.Establish regular information security status reporting.
• D.Establish business unit security working groups.

Comment: *

Name: *

Email: *

Verification: *

An information security manager uses security metrics to measure the:

• A.performance of the information security program.
• B.performance of the security baseline.
• C.effectiveness of the security risk analysis.
• D.effectiveness of the incident response team.

Comment: *

Name: *

Email: *

Verification: *

Risk assessment is MOST effective when performed:

• A.at the beginning of security program development.
• B.on a continuous basis.
• C.while developing the business case for the security program.
• D.during the business change process.

Comment: *

Name: *

Email: *

Verification: *

Which of the following environments represents the GREATEST risk to organizational security?

• A.Locally managed file server
• B.Enterprise data warehouse
• C.Load-balanced, web server cluster
• D.Centrally managed data switch

Comment: *

Name: *

Email: *

Verification: *