Which of the following should be the PRIMARY outcome of an information security program'?

• A.Cost reduction
• B.Threat reduction
• C.Risk elimination
• D.Strategic alignment

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be determined while defining risk management strategies?

• A.Risk assessment criteria
• B.Organizational objectives and risk appetite
• C.IT architecture complexity
• D.Enterprise disaster recovery plans

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

• A.Chief security officer (CSO)
• B.Chief operating officer (COO)
• C.Chief privacy officer (CPO)
• D.Chief legal counsel (CLC)

Comment: *

Name: *

Email: *

Verification: *

An organization has detected potential risk emerging from noncompliance with new regulations in its industry. Which of the following is the MOST important reason to report this situation to senior management?

• A.An external review of the risk nods to be conducted
• B.A benchmark analysis needs to be performed.
• C.Specific monitoring controls need to be implemented
• D.The risk profile needs to be updated

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST security threat when an organization allows remote access through a virtual private network (VPN)?

• A.Attackers could compromise the VPN gateway.
• B.Client logins are subject to replay attack.
• C.VPN traffic could be sniffed and captured.
• D.Compromised VPN clients could impact the network.

Comment: *

Name: *

Email: *

Verification: *