Which of the following is responsible for legal and regulatory liability?

• A.Chief security officer (CSO)
• B.Chief legal counsel (CLC)
• C.Board and senior management
• D.Information security steering group

Comment: *

Name: *

Email: *

Verification: *

At what stage of the applications development process should the security department initially become involved?

• A.When requested
• B.At testing
• C.At programming
• D.At detail requirements

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY reason to conduct periodic business impact assessments?

• A.Improve the results of last business impact assessment
• B.Update recovery objectives based on new risks
• C.Decrease the recovery times
• D.Meet the needs of the business continuity policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST security threat when an organization allows remote access to a virtual private network (VPN)?

• A.Client logins are subject to replay attack
• B.Compromised VPN clients could impact the network
• C.Attackers could compromise the VPN gateway
• D.VPN traffic could be sniffed and captured

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to sustain employee interest in information security awareness in an organization?

• A.Ensuring all staff are involved
• B.Relating security awareness programs to security policies
• C.Ensuring a common security awareness program for all staff
• D.Using a variety of delivery methods

Comment: *

Name: *

Email: *

Verification: *