An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RIP) is the:

• A.references from other organizations.
• B.past experience of the engagement team.
• C.sample deliverable.
• D.methodology used in the assessment.

Comment: *

Name: *

Email: *

Verification: *

There is reason to believe that a recently modified web application has allowed unauthorized access.
Which is the BEST way to identify an application backdoor?

• A.Black box pen test
• B.Security audit
• C.Source code review
• D.Vulnerability scan

Comment: *

Name: *

Email: *

Verification: *

Which of the following mechanisms is the MOST secure way to implement a secure wireless network?

• A.Filter media access control (MAC) addresses
• B.Use a Wi-Fi Protected Access (WPA2) protocol
• C.Use a Wired Equivalent Privacy (WEP) key
• D.Web-based authentication

Comment: *

Name: *

Email: *

Verification: *

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

• A.The application owner
• B.The security engineer
• C.The data owner
• D.The information security manager

Comment: *

Name: *

Email: *

Verification: *

What is the MOST important reason for conducting security awareness programs throughout an organization?

• A.Reducing the human risk
• B.Maintaining evidence of training records to ensure compliance
• C.Informing business units about the security strategy
• D.Training personnel in security incident response

Comment: *

Name: *

Email: *

Verification: *