Which of the following is MOST important to consider when defining control objectives?

• A.The current level of residual risk
• B.The organization's risk appetite
• C.The organization's strategic objectives
• D.Control recommendations from a recent audit

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the MOST effective to mitigate the risk of data loss in the event of a stolen laptop?

• A.Utilizing a strong password
• B.Providing end-user awareness training focused on travelling with laptops
• C.Deploying end-point data loss prevention software on the laptop
• D.Encrypting the hard drive

Comment: *

Name: *

Email: *

Verification: *

An organization has determined that one of its web servers has been compromised. Which of the following actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?

• A.Restrict physical and logical access to the server.
• B.Run analysis tools to detect the source of the intrusion.
• C.Reboot the server in a secure area to search for digital evidence.
• D.Unplug the server from the power.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?

• A.Never use open source tools
• B.Focus only on production servers
• C.Follow a linear process for attacks
• D.Do not interrupt production processes

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST effective in preventing malware from being launched through an email attachment?

• A.Security awareness training
• B.Up-to-date security policies
• C.Placing the e-mail server on a screened subnet
• D.A network intrusion detection system (NlDS)

Comment: *

Name: *

Email: *

Verification: *