Which of the following is the MAIN objective of a risk management program?

• A.Reduce corporate liability for information security incidents.
• B.Reduce risk to the maximum extent possible.
• C.Reduce risk to the level of the organization's risk appetite.
• D.Reduce costs associated with incident response.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an information security manager's BEST course of action upon learning of new cybersecurity regulatory requirements that apply to the organization?

• A.Implement the new requirements immediately.
• B.Treat the new requirements as an operational issue.
• C.Escalate the issue to senior management.
• D.Perform a gap analysis of the new requirements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

• A.An information security risk register
• B.A capability and maturity assessment
• C.An information security dashboard
• D.Detailed analysis of security program KPIs

Comment: *

Name: *

Email: *

Verification: *

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?

• A.Evaluate service level agreements (SLAs).
• B.Review cloud provider independent assessment reports.
• C.Provide cloud security requirements.
• D.Calculate security implementation costs.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST critical to the successful implementation of a biometric authentication system?

• A.Budget allocation
• B.Technical skills of staff
• C.User acceptance
• D.Password requirements

Comment: *

Name: *

Email: *

Verification: *