Which of the following should be the FIRST step in developing an information security strategy?

• A.Perform a gap analysis based on the current state
• B.Create a roadmap to identify security baselines and controls.
• C.Identify key stakeholders to champion information security.
• D.Determine acceptable levels of information security risk.

Comment: *

Name: *

Email: *

Verification: *

Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?

• A.Reboot the border router connected to the firewall
• B.Check IDS logs and monitor for any active attacks
• C.Update IDS software to the latest available version
• D.Enable server trace logging on the DMZ segment

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY role of the information security manager in application development?
To ensure:

• A.control procedures address business risk.
• B.security is integrated into the system development life cycle (SDLC).
• C.compliance with industry best practice.
• D.enterprise security controls are implemented.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach for determining the maturity level of an information security program?

• A.Perform a self-assessment.
• B.Engage a third-party review.
• C.Evaluate key performance indicators (KPls).
• D.Review internal audit results.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?

• A.Security compliant servers trend report
• B.Percentage of security compliant servers
• C.Number of security patches applied
• D.Security patches applied trend report

Comment: *

Name: *

Email: *

Verification: *