A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

• A.A rules of engagement form was not signed prior to the penetration test
• B.Vulnerabilities were not found by internal tests
• C.Vulnerabilities were caused by insufficient user acceptance testing (UAT)
• D.Exploit code for one of the vulnerabilities is publicly available

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST supports the incident management process for attacks on an organization' s supply chain?

• A.Requiring security awareness training for vendor staff
• B.Including service level agreements (SLAs) in vendor contracts
• C.Establishing communication paths with vendors
• D.Performing integration testing with vendor systems

Comment: *

Name: *

Email: *

Verification: *

A desktop computer that was involved in a computer security incident should be secured as evidence by:

• A.disconnecting the computer from all power sources.
• B.disabling all local user accounts except for one administrator.
• C.encrypting local files and uploading exact copies to a secure server.
• D.copying all files using the operating system (OS) to write-once media.

Comment: *

Name: *

Email: *

Verification: *

The FIRST step in establishing a security governance program is to:

• A.conduct a risk assessment.
• B.conduct a workshop for all end users.
• C.prepare a security budget.
• D.obtain high-level sponsorship.

Comment: *

Name: *

Email: *

Verification: *

When selecting metrics to monitor the risks associated with an information security program, it is MOST important for an information security manager to:

• A.consider the organization's business strategy.
• B.leverage industry benchmarks.
• C.identify the program's risk and compensating controls.
• D.consider the strategic objectives of the program

Comment: *

Name: *

Email: *

Verification: *