Which of the following is generally considered a fundamental component of an information security program?

• A.Role-based access control systems
• B.Automated access provisioning
• C.Security awareness training
• D.Intrusion prevention systems (IPSs)

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables an information security manager to communicate the capability of security program functions?

• A.Security architecture diagrams
• B.Security maturity assessments
• C.Vulnerability scan results
• D.Key risk indicators (KRIs)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a benefit of information security governance?

• A.Reduction of the potential for civil or legal liability
• B.Questioning trust in vendor relationships
• C.Increasing the risk of decisions based on incomplete management information
• D.Direct involvement of senior management in developing control processes

Comment: *

Name: *

Email: *

Verification: *

The recovery point objective (RPO) requires which of the following?

• A.Disaster declaration
• B.Before-image restoration
• C.System restoration
• D.After-image processing

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?

• A.Balanced scorecard
• B.Industry benchmarks
• C.Cost-benefit analysis
• D.SWOT analysis

Comment: *

Name: *

Email: *

Verification: *