An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?

• A.Perform a threat modeling exercise
• B.Develop a risk profile
• C.Design risk management processes
• D.Select a governance framework

Comment: *

Name: *

Email: *

Verification: *

What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?

• A.Business impact analyses
• B.Security gap analyses
• C.System performance metrics
• D.Incident response processes

Comment: *

Name: *

Email: *

Verification: *

The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:

• A.change the root password of the system.
• B.implement multifactor authentication.
• C.rebuild the system from the original installation medium.
• D.disconnect the mail server from the network.

Comment: *

Name: *

Email: *

Verification: *

After a server has been attacked, which of the following is the BEST course of action?

• A.Conduct a security audit
• B.Isolate the system.
• C.Initiate modem response
• D.Review vulnerability assessment

Comment: *

Name: *

Email: *

Verification: *

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application.
Witch of the following should be the information security manager's FIRST course of action?

• A.Report the risk to the information security steering committee.
• B.Communicate the potential impact to the application owner.
• C.Determine mitigation options with IT management
• D.Escalate the risk to senior management.

Comment: *

Name: *

Email: *

Verification: *