What is the PRIMARY role of the information security manager in the process of information classification within an organization?

• A.Defining and ratifying the classification structure of information assets
• B.Deciding the classification levels applied to the organization's information assets
• C.Securing information assets in accordance with their classification
• D.Checking if information assets have been classified properly

Comment: *

Name: *

Email: *

Verification: *

Which of the following will BEST protect an organization from internal security attacks?

• A.Static IP addressing
• B.Internal address translation
• C.Prospective employee background checks
• D.Employee awareness certification program

Comment: *

Name: *

Email: *

Verification: *

During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:

• A.copy sample files as evidence.
• B.remove access privileges to the folder containing the data.
• C.report this situation to the data owner.
• D.train the HR team on properly controlling file permissions.

Comment: *

Name: *

Email: *

Verification: *

Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?

• A.Seek policy buy-in from business stakeholders.
• B.Promote awareness of the policy among employees.
• C.Identify relevant information security frameworks for adoption.
• D.Implement an authentication and authorization system.

Comment: *

Name: *

Email: *

Verification: *

An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:

• A.bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
• B.establish baseline standards for all locations and add supplemental standards as required.
• C.bring all locations into conformity with a generally accepted set of industry best practices.
• D.establish a baseline standard incorporating those requirements that all jurisdictions have in common.

Comment: *

Name: *

Email: *

Verification: *