The PRIMARY reason for initiating a policy exception process is when:

• A.operations are too busy to comply.
• B.the risk is justified by the benefit.
• C.policy compliance would be difficult to enforce.
• D.users may initially be inconvenienced.

Comment: *

Name: *

Email: *

Verification: *

Which two components PRIMARILY must be assessed in an effective risk analysis?

• A.Visibility and duration
• B.Likelihood and impact
• C.Probability and frequency
• D.Financial impact and duration

Comment: *

Name: *

Email: *

Verification: *

Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

• A.review access rights as the acquisition integration occurs.
• B.perform a risk assessment of the access rights.
• C.escalate concerns for conflicting access rights to management.
• D.implement consistent access control standards.

Comment: *

Name: *

Email: *

Verification: *

A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?

• A.Quarantine all picture files stored on file servers
• B.Block all e-mails containing picture file attachments
• C.Quarantine all mail servers connected to the Internet
• D.Block incoming Internet mail, but permit outgoing mail

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:

• A.regulatory' requirements.
• B.business requirements.
• C.financial value.
• D.IT resource availability.

Comment: *

Name: *

Email: *

Verification: *