What is the PRIMARY purpose of an unannounced disaster recovery exercise?

• A.To assess service level agreements (SLAs)
• B.To estimate the recovery time objective (RTO)
• C.To evaluate how personnel react to the situation
• D.To provide metrics to senior management

Comment: *

Name: *

Email: *

Verification: *

An online payment provider's computer security incident response team has confirmed that a customer credit card database was breached. Which of the following is MOST important to include in a report to senior management?

• A.A summary of the security logs that illustrates the sequence of events
• B.An explanation of the potential business impact
• C.An analysis of similar attacks and recommended remediation
• D.A business case for implementing stronger logical access controls

Comment: *

Name: *

Email: *

Verification: *

When performing an information risk analysis, an information security manager should FIRST:

• A.establish the ownership of assets.
• B.evaluate the risks to the assets.
• C.take an asset inventory.
• D.categorize the assets.

Comment: *

Name: *

Email: *

Verification: *

What should be the information security manager s MOST important consideration when planning a disaster recovery test?

• A.Stakeholder notification procedures
• B.Documented escalation processes
• C.Impact to production systems
• D.Organization-wide involvement

Comment: *

Name: *

Email: *

Verification: *

What will have the HIGHEST impact on standard information security governance models?

• A.Number of employees
• B.Distance between physical locations
• C.Complexity of organizational structure
• D.Organizational budget

Comment: *

Name: *

Email: *

Verification: *