An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?

• A.The information security policy
• B.The information security strategy
• C.The organization's risk appetite
• D.The organization's cost of noncompliance

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be done FIRST when considering a new security initiative?

• A.Develop a business case.
• B.Conduct a feasibility study.
• C.Perform a cost-benefit analysis.
• D.Conduct a benchmarking exercise.

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?

• A.A comprehensive list of business processes performed by each business unit
• B.Involvement of senior management in information security policy development
• C.Inclusion of business unit management In the Information security steering committee
• D.Targeted user security awareness programs for business units outside of IT

Comment: *

Name: *

Email: *

Verification: *

Which of the7ager to regularly report to senior management?

• A.Results of penetration tests
• B.Audit reports
• C.Impact of untreated risks
• D.Threat analysis reports

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

• A.Block IP addresses used by the attacker
• B.Redirect the attacker's traffic
• C.Disable firewall ports exploited by the attacker.
• D.Power off affected servers

Comment: *

Name: *

Email: *

Verification: *