What is the MOST cost-effective method of identifying new vendor vulnerabilities?

• A.External vulnerability reporting sources
• B.Periodic vulnerability assessments performed by consultants
• C.Intrusion prevention software
• D.honey pots located in the DMZ

Comment: *

Name: *

Email: *

Verification: *

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

• A.a control self-assessment (CSA) process.
• B.a monitoring process for the security policy.
• C.automated reporting to stakeholders.
• D.metrics for each milestone.

Comment: *

Name: *

Email: *

Verification: *

Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

• A.compliance testing
• B.continuity planning
• C.change management
• D.configuration management.

Comment: *

Name: *

Email: *

Verification: *

What is the PRIMARY goal of an incident management program?

• A.Identify root cause.
• B.Communicate to external entities.
• C.Contain the incident.
• D.Minimize impact to the organization.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?

• A.User assessments of changes
• B.Comparison of the program results with industry standards
• C.Assignment of risk within the organization
• D.Participation by all members of the organization

Comment: *

Name: *

Email: *

Verification: *