A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?

• A.Run a port scan on the system
• B.Disable the logon ID
• C.Investigate the system logs
• D.Validate the incident

Comment: *

Name: *

Email: *

Verification: *

Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

• A.Root cause analysis
• B.industry benchmarks
• C.Threat analysis
• D.Quantitative loss

Comment: *

Name: *

Email: *

Verification: *

Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?

• A.Develop an implementation strategy.
• B.Schedule the target end date for implementation activities.
• C.Budget the total cost of implementation activities.
• D.Calculate the residual risk for each countermeasure.

Comment: *

Name: *

Email: *

Verification: *

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

• A.Enhanced policy compliance
• B.Improved procedure flows
• C.Segregation of duties
• D.Better accountability

Comment: *

Name: *

Email: *

Verification: *

When performing an information risk analysis, an information security manager should FIRST:

• A.establish the ownership of assets.
• B.evaluate the risks to the assets.
• C.take an asset inventory.
• D.categorize the assets.

Comment: *

Name: *

Email: *

Verification: *