Access control to a sensitive intranet application by mobile users can BEST be implemented through:

• A.data encryption.
• B.digital signatures.
• C.strong passwords.
• D.two-factor authentication.

Comment: *

Name: *

Email: *

Verification: *

Implementing the principle of least privilege PRIMARILY requires the identification of:

• A.primary risk factors.
• B.data owners.
• C.job duties.
• D.authentication controls.

Comment: *

Name: *

Email: *

Verification: *

A successful information security management program should use which of the following to determine the amount of resources devoted to mitigating exposures?

• A.Risk analysis results
• B.Audit report findings
• C.Penetration test results
• D.Amount of IT budget available

Comment: *

Name: *

Email: *

Verification: *

An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization's information security manager?

• A.The information security manager did not review the change prior to implementation.
• B.The change did not include a proper assessment of risk.
• C.The operations team implemented the change without regression testing.
• D.Documentation of the change was made after implementation.

Comment: *

Name: *

Email: *

Verification: *

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

• A.the magnitude of the impact, should a threat exploit a vulnerability.
• B.a function of the cost and effectiveness of controls over a vulnerability.
• C.a function of the likelihood and impact, should a threat exploit a vulnerability.
• D.the likelihood of a given threat attempting to exploit a vulnerability,

Comment: *

Name: *

Email: *

Verification: *