Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?
Correct Answer: B
Inconsistent device security is the primary challenge for an information security manager when deploying a bring your own device (BYOD) mobile program in an enterprise because it increases the risk of data breaches and compromises. A BYOD mobile program allows employees to use their personal devices, such as smartphones, tablets, or laptops, to access the organization's network, applications, and data. However, personal devices may have different operating systems, versions, configurations, and security settings than the organization's standard devices. Moreover, personal devices may not be updated regularly, may have unauthorized or malicious apps installed, or may not have adequate protection against malware or theft. Inconsistent device security makes it difficult for the information security manager to enforce and monitor the security policies and controls across all devices, as well as to ensure compliance with the regulatory requirements for data privacy and security. Therefore, inconsistent device security is the correct answer. Reference: https://simplemdm.com/blog/challenges-of-bring-your-own-device-byod-policy/ https://www.timedoctor.com/blog/byod-pros-and-cons/ https://www.ncsc.gov.uk/files/NCSC-Vendor-Security-Assessment.pdf
Question 67
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
Correct Answer: B
Question 68
Which of the following will BEST protect against malicious activity by a former employee?
Correct Answer: D
When an employee leaves an organization, the former employee may attempt to use their credentials to perform unauthorized or malicious activity. Accordingly, it is important to ensure timely revocation of all access at the time an individual is terminated. Security awareness training, preemployment screening and monitoring are all important, but are not as effective in preventing this type of situation.
Question 69
Successful implementation of information security governance will FIRST require:
Correct Answer: B
Explanation/Reference: Explanation: Updated security policies are required to align management objectives with security procedures; management objectives translate into policy, policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
Question 70
Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
Correct Answer: A
Explanation/Reference: Explanation: As owners of the system, user management approval would be the most important. Although the signoffs of security, operations and database management may be appropriate, they are secondary to ensuring the new system meets the requirements of the business.
