An information security program should be established PRIMARILY on the basis of:

• A.the approved information security strategy.
• B.the approved risk management approach.
• C.data security regulatory requirements.
• D.senior management input.

Comment: *

Name: *

Email: *

Verification: *

When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSI.), confidentiality is MOST vulnerable to which of the following?

• A.IP spoofing
• B.Man-in-the-middle attack
• C.Repudiation
• D.Trojan

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important element of an information security strategy?

• A.Defined objectives
• B.Time frames for delivery
• C.Adoption of a control framework
• D.Complete policies

Comment: *

Name: *

Email: *

Verification: *

An information security manager learns that the root password of an external FTP server may be subject to brute force attacks. Which of the following would be the MOST appropriate way to reduce the likelihood of a successful attack?

• A.Install an intrusion detection system (IDS).
• B.Disable access to the externally facing server.
• C.Block the source IP address of the attacker.
• D.Lock remote logon after multiple failed attempts.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

• A.The capabilities and expertise of the information security team
• B.A prior successful information security strategy
• C.The organization's mission statement and roadmap
• D.The organization's information technology (IT) strategy

Comment: *

Name: *

Email: *

Verification: *