A risk management approach to information protection is:

• A.managing risks to an acceptable level, commensurate with goals and objectives.
• B.accepting the security posture provided by commercial security products.
• C.implementing a training program to educate individuals on information protection and risks.
• D.managing risk tools to ensure that they assess all information protection vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST useful when illustrating to senior management the status of a recently implemented information security governance framework?

• A.A threat assessment
• B.A maturity model
• C.Periodic testing results
• D.A risk assessment

Comment: *

Name: *

Email: *

Verification: *

Which of the following metrics BEST measures the effectiveness of an organization's information security program?

• A.Increase in risk assessments completed
• B.Reduction in information security incidents
• C.Number of information security business cases developed
• D.Return on information security investment

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?

• A.Activate the business continuity plan (BCP).
• B.Update the business impact assessment.
• C.Inform senior management.
• D.Categorize incidents by the value of the affected asset.

Comment: *

Name: *

Email: *

Verification: *

Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?

• A.An intrusion prevention system (IPS)
• B.An intrusion detection system (IDS)
• C.A host-based intrusion detection system (HIDS)
• D.A host-based firewall

Comment: *

Name: *

Email: *

Verification: *