Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

• A.The application does not use a secure communications protocol
• B.The application is configured with restrictive access controls
• C.The business process has only one level of error checking
• D.Server-based malware protection is not enforced

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

• A.Assess the risk to the organization.
• B.Review the mitigating security controls.
• C.Increase the frequency of system backups.
• D.Notify staff members of the threat.

Comment: *

Name: *

Email: *

Verification: *

The FIRST step in establishing a security governance program is to:

• A.conduct a risk assessment.
• B.conduct a workshop for all end users.
• C.prepare a security budget.
• D.obtain high-level sponsorship.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

• A.Defining the business recovery plan with the IT service provider
• B.Requiring regular reporting frame the IT service provider
• C.Defining information security requirements with internal IT
• D.Requiring an external security audit of the IT service provider

Comment: *

Name: *

Email: *

Verification: *

An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

• A.broken authentication.
• B.unvalidated input.
• C.cross-site scripting.
• D.structured query language (SQL) injection.

Comment: *

Name: *

Email: *

Verification: *