Which of the following situations would be the MOST concern to a security manager?

• A.Audit logs are not enabled on a production server
• B.The logon ID for a terminated systems analyst still exists on the system
• C.The help desk has received numerous results of users receiving phishing e-mails
• D.A Trojan was found to be installed on a system administrator's laptop

Comment: *

Name: *

Email: *

Verification: *

Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

• A.Alignment with industry best practices
• B.Business continuity investment
• C.Business benefits
• D.Regulatory compliance

Comment: *

Name: *

Email: *

Verification: *

An organization is close to going live with the implementation of a cloud-based application.
Independent penetration test results have been received that show a high-rated vulnerability.
Which of the following would be the BEST way to proceed?

• A.Implement the application and request the cloud service provider to fix the vulnerability.
• B.Postpone the implementation until the vulnerability has been fixed.
• C.Commission further penetration tests to validate initial test results.
• D.Assess whether the vulnerability is within the organization's risk tolerance levels.

Comment: *

Name: *

Email: *

Verification: *

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOS important for the information security manager to ensure:

• A.the acceptance is aligned with business strategy.
• B.compliance with the risk acceptance framework
• C.the rationale for acceptance is periodically reviewed
• D.change activities are documented

Comment: *

Name: *

Email: *

Verification: *

When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?

• A.Compliance with international security standards.
• B.Use of a two-factor authentication system.
• C.Existence of an alternate hot site in case of business disruption.
• D.Compliance with the organization's information security requirements.

Comment: *

Name: *

Email: *

Verification: *