The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?

• A.Laws and regulations of the country of origin may not be enforceable in the foreign country.
• B.A security breach notification might get delayed due to the time difference.
• C.Additional network intrusion detection sensors should be installed, resulting in an additional cost.
• D.The company could lose physical control over the server and be unable to monitor the physical security posture of the servers.

Comment: *

Name: *

Email: *

Verification: *

Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?

• A.Use security tokens for authentication
• B.Connect through an IPSec VPN
• C.Use https with a server-side certificate
• D.Enforce static media access control (MAC) addresses

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful when justifying the funding required for a compensating control?

• A.Business impact analysis
• B.Business case
• C.Threat assessment
• D.Risk analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan?

• A.Before an internal audit of the incident response process
• B.At intervals indicated by industry best practice
• C.When missing information impacts recovery from an incident
• D.When recovery time objectives (RTOs) are not met

Comment: *

Name: *

Email: *

Verification: *

A regulatory organization sends an email to an information security manager warning of an impending cyber-attack. The information security manager should

• A.validate the authenticity of the alert
• B.determine whether the attack is in progress
• C.reply asking for more details
• D.alert the network operations center

Comment: *

Name: *

Email: *

Verification: *