Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

• A.Reduce security hardening settings.
• B.Perform a risk assessment.
• C.Inform business management of the risk.
• D.Document a security exception.

Comment: *

Name: *

Email: *

Verification: *

Which of the following has the MOST influence on the inherent risk of an information asset?

• A.Risk tolerance
• B.Net present value (NPV)
• C.Return on investment (ROI)
• D.Business criticality

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST indicates that an organization can respond to incidents in a timely manner?

• A.The incident response plan has been endorsed by management.
• B.No audit issues were identified with the incident response plan.
• C.Adequate financial resources are available for the response team.
• D.The organization conducts walk-through exercises for incident response.

Comment: *

Name: *

Email: *

Verification: *

The implementation of a capacity plan would prevent:

• A.file system overload arising from distributed denial-of-service attacks
• B.system downtime for scheduled security maintenance
• C.software failures arising from exploitation of buffer capacity vulnerabilities
• D.application failures arising from insufficient hardware resources

Comment: *

Name: *

Email: *

Verification: *

A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?

• A.Enforce the existing security standard
• B.Change the standard to permit the deployment
• C.Perform a risk analysis to quantify the risk
• D.Perform research to propose use of a better technology

Comment: *

Name: *

Email: *

Verification: *