What does a network vulnerability assessment intend to identify?

• A.0-day vulnerabilities
• B.Malicious software and spyware
• C.Security design flaws
• D.Misconfiguration and missing updates

Comment: *

Name: *

Email: *

Verification: *

A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:

• A.initiate an exception approval process.
• B.evaluate the business risk.
• C.evaluate a third-party solution.
• D.deploy additional security controls.

Comment: *

Name: *

Email: *

Verification: *

A startup company deployed several new applications with vulnerabilities into production because security reviews were not conducted. What will BEST help to ensure effective application risk management going forward?

• A.Conduct automated scans on applications before deployment.
• B.Supplement existing development teams with security engineers.
• C.Integrate information security into existing change management
• D.Create a new governance council for application security.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

• A.Regulatory requirements are being met.
• B.Internal compliance requirements are being met.
• C.Risk management objectives are being met.
• D.Business needs are being met.

Comment: *

Name: *

Email: *

Verification: *

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

• A.Digital currency is immediately available.
• B.Network access requires two-factor authentication.
• C.Data backups are recoverable from an offsite location.
• D.An alternative network link is immediately available.

Comment: *

Name: *

Email: *

Verification: *