Which of the following is the MOST appropriate course of action when the risk occurrence rate is low but the impact is high?

• A.Risk acceptance
• B.Risk mitigation
• C.Risk transfer
• D.Risk avoidance

Comment: *

Name: *

Email: *

Verification: *

The MAIN objective of identifying and evaluating risk at each software development life cycle (SDLC) stage is to reduce the:

• A.acceptance test time
• B.number of software security controls
• C.mitigation costs.
• D.development time

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?

• A.Develop the information security strategy based on the enterprise strategy.
• B.Appoint a business manager as heard of information security.
• C.Promote organization-wide information security awareness campaigns.
• D.Establish a steering committee with representation from across the organization.

Comment: *

Name: *

Email: *

Verification: *

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

• A.Evaluate the cost of information security integration
• B.Assess the business objectives of the processes
• C.Identify information security risk associated with the processes
• D.Benchmark the processes with best practice to identify gaps

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the BEST defense against sniffing?

• A.Password protect the files
• B.Implement a dynamic IP address scheme
• C.Encrypt the data being transmitted
• D.Set static mandatory access control (MAC) addresses

Comment: *

Name: *

Email: *

Verification: *