When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:

• A.consolidating multiple sites into a single portal.
• B.using nffps in place of http.
• C.coding standards and code review.
• D.hardening of the web server s operating system.

Comment: *

Name: *

Email: *

Verification: *

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

• A.Calculate the total cost of ownership (TCO).
• B.Define the issues to be addressed.
• C.Perform a cost-benefit analysis.
• D.Conduct a feasibility study,

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY objective of performing a post-incident review is to:

• A.re-evaluate the impact of incidents
• B.identify vulnerabilities
• C.identify control improvements.
• D.identify the root cause.

Comment: *

Name: *

Email: *

Verification: *

Rn information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

• A.Security information and event management (SIEM) tool
• B.Antivirus software
• C.Intrusion detection system (IDS)
• D.File integrity monitoring (FIM) software

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?

• A.Reconfigure the database schema
• B.Enforce referential integrity on the database
• C.Conduct code reviews
• D.Conduct network penetration testing

Comment: *

Name: *

Email: *

Verification: *