Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:

• A.the third party provides a demonstration on a test system.
• B.goals and objectives are clearly defined.
• C.the technical staff has been briefed on what to expect.
• D.special backups of production servers are taken.

Comment: *

Name: *

Email: *

Verification: *

The BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:

• A.a sandbox environment.
• B.device encryption.
• C.two-factor authentication.
• D.a strong password policy.

Comment: *

Name: *

Email: *

Verification: *

In business-critical applications, user access should be approved by the:

• A.information security manager.
• B.data owner.
• C.data custodian.
• D.business management.

Comment: *

Name: *

Email: *

Verification: *

For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?

• A.Number of virus infections detected
• B.Amount of infection-related downtime
• C.Average recovery time per incident
• D.Number of downtime-related help desk calls

Comment: *

Name: *

Email: *

Verification: *

When a significant security breach occurs, what should be reported FIRST to senior management?

• A.A summary of the security logs that illustrates the sequence of events
• B.An explanation of the incident and corrective action taken
• C.An analysis of the impact of similar attacks at other organizations
• D.A business case for implementing stronger logical access controls

Comment: *

Name: *

Email: *

Verification: *