Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

An example of professional unethical behavior is:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

A recommended method to document the respective roles of groups and individuals for a given process is to:

A.

Develop a detailed internal organization chart

B.

Develop a telephone call tree for emergency response

C.

Develop an isolinear response matrix with cost benefit analysis projections

D.

Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

A.

Vendor’s client list of reputable organizations currently using their solution

B.

Vendor provided attestation of the detailed security controls from a reputable accounting firm

C.

Vendor provided reference from an existing reputable client detailing their implementation

D.

Vendor provided internal risk assessment and security control documentation

Risk appetite is typically determined by which of the following organizational functions?

A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

A.

Audit validation

B.

Physical control testing

C.

Compliance management

D.

Security awareness training

What is a difference from the list below between quantitative and qualitative Risk Assessment?

A.

Quantitative risk assessments result in an exact number (in monetary terms)

B.

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

C.

Qualitative risk assessments map to business objectives

D.

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

The exposure factor of a threat to your organization is defined by?

A.

Asset value times exposure factor

B.

Annual rate of occurrence

C.

Annual loss expectancy minus current cost of controls

D.

Percentage of loss experienced due to a realized threat event

From an information security perspective, information that no longer supports the main purpose of the business should be:

A.

assessed by a business impact analysis.

B.

protected under the information classification policy.

C.

analyzed under the data ownership policy.

D.

analyzed under the retention policy

Which of the following intellectual Property components is focused on maintaining brand recognition?

A.

Trademark

B.

Patent

C.

Research Logs

D.

Copyright