Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

A.

International Organization for Standardizations – 22301 (ISO-22301)

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27005 (ISO-27005)

An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

A.

A high threat environment

B.

A low risk tolerance environment

C.

I low vulnerability environment

D.

A high risk tolerance environment

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

A.

Threat

B.

Vulnerability

C.

Attack vector

D.

Exploitation

The single most important consideration to make when developing your security program, policies, and processes is:

A.

Budgeting for unforeseen data compromises

B.

Streamlining for efficiency

C.

Alignment with the business

D.

Establishing your authority as the Security Executive

If your organization operates under a model of "assumption of breach", you should:

A.

Protect all information resource assets equally

B.

Establish active firewall monitoring protocols

C.

Purchase insurance for your compliance liability

D.

Focus your security efforts on high value assets

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

A.

How many credit card records are stored?

B.

How many servers do you have?

C.

What is the scope of the certification?

D.

What is the value of the assets at risk?

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Which of the following is the MOST important benefit of an effective security governance process?

A.

Reduction of liability and overall risk to the organization

B.

Better vendor management

C.

Reduction of security breaches

D.

Senior management participation in the incident response process

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

A.

Need to comply with breach disclosure laws

B.

Need to transfer the risk associated with hosting PII data

C.

Need to better understand the risk associated with using PII data

D.

Fiduciary responsibility to safeguard credit card information