Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Who is responsible for securing networks during a security incident?

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

A.

Awareness

B.

Compliance

C.

Governance

D.

Management

Who in the organization determines access to information?

A.

Legal department

B.

Compliance officer

C.

Data Owner

D.

Information security officer

When managing the security architecture for your company you must consider:

A.

Security and IT Staff size

B.

Company Values

C.

Budget

D.

All of the above

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

A.

National Institute for Standards and Technology 800-50 (NIST 800-50)

B.

International Organization for Standardizations – 27005 (ISO-27005)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27004 (ISO-27004)

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

A.

Risk Tolerance

B.

Qualitative risk analysis

C.

Risk Appetite

D.

Quantitative risk analysis

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

A.

Reduction of budget

B.

Decreased security awareness

C.

Improper use of information resources

D.

Fines for regulatory non-compliance

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A.

Contacting the Internet Service Provider for an IP scope

B.

Getting authority to operate the system from executive management

C.

Changing the default passwords

D.

Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements