Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

A.

Use within an organization to formulate security requirements and objectives

B.

Implementation of business-enabling information security

C.

Use within an organization to ensure compliance with laws and regulations

D.

To enable organizations that adopt it to obtain certifications

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

A.

To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

B.

To provide a common basis for developing organizational security standards

C.

To provide effective security management practice and to provide confidence in inter-organizational dealings

D.

To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

A.

The IT team is not familiar in IT audit practices

B.

This represents a bad implementation of the Least Privilege principle

C.

This represents a conflict of interest

D.

The IT team is not certified to perform audits

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

A.

Lack of notification to the public of disclosure of confidential information.

B.

Lack of periodic examination of access rights

C.

Failure to notify police of an attempted intrusion

D.

Lack of reporting of a successful denial of service attack on the network.

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

A.

Plan-Check-Do-Act

B.

Plan-Do-Check-Act

C.

Plan-Select-Implement-Evaluate

D.

SCORE (Security Consensus Operational Readiness Evaluation)

Which of the following activities must be completed BEFORE you can calculate risk?

A.

Determining the likelihood that vulnerable systems will be attacked by specific threats

B.

Calculating the risks to which assets are exposed in their current setting

C.

Assigning a value to each information asset

D.

Assessing the relative risk facing the organization’s information assets

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

A.

Incident response plan

B.

Business Continuity plan

C.

Disaster recovery plan

D.

Damage control plan

The regular review of a firewall ruleset is considered a

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control