Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s

A.

Risk Management Program.

B.

Anti-Spam controls.

C.

Security Awareness Program.

D.

Identity and Access Management Program.

The patching and monitoring of systems on a consistent schedule is required by?

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

A.

Perform a vulnerability scan of the network

B.

External penetration testing by a qualified third party

C.

Internal Firewall ruleset reviews

D.

Implement network intrusion prevention systems

Which of the following is the MOST important goal of risk management?

A.

Identifying the risk

B.

Finding economic balance between the impact of the risk and the cost of the control

C.

Identifying the victim of any potential exploits.

D.

Assessing the impact of potential threats

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

A.

Contract a third party to perform a security risk assessment

B.

Define formal roles and responsibilities for Internal audit functions

C.

Define formal roles and responsibilities for Information Security

D.

Create an executive security steering committee

File Integrity Monitoring (FIM) is considered a

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

When analyzing and forecasting a capital expense budget what are not included?

A.

Network connectivity costs

B.

New datacenter to operate from

C.

Upgrade of mainframe

D.

Purchase of new mobile devices to improve operations

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

A.

Safeguard Value

B.

Cost Benefit Analysis

C.

Single Loss Expectancy

D.

Life Cycle Loss Expectancy