Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

When project costs continually increase throughout implementation due to large or rapid changes in customer

or user requirements, this is commonly known as:

A.

Cost/benefit adjustments

B.

Scope creep

C.

Prototype issues

D.

Expectations management

If the result of an NPV is positive, then the project should be selected. The net present value shows the present

value of the project, based on the decisions taken for its selection. What is the net present value equal to?

A.

Net profit – per capita income

B.

Total investment – Discounted cash

C.

Average profit – Annual investment

D.

Initial investment – Future value

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

At what level of governance are individual projects monitored and managed?

A.

Program

B.

Milestone

C.

Enterprise

D.

Portfolio

As the Chief Information Security Officer, you are performing an assessment of security posture to understand

what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows

to detect and actively stop vulnerability exploits and attacks?

A.

Gigamon

B.

Intrusion Prevention System

C.

Port Security

D.

Anti-virus

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

Symmetric encryption in general is preferable to asymmetric encryption when:

A.

The number of unique communication links is large

B.

The volume of data being transmitted is small

C.

The speed of the encryption / deciphering process is essential

D.

The distance to the end node is farthest away

What is meant by password aging?

A.

An expiration date set for passwords

B.

A Single Sign-On requirement

C.

Time in seconds a user is allocated to change a password

D.

The amount of time it takes for a password to activate

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

A.

Contract a third party to perform a security risk assessment

B.

Define formal roles and responsibilities for Internal audit functions

C.

Define formal roles and responsibilities for Information Security

D.

Create an executive security steering committee

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

A.

Internal Audit

B.

Corporate governance

C.

Risk Oversight

D.

Key Performance Indicators