Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

A.

Safeguard Value

B.

Cost Benefit Analysis

C.

Single Loss Expectancy

D.

Life Cycle Loss Expectancy

As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

A.

Recovery Point Objective (RPO)

B.

Disaster Recovery Plan

C.

Recovery Time Objective (RTO)

D.

Business Continuity Plan

When creating contractual agreements and procurement processes why should security requirements be included?

A.

To make sure they are added on after the process is completed

B.

To make sure the costs of security is included and understood

C.

To make sure the security process aligns with the vendor’s security process

D.

To make sure the patching process is included with the costs

The rate of change in technology increases the importance of:

A.

Outsourcing the IT functions.

B.

Understanding user requirements.

C.

Hiring personnel with leading edge skills.

D.

Implementing and enforcing good processes.

Which of the following is MOST useful when developing a business case for security initiatives?

A.

Budget forecasts

B.

Request for proposals

C.

Cost/benefit analysis

D.

Vendor management

Annual Loss Expectancy is derived from the function of which two factors?

A.

Annual Rate of Occurrence and Asset Value

B.

Single Loss Expectancy and Exposure Factor

C.

Safeguard Value and Annual Rate of Occurrence

D.

Annual Rate of Occurrence and Single Loss Expectancy

Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

A.

Segmentation controls.

B.

Shadow applications.

C.

Deception technology.

D.

Vulnerability management.

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

A.

NIST and Privacy Regulations

B.

ISO 27000 and Payment Card Industry Data Security Standards

C.

NIST and data breach notification laws

D.

ISO 27000 and Human resources best practices

As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with

third parties outside the organization. What protocol provides the ability to extend the network perimeter with

the use of encapsulation and encryption?

A.

File Transfer Protocol (FTP)

B.

Virtual Local Area Network (VLAN)

C.

Simple Mail Transfer Protocol

D.

Virtual Private Network (VPN)

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a

solution stopping people from entering certain restricted zones without proper credentials. Which of following

physical security measures should the administrator use?

A.

Video surveillance

B.

Mantrap

C.

Bollards

D.

Fence