Answer : Show
Answer :
Answer :
Answer :
Answer :
Answer :
Answer :
Answer :
Answer :
Answer :
What is the BEST method to verify that all security patches applied to servers were properly documented? Trace OS patch logs to change control requests Who is responsible for raising awareness of the need for adequate funding to support risk mitigation plans? Information security manager An information security manager must understand the
relationship between information security and business operations in order to: A. support organizational objectives. Correct A. support organizational objectives. Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message? Encrypting by the sender's private key ensures authentication. By being able to decrypt with the sender's public key, the receiver would know that the message is sent by the sender only and
the sender cannot deny/repudiate the message The PRIMARY goal of developing an information security program is to: The development of an information security program is usually seen as a manifestation of the information security strategy. Thus, the goal of developing the
information security program is to implement the strategy. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:
The authentication process is broken because, although the session is valid, the application should reauthenticate when the input parameters are changed. The review provided valid employee IDs, and valid input was processed. The problem here is the lack of reauthentication when the input parameters are changed. Which of the following BEST indicates senior management commitment toward
supporting information security? Management sign-off on risk management methodology helps in performing the entire risk cycle. Minimum standards for securing the technical infrastructure should be defined in a security: Minimum standards for securing the technical infrastructure should be defined in a security architecture document. This document defines how components are secured and the security services that should be in place. The PRIMARY focus of information security governance is to: Optimize the information security strategy to achieve business objectives. Governance ensures that business objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against plans. When performing an information risk analysis, an information security manager should FIRST: Assets must be inventoried before any of the other choices can be performed. Which of the following roles is MOST appropriately responsible for ensuring that security awareness and training material is effectively deployed to reach the intended audience? The information security department oversees the information security program. This includes ensuring that training reaches the intended audience. When should a request for proposal (RFP) be issued? Prior to developing a project budget Senior management commitment and support for information security can BEST be enhanced through: Periodic review of alignment with business management goals. Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process? System users, specifically the user acceptance testers, would be in the best position to note whether new exposures are introduced during the change management process. The system designer or system analyst, data security officer and operations manager would not be as closely involved in testing code changes. Which of the following is an indicator of effective governance? A risk management program is a key component of effective governance. The development of an information security program begins with: an effective information security strategy. Which of the following is the MOST usable deliverable of an information security risk analysis? Assignment of risks to process owners Which of the following is the PRIMARY prerequisite to implementing data classification within an organization? A. Defining job roles Identifying the data owners is the first step, and is essential to implementing data classification. Defining job roles is not relevant. Performing a risk assessment is important, but will require the participation of data owners (who must first be identified). Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization? A. The program's governance oversight mechanisms A. The program's governance oversight mechanisms Relationships among security technologies are BEST defined through which of the following? A. Security metrics Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain the use and relationships of security technologies. Process improvement
models and network topology diagrams also do not describe the use and relationships of these technologies. The BEST strategy for risk management is to: A. achieve a balance between risk and organizational goals. B. reduce risk to an acceptable level. An information security manager reviewing firewall rules will be MOST concerned if the firewall allows: A. source routing. Obtaining senior management support for an information security initiative can BEST be accomplished by: A. developing and presenting a business case. developing and presenting a business case. A business case is inclusive of the other options and includes and specifically addresses them. The MOST important requirement for gaining management commitment to the information security program is to: A. benchmark a number of successful organizations. B. demonstrate potential losses and other impacts that can result from a lack of support. C. inform management of the legal requirements of due care. D. demonstrate support for desired outcomes. D. demonstrate support for desired outcomes. Which of the following would be the best indicator of effective information security governance within an organization?Which of the following would be the best indicator of effective information security governance within an organization? Answer : The steering committee approves security projects.
Which of the following elements is most important when developing an information security strategy?Which of the following elements is MOST important when developing an information security strategy? Information security policy development should PRIMARILY be based on: threats.
Which of the following is the primary reason to change policies during program development?Which of the following is the PRIMARY reason to change policies during program development? The policies must comply with new regulatory and legal mandates.
How does knowledge of risk appetite increase security control effectiveness?How does knowledge of risk appetite help to increase security control effectiveness? It shows senior management that you understand their needs. It provides a basis for redistributing resources to mitigate risk outside the risk tolerance.
|