Question No : 1
Which of the following is the MOST effective way to detect security incidents?

• A.Analyze penetration test results.
• B.Analyze recent security risk assessments.
• C.Analyze vulnerability assessments.
• D.Analyze security anomalies.

Show Answers

Answer:

Question No : 2
Which of the following will BEST ensure that risk is evaluated on system level changes?

• A.Senior management must sign-off on changes.
• B.Security should be integrated in the change control process.
• C.System development staff receives regular security training.
• D.Implement a centralized change management system.

Show Answers

Answer:

Question No : 3
Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

• A.Providing ongoing training to the incident response team
• B.Implementing proactive systems monitoring
• C.Implementing a honeypot environment
• D.Updating information security awareness materials

Show Answers

Answer:

Question No : 4
Which of the following would be the BEST evidence to present to senior management in favor of continuing a
successful investment in an organization's information security awareness program?

• A.An increase in reported incidents
• B.A decrease in reported incidents
• C.Total number of employees that passed training quizzes
• D.An increase in the number of awareness training attendees

Show Answers

Answer:

Question No : 5
An information security manager is reviewing the impact of a regulation on the organization’s human resources system.
The NEXT course of action should be to:

• A.perform a gap analysis of compliance requirements
• B.assess the penalties for noncompliance.
• C.review the organization s most recent audit report
• D.determine the cost of compliance

Show Answers

Answer:

Question No : 6
Which of the following is the MOST important action when using a web application that has recognized vulnerabilities?

• A.Deploy host-based intrusion detection.
• B.Monitor application level logs.
• C.Install anti-spyware software.
• D.Deploy an application firewall.

Show Answers

Answer:

Question No : 7
Which of the following needs to be established between an IT service provider and its clients to BEST enable adequate continuity of service in preparation for an outage?

• A.Reciprocal site agreement
• B.Server maintenance plans
• C.Recovery time objectives (RTOs)
• D.Data retention policies

Show Answers

Answer:

Question No : 8
Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

• A.Demonstrating risk is managed at the desired level
• B.Confirming the organization complies with security policies
• C.Providing evidence that resources are performing as expected
• D.Verifying security costs do not exceed the budget

Show Answers

Answer:

Question No : 9
Which of the following would MOST effectively help to restrict sensitive data from being transmitted outside the organization?

• A.Intrusion detection system (IDS)
• B.Data forensics
• C.Data loss prevention (DLP)
• D.Security information and event management (SIEM)

Show Answers

Answer:

Question No : 10
The Information security manager and senior management of a global financial institution have been notified of a potential breach to its database containing a large volume of sensitive information.
Which of the following should be done FIRST?

• A.Assess the possible impact
• B.Isolate the breached database.
• C.Notify law enforcement
• D.Implement mitigating controls.

Show Answers

Answer: