Pretest Flashcards by Kim Beban

Which of the following is an indicator of effective governance?
A. A defined information security architecture
B. Compliance with international security standards
C. Periodic external audits
D. An established risk management program

How well did you know this?

Not at all

Perfectly

Which of the following is the PRIMARY prerequisite to implementation data classification within and organization?
A. Defining job roles
B. Performing a risk assessment
C. Identifying data owners
D. Establishing data retention policies

How well did you know this?

Not at all

Perfectly

What is the PRIMARY factor that should be taken into consideration when designing the technical solution for a disaster recovery site?
A. Service deliver objective
B. Recovery time objective
C. Allowable interruption window
D. Maximum tolerable outage

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?
A. Implement countermeasures
B. Eliminate the risk
C. Transfer the risk
D. Accept the risk

How well did you know this?

Not at all

Perfectly

Due to limited storage media, an IT operations employee has requested permission to overwrite data stored on a magnetic tape. The decision of the authorizing manager will MOST likely be influenced by the data:
A. classification policy
B. Retention policy
C. creation policy
D. leakage protection

How well did you know this?

Not at all

Perfectly

Which of the following is MOST effective in protecting against the attack technique known as phishing?
A. Firewall blocking rules
Up-to-date signature files
C. Security awareness training
D. Intrusion detection system monitoring

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST cost-effective approach to achieve strategic alignment?
A. Periodically survey management
B. Implement a governance framework
C. Ensure that controls meet objectives
D. Develop an enterprise architecture

How well did you know this?

Not at all

Perfectly

An internal review of a web-based application system reveals that it is possible to gain access to all employees' accounts by changing the employee's ID used for accessing the account on the uniform resource locator. The vulnerability identified is:
A. broken authentication
B. unvalidated input
C. cross-site scripting
D. structured query language injection

How well did you know this?

Not at all

Perfectly

Which of the following the is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
A. Card key door locks
B. Photo identification
C. Biometric scanners
D. Awareness training

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?
A. Disclosure of personal information
B. Sufficient coverage of the insurance policy for accidental losses
C. Potential impact of the data loss
D. Replacement cost of the equipment

How well did you know this?

Not at all

Perfectly

Recovery point objectives can be used to determine which of the following?
A. Maximum tolerable period of data loss
B. Maximum tolerable downtime
C. Baseline for operational resiliency
D. Time to restore backups

How well did you know this?

Not at all

Perfectly

An information security manager has implemented procedures for monitoring specific activities on the network. The system administrator has been trained to analyze the network events, take appropriate action and provide reports to the InfoSec manager. What additional monitoring should be implemented to give a more accurate, risk-based view of network activity?
A. The sys admin should be monitored by a separate reviewer
B. All activity on the network should be monitored
C. No additional monitoring is needed in this situation
D. Monitoring should be done only the they InfoSec manager

How well did you know this?

Not at all

Perfectly

Which of the following is MOST likely to be discretionary
A. Policies
B. Procedures
C. Guidelines
D. Standards

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST important in developing a security strategy?
A. Creating a positive security environment
B. Understanding key business objectives
C. Having a reporting line to senior management
D. Allocating sufficient resources to InfoSec

How well did you know this?

Not at all

Perfectly

Which of the following roles is responsible for legal and regulatory liability>
A. Chief security officer
B. Chief legal counsel
C. Board of directors and senior management
D. InfoSec steering group

How well did you know this?

Not at all

Perfectly

What is the PRIMARY basis for a detailed business continuity plan?
A. Consideration of different alternatives
B. The solution that is least expensive
C. Strategies that cover all applications
D. Strategies validated by senior management

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST appropriate frequency for updating antivirus signature files for antivirus software on production servers?
A. Daily
B. Weekly
C. Concurrently with operating system patch updates
D. During scheduled change control updates

How well did you know this?

Not at all

Perfectly

Why is public key infrastructure the preferred model when providing encryption keys to a large number of individuals?
A. It is computationally more efficient
B. It is more scalable than a symmetric key
C. It is less costly to maintain than a symmetric key approach
D. It provides greater encryption strength than a secret key model

How well did you know this?

Not at all

Perfectly

Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?
A. Stress testing
B. Patch management
C. Change management
D. Security baselines

How well did you know this?

Not at all

Perfectly

What is the MOST important item to be included in an InfoSec policy?
A. The definition of toles and responsibilities
B. The scope of the security program
C. the key objectives of the security program
D. Reference to procedures and standards of the security program

How well did you know this?

Not at all

Perfectly

What is the PRIMARY objective of a postincident review in incident response?
A. To adjust budget provisioning
B. To preserve forensic data
C. To improve the response process
d. To ensure the incident is fully documented

How well did you know this?

Not at all

Perfectly

Which of the following actions is the MOST important when a server is infected with a virus?
A. Isolate the infected servers(s) from the network
B. Identify all potential damage cause by the infection
C. Ensure that the virus database files are current
D. Establish security weaknesses in the firewall

How well did you know this?

Not at all

Perfectly

Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database admin in the IT dept?
A. DB Admin
B. Finance dept mgmt
C. InfoSec mgr
D. IT dept mgmt

How well did you know this?

Not at all

Perfectly

When a major vulnerability in the security of a critical web server is discovered, immediate notification should be made to the:
A. system owner to take corrective action
B. incident response team to investigate
C. data owners to mitigate damage
D. development team to remediate

How well did you know this?

Not at all

Perfectly

What should documented standards/procedures for the use of cryptography across the enterprise achieve? A. Define the circumstances where cryptography should be used B. Define cryptographic algorithms and key lengths C. Describe handing procedures of cryptographic keys D. Establish the use of cryptographic solutions

``` Which of the following would be the MOST relevant factor when defining the info classification policy? A. Quantity of info B. Available IT infrastructure C. Benchmarking D. Requirements of data owners ```

A certificate authority is required for a public key infrastructure: A. in cases where confidentiality is an issue B. when challenge/response auth is used C. except where users attests to each other's identity D. in role-based access control deployments

``` For risk management purposes, the value of a physical asset should be based on: A. original cost B. net cash flow C. net present value D. replacement cost ```

``` An enterprise is transferring its IT ops to an offshore location. An infosec mgr should PRIMARILY focus on: A. reviewing new laws and regulations B. updating operation procedures C. validating staff qualifications D. conducting a risk assessment ```

An org's board of directors is concerned about recent fraud attempts that originated over the internet. What action should the board take to address this concern? A. Direct infosec regarding specific resolutions that are needed to address the risk B. Research solutions to determine appropriate actions for the org C. Take not action; infosec does not report to the board D. Direct mgmt to assess the risk and to report the results to the board

``` Which of the following roles is MOST responsible for ensuring that info protection policies are consistent with applicable laws and regulations? A. Executive mgmt B. Quality mgr. C. Board of directors D. Auditor ```

The PRIMARY goal of a corporate risk mgmt program is to ensure that an org's: A. IT assets in key business functions are protected B. business risk is addressed by preventive controls C. stated objectives are achieved D. IT facilities and systems are always available

``` Of the following, retention of business records should be PRIMARILY based on: A. periodic vulnerability assessment B. business requirements C. device storage capacity and longevity D. legal requirements ```

``` Who should generally determine the classification of an information asset? A. the asset custodian B. the security mgr. C. senior mgmt. D. the asset owner ```

``` An infosec mgr. mapping a job description to types of data access is MOST likely to adhere to which of the following infosec principles? A. Ethics B. Proportionality C. Integration D. Accountability ```

What activity needs to be performed for previously accepted risk? A. Risk should be reassessed periodically because risk changes over time B. Accepted risk should be flagged to avoid future reassessment efforts C. Risk should be avoided next tie to optimize the risk profile D. Risk should be removed from the risk log after it is accepted

An enterprise has been recently subject to a series of denial-of-service attacks due to a weakness in security. The infosec mgr. needs to present a business case for increasing the investment in security. The MOST significant challenge in obtaining approval from senior mgmt. for the proposal is: A. explaining technology issues of security B. demonstrating value and benefits C. simulating various risk scenarios D. obtaining benchmarking data for comparison

When creating a forensic image of a hard drive, which of the following should be thee FIRST step? A. Identify a recognized forensics software tool to create the image B. Establish a chain of custody log C. Connect the hard drive to a write blocker D. Generate a cryptographic hash of the hard drive contents

When an org is using an automated tool to mange and house its business continuity plans, which of the following is the PRIMARY concern? A. Ensuring accessibility should a disaster occur B. Versioning control as plans are modified C. Broken hyperlinks to resources stored elsewhere D. Tracking changes in personnel and plan assets

Security risks assessments are MOST cost-effective to a software development org when they are performed: A. before system development begins B. at system deployment C. before developing a business case D. at each stage of the system development life cycle

``` Which of the following is MOST effective in preventing disruptions to production systems? A. patch mgmt. B. security baselines C. virus detection D. change mgmt. ```

``` The segregation of duties principle is violated if which of the following individuals has update rights to the db access control list? A. data owner B. data custodian C. systems programmer D. security admin ```

``` During which phase of development is it MOST appropriate to begin assessing the risk of a new application system? A. Feasibility B. Design C. Development D. Testing ```

``` When a proposed system change violates an existing security standard, the conflict would be BEST resolved by: A. calculating the risk B. enforcing the security standard C. redesigning the system change D. implementing mitigating controls. ```

``` Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user? A. Intrusion detection system B. IP address packet filtering C. Two-factor authentication D. Embedded digital signature ```

``` Which of the following are seldom changed in response to technological changes? A. Standards B. Procedures C. Policies D. Guidelines ```

``` While implementing infosec governance, an org should FIRST: A. adopt security standards B. determine security baselines C. define the security strategy D. establish security policies ```

``` Who should be assigned as data owner for sensitive customer data that is used only by the sales dept. and stored in a central db? A. The sales dept. B. The db admin C. The chief information officer D. the head of the sales dept. ```

``` Which of the following actions should be taken when an online trading company discovers a network attack in progress? A. Shut of all network access points B. Dump all even logs to removable media C. Isolate the affected network segment D. Enable trace logging on all events ```

Which of the following is the MOST important consideration when performing a risk assessment? A. Mgmt. supports risk mitigation efforts B. Annual loss expectancies have been calculated for critical assets C. Assets have been identified and appropriately valued D. Attack motives, means and opportunities are understood

``` Which program element should be implemented FIRST in asset classification and control? A. Risk assessment B. Classification C. Valuation D. Risk mitigation ```

``` Infosec governance is PRIMARILY driven by: A. technology constraints B. regulatory requirements C. litigation potential D. business strategy ```

What is the BEST method for mitigating against network DOS attacks? A. Ensure all servers are up to date on OS patches B. Employ packet filtering to drop suspect packets C. Implement network address translation to make internal addresses nonroutable D. Implement load balancing for internet facing devices

``` Which of the following would be MOST appropriate for collecting and preserving evidence? A. Encrypted hard drives B. Generic audit software C. Proven forensic processes D. Log correlation software ```

``` What is the BEST means to standardize security configs in similar devices? A. Policies B. Procedures C. Technical guides D. Baselines ```

Serious security incidents typically lead to renewed focus by mgmt. on infosec that then usually fades over time. What opportunity should the infosec mgr. seize to BEST use this renewed focus? A. To improve the integration of business and infosec processes B. To increase infosec budgets and staffing levels C. to develop tighter controls and stronger compliance efforts D. To acquire better supplemental technical security controls

``` The use of insurance is an example of which of the following? A. Risk mitigation B. Risk acceptance C. Risk elimination D. Risk transfer ```

Infosec frameworks can be MOST useful for the infosec mgr. because they: A. provide detailed processes and methods B. are designed to achieve specific outcomes C. provide structure and guidance D. provide policy and procedure

What activity BEST helps ensure that contract personnel do not obtain unauthorized access to sensitive information? A. Set accounts to pre-expire B. Avoid granting sys admin roles C. Ensure they successfully pass background checks D. Ensure their access is approved by the data owner

When should risk assessments be performed for optimum effectiveness? A. At the beginning of security program development B. On a continuous basis C. While developing the business case for the security program D. During the business change management process

Under what circumstances is it MOST appropriate to reduce control strength? A. Assessed risk is below acceptable levels B. Risk cannot be determined C. The control cost is high D. The control is not effective

``` Infosec policy enforcement is the responsibility of the: security steering committee B. chief information officer C. chief infosec officer D. chief compliance officer ```

What is the PRIMARY role of the infosec mgr. related to data classification and handling process within an org? A. Defining and ratifying the org's data classification structure B. Assigning the classification levels to the information assets C. Securing information assets in according with their data classification D. Confirming that information assets have been properly classified

``` Who should PRIMARILY provide direction on the impact of new regulatory requirements that may lead to major application system changes? A. The internal audit department B. System developers/analysts C. Key business process owners D. Corporate legal counsel ```

``` Maturity levels are an approach to determine the extent that sound practices have been implemented in a org based on outcomes. Another approach that has been developed to achieve essentially the same result is: A. controls applicability statements B. process performance and capabilities B. probabilistic risk assessment D. factor analysis of information risk ```

Which of the following is the MOST important action to take when engaging third-party consultants to conduct and attack and penetration test? A. Request a list of the software to be used B. Provide clear directions to IT staff C. Monitor intrusion detection system and firewall logs closely D. Establish clear rules of engagement

When securing wireless access points, which of the following controls would BEST assure confidentiality? A. Implementing wireless intrusion prevention systems B Not broadcasting the service set identifier C. Implement wired equivalent privacy authentication D. Enforcing a virtual private network over wireless

Which of the following should be performed EXCLUSIVELY by the infosec dept.? A. Monitoring unauthorized access to operating systems B. Configuring user access to operating systems C. Approving operating system access standards D. Configuring the firewall to protect operation systems

``` An org has to comply with recently published industry regulatory reqmts - compliance that potentially has high implementation costs. What should the infosec mgr. do FIRST? A. Consult the security committee B. Perform a gap analysis C. Implement compensating controls D. Demand immediate compliance ```

``` After a service interruption of a critical system, the incident response team finds that it needs to activate the warm recovery site. Discovering that throughput is only half of the primary site, the team nevertheless notifies mgmt. that it has restored the critical system. This is MOST likely because it has achieved the: A. recovery point objective B. recovery time objective C. service delivery objective D. maximum tolerable outage ```

Which of the following is the MOST important step before implementing a security policy? A. Communicating to employees B. Training IT staff C. Identifying relevant technologies for automation D. Obtaining sign-off from stakeholders

``` The acceptability of a partial system recovery after a security incident is MOST likely to be bases on the : A. ability to resume normal operations B. maximum tolerable outage C. service delivery objective D. acceptable interruption window ```

Which of the following is the MOST important objective of an infosec strategy review? A. Ensuring that risk is identified, analyzed and mitigated to acceptable levels B. Ensuring the infosec strategy is aligned with organization goals C. Ensuring the best return on infosec investments D. Ensure the efficient utilization of infosec resources

Which of the following choices is the MOST important consideration when developing the security strategy of a company operating in different countries? A. Diverse attitudes to security by employees and mgmt. B. Time differences and the ability to reach security officers C. A coherent implementation of security policies and procedures in all countries D. Compliance with diverse laws and governmental regulation

Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the infosec mgr. if: A. it implies compliance risk B. short-term impact cannot be determined C. it violate industry security practices D. changes in the roles matrix cannot be detected

An infosec mgr. is performing a security review and determines that not all employees comply with the access control policy for the data center. The FIRST step to address this issue should be to: A. assess the risk of noncompliance B. initiate security awareness training C. prepare a status report for management D. increase compliance enforcement

``` Which of the following has the highest priority when defining an emergency response plan? A. Critical data B. Critical infrastructure C. Safety of personnel D. Vital records ```

A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent a successful brute force attack of the account? A. Prevent the system from being accessed remotely B. Create a strong random password C. As for a vendor patch D. Track usage of the account by audit trails

A regulatory authority has just introduced a new regulation pertaining to the release of quarterly financial results. The FIRST task that the security officer should perform is to: A. identify whether current controls are adequate B. communicate the new requirement to audit C. implement the requirement of the new regulation D. conduct a cost-benefit analysis of implementing the control

``` What does the following statement reflect: All desktops are required to use Windows 7, Service Pack 1, and all servers are required to use Windows Server 2008 R2 Service Pack 1.: A. It's a policy B. It's a guideline C. it's a standard D. it's a procedure ```

``` What is the FRIST step of performing an information risk analysis? A. Establish the ownership of assets B. Evaluate the risk to the assets C. Take an asset inventory D. Categorize the assets ```

Which off the following BEST helps calculate the impact of losing frame relay network connectivity for 18 to 24 hours? A. Hourly billing rate charged by the carrier B. Value of the data transmitted over the network C. Aggregate compensation of all affected business users D. Financial losses incurred by affected business units

``` Which of the following would be the FIRST step when developing a business case for an infosec investment? A. Defining the objectives B. Calculating the cost C. Defining the need D. Analyzing the cost-effectiveness ```

Which of the following BEST assists the infosec mgr. identifying new threats to information security? A. Performing more frequent review of the org's risk factors B. Developing more realistic information security risk scenarios C. Understanding the flow and classification of information used by the org D. A process to monitor postincident review reports prepared by IT staff

A cost-benefit analysis is performed on any proposed control to: A. define budget limitations B. demonstrate due diligence to the budget committee C. verify that the cost of implementing the control is within security budget D. demonstrate the costs are justified by the reduction in risk

``` Which of the following functions is responsible for determining the members of the enterprise's response teams? A. Governance B. Risk management C. Compliance D. Information security ```

``` A db was compromised by guessing the passwords for a shared admin account and confidential customer info was stolen. The infosec mgr. was able to detect this breach analyzing which of the following? A. Invalid login attempts B. Write access violations C. Concurrent logons D. Firewall logs ```

An infosec mgr. at a global org has to ensure that the local infosec program will initially be in compliance with the: A. corporate data privacy policy B. data privacy policy where data are collected C. data privacy policy of the headquarters' country D. data privacy directive applicable globally

``` In controlling information leakage, mgmt. should FIRST establish: A. a data leak prevention program B. user awareness training C. an information classification process D. a network detection system ```

``` To determine how a security breach occurred on the corp. network, a security mgr. looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs? A. Db server B. Domain name server C. Time server D. Proxy server ```

``` Who in an org has the responsibility for classifying information? A. Data custodian B. DB admin C. Information security officer D. Data owner ```

``` Which of the following attacks is BEST mitigated by using strong passwords? A. Main-in-the-middle attack B. Brute force attack C. Remote buffer overflow D. Root kit ```

Which of the following choices is the BEST method of determining the impact of a DDOS attack on a business? A. Identify the sources of the malicious traffic B. Interview the users and document their responses C. Determine the criticality of the affected services D. Review the logs of the firewalls and intrusion detection system

Which of the following is MOST important in determining whether a disaster recovery test is successful? A. Only business data files from offsite storage are users B. IT staff fully recovers the processing infrastructure C. Critical business processes are duplicated D. All system are restored within recovery time objectives

``` IT-related risk management activities are MOST effective when they are: A. treated as a distinct process B. conducted by the IT department C. integrated within business processes D. communicated to all employees ```

``` Investments in infosec technologies should be based on: A. vulnerability assessments B. value analysis C. business climate D. audit recommendations ```

``` Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise? A. Chief security officer B. Chief operation officer C. Chief privacy officer D. Chief legal counsel ```

``` Simple Network Management Protocol v2 (SNMPv2) is used frequently to monitor networks. Which of the following vulnerabilities does it always introduce? A. Remote buffer overflow B. Cross-site scripting C. cleartext authentication D. Man-in-the-middle attack ```

The PRIMARY objective of incident response is to: A. investigate and report results of the incident to mgmt. B. gather evidence C. minimize business disruptions D. assist law enforcement in investigations

To BEST improve the alignment of the infosec objectives in an org, the chief infosec officer should: A. revise the infosec program B. evaluate a business balanced scorecard C. conduct regular user awareness sessions D. perform penetration tests

``` Who is ultimately responsible for ensuring that information is categorized and that protective measure are taken? A. Information security officer B. Security steering committee C. Data owner D. Data custodian ```

A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the org's LAN. What should the security mgr. do FIRST? A. Understand the business reqmts of the developer portal B. Perform a vulnerability assessment of the developer portal C. Install an IDS D. Obtain a signed nondisclosure from the external consultants before allowing external access to the server

In conducting an initial technical vulnerability assessment, which of the following choices should receive top priority? A. Systems impacting legal or regulatory standing B. Externally facing systems or applications C. Resources subject to performance contracts D. Systems covered by business interruption insurance

An infosec mgr. is in the process of investigating an network intrusion. One of the enterprise's employees is a suspect. The mgr. has just obtained the suspect's computer and hard drive. Which of the following is the BEST next step? A. Create an image of the hard drive B. Encrypt the data on the hard drive C. Examine the original hard drive D. Create a logical copy of the hard drive

``` The decision as to whether an IT risk has been reduced to an acceptable level should be determined by: A. Organizational requirements B. information systems requirements C. information security requirements D. international standards ```

A third part was engaged to develop a business app. Which of the following is the BEST test for the existence of back doors? A. System monitoring for traffic on network ports B. Security code reviews for the entire app C. Reverse engineering the app binaries D. Running the app from a high-privileged account on a test system

A contract has just been signed with a new vendor to mange it support services. Which of the following tasks should the infosec mgr. ensure is performed NEXT? A. Establish vendor monitoring B. Define reporting relationships C. create a service level agreement D. Have the vendor sign a nondisclosure agreement

``` Which of the following is the MOST effective security measure to protect data held on mobile computing devices? A. Biometric access control B. Encryption of stored data C. Power-on passwords D. Protection of data being transmitted ```

An infosec mgr. can BEST attain senior mgmt. commitment and support by emphasizing: A. organization risk B. performance metrics C. security needs D. the responsibilities of organizational units

``` Which of the following is an inherent weakness of signature-based intrusion detection systems? A. A higher number of false positives B. New attack methods will be missed C. Lon duration probing will be missed D. Attack profiles can be easily spoofed ```

Why is it important to develop an infosec baseline? The security baseline helps define: A. critical information resources needing protection B. a security policy for the entire org C. The minimum acceptable security to be implemented D. required physical and logical access controls

To achieve effective strategic alignment of infosec initiatives, it is important that: A. steering committee leadership rotates among members B. major organizational units provide input and reach a consensus C. the business strategy is updated periodically D. procedures and standards are approved by all departmental heads

``` Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise? A. Ease of installation B. Product documentation C. Available support D. System overhead ```

Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:200 om? A. Most new viruses' signatures are identified over weekends B Technical personnel are not available to support the operation C. Systems are vulnerable to new viruses during the intervening week D. The update's success of failure is not known until Monday

``` Which of the following should an infosec mgr. PRIMARILY user when proposing the implementation of a security solution? A. Risk assessment report B. Technical evaluation report C. Business case D. Budgetary requirements ```

``` Which of the following choices is the MOST significant single point of failure in a public key infrastructure? A. A certificate authority's public key B. A replying parts' private key C. A CA's private key D. A replying party's public key ```

``` Which of the following is the BEST method for ensuring that temporary employees do not recvied excessive access rights? A. Mandatory access controls B. Discretionary access controls C. Lattice-based access controls D. Role-based access controls ```

What is the BEST way to determine if an anomaly-based IDS is properly installed? A. Simulate an attack and review IDS performance B. Use a honeypot to check for unusual activity C. Audit the configuration of the IDS D. Benchmark the IDS against a peer site.

A serious vulnerability is reported in the firewall software used by an org. Which of the following should be the immediate action of the infosec Mgr.? A. Ensure that all operating system patches are up to date B. Block inbound traffic until a suitable solution is found C. Obtain guidance from the firewall manufacturer D. Commission a penetration test

Which of the following should be determined FIRST when establishing a business continuity program? A. Cost to rebuild information processing facilities B. Incremental daily cost of the unavailability of systems C. Location and cost of offsite recovery facilities D. Composition and mission of individual recovery teams

What responsibility do data owners normally have? A. Applying emergency changes to application data B. Administering security over db records C. Migrating application code changes to production D. Determining the level of application security required

The PRIMARY reason for senior mgmr. review of infosec incidents is to: A. ensure adequate corrective actions were implemented B. demonstrate mgmt. commitment to the infosec process C. evaluate the incident response process for deficiencies D. evaluate the ability of the security team

Which of the following choices would be the MOST significant key risk indicator? A. A deviation in employee turnover B. The number of packets dropped by the firewall C. The number of viruses detected D. The reporting relationship of IT

A virtual desktop infrastructure enables remote access. The benefit of this approach from a security perspective is to: A. optimize the IT resources budget by reducing physical maintenance to remote PCs B establish segregation of personal and org data while using a remote PC C. enable the execution of data wipe operations into a remote PC environment D. Terminate the update of the approved antivirus software list for remote PCs

``` What is the PRIMARY purpose of segregation of duties? A. Employee monitoring B. Reduced supervisory requirements C. Fraud prevention D. Enhanced compliance ```

The MOST effective approach to address issues that arise between IT mgmt., business units and security mgmt. when implementing a new security strategy is for the infosec mgr. to: A. escalate issues to an external third party for resolution B. ensure that senior mgmt. provide authority for security to address the issues C. insist that mangers or units not in agreement with the security solution accept the risk D. refer the issues to senior mgmt. along with any security recommendation

Which of the following will require the MOST effort when supporting an operational infosec program? A. Reviewing and modifying procedures B. Modifying policies to address changing technologies C. Writing additional policies to address new regulations D. Drafting standards to address regional differences

Which of the following would be the BEST way to improve employee attitude toward and commitment to, infosec? A. Implement restrictive controls B. Customize methods training to the audience C. Apply administrative penalties D. Initiate stronger supervision

``` Which of the following processes is CRITICAL for deciding prioritization of actions in a business continuity plan? A. Business impact analysis B. Risk assessment C. Vulnerability assessment D. Business process mapping ```

In a large enterprise, what makes an information security awareness program MOST effective? A. It's developed by a professional training company B. It's embedded into the orientation process C. It's customized to the audience using the appropriate delivery channel D. It's required by the infosec policy

``` Which of the following choices is the BEST input for the definition of escalation guidelines? A. Risk management issues B. A risk and impact analysis C. Assurance review reports D. The effective of resources ```

``` After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived . The infosec mgr. should recommend to business mgmt. that the risk be: A. transferred B. treated C. accepted D. terminated ```

``` The FIRST step in developing a business case is to: A. determine the probability of success B. calculate the return on investment C. analyze the cost-effectiveness D. define the issues to be addressed ```

``` Which of the following is the BEST way to erase confidential information stored on magnetic tapes? A. Performing a low-level format B. Rewriting with zeros C. Burning them D. Degaussing them ```

Effective governance of enterprise security is BEST ensured by: A. using a bottom-up approach B. management by the IT dept. C. referring the matter to the org's legal dept. D. using a top-down approach

``` Which of the following is a key component of an incident response policy A. Updated call trees B. Escalation criteria C. Press release templates D. Critical backup files inventory ```

``` Which of the following is the MOST important aspect of forensic investigations that will potentially involve legal action? A. The independence of the investigator B. Timely intervention C. Identifying the perpetrator D. Chain of custody ```

Which of the following risk scenarios would BEST be assessed using qualitative risk assessment techniques? A. Theft of purchased software B. Power outage lasting 24 hours C. Permanent decline in customer confidence D. Temporary loss of email services

``` Who is in the BEST position to determine the level of information security needed for a specific business application? A. The system developer B. The infosec mgr. C. The system custodian D. The data owner ```

``` Which of the following roles is responsible for ensuring that information is classified? A. Senior management B. The security manager C. The data owner D. The data custodian ```

``` Which of the following is the BEST way to mitigate the risk of the db admin reading sensitive data from the db? A. Log all access to sensitive data B. Employ app-level encryption C Install a db monitoring solution D. Develop a data security policy ```

An org's infosec strategy should be based on: A. managing risk relative to business objectives B. managing risk to a zero level and minimizing insurance premiums C. avoiding occurrence of risk t=so that insurance isn't required D. transferring most risk to insurers and saving on control costs

``` Risk acceptance is a component of which of the following? A. Risk assessment B. Risk mitigation C. Risk identification D. Risk monitoring ```

What is the PRIMARY objective of security awareness? A. Ensure that security policies are understood B. Influence employee behavior C. Ensure legal and regulatory compliance D. Notify of actions for noncompliance

``` Which of the following steps in conducting a risk assessment should be performed FIRST? A. Identify business assets B. Identify business risk C. Assess vulnerabilities D. Evaluate key controls ```

``` Successful implementation of infosec governance will FIRST require: A. security awareness training B. Updated security policies C. a computer incident management team D a security architecture ```

``` A control policy is MOST likely to address which of the following implementation requirements? A. Specific metrics B. Operational capabilities C. Training requirements D. Failure modes ```

The director of auditing has recommended a specific infosec monitoring solution to the infosec mgr. What should the infosec mgr. do FIRST? A. Obtain comparative pricing bids and complete the transaction with the vendor offering the best deal B. Add the purchase to the budget during the next budget preparation cycle to account for costs C. Perform an assessment to determine correlation with business goals and objectives D. Form a project team to plan the implementation

``` An enterprise has a network of suppliers that it allows to remotely access and important db that contains critical supply chain data. What is the BEST control to ensure that the individual supplier representatives who have access to the system do not improperly access or modify info within this system? A. User access rights B. Biometric access controls C. Password authentication D. Two-factor authentication ```

Which of the following should be included in an annual infosec budget that is submitted for mgmt. approval? A. A cost-benefit analysis of budgeted resources B. All of the resources that are recommended by the business C. Total cost of ownership D. Baseline comparisons