Loading questions...
Loading questions...
Preview
Updated
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
The Information Security Governance program MUST:
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?
Risk appetite is typically determined by which of the following organizational functions?
Which of the following can the company implement in order to avoid this type of security issue in the future?
When dealing with risk, the information security practitioner may choose to:
The process for identifying, collecting, and producing digital information in support of legal proceedings is called _____________________________.
Which of the following has the GREATEST impact on the implementation of an information security governance model?
Creating a secondary authentication process for network access would be an example of?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda. The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?
As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster.
Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?
Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?
As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?
Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?
A newly-hired CISO needs to understand the organization's financial management standards for business units and operations. Which of the following would be the best source of this information?
Which of the following is an accurate statement regarding capital expenses?
What is meant by password aging?
Which of the following best describes revenue?
Where does bottom-up financial planning primarily gain information for creating budgets?
Which of the following is a primary method of applying consistent configurations to IT systems?
Which of the following should be determined while defining risk management strategies?
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.
Which of the following standards and guidelines can BEST address this organization's need?
A method to transfer risk is to______________.
