Aintegrate with other organizational governance processes
Bshow a return on investment for the organization
Cintegrate with other organizational governance processes
Dsupport user choice for Bring Your Own Device (BYOD)
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?
AMitigate risk
BPerform a risk assessment
CDetermine appetite
DEvaluate risk avoidance criteria
Risk appetite is typically determined by which of the following organizational functions?
ABusiness units
BBoard of Directors
CAudit and compliance
DSecurity
Which of the following can the company implement in order to avoid this type of security issue in the future?
ANetwork based intrusion detection systems
BAn audit management process
CA security training program for developers
DA risk management process
Question 7
Security Risk Management, Controls and Audit Management
0
Question 8
Governance, Risk, Compliance and Audit Management
Question 9
Governance, Risk, Compliance and Audit Management
Question 10
Security Risk Management, Controls and Audit Management
Question 11
Governance, Risk, Compliance and Audit Management
Question 12
Security Program Management and Operations
Question 13
Security Risk Management, Controls and Audit Management
Question 14
Security Program Management and Operations
Question 15
Security Risk Management, Controls and Audit Management
Question 16
Information Security Core Competencies
Question 17
Security Risk Management, Controls and Audit Management
Question 18
Strategic Planning, Finance, Procurement and Vendor Management
Question 19
Strategic Planning, Finance, Procurement and Vendor Management
Question 20
Security Risk Management, Controls and Audit Management
Question 21
Strategic Planning, Finance, Procurement and Vendor Management
Question 22
Strategic Planning, Finance, Procurement and Vendor Management
Question 23
Security Program Management and Operations
Question 24
Security Risk Management, Controls and Audit Management
Question 25
Security Risk Management, Controls and Audit Management
Question 26
Security Risk Management, Controls and Audit Management
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
When dealing with risk, the information security practitioner may choose to:
Aacknowledge
Btransfer
Cassign
Ddefer
The process for identifying, collecting, and producing digital information in support of legal proceedings is called _____________________________.
Achain of custody
Belectronic review
Cevidence tampering
Delectronic discovery
Which of the following has the GREATEST impact on the implementation of an information security governance model?
AComplexity of organizational structure
BDistance between physical locations
COrganizational budget
DNumber of employees
Creating a secondary authentication process for network access would be an example of?
ADefense in depth cost enumerated costs
BNonlinearities in physical security performance metrics
CSystem hardening and patching requirements
DAnti-virus for mobile devices
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda. The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?
AThe CISO reports to the IT organization
BThe CISO has not implemented a policy management framework
CThe CISO does not report directly to the CEO of the organization
DThe CISO has not implemented a security awareness program
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?
AVideo surveillance
BMantrap
CBollards
DFence
As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster.
Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?
ARecovery Point Objective (RPO)
BDisaster Recovery Plan
CRecovery Time Objective (RTO)
DBusiness Continuity Plan
Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?
ASegmentation controls.
BShadow applications.
CDeception technology.
DVulnerability management.
As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?
ADual Control
BSeparation of Duties
CSplit Knowledge
DLeast Privilege
Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?
AIdentification
BAuthorization
CAuthentication
DAccountability
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?
AThey need to use Nessus.
BThey can implement Wireshark.
CSnort is the best tool for their situation.
DThey could use Tripwire.
A newly-hired CISO needs to understand the organization's financial management standards for business units and operations. Which of the following would be the best source of this information?
AThe internal accounting department
BThe Chief Financial Officer (CFO)
CThe external financial audit service
DThe managers of the accounts payables and accounts receivables teams
Which of the following is an accurate statement regarding capital expenses?
AThey are easily reduced through the elimination of usage, such as reducing power for lighting of work areas during off-hours
BCapital expenses can never be replaced by operational expenses
CCapital expenses are typically long-term investments with value being realized through their use
DThe organization is typically able to regain the initial cost by selling this type of asset
What is meant by password aging?
AAn expiration date set for passwords
BA Single Sign-On requirement
CTime in seconds a user is allocated to change a password
DThe amount of time it takes for a password to activate
Which of the following best describes revenue?
ANon-operating financial liabilities minus expenses
BThe true profit-making potential of an organization
CThe sum value of all assets and cash flow into the business
DThe economic benefit derived by operating a business
Where does bottom-up financial planning primarily gain information for creating budgets?
ABy adding all capital and operational costs from the prior budgetary cycle, and determining potential financial shortages
BBy reviewing last year's program-level costs and adding a percentage of expected additional portfolio costs
CBy adding the cost of all known individual tasks and projects that are planned for the next budgetary cycle
DBy adding all planned operational expenses per quarter then summarizing them in a budget request
Which of the following is a primary method of applying consistent configurations to IT systems?
AAudits
BAdministration
CPatching
DTemplates
Which of the following should be determined while defining risk management strategies?
AOrganizational objectives and risk tolerance
BEnterprise disaster recovery plans
CRisk assessment criteria
DIT architecture complexity
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.
Which of the following standards and guidelines can BEST address this organization's need?
AInternational Organization for Standardizations ג€" 22301 (ISO-22301)
