Topic 3: Management – Projects and Operations (Projects, Technology & Operations)
When managing the critical path of an IT security project, which of the following is MOST important?
A.
Knowing who all the stakeholders are.
B.
Knowing the people on the data center team.
C.
Knowing the threats to the organization.
D.
Knowing the milestones and timelines of deliverables.
Knowing the milestones and timelines of deliverables.
Which of the following is the MOST important component of any change management process?
A.
Scheduling
B.
Back-out procedures
C.
Outage planning
D.
Management approval
Management approval
A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?
A.
A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
B.
A clear set of security policies and procedures that are more concept-based than controls-based
C.
A complete inventory of Information Technology assets including infrastructure, networks, applications and data
D.
A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?
A.
Vendors uses their own laptop and logins with same admin credentials your security team uses
B.
Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses
C.
Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
D.
Vendor uses their own laptop and logins using two factor authentication with their own unique credentials
Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?
A.
Risk Assessment
B.
Incident Response
C.
Risk Management
D.
Network Security administration
Risk Management
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?
A.
Provide developer security training
B.
Deploy Intrusion Detection Systems
C.
Provide security testing tools
D.
Implement Compensating Controls
Implement Compensating Controls
A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?
A.
Lack of asset management processes
B.
Lack of change management processes
C.
Lack of hardening standards
D.
Lack of proper access controls
Lack of change management processes
Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?
A.
Terms and Conditions
B.
Service Level Agreements (SLA)
C.
Statement of Work
D.
Key Performance Indicators (KPI)
Service Level Agreements (SLA)
Which of the following represents the BEST method of ensuring security program alignment to business needs?
A.
Create a comprehensive security awareness program and provide success metrics to business units
B.
Create security consortiums, such as strategic security planning groups, that include business unit participation
C.
Ensure security implementations include business unit testing and functional validation prior to production rollout
D.
Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role
Create security consortiums, such as strategic security planning groups, that include business unit participation
You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?
A.
Risk averse
B.
Risk tolerant
C.
Risk conditional
D.
Risk minimal
Risk tolerant
An example of professional unethical behavior is:
A.
Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation
B.
Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material
C.
Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes
D.
Storing client lists and other sensitive corporate internal documents on a removable thumb drive
Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes
Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?
A.
User awareness training for all employees
B.
Installation of new firewalls and intrusion detection systems
C.
Launch an internal awareness campaign
D.
Integrate security requirements into project inception
Integrate security requirements into project inception
| Page 16 out of 38 Pages |
| Previous |