What is the main purpose of the Incident Response Team?

A.

Ensure efficient recovery and reinstate repaired systems

B.

Create effective policies detailing program activities

C.

Communicate details of information security incidents

D.

Provide current employee awareness programs

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

A.

Compliance to the Payment Card Industry (PCI) regulations.

B.

Alignment with financial reporting regulations for each country where they operate.

C.

Alignment with International Organization for Standardization (ISO) standards.

D.

Compliance with patient data protection regulations for each country where they operate.

The PRIMARY objective for information security program development should be:

A.

Reducing the impact of the risk to the business.

B.

Establishing strategic alignment with bunsiness continuity requirements

C.

Establishing incident response programs.

D.

Identifying and implementing the best security solutions.

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

A.

Enforce the existing security standards and do not allow the deployment of the new technology.

B.

Amend the standard to permit the deployment.

C.

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

D.

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

A.

In promiscuous mode and only detect malicious traffic.

B.

In-line and turn on blocking mode to stop malicious traffic.

C.

In promiscuous mode and block malicious traffic.

D.

In-line and turn on alert mode to stop malicious traffic.

An organization information security policy serves to

A.

establish budgetary input in order to meet compliance requirements

B.

establish acceptable systems and user behavior

C.

define security configurations for systems

D.

define relationships with external law enforcement agencies

Which of the following has the GREATEST impact on the implementation of an information security governance model?

A.

Organizational budget

B.

Distance between physical locations

C.

Number of employees

D.

Complexity of organizational structure

The PRIMARY objective of security awareness is to:

A.

Ensure that security policies are read.

B.

Encourage security-conscious employee behavior.

C.

Meet legal and regulatory requirements.

D.

Put employees on notice in case follow-up action for noncompliance is necessary

Regulatory requirements typically force organizations to implement

A.

Mandatory controls

B.

Discretionary controls

C.

Optional controls

D.

Financial controls

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Which of the following is a critical operational component of an Incident Response Program (IRP)?

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

A.

The asset owner

B.

The asset manager

C.

The data custodian

D.

The project manager