A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

• A.Payment Card Industry Data Security Standards (PCI-DSS)
• B.National Institute for Standards and Technology (NIST) standard
• C.International Organization for Standardization (ISO) standards
• D.Information Technology Infrastructure Library (ITIL)

Comment: *

Name: *

Email: *

Verification: *

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

• A.Evaluate risk avoidance criteria
• B.Mitigate risk
• C.Determine appetite
• D.Perform a risk assessment

Comment: *

Name: *

Email: *

Verification: *

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

• A.Transfer financial resources from other critical programs
• B.Take the system off line until the budget is available
• C.Schedule an emergency meeting and request the funding to fix the issue
• D.Deploy countermeasures and compensating controls until the budget is available

Comment: *

Name: *

Email: *

Verification: *

Risk appetite directly affects what part of a vulnerability management program?

• A.Staff
• B.Scan tools
• C.Scope
• D.Schedule

Comment: *

Name: *

Email: *

Verification: *

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network.
Which is the single most important factor to introducing digital evidence into a court of law?

• A.Uninterrupted Chain of Custody
• B.Fully trained network forensic experts to analyze all data right after the attack
• C.Expert forensics witness
• D.Comprehensive Log-Files from all servers and network devices affected during the attack

Comment: *

Name: *

Email: *

Verification: *