Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." Which group of people should be consulted when developing your security program?

• A.End Users
• B.All of the above
• C.Executive Management
• D.Peers

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST describes an international standard framework that is based on the security model Information Technology-Code of Practice for Information Security Management?

• A.National Institute of Standards and Technology Special Publication SP 800-12
• B.Request For Comment 2196
• C.International Organization for Standardization 27001
• D.National Institute of Standards and Technology Special Publication SP 800-26

Comment: *

Name: *

Email: *

Verification: *

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

• A.The company lacks the tools to perform a vulnerability assessment
• B.The company does not believe the security vulnerabilities to be real
• C.The company lacks a risk management process
• D.The company has a high risk tolerance

Comment: *

Name: *

Email: *

Verification: *

Which of the following is considered a project versus a managed process?

• A.continuous vulnerability assessment and vulnerability repair
• B.installation of a new firewall system
• C.monitoring external and internal environment during incident response
• D.ongoing risk assessments of routine operations

Comment: *

Name: *

Email: *

Verification: *