Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?

• A.Board of directors
• B.Risk assessment
• C.Patching history
• D.Latest virus definitions file

Comment: *

Name: *

Email: *

Verification: *

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process.
Which of the following represents your BEST course of action?

• A.Conduct a throughout risk assessment against the current implementation to determine system functions
• B.Validate that security awareness program content includes information about the potential vulnerability
• C.Send a report to executive peers and business unit owners detailing your suspicions
• D.Determine program ownership to implement compensating controls

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST likely to be discretionary?

• A.Policies
• B.Procedures
• C.Guidelines
• D.Standards

Comment: *

Name: *

Email: *

Verification: *

Who is responsible for securing networks during a security incident?

• A.Disaster Recovery (DR) manager
• B.Chief Information Security Officer (CISO)
• C.Incident Response Team (IRT)
• D.Security Operations Center (SO

Comment: *

Name: *

Email: *

Verification: *

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

• A.Determine the risk tolerance
• B.Create an architecture gap analysis
• C.Analyze existing controls on systems
• D.Perform an asset classification

Comment: *

Name: *

Email: *

Verification: *