The total cost of security controls should:

• A.be less than the value of the information resource being protected
• B.Be greater than the value of the information resource being protected
• C.Be equal to the value information resource being protected
• D.Should not matter, as long as the information resource is protected

Comment: *

Name: *

Email: *

Verification: *

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

• A.Identify and assess the risk assessment process used by management.
• B.Disclose the threats and impacts to management.
• C.Identify and evaluate existing controls.
• D.Identify information assets and the underlying systems.

Comment: *

Name: *

Email: *

Verification: *

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

• A.assign the responsibility to the information security team.
• B.perform an independent audit of the security controls.
• C.create operational reports on the effectiveness of the controls.
• D.assign the responsibility to the team responsible for the management of the controls.

Comment: *

Name: *

Email: *

Verification: *

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?

• A.Fence
• B.Bollards
• C.Video surveillance
• D.Mantrap

Comment: *

Name: *

Email: *

Verification: *

When analyzing and forecasting a capital expense budget what are not included?

• A.Purchase of new mobile devices to improve operations
• B.Network connectivity costs
• C.New datacenter to operate from
• D.Upgrade of mainframe

Comment: *

Name: *

Email: *

Verification: *