A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

• A.Lack of a formal risk management policy
• B.Lack of a formal security awareness program
• C.Lack of a formal security policy governance process
• D.Lack of formal definition of roles and responsibilities

Comment: *

Name: *

Email: *

Verification: *

The ultimate goal of an IT security projects is:

• A.Support business requirements
• B.Complete security
• C.Increase stock value
• D.Implement information security policies

Comment: *

Name: *

Email: *

Verification: *

Which technology can provide a computing environment without requiring a dedicated hardware backend?

• A.Virtual Desktop
• B.Virtual Local Area Network
• C.Mainframe server
• D.Thin client

Comment: *

Name: *

Email: *

Verification: *

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state.
Which of the following security issues is the MOST likely reason leading to the audit findings?

• A.Lack of proper access controls
• B.Lack of asset management processes
• C.lack of change management processes
• D.Lack of hardening standards

Comment: *

Name: *

Email: *

Verification: *

What is the MOST critical output of the incident response process?

• A.A complete document of all involved team members and the support they provided
• B.Clearly defined documents detailing standard evidence collection and preservation processes
• C.Lessons learned from the incident, so they can be incorporated into the incident response processes
• D.Recovery of all data from affected systems

Comment: *

Name: *

Email: *

Verification: *