What is the primary reason for performing a return on investment analysis?

• A.To determine the current present value of a project
• B.To determine the annual rate of loss
• C.To decide between multiple vendors
• D.To decide is the solution costs less than the risk it is mitigating

Comment: *

Name: *

Email: *

Verification: *

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

• A.Explain to the IT group that the IPS won't cause any network impact because it will fail open
• B.Work with the IT group and tell them to put IPS in-line and say it won't cause any network impact
• C.Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic
• D.Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

Comment: *

Name: *

Email: *

Verification: *

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

• A.Due Compromise
• B.Due Care
• C.Due Protection
• D.Due process

Comment: *

Name: *

Email: *

Verification: *

The total cost of security controls should:

• A.be less than the value of the information resource being protected
• B.Be greater than the value of the information resource being protected
• C.Should not matter, as long as the information resource is protected
• D.Be equal to the value information resource being protected

Comment: *

Name: *

Email: *

Verification: *

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

• A.Changing the default passwords
• B.Contacting the Internet Service Provider for an IP scope
• C.Getting authority to operate the system from executive management
• D.Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Comment: *

Name: *

Email: *

Verification: *