The main purpose of the SOC is:

• A.The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation
• B.A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities
• C.An organization which provides Tier 1 support for technology issues and provides escalation when needed
• D.A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware

Comment: *

Name: *

Email: *

Verification: *

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy.
This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

• A.Lack of normal definition of roles and responsibilities
• B.Lack of a formal security awareness program
• C.Lack of a formal security policy governance process
• D.Lack of a formal risk management policy

Comment: *

Name: *

Email: *

Verification: *

What key technology can mitigate ransomware threats?

• A.Use immutable data storage
• B.Phishing exercises
• C.Blocking use of wireless networks
• D.Application of multiple end point anti-malware solutions

Comment: *

Name: *

Email: *

Verification: *

The success of the Chief Information Security Officer is MOST dependent upon:

• A.raising awareness of security issues with end users
• B.development of relationships with organization executives
• C.favorable audit findings
• D.following the recommendations of consultants and contractors

Comment: *

Name: *

Email: *

Verification: *

Within an organization's vulnerability management program, who has the responsibility to implement remediation actions?

• A.Security officer
• B.Vulnerability engineer
• C.System administrator
• D.Data owner

Comment: *

Name: *

Email: *

Verification: *