What is the BEST way to achieve on-going compliance monitoring in an organization?

• A.Outsource compliance to a 3rd party vendor and let them manage the program.
• B.Have Compliance Direct Information Security to fix issues after the auditor's report.
• C.Only check compliance right before the auditors are scheduled to arrive onsite.
• D.Have Compliance and Information Security partner to correct issues as they arise.

Comment: *

Name: *

Email: *

Verification: *

Your penetration testing team installs an in-line hardware key logger onto one of your
network machines. Which of the following is of major concern to the security organization?

• A.In-line hardware keyloggers are relatively inexpensive
• B.In-line hardware keyloggers don't require physical access
• C.In-line hardware keyloggers are undetectable by software
• D.In-line hardware keyloggers don't comply to industry regulations

Comment: *

Name: *

Email: *

Verification: *

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

• A.Every 18 months
• B.Every 6 months
• C.High risk environments 6 months, low-risk environments 12 months
• D.Every 12 months

Comment: *

Name: *

Email: *

Verification: *

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

• A.Weekly
• B.Daily
• C.Monthly
• D.Hourly

Comment: *

Name: *

Email: *

Verification: *

The process of identifying and classifying assets is typically included in the

• A.Asset configuration management process
• B.Threat analysis process
• C.Disaster Recovery plan
• D.Business Impact Analysis

Comment: *

Name: *

Email: *

Verification: *