An information security program should be established PRIMARILY on the basis of:

• A.the approved information security strategy.
• B.the approved risk management approach.
• C.data security regulatory requirements.
• D.senior management input.

Comment: *

Name: *

Email: *

Verification: *

What is the BEST technique to determine which security controls to implement with a limited budget?

• A.Risk analysis
• B.Annualized loss expectancy (ALE) calculations
• C.Cost-benefit analysis
• D.Impact analysis

Comment: *

Name: *

Email: *

Verification: *

An organization involved in e-commerce activities operating from its home country opened a new office in another country wit! stringent security laws. In this scenario, the overall security strategy should be based on:

• A.risk assessment results.
• B.international security standards.
• C.the security organization structure
• D.the most stringent requirements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST course of action for the information security manager when residual risk is above the acceptable level of risk?

• A.Perform a cost-benefit analysis
• B.Recommend additional controls
• C.Carry out a risk assessment
• D.Defer to business management

Comment: *

Name: *

Email: *

Verification: *

When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?

• A.IP spoofing
• B.Man-in-the-middle attack
• C.Repudiation
• D.Trojan

Comment: *

Name: *

Email: *

Verification: *