After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?

• A.Senior management
• B.Business manager
• C.IT audit manager
• D.Information security officer (ISO)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

• A.Chief security officer (CSO)
• B.Chief operating officer (COO)
• C.Chief privacy officer (CPO)
• D.Chief legal counsel (CLC)

Comment: *

Name: *

Email: *

Verification: *

In a large organization, which of the following is the BEST source for identifying ownership of a PC?

• A.Domain name server (DNS) records
• B.Asset management register
• C.Identity management system
• D.User ID register

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?

• A.Service desk personnel have information on how to resolve common systems issues
• B.The service desk provides a source for the identification of security incidents.
• C.Untrained service desk personnel may be a cause of security incidents.
• D.The service desk provides information to prioritize systems recovery based or> user demand

Comment: *

Name: *

Email: *

Verification: *

When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?

• A.Evaluate productivity losses
• B.Assess the impact of confidential data disclosure
• C.Calculate the value of the information or asset
• D.Measure the probability of occurrence of each threat

Comment: *

Name: *

Email: *

Verification: *