Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

• A.Availability of current infrastructure documentation
• B.Capability to take a snapshot of virtual machines
• C.Availability of web application firewall logs
• D.Capability of online virtual machine analysis

Comment: *

Name: *

Email: *

Verification: *

Who can BEST advocate the development of and ensure the success of an information security program?

• A.Internal auditor
• B.Chief operating officer (COO)
• C.Steering committee
• D.IT management

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indicator that an effective security control is built into an organization?

• A.The monthly service level statistics indicate a minimal impact from security issues.
• B.The cost of implementing a security control is less than the value of the assets.
• C.The percentage of systems that is compliant with security standards.
• D.The audit reports do not reflect any significant findings on security.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would provide the MOST useful input when creating an information security program?

• A.Information security strategy
• B.Information security budget
• C.Business case
• D.Key risk indicators (KRls)

Comment: *

Name: *

Email: *

Verification: *

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

• A.Risk management
• B.Change management
• C.Access control management
• D.Configuration management

Comment: *

Name: *

Email: *

Verification: *