Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?

• A.Design
• B.Implementation
• C.Application security testing
• D.Feasibility

Comment: *

Name: *

Email: *

Verification: *

What is the MOST important item to be included in an information security policy?

• A.The definition of roles and responsibilities
• B.The scope of the security program
• C.The key objectives of the security program
• D.Reference to procedures and standards of the security program

Comment: *

Name: *

Email: *

Verification: *

An organization has to comply with recently published industry regulatory requirements-compliance that potentially has high implementation costs. What should the information security manager do FIRST?

• A.Implement a security committee.
• B.Perform a gap analysis.
• C.Implement compensating controls.
• D.Demand immediate compliance.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:

• A.regulatory' requirements.
• B.business requirements.
• C.financial value.
• D.IT resource availability.

Comment: *

Name: *

Email: *

Verification: *

After logging in to a web application, additional authentication is required at various application points. Which of the following is the PRIMARY reason for such an approach?

• A.To ensure access rights meet classification requirements
• B.To support strong two-factor authentication protocols
• C.To implement a challenge response test
• D.To meet single sign-on authentication standards

Comment: *

Name: *

Email: *

Verification: *