The PRIMARY benefit of performing an information asset classification is to:

• A.link security requirements to business objectives.
• B.identify controls commensurate to risk.
• C.define access rights.
• D.establish ownership.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to implement when using a service account for infrastructure administration?

• A.Account lockout
• B.Audit trail
• C.Hash totals
• D.Password control

Comment: *

Name: *

Email: *

Verification: *

The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:

• A.verify the decision with the business units.
• B.check the system's risk analysis.
• C.recommend update after post implementation review.
• D.request an audit review.

Comment: *

Name: *

Email: *

Verification: *

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

• A.Revise the organization s security policy
• B.Assess the consequences of noncompliance,
• C.Document risk acceptances.
• D.Conduct an information security audit

Comment: *

Name: *

Email: *

Verification: *

The MOST important factor in ensuring the success of an information security program is effective:

• A.communication of information security requirements to all users in the organization.
• B.formulation of policies and procedures for information security.
• C.alignment with organizational goals and objectives.
• D.monitoring compliance with information security policies and procedures.

Comment: *

Name: *

Email: *

Verification: *