Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT?

• A.Assess the impact of the regulation.
• B.Report the decision to the compliance officer.
• C.Update details within the risk register
• D.Reassess the organization's risk tolerance.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST

• A.Annual loss expectancy (ALE)
• B.The market value of the assets
• C.Value of the assets relative to the organization
• D.Recovery time objective (RTO)

Comment: *

Name: *

Email: *

Verification: *

To help ensure that an information security training program is MOST effective, its contents should be:

• A.based on employees' roles.
• B.based on recent incidents.
• C.aligned to business processes.
• D.focused on information security policy.

Comment: *

Name: *

Email: *

Verification: *

When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?

• A.Reboot the router connecting the DMZ to the firewall
• B.Power down all servers located on the DMZ segment
• C.Monitor the probe and isolate the affected segment
• D.Enable server trace logging on the affected segment

Comment: *

Name: *

Email: *

Verification: *

A company is considering a new automated system that requires implementation of wireless devices for data capture. Even though wireless is not an approved technology, senior management has accepted the risk and approved a Proof-of-Concept (POC) to evaluate the technology and proposed solution. Which of the following is the information security manager s BEST course of action?

• A.Develop corporate wireless standards.
• B.Sandbox the proposed solution.
• C.Provide personnel with wireless security training.
• D.Implement a wireless intrusion detection system (IDS).

Comment: *

Name: *

Email: *

Verification: *