Which of the following is MOST helpful to management in determining whether risks are within an organization's tolerance level?

• A.Audit findings
• B.Maturity level
• C.Penetration test results
• D.Heat map

Comment: *

Name: *

Email: *

Verification: *

Relationships among security technologies are BEST defined through which of the following?

• A.Security metrics
• B.Network topology
• C.Security architecture
• D.Process improvement models

Comment: *

Name: *

Email: *

Verification: *

A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

• A.Implement security assessments throughout the systems development life cycle.
• B.Conduct regular security audits during system implementation stages.
• C.Require penetration tests before production implementation.
• D.Train and test system developers m secure coding practices.

Comment: *

Name: *

Email: *

Verification: *

What is the BEST way to ensure that contract programmers comply with organizational security policies?

• A.Explicitly refer to contractors in the security standards
• B.Have the contractors acknowledge in writing the security policies
• C.Create penalties for noncompliance in the contracting agreement
• D.Perform periodic security reviews of the contractors

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements indicates that a previously failing security program is becoming successful?

• A.The number of threats has been reduced.
• B.More employees and stakeholders are attending security awareness programs.
• C.The number of vulnerability false positives is decreasing.
• D.Management's attention and budget are now focused on risk reduction.

Comment: *

Name: *

Email: *

Verification: *