An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?

• A.The organization's cost of noncompliance
• B.The organization's risk appetite
• C.The information security strategy
• D.The information security policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important prerequisite for establishing information security management within an organization?

• A.Senior management commitment
• B.Information security framework
• C.Information security organizational structure
• D.Information security policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following should cause the GREATEST concern for an information security manager reviewing the effectiveness of an intrusion prevention system (IPS)?

• A.Increase in false negatives
• B.Decrease in malicious packets
• C.Decrease in false positives
• D.Increase in crossover error rate

Comment: *

Name: *

Email: *

Verification: *

The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

• A.uses multiple redirects for completing a data commit transaction.
• B.has implemented cookies as the sole authentication mechanism.
• C.has been installed with a non-legitimate license key.
• D.is hosted on a server along with other applications.

Comment: *

Name: *

Email: *

Verification: *

What is the MOST important factor for determining prioritization of incident response?

• A.Service level agreements (SLAs) pertaining to the impacted systems
• B.The potential impact to the business
• C.The availability of specialized technical staff
• D.The time to restore the impacted systems

Comment: *

Name: *

Email: *

Verification: *