Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?

• A.Infrastructure as a Service (laaS)
• B.Storage as a Service (SaaS)
• C.Platform as a Service (PaaS)
• D.Software as a Service (SaaS)

Comment: *

Name: *

Email: *

Verification: *

Information classification is a fundamental step in determining:

• A.who has ownership of information.
• B.whether risk analysis objectives are met.
• C.the security strategy that should be used.
• D.the type of metrics that should be captured.

Comment: *

Name: *

Email: *

Verification: *

A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:

• A.there are sufficient safeguards in place to prevent this risk from happening.
• B.the needed countermeasure is too complicated to deploy.
• C.the cost of countermeasure outweighs the value of the asset and potential loss.
• D.The likelihood of the risk occurring is unknown.

Comment: *

Name: *

Email: *

Verification: *

Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:

• A.map the major threats to business objectives.
• B.review available sources of risk information.
• C.identify the value of the critical assets.
• D.determine the financial impact if threats materialize.

Comment: *

Name: *

Email: *

Verification: *

The likelihood of a successful attack is a function of:

• A.threat and vulnerability levels
• B.value and desirability to the intruder
• C.incentive and capability of the intruder
• D.opportunity and asset value

Comment: *

Name: *

Email: *

Verification: *