A risk management program would be expected to:

• A.remove all inherent risk.
• B.maintain residual risk at an acceptable level.
• C.implement preventive controls for every threat.
• D.reduce control risk to zero.

Comment: *

Name: *

Email: *

Verification: *

Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?

• A.Strategic business plan
• B.Upcoming financial results
• C.Customer personal information
• D.Previous financial results

Comment: *

Name: *

Email: *

Verification: *

An information security manager has been asked to identify potential threats to the organization's information.
Which of the following should be done FIRST'

• A.Engage a third-parry consultant
• B.Select a governance framework.
• C.Review cyber insurance coverage.
• D.Develop a risk profile.

Comment: *

Name: *

Email: *

Verification: *

On which of the following should a firewall be placed?

• A.Web server
• B.Intrusion detection system (IDS) server
• C.Screened subnet
• D.Domain boundary

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important information to include in a strategic plan for information security?

• A.Information security staffing requirements
• B.Current state and desired future state
• C.IT capital investment requirements
• D.information security mission statement

Comment: *

Name: *

Email: *

Verification: *