Which of the following is the BEST way to evaluate the impact of threat events on an organization's IT operations?

• A.Scenario analysis
• B.Penetration testing
• C.Risk assessment
• D.Controls review

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important part of an incident response plan?

• A.Recovery point objective (RPO)
• B.Recovery time objective (RTO)
• C.Business impact analysis (BIA)
• D.Mean time to report (MTR)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

• A.Chief security officer (CSO)
• B.Chief operating officer (COO)
• C.Chief privacy officer (CPO)
• D.Chief legal counsel (CLC)

Comment: *

Name: *

Email: *

Verification: *

Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?

• A.Business impact analysis (BIA)
• B.Penetration testing
• C.Audit and review
• D.Threat analysis

Comment: *

Name: *

Email: *

Verification: *

An organization is entering into an agreement with a new business partner to conduct customer mailings. What is the MOST important action that the information security manager needs to perform?

• A.A due diligence security review of the business partner's security controls
• B.Ensuring that the business partner has an effective business continuity program
• C.Ensuring that the third party is contractually obligated to all relevant security requirements
• D.Talking to other clients of the business partner to check references for performance

Comment: *

Name: *

Email: *

Verification: *