Which two components PRIMARILY must be assessed in an effective risk analysis?

• A.Visibility and duration
• B.Likelihood and impact
• C.Probability and frequency
• D.Financial impact and duration

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?

• A.Run a patch management scan to discover which patches are missing from each machine.
• B.Create a regression test plan to ensure business operation is not interrupted.
• C.Cross-reference all missing patches to establish the date each patch was introduced.
• D.Establish a risk-based assessment process for prioritizing patch implementation.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST measures the effectiveness of an organization's information security strategy?

• A.Comparison of mitigated risk to accepted risk
• B.Comparison of residual risk to risk appetite
• C.Comparison of current security budget to previous year's budget
• D.Comparison of threats to vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager's FIRST course of action?

• A.Notify the business process owner.
• B.Inform senior management of the incident.
• C.Shut down the server in an organized manner.
• D.Validate that there has been an incident

Comment: *

Name: *

Email: *

Verification: *

After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

• A.Introduce new risk scenarios to test program effectiveness.
• B.Conduct programs to promote user risk awareness
• C.Monitor the security environment for changes in risk.
• D.Perform a business impact analysis (BIA).

Comment: *

Name: *

Email: *

Verification: *