To gain a clear understanding of the impact that a new regulatory will have on an organization's security control, an information manager should FIRST.

• A.Perform a gap analysis
• B.Conduct a cost-benefit analysis
• C.Interview senior management
• D.Conduct a risk assessment

Comment: *

Name: *

Email: *

Verification: *

Risk acceptance is a component of which of the following?

• A.Assessment
• B.Mitigation
• C.Evaluation
• D.Monitoring

Comment: *

Name: *

Email: *

Verification: *

To prevent computers on the corporate network from being used as part of a distributed denial of service attack, the information security manager should use:

• A.incoming traffic filtering
• B.outgoing traffic filtering
• C.IT security policy dissemination
• D.rate limiting

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST supports effective information security governance"*

• A.The information security manager develops the strategy
• B.A steering committee is established
• C.Compliance with regulations is demonstrated.
• D.A baseline risk assessment is performed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST defense against a brute force attack?

• A.Time-of-day restrictions
• B.Intruder detection lockout
• C.Mandatory access control
• D.Discretionary access control

Comment: *

Name: *

Email: *

Verification: *