When developing a classification method for incidents, the categories MUST be:

• A.quantitatively defined.
• B.regularly reviewed.
• C.specific to situations.
• D.assigned to incident handlers.

Comment: *

Name: *

Email: *

Verification: *

The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

• A.uses multiple redirects for completing a data commit transaction.
• B.has implemented cookies as the sole authentication mechanism.
• C.has been installed with a non-legitimate license key.
• D.is hosted on a server along with other applications.

Comment: *

Name: *

Email: *

Verification: *

An organization utilizes a third party to classify its customers' personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?

• A.Include detailed documentation requirements within the formal statement of work.
• B.Submit a formal request for proposal (RFP) containing detailed documentation of requirements.
• C.Ensure a nondisclosure agreement is signed by both parties' senior management.
• D.Require the service provider to sign off on the organization's acceptable use policy.

Comment: *

Name: *

Email: *

Verification: *

The valuation of IT assets should be performed by:

• A.an IT security manager.
• B.an independent security consultant.
• C.the chief financial officer (CFO).
• D.the information owner.

Comment: *

Name: *

Email: *

Verification: *

An information security manager is evaluating the key risk indicators (KRIs) for an organization's information security program. Which of the following would be the information security manager's GREATEST concern?

• A.Undefined thresholds to trigger alerts
• B.Multiple KRIs for a single control process
• C.Use of qualitative measures
• D.Lack of formal KRI approval from IT management

Comment: *

Name: *

Email: *

Verification: *