Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?

• A.Consult with IT staff and assess the risk based on their recommendations
• B.Update the security policy based on the regulatory requirements
• C.Propose relevant controls to ensure the business complies with the regulation
• D.Identify and assess the risk in the context of business objectives

Comment: *

Name: *

Email: *

Verification: *

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

• A.Wipe the device remotely.
• B.Report the incident to the police.
• C.Remove user's access to corporate data.
• D.Prevent the user from using personal mobile devices.

Comment: *

Name: *

Email: *

Verification: *

Network isolation techniques are immediately implemented after a security breach to:

• A.preserve evidence as required for forensics
• B.reduce the extent of further damage.
• C.allow time for key stakeholder decision making.
• D.enforce zero trust architecture principles.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY reason for granting a security exception?

• A.The risk is justified by the benefit to the business.
• B.The risk is justified by the benefit to security.
• C.The risk is justified by the cost to the business.
• D.The risk is justified by the cost to security.

Comment: *

Name: *

Email: *

Verification: *

An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

• A.Assess the impact to the budget,
• B.Create a business case for a new incident response plan.
• C.Conduct a gap analysis.
• D.Revise the existing incident response plan.

Comment: *

Name: *

Email: *

Verification: *