An information security manager is reporting on open items from the risk register to senior management.
Which of the following is MOST important to communicate with regard to these risks?

• A.Potential business impact
• B.Compensating controls
• C.Responsible entities
• D.Key risk indicators (KRIS)

Comment: *

Name: *

Email: *

Verification: *

A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

• A.the risk assessment has not defined the likelihood of occurrence
• B.the reported vulnerability has not been validated
• C.executive management is not aware of the impact potential
• D.the cost of implementing controls exceeds the potential financial losses.

Comment: *

Name: *

Email: *

Verification: *

An online bank identifies a successful network attack in progress. The bank should FIRST:

• A.report the root cause to the board of directors.
• B.assess whether personally identifiable information (Pll) is compromised.
• C.shut down the entire network.
• D.isolate the affected network segment.

Comment: *

Name: *

Email: *

Verification: *

An incident response team has been assembled from a group of experienced individuals, Which type of exercise would be MOST beneficial for the team at the first drill?

• A.Red team exercise
• B.Tabletop exercise
• C.Disaster recovery exercise
• D.Black box penetration test

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

• A.Require vendors to complete information security questionnaires.
• B.Verify that information security requirements are included in the contract.
• C.Review the results of the vendor's independent control reports.
• D.Request customer references from the vendor.

Comment: *

Name: *

Email: *

Verification: *