An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

• A.Run the application from a high-privileged account on a test system.
• B.Perform security code reviews on the entire application.
• C.Scan the entire application using a vulnerability scanning tool.
• D.Monitor Internet traffic for sensitive information leakage.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables staff acceptance of information security policies?

• A.Gomputer-based training
• B.Adequate security funding
• C.Arobust incident response program
• D.Strong senior management support

Comment: *

Name: *

Email: *

Verification: *

What is the PRIMARY benefit to an organization that maintains an information security governance framework?

• A.Resources are prioritized to maximize return on investment (ROI)
• B.Information security guidelines are communicated across the enterprise_
• C.The organization remains compliant with regulatory requirements.
• D.Business risks are managed to an acceptable level.

Comment: *

Name: *

Email: *

Verification: *

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

• A.Cost of the attack to the organization
• B.Location of the attacker
• C.Details from intrusion detection system (IDS) logs
• D.Method of operation used by the attacker

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

• A.To obtain input from as many relevant stakeholders as possible
• B.To increase awareness of information security among key stakeholders
• C.To ensure the stakeholders providing input own the related risk
• D.To facilitate a qualitative risk assessment following the BIA

Comment: *

Name: *

Email: *

Verification: *