From an information security perspective, information that no longer supports the main purpose of the business should be:

• A.analyzed under the retention policy.
• B.protected under the information classification policy.
• C.analyzed under the backup policy.
• D.protected under the business impact analysis (BIA).

Comment: *

Name: *

Email: *

Verification: *

After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

• A.Information security officer
• B.Chief information officer (CIO)
• C.Business owner
• D.Chief executive officer (CFO)

Comment: *

Name: *

Email: *

Verification: *

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST

• A.Request funding needed to resolve the top vulnerabilities.
• B.Ensure vulnerabilities found are resolved within acceptable timeframes.
• C.Ensure a risk assessment is performed to evaluate the findings.
• D.Report findings to senior management.

Comment: *

Name: *

Email: *

Verification: *

To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?

• A.Conducting a qualitative and quantitative risk analysis.
• B.Assigning value to the assets.
• C.Weighing the cost of implementing the plan vs. financial loss.
• D.Conducting a business impact analysis (BIA).

Comment: *

Name: *

Email: *

Verification: *

Which of the following circumstances would MOST likely require a review and update to an organization's information security incident response plan?

• A.A new business application has been implemented.
• B.A new business strategy has been developed.
• C.A high-risk vulnerability has been detected.
• D.The organizational structure has changed.

Comment: *

Name: *

Email: *

Verification: *