Which of the following would BEST support an information security manager's efforts to obtain management approval for an identity and access management (IAM) system implementation?

• A.An established security policy with access management requirements
• B.A third-party audit finding based on regulatory requirements
• C.A business case proposal for the solution
• D.A recent security incident involving access authorization

Comment: *

Name: *

Email: *

Verification: *

Which of the following techniques would be the BEST test of security effectiveness?

• A.Reviewing security logs
• B.Analyzing technical security practices
• C.Performing an external penetration test
• D.Reviewing security policies and standards

Comment: *

Name: *

Email: *

Verification: *

An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?

• A.Perform a threat modeling exercise
• B.Develop a risk profile
• C.Design risk management processes
• D.Select a governance framework

Comment: *

Name: *

Email: *

Verification: *

An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?

• A.Inform senior management.
• B.Determine the extent of the compromise.
• C.Report the incident to the authorities.
• D.Communicate with the affected customers.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important reason for obtaining input from risk owners when implementing controls?

• A.To reduce risk mitigation costs
• B.To resolve vulnerabilities in enterprise architecture (EA)
• C.To manage the risk to an acceptable level
• D.To eliminate threats impacting the business

Comment: *

Name: *

Email: *

Verification: *