Which of the following is a PRIMARY security responsibility of an information owner?

• A.Deciding what level of classification the information requires
• B.Testing information classification controls
• C.Maintaining the integrity of data in the information system
• D.Determining the controls associated with information classification

Comment: *

Name: *

Email: *

Verification: *

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

• A.Prepare a risk mitigation plan.
• B.Analyze the identified risk.
• C.Add the risk to the risk register.
• D.Implement compensating controls.

Comment: *

Name: *

Email: *

Verification: *

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked and there is no assurance that compliance requirements are being met What should be done FIRST to reverse this bottom-up approach to security?

• A.Create an information security steering committee
• B.Implement an information security awareness training program
• C.Conduct a threat analysis
• D.Establish an audit committee

Comment: *

Name: *

Email: *

Verification: *

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

• A.Integrity
• B.Authenticity
• C.Confidentiality
• D.Nonrepudiation

Comment: *

Name: *

Email: *

Verification: *

After detecting an advanced persistent threat (APT), which of the following should be the information security manager's FIRST step?

• A.Contain the threat
• B.Perform root-cause analysis
• C.Notify management
• D.Remove the threat

Comment: *

Name: *

Email: *

Verification: *