Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?

• A.Report the activity to senior management.
• B.Update the risk register and review the information security strategy.
• C.Conduct a risk assessment and develop an impact analysis.
• D.Allow temporary use of the site and monitor for data leakage.

Comment: *

Name: *

Email: *

Verification: *

When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager?

• A.Managing the impact
• B.Identifying unacceptable risk levels
• C.Assessing vulnerabilities
• D.Evaluating potential threats

Comment: *

Name: *

Email: *

Verification: *

Which of the following defines the minimum security requirements that a specific system must meet?

• A.Security baseline
• B.Security guideline
• C.Security policy
• D.Security procedure

Comment: *

Name: *

Email: *

Verification: *

When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

• A.Assess vulnerabilities.
• B.Manage the impact.
• C.Evaluate potential threats.
• D.Identify unacceptable risk levels.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST defense against distributed denial of service (DDoS) attacks?

• A.Regular patching
• B.Well-configured routers and firewalls
• C.Multiple and redundant paths
• D.Intruder-detection lockout

Comment: *

Name: *

Email: *

Verification: *