The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:

• A.firewalls.
• B.bastion hosts.
• C.decoy files.
• D.screened subnets.

Comment: *

Name: *

Email: *

Verification: *

After undertaking a security assessment of a production system, the information security manager is MOST likely to:

• A.inform the system owner of any residual risks and propose measures to reduce them.
• B.inform the development team of any residual risks, and together formulate risk reduction measures.
• C.inform the IT manager of the residual risks and propose measures to reduce them.
• D.establish an overall security program that minimizes the residual risks of that production system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is characteristic of centralized information security management?

• A.More expensive to administer
• B.Better adherence to policies
• C.More aligned with business unit needs
• D.Faster turnaround of requests

Comment: *

Name: *

Email: *

Verification: *

To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?

• A.Level of residual risk
• B.Level of risk treatment
• C.Configuration parameters
• D.Gap analysis results

Comment: *

Name: *

Email: *

Verification: *

When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:

• A.an adequate budget for the security program.
• B.recruitment of technical IT employees.
• C.periodic risk assessments.
• D.security awareness training for employees.

Comment: *

Name: *

Email: *

Verification: *