An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

• A.Wipe and reset the endpoint device.
• B.Isolate the endpoint device.
• C.Power off the endpoint device.
• D.Run a virus scan on the endpoint device.

Comment: *

Name: *

Email: *

Verification: *

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

• A.Cost of the attack to the organization
• B.Location of the attacker
• C.Method of operation used by the attacker
• D.Details from intrusion detection system (IDS) logs

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the FIRST step in patch management procedures when receiving an emergency security patch?

• A.Conduct comprehensive testing of the patch.
• B.Validate the authenticity of the patch.
• C.Schedule patching based on the criticality.
• D.Install the patch immediately to eliminate the vulnerability.

Comment: *

Name: *

Email: *

Verification: *

Which of the following metrics is the BEST measure of the effectiveness of an information security program?

• A.Reduction in the number of threats to an organization
• B.Reduction In the number of vulnerabilities in an organization
• C.Reduction in the amount of risk exposure in an organization
• D.Reduction In the cost of risk remediation for an organization

Comment: *

Name: *

Email: *

Verification: *

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

• A.Notify senior management of the issue.
• B.Initiate contract renegotiation.
• C.Report the issue to legal personnel.
• D.Assess the extent of the issue.

Comment: *

Name: *

Email: *

Verification: *