An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

• A.Escalate to the chief risk officer (CRO).
• B.Conduct a vulnerability analysis.
• C.Conduct a risk analysis.
• D.Determine compensating controls.

Comment: *

Name: *

Email: *

Verification: *

An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?

• A.The individual responsible for providing support for the application.
• B.The individual who has the most privileges within the application
• C.The individual who manages users of the application
• D.The individual who manages the process supported by the application.

Comment: *

Name: *

Email: *

Verification: *

What is the GREATEST risk when there is an excessive number of firewall rules?

• A.One rule may override another rule in the chain and create a loophole
• B.Performance degradation of the whole network
• C.The firewall may not support the increasing number of rules due to limitations
• D.The firewall may show abnormal behavior and may crash or automatically shut down

Comment: *

Name: *

Email: *

Verification: *

The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

• A.uses multiple redirects for completing a data commit transaction.
• B.has implemented cookies as the sole authentication mechanism.
• C.has been installed with a non-1egitimate license key.
• D.is hosted on a server along with other applications.

Comment: *

Name: *

Email: *

Verification: *