The BEST way to establish a security baseline is by documenting:

• A.the organization's preferred security level.
• B.a standard of acceptable settings
• C.a framework of operational standards
• D.the desired range of security settings

Comment: *

Name: *

Email: *

Verification: *

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

• A.Eradication
  B Recovery
• B.Lessons learned review
• C.Incident declaration

Comment: *

Name: *

Email: *

Verification: *

When developing a classification method for incidents, the categories MUST be:

• A.quantitatively defined.
• B.regularly reviewed.
• C.specific to situations.
• D.assigned to incident handlers.

Comment: *

Name: *

Email: *

Verification: *

Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:

• A.acceptance of the organization's security policies
• B.audit guidelines
• C.contractual agreements
• D.service level agreements (SLAs)

Comment: *

Name: *

Email: *

Verification: *

In a business impact analysis, the value of an information system should be based on the overall cost:

• A.of recovery.
• B.to recreate.
• C.if unavailable.
• D.of emergency operations.

Comment: *

Name: *

Email: *

Verification: *