The data access requirements for an application should be determined by the:

• A.legal department.
• B.compliance officer.
• C.information security manager.
• D.business owner.

Comment: *

Name: *

Email: *

Verification: *

An incident response policy must contain:

• A.updated call trees.
• B.escalation criteria.
• C.press release templates.
• D.critical backup files inventory.

Comment: *

Name: *

Email: *

Verification: *

A penetration test against an organization's external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

• A.A rules of engagement form was not signed prior to the penetration test
• B.Vulnerabilities were not found by internal tests
• C.Vulnerabilities were caused by insufficient user acceptance testing (UAT)
• D.Exploit code for one of the vulnerabilities is publicly available

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

• A.Asset classification
• B.Recovery time objectives (RTOs)
• C.Chain of custody
• D.Escalation procedures

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

• A.Business impact analysis (BIA)
• B.Information security policy
• C.Security operations program
• D.Security risk assessment

Comment: *

Name: *

Email: *

Verification: *