A KEY consideration in the use of quantitative risk analysis is that it:

• A.aligns with best practice for risk analysis of information assets.
• B.assigns numeric values to exposures of information assets.
• C.applies commonly used labels to information assets.
• D.is based on criticality analysis of information assets.

Comment: *

Name: *

Email: *

Verification: *

Which of the following processes can be used to remediate identified technical vulnerabilities?

• A.Running baseline configurations
• B.Conducting a risk assessment
• C.Performing a business impact analysis (BIA)
• D.Running automated scanners

Comment: *

Name: *

Email: *

Verification: *

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

• A.change activities are documented.
• B.the rationale for acceptance is periodically reviewed.
• C.the acceptance is aligned with business strategy.
• D.compliance with the risk acceptance framework.

Comment: *

Name: *

Email: *

Verification: *

The MOST important reason to have a well-documented and tested incident response plan in place is to:

• A.standardize the chain of custody procedure
• B.facilitate the escalation process
• C.promote a coordinated effort.
• D.outline external communications

Comment: *

Name: *

Email: *

Verification: *

An unauthorized user gained access to a merchant's database server and customer credit card information.
Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?

• A.Shut down and power off the server.
• B.Duplicate the hard disk of the server immediately.
• C.Isolate the server from the network.
• D.Copy the database log file to a protected server.

Comment: *

Name: *

Email: *

Verification: *