An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?

• A.The organization's cost of noncompliance
• B.The information security strategy
• C.The organization's risk appetite
• D.The information security policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

• A.To define security roles and responsibilities
• B.To determine return on investment (ROI)
• C.To establish incident severity levels
• D.To determine the criticality of information assets

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important constraint to be considered when developing an information security strategy?

• A.Established security policies and standards
• B.Legal and regulatory requirements
• C.Information security architecture
• D.Compliance with an international security standard

Comment: *

Name: *

Email: *

Verification: *

The BEST way to mitigate the risk associated with a social engineering attack is to:

• A.perform a user-knowledge gap assessment of information security practices
• B.implement multi-factor authentication on critical business systems
• C.deploy an effective intrusion detection system (IDS)
• D.perform a business risk assessment of the email filtering system

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an information security managers PRIMARY focus during the development of a critical system storing highly confidential data?

• A.Reducing the number of vulnerabilities detected
• B.Complying with regulatory requirements
• C.Ensuring the amount of residual risk is acceptable
• D.Avoiding identified system threats

Comment: *

Name: *

Email: *

Verification: *