In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:

• A.original cost to acquire.
• B.cost of the software stored.
• C.annualized loss expectancy (ALE).
• D.cost to obtain a replacement.

Comment: *

Name: *

Email: *

Verification: *

Which of the following steps in conducting a risk assessment should be performed FIRST?

• A.Identity business assets
• B.Identify business risks
• C.Assess vulnerabilities
• D.Evaluate key controls

Comment: *

Name: *

Email: *

Verification: *

Senior management has allocated funding to each of the organization's divisions to address information security vulnerabilities. The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

• A.Areas of highest risk may not be adequately prioritized for treatment
• B.Redundant controls may be implemented across divisions
• C.Information security governance could be decentralized by division
• D.Return on investment may be inconsistently reported to senior management

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method to defend against social engineering attacks?

• A.Employ the use of a web-content filtering solution.
• B.Periodically perform antivirus scans to identify malware.
• C.Monitor for unauthorized access attempts and failed logins.
• D.Communicate guidelines to limit information posted to public sites.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the MOST important goal of an information security governance program?

• A.Review of internal control mechanisms
• B.Effective involvement in business decision making
• C.Total elimination of risk factors
• D.Ensuring trust in data

Comment: *

Name: *

Email: *

Verification: *