What is the BEST way to ensure that contract programmers comply with organizational security policies?

• A.Explicitly refer to contractors in the security standards
• B.Have the contractors acknowledge in writing the security policies
• C.Create penalties for noncompliance in the contracting agreement
• D.Perform periodic security reviews of the contractors

Comment: *

Name: *

Email: *

Verification: *

An organization has fallen victim to a spear-phishing attack that compromised the multi-factor authentication code. What is the information security manager's MOST important follow-up action?

• A.Implement firewall blocking of known attack signatures.
• B.Communicate the threat to users.
• C.Implement an advanced email filtering system.
• D.Install client anti-malware solutions

Comment: *

Name: *

Email: *

Verification: *

Which of the following is BEST used to determine the maturity of an information security program?

• A.Security budget allocation
• B.Organizational risk appetite
• C.Risk assessment results
• D.Security metrics

Comment: *

Name: *

Email: *

Verification: *

When establishing escalation processes for an organization's computer security incident response team, the organization's procedures should:

• A.provide unrestricted communication channels to executive leadership to ensure direct access.
• B.recommend the same communication path for events to ensure consistency of communication.
• C.require events to be escalated whenever possible to ensure that management is kept informed.
• D.specify step-by-step escalation paths to ensure an appropriate chain of command.

Comment: *

Name: *

Email: *

Verification: *

Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

• A.continuity planning
• B.compliance testing
• C.configuration management.
• D.change management

Comment: *

Name: *

Email: *

Verification: *