What is the BEST way to alleviate security team understaffing while retaining the capability in-house?

• A.Hire a contractor that would not be included in the permanent headcount
• B.Outsource with a security services provider while retaining the control internally
• C.Establish a virtual security team from competent employees across the company
• D.Provide cross training to minimize the existing resources gap

Comment: *

Name: *

Email: *

Verification: *

It is important to classify and determine relative sensitivity of assets to ensure that:

• A.cost of protection is in proportion to sensitivity.
• B.highly sensitive assets are protected.
• C.cost of controls is minimized.
• D.countermeasures are proportional to risk.

Comment: *

Name: *

Email: *

Verification: *

The chief information security officer (ClSO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy Which of the following is the MOST likely reason?

• A.The strategy does not include a cost-benefit analysis
• B.The strategy does not comply with security standards
• C.The C1SO reports to the CIO.
• D.There was a lack of engagement with the business during development.

Comment: *

Name: *

Email: *

Verification: *

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

• A.Lack of availability
• B.Lack of accountability
• C.Improper authorization
• D.Inadequate authentication

Comment: *

Name: *

Email: *

Verification: *

In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?

• A.Implement compensating control.
• B.Update the application security policy.
• C.Submit a waiver for the legacy application.
• D.Perform an application security assessment.

Comment: *

Name: *

Email: *

Verification: *