In the course of examining a computer system for forensic evidence, data on the suspect media were inadvertently altered. Which of the following should have been the FIRST course of action in the investigative process?

• A.Perform a backup of the suspect media to new media.
• B.Perform a bit-by-bit image of the original media source onto new media.
• C.Make a copy of all files that are relevant to the investigation.
• D.Run an error-checking program on all logical drives to ensure that there are no disk errors.

Comment: *

Name: *

Email: *

Verification: *

After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

• A.Information security officer
• B.Chief information officer (CIO)
• C.Business owner
• D.Chief executive officer (CF.O)

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY basis for an information security strategy?

• A.The organization's vision and mission.
• B.Information security policies.
• C.Audit and regulatory requirements.
• D.Results of a comprehensive gap analysis.

Comment: *

Name: *

Email: *

Verification: *

An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?

• A.Perform a gap analysis between the new standard and existing practices.
• B.Consult with legal counsel on the standard's applicability to regulations
• C.Review industry peers responses to the new standard.
• D.Determine whether the organization can benefit from adopting the new standard.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY benefit of a centralized time server is that it

• A.Is required by password synchronization programs.
• B.allows decentralized logs to be kept in synchronization.
• C.decreases the likelihood of an unrecoverable systems failure.
• D.reduces individual time-of-day requests by client applications,

Comment: *

Name: *

Email: *

Verification: *