The PRIMARY concern of an information security manager documenting a formal data retention policy would be:

• A.generally accepted industry best practices.
• B.business requirements.
• C.legislative and regulatory requirements.
• D.storage availability.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?

• A.Symmetric cryptography
• B.Public key infrastructure (PKI)
• C.Message hashing
• D.Message authentication code

Comment: *

Name: *

Email: *

Verification: *

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

• A.Inadequate incident response controls
• B.Lack of legal review
• C.Inadequate change control
• D.Lack of quality control

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST indicates that information assets are classified accurately?

• A.Appropriate assignment of information asset owners
• B.Increased compliance with information security policy
• C.An accurate and complete information asset catalog
• D.Appropriate prioritization of information risk treatment

Comment: *

Name: *

Email: *

Verification: *

What should be an information security manager's NEXT activity following the remediation of a security incident?

• A.Update the incident testing timeline
• B.Update post-incident training.
• C.Review system logs.
• D.Review lessons learned.

Comment: *

Name: *

Email: *

Verification: *