The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:

• A.determining the scope for inclusion in an information security program.
• B.defining the level of access controls.
• C.justifying costs for information resources.
• D.determining the overall budget of an information security program.

Comment: *

Name: *

Email: *

Verification: *

A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?

• A.Run a port scan on the system
• B.Disable the logon ID
• C.Investigate the system logs
• D.Validate the incident

Comment: *

Name: *

Email: *

Verification: *

Which of the following presents the GREATEST challenge to a security operations center's timely identification of potential security breaches?

• A.The patch management system does not deploy patches in a timely manner.
• B.An organization has a decentralized data center that uses cloud services.
• C.Operating systems are no longer supported by the vendor.
• D.IT system clocks are not synchronized with the centralized logging server.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the KST way to align security and business strategies?

• A.Integrate information security governance into corporate governance
• B.Establish key performance indicators (KPls) for business through security processes.
• C.Include security risk as part of corporate risk management,
• D.Develop a balanced scorecard for security

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

• A.Requiring challenge/response information
• B.Requiring multi factor authentication
• C.Enforcing frequent password changes
• D.Enforcing complex password formats

Comment: *

Name: *

Email: *

Verification: *