Which of the following methods is the BEST way to measure the effectiveness of automated information security controls prior to going live?

• A.Conducting a risk assessment
• B.Reviewing the security audit report
• C.Testing in a non-production environment
• D.Performing a security control review

Comment: *

Name: *

Email: *

Verification: *

Which of the following is NOT true for risk management capability maturity level 1?

• A.There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk
• B.Decisions involving risk lack credible information
• C.Risk appetite and tolerance are applied only during episodic risk assessments
• D.Risk management skills exist on an ad hoc basis, but are not actively developed

Correct Answer: B

Explanation/Reference:
Explanation:
The enterprise with risk management capability maturity level 0 makes decisions without having much knowledge about the risk credible information. In level 1, enterprise takes decisions on the basis of risk credible information.
Incorrect Answers:
A, C, D: An enterprise's risk management capability maturity level is 1 when:
There is an understanding that risk is important and needs to be managed, but it is viewed as a

technical issue and the business primarily considers the downside of IT risk.
Any risk identification criteria vary widely across the enterprise.

Risk appetite and tolerance are applied only during episodic risk assessments.

Enterprise risk policies and standards are incomplete and/or reflect only external requirements and lack

defensible rationale and enforcement mechanisms.
Risk management skills exist on an ad hoc basis, but are not actively developed.

Ad hoc inventories of controls that are unrelated to risk are dispersed across desktop applications.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

• A.Security violations can be identified.
• B.Developing threats are detected earlier.
• C.A record of incidents is maintained.
• D.Forensic investigations are facilitated.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the FIRST consideration when a business unit wants to use personal information for a purpose other than for which it was originally collected?

• A.Informed consent
• B.Data breach protection
• C.Cross border controls
• D.Business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *

What are the functions of audit and accountability control?
Each correct answer represents a complete solution. (Choose three.)

• A.Provides details on how to protect the audit logs
• B.Implement effective access control
• C.Implement an effective audit program
• D.Provides details on how to determine what to audit

Comment: *

Name: *

Email: *

Verification: *