NEW QUESTION 1

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

• A. Compliance to the Payment Card Industry (PCI) regulations.
• B. Alignment with financial reporting regulations for each country where they operate.
• C. Alignment with International Organization for Standardization (ISO) standards.
• D. Compliance with patient data protection regulations for each country where they operate.

Answer: D

NEW QUESTION 2

Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:

• A. Risk management
• B. Security management
• C. Mitigation management
• D. Compliance management

Answer: D

NEW QUESTION 3

Which wireless encryption technology makes use of temporal keys?

• A. Wireless Application Protocol (WAP)
• B. Wifi Protected Access version 2 (WPA2)
• C. Wireless Equivalence Protocol (WEP)
• D. Extensible Authentication Protocol (EAP)

Answer: B

NEW QUESTION 4

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

• A. In promiscuous mode and only detect malicious traffic.
• B. In-line and turn on blocking mode to stop malicious traffic.
• C. In promiscuous mode and block malicious traffic.
• D. In-line and turn on alert mode to stop malicious traffic.

Answer: B

NEW QUESTION 5

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

• A. Susceptibility to attack, mitigation response time, and cost
• B. Attack vectors, controls cost, and investigation staffing needs
• C. Vulnerability exploitation, attack recovery, and mean time to repair
• D. Susceptibility to attack, expected duration of attack, and mitigation availability

Answer: A

NEW QUESTION 6

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?

• A. Management
• B. Operational
• C. Technical
• D. Administrative

Answer: B

NEW QUESTION 7

The PRIMARY objective for information security program development should be:

• A. Reducing the impact of the risk to the business.
• B. Establishing strategic alignment with bunsiness continuity requirements
• C. Establishing incident response programs.
• D. Identifying and implementing the best security solutions.

Answer: A

NEW QUESTION 8

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

• A. Security Administrators
• B. Internal/External Audit
• C. Risk Management
• D. Security Operations

Answer: B

NEW QUESTION 9

To get an Information Security project back on schedule, which of the following will provide the MOST help?

• A. Upper management support
• B. More frequent project milestone meetings
• C. Stakeholder support
• D. Extend work hours

Answer: A

NEW QUESTION 10

Involvement of senior management is MOST important in the development of:

• A. IT security implementation plans.
• B. Standards and guidelines.
• C. IT security policies.
• D. IT security procedures.

Answer: C

NEW QUESTION 11

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

• A. Safeguard Value
• B. Cost Benefit Analysis
• C. Single Loss Expectancy
• D. Life Cycle Loss Expectancy

Answer: B

NEW QUESTION 12

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

• A. Identify and evaluate the existing controls.
• B. Disclose the threats and impacts to management.
• C. Identify information assets and the underlying systems.
• D. Identify and assess the risk assessment process used by management.

Answer: A

NEW QUESTION 13

Which of the following is MOST important when dealing with an Information Security Steering committee:

• A. Include a mix of members from different departments and staff levels.
• B. Ensure that security policies and procedures have been vetted and approved.
• C. Review all past audit and compliance reports.
• D. Be briefed about new trends and products at each meeting by a vendor.

Answer: C

NEW QUESTION 14

When dealing with a risk management process, asset classification is important because it will impact the overall:

• A. Threat identification
• B. Risk monitoring
• C. Risk treatment
• D. Risk tolerance

Answer: C

NEW QUESTION 15

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

• A. Senior Executives
• B. Office of the Auditor
• C. Office of the General Counsel
• D. All employees and users

Answer: :A

NEW QUESTION 16

The PRIMARY objective of security awareness is to:

• A. Ensure that security policies are read.
• B. Encourage security-conscious employee behavior.
• C. Meet legal and regulatory requirements.
• D. Put employees on notice in case follow-up action for noncompliance is necessary

Answer: B

NEW QUESTION 17
......