NEW QUESTION 1

What is a difference from the list below between quantitative and qualitative Risk Assessment?

• A. Quantitative risk assessments result in an exact number (in monetary terms)
• B. Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
• C. Qualitative risk assessments map to business objectives
• D. Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Answer: A

NEW QUESTION 2

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

• A. Controlled mitigation effort
• B. Risk impact comparison
• C. Relative likelihood of event
• D. Comparative threat analysis

Answer: C

NEW QUESTION 3

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

• A. Meet regulatory compliance requirements
• B. Better understand the threats and vulnerabilities affecting the environment
• C. Better understand strengths and weaknesses of the program
• D. Meet legal requirements

Answer: C

NEW QUESTION 4

The alerting, monitoring and life-cycle management of security related events is typically handled by the

• A. security threat and vulnerability management process
• B. risk assessment process
• C. risk management process
• D. governance, risk, and compliance tools

Answer: :A

NEW QUESTION 5

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

• A. Risk Avoidance
• B. Risk Acceptance
• C. Risk Transfer
• D. Risk Mitigation

Answer: C

NEW QUESTION 6

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

• A. ISO 27001
• B. PRINCE2
• C. ISO 27004
• D. ITILv3

Answer: C

NEW QUESTION 7

When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

• A. The CISO should cut other essential programs to ensure the new solution’s continued use
• B. Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use
• C. Defer selection until the market improves and cash flow is positive
• D. Implement the solution and ask for the increased operating cost budget when it is time

Answer: B

NEW QUESTION 8

Which of the following is the BEST indicator of a successful project?

• A. it is completed on time or early as compared to the baseline project plan
• B. it meets most of the specifications as outlined in the approved project definition
• C. it comes in at or below the expenditures planned for in the baseline budget
• D. the deliverables are accepted by the key stakeholders

Answer: D

NEW QUESTION 9

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

• A. Single Loss Expectancy (SLE)
• B. Exposure Factor (EF)
• C. Annualized Rate of Occurrence (ARO)
• D. Temporal Probability (TP)

Answer: C

NEW QUESTION 10

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

• A. Awareness
• B. Compliance
• C. Governance
• D. Management

Answer: C

NEW QUESTION 11

What type of attack requires the least amount of technical equipment and has the highest success rate?

• A. War driving
• B. Operating system attacks
• C. Social engineering
• D. Shrink wrap attack

Answer: C

NEW QUESTION 12

Why is it vitally important that senior management endorse a security policy?

• A. So that they will accept ownership for security within the organization.
• B. So that employees will follow the policy directives.
• C. So that external bodies will recognize the organizations commitment to security.
• D. So that they can be held legally accountable.

Answer: A

NEW QUESTION 13

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

• A. A substantive test of program library controls
• B. A compliance test of program library controls
• C. A compliance test of the program compiler controls
• D. A substantive test of the program compiler controls

Answer: B

NEW QUESTION 14

Creating a secondary authentication process for network access would be an example of?

• A. An administrator with too much time on their hands.
• B. Putting undue time commitment on the system administrator.
• C. Supporting the concept of layered security
• D. Network segmentation.

Answer: C

NEW QUESTION 15

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

• A. When there is a need to develop a more unified incident response capability.
• B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
• C. When there is a variety of technologies deployed in the infrastructure.
• D. When it results in an overall lower cost of operating the security program.

Answer: B

NEW QUESTION 16

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

• A. Cost benefit
• B. Risk appetite
• C. Business continuity
• D. Likelihood of impact

Answer: :B

NEW QUESTION 17
......