NEW QUESTION 1

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

• A. Distance learning/Web seminars
• B. Formal Class
• C. One-One Training
• D. Self –Study (noncomputerized)

Answer: D

NEW QUESTION 2

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

• A. Tell the team to do their best and respond to each alert
• B. Tune the sensors to help reduce false positives so the team can react better
• C. Request additional resources to handle the workload
• D. Tell the team to only respond to the critical and high alerts

Answer: B

NEW QUESTION 3

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

• A. Containment
• B. Recovery
• C. Identification
• D. Eradication

Answer: D

NEW QUESTION 4

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

• A. Perform a vulnerability scan of the network
• B. External penetration testing by a qualified third party
• C. Internal Firewall ruleset reviews
• D. Implement network intrusion prevention systems

Answer: B

NEW QUESTION 5

Credit card information, medical data, and government records are all examples of:

• A. Confidential/Protected Information
• B. Bodily Information
• C. Territorial Information
• D. Communications Information

Answer: A

NEW QUESTION 6

The FIRST step in establishing a security governance program is to?

• A. Conduct a risk assessment.
• B. Obtain senior level sponsorship.
• C. Conduct a workshop for all end users.
• D. Prepare a security budget.

Answer: :B

NEW QUESTION 7

When dealing with risk, the information security practitioner may choose to:

• A. assign
• B. transfer
• C. acknowledge
• D. defer

Answer: C

NEW QUESTION 8

The process of identifying and classifying assets is typically included in the

• A. Threat analysis process
• B. Asset configuration management process
• C. Business Impact Analysis
• D. Disaster Recovery plan

Answer: C

NEW QUESTION 9

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

• A. Lack of a formal security awareness program
• B. Lack of a formal security policy governance process
• C. Lack of formal definition of roles and responsibilities
• D. Lack of a formal risk management policy

Answer: B

NEW QUESTION 10

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

• A. Daily
• B. Hourly
• C. Weekly
• D. Monthly

Answer: A

NEW QUESTION 11

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

• A. The company lacks a risk management process
• B. The company does not believe the security vulnerabilities to be real
• C. The company has a high risk tolerance
• D. The company lacks the tools to perform a vulnerability assessment

Answer: C

NEW QUESTION 12

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the
project?

• A. Time zone differences
• B. Compliance to local hiring laws
• C. Encryption import/export regulations
• D. Local customer privacy laws

Answer: C

NEW QUESTION 13

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

• A. The existing IT environment.
• B. The company business plan.
• C. The present IT budget.
• D. Other corporate technology trends.

Answer: B

NEW QUESTION 14

Which of the following is a symmetric encryption algorithm?

• A. 3DES
• B. MD5
• C. ECC
• D. RSA

Answer: A

NEW QUESTION 15

Security related breaches are assessed and contained through which of the following?

• A. The IT support team.
• B. A forensic analysis.
• C. Incident response
• D. Physical security team.

Answer: C

NEW QUESTION 16

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

• A. Network based security preventative controls
• B. Software segmentation controls
• C. Network based security detective controls
• D. User segmentation controls

Answer: A

NEW QUESTION 17
......