NEW QUESTION 1
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

• A. Your public key
• B. The recipient's private key
• C. The recipient's public key
• D. Certificate authority key

Answer: C

NEW QUESTION 2
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

• A. Scan a representative sample of systems
• B. Perform the scans only during off-business hours
• C. Decrease the vulnerabilities within the scan tool settings
• D. Filter the scan output so only pertinent data is analyzed

Answer: A

NEW QUESTION 3
Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

• A. Define the risk appetite
• B. Determine budget constraints
• C. Review project charters
• D. Collaborate security projects

Answer: A

NEW QUESTION 4
Which of the following are primary concerns for management with regard to assessing internal control objectives?

• A. Confidentiality, Availability, Integrity
• B. Compliance, Effectiveness, Efficiency
• C. Communication, Reliability, Cost
• D. Confidentiality, Compliance, Cost

Answer: B

NEW QUESTION 5
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

• A. Annually
• B. Semi-annually
• C. Quarterly
• D. Never

Answer: D

NEW QUESTION 6
When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

• A. Transfer financial resources from other critical programs
• B. Take the system off line until the budget is available
• C. Deploy countermeasures and compensating controls until the budget is available
• D. Schedule an emergency meeting and request the funding to fix the issue

Answer: C

NEW QUESTION 7
Which of the following most commonly falls within the scope of an information security
governance steering committee?

• A. Approving access to critical financial systems
• B. Developing content for security awareness programs
• C. Interviewing candidates for information security specialist positions
• D. Vetting information security policies

Answer: D

NEW QUESTION 8
One of the MAIN goals of a Business Continuity Plan is to

• A. Ensure all infrastructure and applications are available in the event of a disaster
• B. Allow all technical first-responders to understand their roles in the event of a disaster
• C. Provide step by step plans to recover business processes in the event of a disaster
• D. Assign responsibilities to the technical teams responsible for the recovery of all data.

Answer: C

NEW QUESTION 9
Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

• A. Single Loss Expectancy (SLE)
• B. Exposure Factor (EF)
• C. Annualized Rate of Occurrence (ARO)
• D. Temporal Probability (TP)

Answer: C

NEW QUESTION 10
In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

• A. Internal Audit
• B. Database Administration
• C. Information Security
• D. Compliance

Answer: C

NEW QUESTION 11
Information security policies should be reviewed:

• A. by stakeholders at least annually
• B. by the CISO when new systems are brought online
• C. by the Incident Response team after an audit
• D. by internal audit semiannually

Answer: A

NEW QUESTION 12
Dataflow diagrams are used by IT auditors to:

• A. Order data hierarchically.
• B. Highlight high-level data definitions.
• C. Graphically summarize data paths and storage processes.
• D. Portray step-by-step details of data generation.

Answer: C

NEW QUESTION 13
The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?

• A. Verify the scope of the project
• B. Verify the regulatory requirements
• C. Verify technical resources
• D. Verify capacity constraints

Answer: C

NEW QUESTION 14
SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Answer:

NEW QUESTION 15
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

• A. Meet regulatory compliance requirements
• B. Better understand the threats and vulnerabilities affecting the environment
• C. Better understand strengths and weaknesses of the program
• D. Meet legal requirements

Answer: C

NEW QUESTION 16
The amount of risk an organization is willing to accept in pursuit of its mission is known as

• A. Risk mitigation
• B. Risk transfer
• C. Risk tolerance
• D. Risk acceptance

Answer: C

NEW QUESTION 17
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

• A. Risk Avoidance
• B. Risk Acceptance
• C. Risk Transfer
• D. Risk Mitigation

Answer: C

NEW QUESTION 18
Which of the following is a fundamental component of an audit record?

• A. Date and time of the event
• B. Failure of the event
• C. Originating IP-Address
• D. Authentication type

Answer: A