Frage 1
Frage
A security strategy is important for an organization PRIMARILY because it provides
Antworten
-
basis for determining the best logical security architecture for the organization
-
management intent and direction for security activities
-
provides users guidance on how to operate securely in everyday tasks
-
helps IT auditors ensure compliance
Frage 2
Frage
The MOST important reason to make sure there is good communication about security throughout the organization is:
Antworten
-
to make security more palatable to resistant employees
-
because people are the biggest security risk
-
to inform business units about security strategy
-
to conform to regulations requiring all employees are informed about security
Frage 3
Frage
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Antworten
-
rely on corporate counsel to advise which regulations are relevant
-
stay current with all relevant regulations and request legal interpretation
-
involve all impacted departments and treat regulations as just another risk
-
ignore many of the regulations that have no teeth
Frage 4
Frage
The MOST important consideration in developing security policies is that:
Antworten
-
they are based on a threat profile
-
they are complete and no detail is let out
-
management signs off on them
-
all employees read and understand them
Frage 5
Frage
The PRIMARY security objective in creating good procedures is
Antworten
-
to make sure they work as intended
-
that they are unambiguous and meet the standards
-
that they be written in plain language
-
that compliance can be monitored
Frage 6
Frage
The assignment of roles and responsibilities will be MOST effective if:
Antworten
-
there is senior management support
-
the assignments are consistent with proficiencies
-
roles are mapped to required competencies
-
responsibilities are undertaken on a voluntary basis
Frage 7
Frage
The PRIMARY benefit organizations derive from effective information security governance is:
Antworten
-
ensuring appropriate regulatory compliance
-
ensuring acceptable levels of disruption
-
prioritizing allocation of remedial resources
-
maximizing return on security investments
Frage 8
Frage
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Antworten
-
business and regulatory requirements
-
document integrity and destruction
-
media availability and storage
-
data confidentiality and encryption
Frage 9
Frage
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Frage 10
Frage
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Antworten
-
developing the security strategy
-
reviewing the security strategy
-
communicating the security strategy
-
approving the security strategy
Frage 11
Frage
The overall objective of risk management is to:
Antworten
-
eliminate all vulnerabilities, if possible
-
determine the best way to transfer risk
-
reduce risks to an acceptable level
-
implement effective countermeasures
Frage 12
Frage
The statement „risk = value x vulnerability x threat“ indicates that:
Antworten
-
risk can be quantified using annual loss expectancy (ALE)
-
approximate risk can be estimated, provided probability is computed
-
the level of risk is greater when more threats meet more vulnerabilities
-
without knowing value, risk cannot be calculated
Frage 13
Frage
To address changes in risk, an effective risk management program should:
Antworten
-
ensure that continuous monitoring processes are in place
-
establish proper security baselines for all information resources
-
implement a complete data classification process
-
change security policies on a timely basis to address changing risks
Frage 14
Frage
Information classification is important to properly manage risk PRIMARILY because:
Antworten
-
it ensures accountability for information resources as required by roles and responsibilities
-
it is legal requirement under various regulations
-
there is no other way to meet the requirements for availability, integrity and auditability
-
it is used to identify the sensitivity and criticality of information to the organization
Frage 15
Frage
Vulnerabilities discovered during an assessment should be:
Antworten
-
handled as a risk, even though there is no threat
-
prioritized for remediation solely based on impact
-
a basis for analyzing the effectiveness of controls
-
evaluated for threat and impact in addition to cost of mitigation
Frage 16
Frage
Indemnity (Schadensersatz) agreements can be used to:
Antworten
-
ensure an agreed-upon level of service
-
reduce impacts on critical resources
-
transfer responsibility to a third party
-
provide an effective countermeasure to threats
Frage 17
Frage
Residual risks can be determined by:
Frage 18
Frage
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Antworten
-
platform security
-
entitlement changes
-
intrusion detection
-
antivirus controls
Frage 19
Frage
A risk analysis should:
Antworten
-
limit the scope to a benchmark of similar companies
-
assume an equal degree of protection for all assets
-
address the potential size and likelihood of loss
-
give more weight to the likelihood vs. the size of the loss
Frage 20
Frage
Which of the following is BEST for preventing an external attack?
Antworten
-
static IP addresses
-
network address translation
-
background checks for temporary employees
-
writing computer logs to removable media
Frage 21
Frage
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Frage 22
Frage
The MOST important single concept for an information security architect to keep in mind is:
Antworten
-
plan do check act
-
confidentiality, integrity, availablility
-
prevention, detection, correction
-
tone at the top
Frage 23
Frage
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Antworten
-
require private, key based encryption to connect to the wireless network
-
enable auditing on every host that connects to a wireless network
-
require that every host that connects to this network is have a well tested recovery plan
-
enable auditing on every connection to the wireless network
Frage 24
Frage
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Antworten
-
user authentication
-
user audit trails
-
network load balancing
-
network authentication
Frage 25
Frage
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Antworten
-
operation system recovery
-
application administration
-
network change control
-
host based intrusion detection
Frage 26
Frage
Which of the following BEST promotes accountability?
Antworten
-
compliance monitoring
-
awareness training
-
secure implementation
-
documented policy
Frage 27
Frage
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Antworten
-
always results in damage
-
require controls to avoid damage
-
allow exploits that may cause damage
-
always results in exploits
Frage 28
Frage
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Antworten
-
feasibility
-
requirements
-
design
-
development
Frage 29
Frage
What is the FIRST step in designing a secure client server environment?
Antworten
-
identify all data access points
-
establish operating system security on all platforms
-
require hard passwords
-
place a firewall between the server and clients
Frage 30
Frage
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Antworten
-
what you have, what you are, what you know
-
what you know, what you have, what you are
-
what you are, what you have, what you know
-
what you are, what you know, what you have information Security Program