Eduardo Castella7911
Test por , creado hace más de 1 año

Certificate CISM Test sobre CISM 2014 Questions - 3, creado por Eduardo Castella7911 el 17/02/2016.

2111
3
0
Eduardo Castella7911
Creado por Eduardo Castella7911 hace casi 9 años
Cerrar

CISM 2014 Questions - 3

Pregunta 1 de 151

1

Which of the following is MOST important to the successful promotion of good security management practices?

Selecciona una de las siguientes respuestas posibles:

  • A. Security metrics

  • B. Security baselines

  • C. Management support

  • D. Periodic training

Explicación

Pregunta 2 de 151

1

Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?

Selecciona una de las siguientes respuestas posibles:

  • A. Configuration of firewalls

  • B. Strength of encryption algorithms

  • C. Authentication within application

  • D. Safeguards over keys

Explicación

Pregunta 3 de 151

1

The PRIMARY objective of a vulnerability assessment is to:

Selecciona una de las siguientes respuestas posibles:

  • A. reduce risk to the business.

  • B. ensure compliance with security policies.

  • C. provide assurance to management.

  • D. measure efficiency of services provided.

Explicación

Pregunta 4 de 151

1

Which of the following is the GREATEST concern for an organization in which there is a widespread use of mobile devices?

Selecciona una de las siguientes respuestas posibles:

  • A. There is an undue reliance on public networks.

  • B. Batteries require constant recharges.

  • C. There is a lack of operating system standardization.

  • D. Mobile devices can be easily lost or stolen.

Explicación

Pregunta 5 de 151

1

The director of auditing has recommended a specific information security monitoring solution to the information security manager. What should the information security manager do FIRST?

Selecciona una de las siguientes respuestas posibles:

  • A. Obtain comparative pricing bids and complete the transaction with the vendor offering the best deal.

  • B. Add the purchase to the budget during the next budget preparation cycle to account for costs.

  • C. Perform an assessment to determine correlation with business goals and objectives.

  • D. Form a project team to plan the implementation.

Explicación

Pregunta 6 de 151

1

Which of the following is the PRIMARY reason to change policies during program development?

Selecciona una de las siguientes respuestas posibles:

  • A. The policies must comply with new regulatory and legal mandates.

  • B. Appropriate security baselines are no longer set in the policies.

  • C. The policies no longer reflect management intent and direction.

  • D. Employees consistently ignore the policies.

Explicación

Pregunta 7 de 151

1

Which of the following is the MOST effective way to ensure that noncompliance to information security standards is resolved?

Selecciona una de las siguientes respuestas posibles:

  • A. Periodic audits of noncompliant areas

  • B. An ongoing vulnerability scanning program

  • C. Annual security awareness training

  • D. Regular reports to executive management

Explicación

Pregunta 8 de 151

1

What is the PRIMARY purpose of installing an intrusion detection system (IDS)?

Selecciona una de las siguientes respuestas posibles:

  • A. To identify weaknesses in network security

  • B. To identify patterns of suspicious access

  • C. To identify how an attack was launched on the network

  • D. To identify potential attacks on the internal network

Explicación

Pregunta 9 de 151

1

Senior management commitment and support for information security can BEST be obtained through presentations that:

Selecciona una de las siguientes respuestas posibles:

  • A. use illustrative examples of successful attacks.

  • B. explain the technical risks to the organization.

  • C. evaluate the organization against best security practices.

  • D. tie security risks to key business objectives.

Explicación

Pregunta 10 de 151

1

The recovery time objective (RTO) is reached at which of the following milestones?

Selecciona una de las siguientes respuestas posibles:

  • A. Disaster declaration

  • B. Recovery of the backups

  • C. Restoration of the system

  • D. Return to business as usual processing

Explicación

Pregunta 11 de 151

1

Which of the following approaches would be BEST to address significant system vulnerabilities that were discovered during a network scan?

Selecciona una de las siguientes respuestas posibles:

  • A. All significant vulnerabilities must be mitigated in a timely fashion.

  • B. Treatment should be based on threat, impact and cost considerations.

  • C. Compensatory controls must be implemented for major vulnerabilities.

  • D. Mitigation options should be proposed for management approval.

Explicación

Pregunta 12 de 151

1

How does knowledge of risk appetite help to increase security control effectiveness?

Selecciona una de las siguientes respuestas posibles:

  • A. It shows senior management that you understand their needs.

  • B. It provides a basis for redistributing resources to mitigate risk outside the risk tolerance.

  • C. It requires continuous monitoring because the entire risk environment is constantly changing.

  • D. It facilitates communication with management about the importance of security.

Explicación

Pregunta 13 de 151

1

Which of the following is the MOST important prerequisite to undertaking asset classification?

Selecciona una de las siguientes respuestas posibles:

  • A. Threat analysis

  • B. Impact assessment

  • C. Controls evaluation

  • D. Penetration testing

Explicación

Pregunta 14 de 151

1

What is the PRIMARY objective of a risk management program?

Selecciona una de las siguientes respuestas posibles:

  • A. Minimize inherent risk.

  • B. Eliminate business risk.

  • C. Implement effective controls.

  • D. Reduce residual risk to acceptable levels.

Explicación

Pregunta 15 de 151

1

Where should resource requirements for information security initially be identified?

Selecciona una de las siguientes respuestas posibles:

  • A. In policies

  • B. In the architecture

  • C. In the strategy

  • D. In procedures

Explicación

Pregunta 16 de 151

1

Which of the following actions should take place immediately after a security breach is reported to an information security manager?

Selecciona una de las siguientes respuestas posibles:

  • A. Confirm the incident

  • B. Determine impact

  • C. Notify affected stakeholders

  • D. Isolate the incident

Explicación

Pregunta 17 de 151

1

Which of the following benefits that the enterprise receives from employing a systematic incident management program with a formal methodology is MOST important?

Selecciona una de las siguientes respuestas posibles:

  • A. A formal methodology makes incident management more flexible.

  • B. A formal methodology is more reliant on business continuity activities.

  • C. Each incident responder is able to get broad-based experience.

  • D. Evidence of due diligence supports legal and liability claims.

Explicación

Pregunta 18 de 151

1

Which of the following is the MOST important aspect of forensic investigations that will potentially involve legal action?

Selecciona una de las siguientes respuestas posibles:

  • A. The independence of the investigator

  • B. Timely intervention

  • C. Identifying the perpetrator

  • D. Chain of custody

Explicación

Pregunta 19 de 151

1

Value at risk (VAR) can be used:

Selecciona una de las siguientes respuestas posibles:

  • A. as a qualitative approach to evaluating risk.

  • B. to determine maximum probable loss over a period of time.

  • C. for risk analysis applicable only to financial organizations.

  • D. as a useful tool to expedite the assessment process.

Explicación

Pregunta 20 de 151

1

Which of the following is the MOST cost-effective approach to test the security of a legacy application?

Selecciona una de las siguientes respuestas posibles:

  • A. Identify a similar application and refer to its security weaknesses.

  • B. Recompile the application using the latest library and review the error codes.

  • C. Employ reverse engineering techniques to derive functionalities.

  • D. Conduct a vulnerability assessment to detect application weaknesses.

Explicación

Pregunta 21 de 151

1

As part of system development, how should an organization determine which element of the confidentiality, integrity and availability (CIA) triad requires the MOST protection?

Selecciona una de las siguientes respuestas posibles:

  • A. It should be based on the threat to each of the elements.

  • B. Availability is most important.

  • C. It should be based on the risk to each of the elements.

  • D. All elements are equally important.

Explicación

Pregunta 22 de 151

1

Tightly integrated IT systems are MOST likely to be affected by:

Selecciona una de las siguientes respuestas posibles:

  • A. aggregated risk.

  • B. systemic risk.

  • C. operational risk.

  • D. cascading risk.

Explicación

Pregunta 23 de 151

1

During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?

Selecciona una de las siguientes respuestas posibles:

  • A. Feasibility

  • B. Design

  • C. Development

  • D. Testing

Explicación

Pregunta 24 de 151

1

Which of the following BEST mitigates a situation where an application programmer requires access to production data?

Selecciona una de las siguientes respuestas posibles:

  • A. Create a separate account for the programmer as a power user.

  • B. Log all of the programmer's activity for review by their supervisor.

  • C. Have the programmer sign a letter accepting full responsibility.

  • D. Perform regular audits of the application.

Explicación

Pregunta 25 de 151

1

What is the MOST important objective of a postincident review?

Selecciona una de las siguientes respuestas posibles:

  • A. Capture lessons learned to improve the process.

  • B. Develop a process for continuous improvement.

  • C. Develop a business case for the security program budget.

  • D. Identify new incident management tools.

Explicación

Pregunta 26 de 151

1

Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?

Selecciona una de las siguientes respuestas posibles:

  • A. Number of attacks detected

  • B. Number of successful attacks

  • C. Ratio of false positives to false negatives

  • D. Ratio of successful to unsuccessful attacks

Explicación

Pregunta 27 de 151

1

In a business impact analysis, the value of an information system should be based on the overall:

Selecciona una de las siguientes respuestas posibles:

  • A. cost of recovery.

  • B. cost to recreate.

  • C. opportunity cost.

  • D. cost of emergency operations.

Explicación

Pregunta 28 de 151

1

An organization has consolidated global operations. The chief information officer (CIO) has asked the chief information security officer (CISO) to develop a new organization information security strategy. Which of the following actions should be taken FIRST?

Selecciona una de las siguientes respuestas posibles:

  • A. Identify the assets.

  • B. Conduct a risk assessment.

  • C. Define the scope.

  • D. Perform a business impact analysis (BIA).

Explicación

Pregunta 29 de 151

1

Under what circumstances is it MOST appropriate to reduce control strength?

Selecciona una de las siguientes respuestas posibles:

  • A. Assessed risk is below acceptable levels.

  • B. Risk cannot be determined.

  • C. The control cost is high.

  • D. The control is not effective.

Explicación

Pregunta 30 de 151

1

What is the BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application?

Selecciona una de las siguientes respuestas posibles:

  • A. Secure Sockets Layer (SSL)

  • B. Secure Shell (SSH)

  • C. IP Security (IPSec)

  • D. Secure/Multipurpose Internet Mail Extensions (S/MIME)

Explicación

Pregunta 31 de 151

1

What is the PRIMARY basis for the selection and implementation of products to protect the IT infrastructure?

Selecciona una de las siguientes respuestas posibles:

  • A. Regulatory requirements

  • B. Technical expert advisories

  • C. State-of-the-art technology

  • D. A risk assessment

Explicación

Pregunta 32 de 151

1

What is the PRIMARY basis for the selection of controls and countermeasures?

Selecciona una de las siguientes respuestas posibles:

  • A. Eliminating IT risk

  • B. Cost-benefit balance

  • C. Resource management

  • D. The number of assets protected

Explicación

Pregunta 33 de 151

1

Of the following, which is the MOST effective way to measure strategic alignment of an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Track audits over time.

  • B. Evaluate incident losses.

  • C. Analyze business cases.

  • D. Interview business owners.

Explicación

Pregunta 34 de 151

1

Which of the following factors BEST helps determine the appropriate protection level for an information asset?

Selecciona una de las siguientes respuestas posibles:

  • A. The cost of acquisition and implementation of the asset

  • B. Knowledge of vulnerabilities present in the asset

  • C. The degree of exposure to known threats

  • D. The criticality of the business function supported by the asset

Explicación

Pregunta 35 de 151

1

How does a security information and event management (SIEM) solution MOST likely detect the existence of an advanced persistent threat (APT) in its infrastructure?

Selecciona una de las siguientes respuestas posibles:

  • A. Through analysis of the network traffic history

  • B. Through stateful inspection of firewall packets

  • C. Through identification of zero-day attacks

  • D. Through vulnerability assessments

Explicación

Pregunta 36 de 151

1

The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?

Selecciona una de las siguientes respuestas posibles:

  • A. Laws and regulations of the country of origin may not be enforceable in the foreign country.

  • B. A security breach notification might get delayed due to the time difference.

  • C. Additional network intrusion detection sensors should be installed, resulting in an additional cost.

  • D. The company could lose physical control over the server and be unable to monitor the physical security posture of the servers.

Explicación

Pregunta 37 de 151

1

Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?

Selecciona una de las siguientes respuestas posibles:

  • A. Patch management

  • B. Change management

  • C. Security baselines

  • D. Acquisition management

Explicación

Pregunta 38 de 151

1

The effectiveness of segregation of duties may be MOST seriously compromised when:

Selecciona una de las siguientes respuestas posibles:

  • A. user IDs of terminated staff remain active in application systems.

  • B. access privileges are accumulated based on previous job functions.

  • C. application role-based access deviates from the organizational hierarchies.

  • D. role mining tools are used in the access privilege review.

Explicación

Pregunta 39 de 151

1

Why should the analysis of risk include consideration of potential impact?

Selecciona una de las siguientes respuestas posibles:

  • A. Potential impact is a central element of risk.

  • B. Potential impact is related to asset value.

  • C. Potential impact affects the extent of mitigation.

  • D. Potential impact helps determine the exposure.

Explicación

Pregunta 40 de 151

1

A password hacking tool was used to capture detailed bank account information and personal identification numbers (PINs). Upon confirming the incident, the NEXT step is to:

Selecciona una de las siguientes respuestas posibles:

  • A. notify law enforcement.

  • B. start containment.

  • C. make an image copy of the media.

  • D. isolate affected servers.

Explicación

Pregunta 41 de 151

1

Which of the following BEST assists the information security manager in identifying new threats to information security?

Selecciona una de las siguientes respuestas posibles:

  • A. Performing more frequent reviews of the organization's risk factors

  • B. Developing more realistic information security risk scenarios

  • C. Understanding the flow and classification of information used by the organization

  • D. A process to monitor postincident review reports prepared by IT staff

Explicación

Pregunta 42 de 151

1

An employee has found a suspicious file on a server. The employee thinks the file is a virus and contacts the information security manager. What is the FIRST step to take?

Selecciona una de las siguientes respuestas posibles:

  • A. Contain the file.

  • B. Delete the file.

  • C. Verify whether the file is malicious.

  • D. Report the suspicious file to management.

Explicación

Pregunta 43 de 151

1

What is the MOST important action prior to having a third party perform an attack and penetration test against an organization?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure that the third party provides a demonstration on a test system.

  • B. Ensure that goals and objectives are clearly defined.

  • C. Ensure that technical staff has been briefed on what to expect.

  • D. Ensure that special backups of production servers are taken.

Explicación

Pregunta 44 de 151

1

Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?

Selecciona una de las siguientes respuestas posibles:

  • A. Penetration attempts investigated

  • B. Violation log reports produced

  • C. Violation log entries

  • D. Frequency of corrective actions taken

Explicación

Pregunta 45 de 151

1

Which of the following is the MOST important prerequisite for establishing information security management within an organization?

Selecciona una de las siguientes respuestas posibles:

  • A. Senior management commitment

  • B. Information security framework

  • C. Information security organizational structure

  • D. Information security policy

Explicación

Pregunta 46 de 151

1

A newly-hired information security manager examines the 10-year old business continuity plan and notes that the maximum tolerable outage (MTO) is much shorter than the allowable interruption window (AIW). What action should be taken as a result of this information?

Selecciona una de las siguientes respuestas posibles:

  • A. Reassess the maximum tolerable outage (MTO).

  • B. Conduct a business impact assessment (BIA) and update the plan.

  • C. Increase the service delivery objective (SDO).

  • D. Take no action; maximum tolerable outage (MTO) is not related to AIW.

Explicación

Pregunta 47 de 151

1

Which of the following change management activities would be a clear indicator that normal operational procedures require examination?

Selecciona una de las siguientes respuestas posibles:

  • A. A high percentage of similar change requests

  • B. A high percentage of change request postponements

  • C. A high percentage of canceled change requests

  • D. A high percentage of emergency change requests

Explicación

Pregunta 48 de 151

1

Which of the following purposes is for developing a security architecture as a way of meeting business objectives?

Selecciona una de las siguientes respuestas posibles:

  • A. To reduce the cost of system development

  • B. To aid in strategy and policy development

  • C. To effectively manage complexity

  • D. To determine areas that will be a problem

Explicación

Pregunta 49 de 151

1

An organization's information security strategy should be based on:

Selecciona una de las siguientes respuestas posibles:

  • A. managing risk relative to business objectives.

  • B. managing risk to a zero level and minimizing insurance premiums.

  • C. avoiding occurrence of risks so that insurance is not required.

  • D. transferring most risks to insurers and saving on control costs.

Explicación

Pregunta 50 de 151

1

Information security managers should use risk assessment techniques to:

Selecciona una de las siguientes respuestas posibles:

  • A. justify selection of risk mitigation strategies.

  • B. maximize the return on investment (ROI).

  • C. provide documentation for auditors and regulators.

  • D. quantify risks that would otherwise be subjective.

Explicación

Pregunta 51 de 151

1

A business impact analysis (BIA) is the BEST tool for determining:

Selecciona una de las siguientes respuestas posibles:

  • A. total cost of ownership.

  • B. priority of restoration.

  • C. annualized loss expectancy (ALE).

  • D. residual risk.

Explicación

Pregunta 52 de 151

1

Who is in the BEST position to determine the level of information security needed for a specific business application?

Selecciona una de las siguientes respuestas posibles:

  • A. The system developer

  • B. The information security manager

  • C. The system custodian

  • D. The data owner

Explicación

Pregunta 53 de 151

1

Proximity factors must be considered when:

Selecciona una de las siguientes respuestas posibles:

  • A. conducting a business impact assessment.

  • B. conducting a table-top business continuity test.

  • C. developing disaster recovery metrics.

  • D. selecting an alternate recovery site.

Explicación

Pregunta 54 de 151

1

The PRIMARY objective of a security steering group is to:

Selecciona una de las siguientes respuestas posibles:

  • A. ensure information security covers all business functions.

  • B. ensure information security aligns with business goals.

  • C. raise information security awareness across the organization.

  • D. implement all decisions on security management across the organization.

Explicación

Pregunta 55 de 151

1

Which of the following is the MOST important factor when designing information security architecture?

Selecciona una de las siguientes respuestas posibles:

  • A. Technical platform interfaces

  • B. Scalability of the network

  • C. Development methodologies

  • D. Stakeholder requirements

Explicación

Pregunta 56 de 151

1

Which of the following factors is MOST important for the successful implementation of an organization's information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Senior management support

  • B. Budget for security activities

  • C. Regular vulnerability assessments

  • D. Knowledgeable security administrators

Explicación

Pregunta 57 de 151

1

Where should an intranet server generally be placed?

Selecciona una de las siguientes respuestas posibles:

  • A. On the internal network

  • B. On the firewall server

  • C. On the external router

  • D. On the primary domain controller

Explicación

Pregunta 58 de 151

1

What action should be taken in regards to data classification requirements before engaging outsourced providers?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure the data classification requirements are compatible with the provider's own classification.

  • B. Ensure the data classification requirements are communicated to the provider.

  • C. Ensure the data classification requirements exceed those of the outsourcer.

  • D. Ensure the data classification requirements are stated in the contract.

Explicación

Pregunta 59 de 151

1

What does a network vulnerability assessment intend to identify?

Selecciona una de las siguientes respuestas posibles:

  • A. 0-day vulnerabilities

  • B. Malicious software and spyware

  • C. Security design flaws

  • D. Misconfiguration and missing updates

Explicación

Pregunta 60 de 151

1

What is the MOST important reason for formally documenting security procedures?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure processes are repeatable and sustainable.

  • B. Ensure alignment with business objectives.

  • C. Ensure auditability by regulatory agencies.

  • D. Ensure objective criteria for the application of metrics.

Explicación

Pregunta 61 de 151

1

Which of the following authentication methods prevents authentication replay?

Selecciona una de las siguientes respuestas posibles:

  • A. Password hash implementation

  • B. Challenge/response mechanism

  • C. Wired Equivalent Privacy (WEP) encryption usage

  • D. HTTP Basic Authentication

Explicación

Pregunta 62 de 151

1

What is the PRIMARY objective of a post-event review in incident response?

Selecciona una de las siguientes respuestas posibles:

  • A. Adjust budget provisioning

  • B. Preserve forensic data

  • C. Improve the response process

  • D. Ensure the incident is fully documented

Explicación

Pregunta 63 de 151

1

Which of the following choices BEST justifies an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. The impact on critical IT assets

  • B. A detailed business case

  • C. Steering committee approval

  • D. User acceptance

Explicación

Pregunta 64 de 151

1

The MOST important basis for developing a business case is the:

Selecciona una de las siguientes respuestas posibles:

  • A. risk that will be addressed.

  • B. financial analysis of benefits.

  • C. alignment with organizational objectives.

  • D. feasibility and value proposition.

Explicación

Pregunta 65 de 151

1

Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?

Selecciona una de las siguientes respuestas posibles:

  • A. Ease of installation

  • B. Product documentation

  • C. Available support

  • D. System overhead

Explicación

Pregunta 66 de 151

1

Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?

Selecciona una de las siguientes respuestas posibles:

  • A. Tests are scheduled on weekends

  • B. Network IP addresses are predefined

  • C. Equipment at the hot site is identical

  • D. Business management actively participates

Explicación

Pregunta 67 de 151

1

Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?

Selecciona una de las siguientes respuestas posibles:

  • A. System analyst

  • B. System user

  • C. Operations manager

  • D. Data security officer

Explicación

Pregunta 68 de 151

1

The MOST timely and effective approach to detecting nontechnical security violations in an organization is:

Selecciona una de las siguientes respuestas posibles:

  • A. the development of organizationwide communication channels.

  • B. periodic third-party auditing of incident reporting logs.

  • C. an automated policy compliance monitoring system.

  • D. deployment of suggestion boxes throughout the organization.

Explicación

Pregunta 69 de 151

1

Laws and regulations should be addressed by the information security manager:

Selecciona una de las siguientes respuestas posibles:

  • A. to the extent that they impact the enterprise.

  • B. by implementing international standards.

  • C. by developing policies that address the requirements.

  • D. to ensure that guidelines meet the requirements.

Explicación

Pregunta 70 de 151

1

Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?

Selecciona una de las siguientes respuestas posibles:

  • A. Adequate security policies and procedures

  • B. Periodic compliance reviews

  • C. Security steering committees

  • D. Security awareness campaigns

Explicación

Pregunta 71 de 151

1

When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensuring accessibility should a disaster occur

  • B. Versioning control as plans are modified

  • C. Broken hyperlinks to resources stored elsewhere

  • D. Tracking changes in personnel and plan assets

Explicación

Pregunta 72 de 151

1

During an audit, an information security manager discovered that sales representatives are sending sensitive customer information through email messages. Which of the following is the BEST course of action to address the issue?

Selecciona una de las siguientes respuestas posibles:

  • A. Review the finding with the sales manager to evaluate the risk and impact.

  • B. Report the issue to senior management immediately.

  • C. Request that the sales representatives stop emailing sensitive information.

  • D. Provide security awareness training to the sales representatives.

Explicación

Pregunta 73 de 151

1

An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?

Selecciona una de las siguientes respuestas posibles:

  • A. Inform senior management.

  • B. Determine the extent of the compromise.

  • C. Report the incident to the authorities.

  • D. Communicate with the affected customers.

Explicación

Pregunta 74 de 151

1

After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:

Selecciona una de las siguientes respuestas posibles:

  • A. transferred.

  • B. treated.

  • C. accepted.

  • D. terminated.

Explicación

Pregunta 75 de 151

1

Security risk assessments are MOST cost-effective to a software development organization when they are performed:

Selecciona una de las siguientes respuestas posibles:

  • A. before system development begins.

  • B. at system deployment.

  • C. before developing a business case.

  • D. at each stage of the software development life cycle (SDLC).

Explicación

Pregunta 76 de 151

1

What is the MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements?

Selecciona una de las siguientes respuestas posibles:

  • A. Logon banners displayed at every logon

  • B. Periodic security-related email messages

  • C. An intranet web site for information security

  • D. Circulating the information security policy

Explicación

Pregunta 77 de 151

1

An information security manager has implemented procedures for monitoring specific activities on the network. The system administrator has been trained to analyze the network events, take appropriate action and provide reports to the information security manager. What additional monitoring should be implemented to give a more accurate, risk-based view of network activity?

Selecciona una de las siguientes respuestas posibles:

  • A. The system administrator should be monitored by a separate reviewer.

  • B. All activity on the network should be monitored.

  • C. No additional monitoring is needed in this situation.

  • D. Monitoring should be done only by the information security manager.

Explicación

Pregunta 78 de 151

1

Which of the following will BEST protect an organization from internal security attacks?

Selecciona una de las siguientes respuestas posibles:

  • A. Static IP addressing

  • B. Internal address translation

  • C. Prospective employee background checks

  • D. Employee awareness certification program

Explicación

Pregunta 79 de 151

1

Which of the following is in the BEST position to provide information on regulatory and legal compliance requirements that have an effect on information security?

Selecciona una de las siguientes respuestas posibles:

  • A. Corporate legal officer

  • B. Enterprise risk manager

  • C. Compliance officer

  • D. Affected departments

Explicación

Pregunta 80 de 151

1

Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?

Selecciona una de las siguientes respuestas posibles:

  • A. A hot site facility will be shared in multiple disaster declarations

  • B. All equipment is provided "at time of disaster, not on floor"

  • C. The facility is subject to a "first-come, first-served" policy

  • D. Equipment may be substituted with equivalent models

Explicación

Pregunta 81 de 151

1

Which of the following situations would be the MOST concern to a security manager?

Selecciona una de las siguientes respuestas posibles:

  • A. Audit logs are not enabled on a production server

  • B. The logon ID for a terminated systems analyst still exists on the system

  • C. The help desk has received numerous results of users receiving phishing emails

  • D. A Trojan was found to be installed on a system administrator's laptop

Explicación

Pregunta 82 de 151

1

Which of the following criteria is the MOST essential for operational metrics?

Selecciona una de las siguientes respuestas posibles:

  • A. Timeliness of the reporting

  • B. Relevance to the recipient

  • C. Accuracy of the measurement

  • D. The cost of obtaining the metrics

Explicación

Pregunta 83 de 151

1

Which of the following should be included in a good privacy statement?

Selecciona una de las siguientes respuestas posibles:

  • A. A notification of liability on accuracy of information

  • B. A notification that information will be encrypted

  • C. A statement of what the company will do with information it collects

  • D. A description of the information classification process

Explicación

Pregunta 84 de 151

1

Which of the following is a preventive measure?

Selecciona una de las siguientes respuestas posibles:

  • A. A warning banner

  • B. Audit trails

  • C. An access control

  • D. An alarm system

Explicación

Pregunta 85 de 151

1

Which of the following is MOST essential for a risk management program to be effective?

Selecciona una de las siguientes respuestas posibles:

  • A. Flexible security budget

  • B. Sound risk baseline

  • C. Detection of new risk

  • D. Accurate risk reporting

Explicación

Pregunta 86 de 151

1

When designing information security standards for an enterprise, the information security manager should require that an extranet server be placed:

Selecciona una de las siguientes respuestas posibles:

  • A. outside the firewall.

  • B. on the firewall server.

  • C. on a screened subnet.

  • D. on the external router.

Explicación

Pregunta 87 de 151

1

Assuming that the value of information assets is known, which of the following gives the information security manager the MOST objective basis for determining that the information security program is delivering value?

Selecciona una de las siguientes respuestas posibles:

  • A. Number of controls

  • B. Cost of achieving control objectives

  • C. Effectiveness of controls

  • D. Test results of controls

Explicación

Pregunta 88 de 151

1

Which of the following is PRIMARILY related to the emergence of governance, risk and compliance (GRC)?

Selecciona una de las siguientes respuestas posibles:

  • A. The increasing need for controls

  • B. The policy development process

  • C. The integration of assurance-related activities

  • D. A model for information security program development

Explicación

Pregunta 89 de 151

1

What is the BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed?

Selecciona una de las siguientes respuestas posibles:

  • A. Simulate an attack and review IDS performance.

  • B. Use a honeypot to check for unusual activity.

  • C. Audit the configuration of the IDS.

  • D. Benchmark the IDS against a peer site.

Explicación

Pregunta 90 de 151

1

What responsibility do data owners normally have?

Selecciona una de las siguientes respuestas posibles:

  • A. Applying emergency changes to application data

  • B. Administering security over database records

  • C. Migrating application code changes to production

  • D. Determining the level of application security required

Explicación

Pregunta 91 de 151

1

Which of the following would be the MOST relevant factor when defining the information classification policy?

Selecciona una de las siguientes respuestas posibles:

  • A. Quantity of information

  • B. Available IT infrastructure

  • C. Benchmarking

  • D. Requirements of data owners

Explicación

Pregunta 92 de 151

1

When creating a forensic image of a hard drive, which of the following should be the FIRST step?

Selecciona una de las siguientes respuestas posibles:

  • A. Identify a recognized forensics software tool to create the image.

  • B. Establish a chain of custody log.

  • C. Connect the hard drive to a write blocker.

  • D. Generate a cryptographic hash of the hard drive contents.

Explicación

Pregunta 93 de 151

1

Which of the following actions is MOST important when a server is infected with a virus?

Selecciona una de las siguientes respuestas posibles:

  • A. Isolate the infected server(s) from the network.

  • B. Identify all potential damage caused by the infection.

  • C. Ensure that the virus database files are current.

  • D. Establish security weaknesses in the firewall.

Explicación

Pregunta 94 de 151

1

An organization's information security manager is planning the structure of the Information Security Steering Committee. Which of the following groups should the manager invite?

Selecciona una de las siguientes respuestas posibles:

  • A. External audit and network penetration testers

  • B. Board of directors and the organization's regulators

  • C. External trade union representatives and key security vendors

  • D. Leadership from IT, human resources and the sales department

Explicación

Pregunta 95 de 151

1

Which of the following will the data backup policy contain?

Selecciona una de las siguientes respuestas posibles:

  • A. Criteria for data backup

  • B. Personnel responsible for backup

  • C. A data backup schedule

  • D. A list of systems to be backed up

Explicación

Pregunta 96 de 151

1

In following up on a security incident, the system administrator is to copy data from one hard disk to another. From a forensic perspective, which of the following tasks must be ensured?

Selecciona una de las siguientes respuestas posibles:

  • A. Copy to the same disk model as the original.

  • B. Make a dual backup of the original disk.

  • C. Keep the digital hash from both hard disks.

  • D. Perform a restoration test after replication.

Explicación

Pregunta 97 de 151

1

What is the BEST way to ensure users comply with organizational security requirements for password complexity?

Selecciona una de las siguientes respuestas posibles:

  • A. Include password construction requirements in the security standards

  • B. Require each user to acknowledge the password requirements

  • C. Implement strict penalties for user noncompliance

  • D. Enable system-enforced password configuration

Explicación

Pregunta 98 de 151

1

Which of the following is the MOST important step when an employee is transferred to a different function?

Selecciona una de las siguientes respuestas posibles:

  • A. Reviewing and modifying access rights

  • B. Assigning new security responsibilities

  • C. Conducting specific training for the new role

  • D. Knowledge of security weaknesses in last department

Explicación

Pregunta 99 de 151

1

What is the BEST approach to implement adequate segregation of duties in business critical applications, where shared access to elevated privileges by a small group is necessary?

Selecciona una de las siguientes respuestas posibles:

  • A. Ensure access to individual functions can be granted to individual users only.

  • B. Implement role-based access control in the application.

  • C. Enforce manual procedures ensuring separation of conflicting duties.

  • D. Create service accounts that can only be used by authorized team members.

Explicación

Pregunta 100 de 151

1

Which of the following would BEST prepare an information security manager for regulatory reviews?

Selecciona una de las siguientes respuestas posibles:

  • A. Assign an information security administrator as regulatory liaison.

  • B. Perform self-assessments using regulatory guidelines and reports.

  • C. Assess previous regulatory reports with process owners input.

  • D. Ensure all regulatory inquiries are sanctioned by the legal department.

Explicación

Pregunta 101 de 151

1

When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?

Selecciona una de las siguientes respuestas posibles:

  • A. Assigning responsibility for acquiring the data

  • B. Locating the data and preserving the integrity of the data

  • C. Creating a forensically sound image

  • D. Issuing a litigation hold to all affected parties

Explicación

Pregunta 102 de 151

1

Which of the following should a successful information security management program use to determine the amount of resources devoted to mitigating exposures?

Selecciona una de las siguientes respuestas posibles:

  • A. Risk analysis results

  • B. Audit report findings

  • C. Penetration test results

  • D. Amount of IT budget available

Explicación

Pregunta 103 de 151

1

Which of the following is the MOST usable deliverable of an information security risk analysis?

Selecciona una de las siguientes respuestas posibles:

  • A. Business impact analysis (BIA) report

  • B. List of action items to mitigate risk

  • C. Assignment of risks to process owners

  • D. Quantification of organizational risk

Explicación

Pregunta 104 de 151

1

Which of the following is the GREATEST success factor for effectively managing information security?

Selecciona una de las siguientes respuestas posibles:

  • A. An adequate budget

  • B. Senior level authority

  • C. A robust technology

  • D. Effective business relationships

Explicación

Pregunta 105 de 151

1

Simple Network Management Protocol v2 (SNMP v2) is used frequently to monitor networks. Which of the following vulnerabilities does it always introduce?

Selecciona una de las siguientes respuestas posibles:

  • A. Remote buffer overflow

  • B. Cross site scripting

  • C. Clear text authentication

  • D. Man-in-the-middle attack

Explicación

Pregunta 106 de 151

1

Which of the following BEST accomplishes secure customer use of an e-commerce application?

Selecciona una de las siguientes respuestas posibles:

  • A. Data encryption

  • B. Digital signatures

  • C. Strong passwords

  • D. Two-factor authentication

Explicación

Pregunta 107 de 151

1

The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:

Selecciona una de las siguientes respuestas posibles:

  • A. escalate issues to an external third party for resolution.

  • B. ensure that senior management provide authority for security to address the issues.

  • C. insist that managers or units not in agreement with the security solution accept the risk.

  • D. refer the issues to senior management along with any security recommendations.

Explicación

Pregunta 108 de 151

1

Which of the following provides the BEST confirmation that the business continuity/disaster recovery plan objectives have been achieved?

Selecciona una de las siguientes respuestas posibles:

  • A. The recovery time objective (RTO) was not exceeded during testing

  • B. Objective testing of the business continuity/disaster recovery plan has been carried out consistently

  • C. The recovery point objective (RPO) was proved inadequate by disaster recovery plan testing

  • D. Information assets have been valued and assigned to owners per the business continuity plan/disaster recovery plan

Explicación

Pregunta 109 de 151

1

Why should an incident management team conduct a postincident review?

Selecciona una de las siguientes respuestas posibles:

  • A. To identify relevant electronic evidence

  • B. To identify lessons learned

  • C. To identify the hacker's identity

  • D. To identify affected areas

Explicación

Pregunta 110 de 151

1

The BEST approach to secure approval for information security expenditures is to:

Selecciona una de las siguientes respuestas posibles:

  • A. conduct a cost-benefit analysis.

  • B. develop a business case.

  • C. calculate return on investment (ROI).

  • D. evaluate loss history.

Explicación

Pregunta 111 de 151

1

Which of the following attacks is BEST mitigated by utilizing strong passwords?

Selecciona una de las siguientes respuestas posibles:

  • A. Man-in-the-middle attack

  • B. Brute force attack

  • C. Remote buffer overflow

  • D. Root kit

Explicación

Pregunta 112 de 151

1

The requirement for due diligence is MOST closely associated with which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. The right to audit

  • B. Service level agreements (SLAs)

  • C. Appropriate standard of care

  • D. Periodic security reviews

Explicación

Pregunta 113 de 151

1

Which of the following is the MOST important element of an information security strategy?

Selecciona una de las siguientes respuestas posibles:

  • A. Defined objectives

  • B. Time frames for delivery

  • C. Adoption of a control framework

  • D. Complete policies

Explicación

Pregunta 114 de 151

1

Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?

Selecciona una de las siguientes respuestas posibles:

  • A. Request a list of the software to be used

  • B. Provide clear directions to IT staff

  • C. Monitor intrusion detection system (IDS) and firewall logs closely

  • D. Establish clear rules of engagement

Explicación

Pregunta 115 de 151

1

Who in an organization has the responsibility for classifying information?

Selecciona una de las siguientes respuestas posibles:

  • A. Data custodian

  • B. Database administrator

  • C. Information security officer

  • D. Data owner

Explicación

Pregunta 116 de 151

1

The information security manager should treat regulatory compliance requirements as:

Selecciona una de las siguientes respuestas posibles:

  • A. an organizational mandate.

  • B. a risk management priority.

  • C. a purely operational issue.

  • D. just another risk.

Explicación

Pregunta 117 de 151

1

After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Define security metrics

  • B. Conduct a risk assessment

  • C. Perform a gap analysis

  • D. Procure security tools

Explicación

Pregunta 118 de 151

1

When considering outsourcing services, at what point should information security become involved in the vendor management process?

Selecciona una de las siguientes respuestas posibles:

  • A. During contract negotiation

  • B. Upon request for assistance from the business unit

  • C. When requirements are being established

  • D. When a security incident occurs

Explicación

Pregunta 119 de 151

1

Which of the following is an example of a corrective control?

Selecciona una de las siguientes respuestas posibles:

  • A. Diverting incoming traffic as a response to a denial of service (DoS) attack

  • B. Filtering network traffic

  • C. Examining inbound network traffic for viruses

  • D. Logging inbound network traffic

Explicación

Pregunta 120 de 151

1

Which of the following actions should be taken when an information security manager discovers that a hacker is footprinting the network perimeter?

Selecciona una de las siguientes respuestas posibles:

  • A. Reboot the border router connected to the firewall

  • B. Check IDS logs and monitor for any active attacks

  • C. Update IDS software to the latest available version

  • D. Enable server trace logging on the DMZ segment

Explicación

Pregunta 121 de 151

1

Which of the following steps should be performed FIRST in the risk assessment process?

Selecciona una de las siguientes respuestas posibles:

  • A. Staff interviews

  • B. Threat identification

  • C. Asset identification and valuation

  • D. Determination of the likelihood of identified risks

Explicación

Pregunta 122 de 151

1

Which of the following is the BEST basis for determining the criticality and sensitivity of information assets?

Selecciona una de las siguientes respuestas posibles:

  • A. A threat assessment

  • B. A vulnerability assessment

  • C. A resource dependency assessment

  • D. An impact assessment

Explicación

Pregunta 123 de 151

1

In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?

Selecciona una de las siguientes respuestas posibles:

  • A. Procedural design

  • B. Architectural design

  • C. System design specifications

  • D. Software development

Explicación

Pregunta 124 de 151

1

An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees flood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:

Selecciona una de las siguientes respuestas posibles:

  • A. conflicting security controls with organizational needs.

  • B. strong protection of information resources.

  • C. implementing appropriate controls to reduce risk.

  • D. proving information security's protective abilities.

Explicación

Pregunta 125 de 151

1

Which of the following is the BEST indicator that security awareness training has been effective?

Selecciona una de las siguientes respuestas posibles:

  • A. Employees sign to acknowledge the security policy

  • B. More incidents are being reported

  • C. A majority of employees have completed training

  • D. No incidents have been reported in three months

Explicación

Pregunta 126 de 151

1

Which of the following BEST supports the principle of security proportionality?

Selecciona una de las siguientes respuestas posibles:

  • A. Release management

  • B. Ownership schema

  • C. Resource dependency analysis

  • D. Asset classification

Explicación

Pregunta 127 de 151

1

Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a publicly traded, multinational enterprise?

Selecciona una de las siguientes respuestas posibles:

  • A. Strategic business plan

  • B. Upcoming financial results

  • C. Customer personal information

  • D. Previous financial results

Explicación

Pregunta 128 de 151

1

Alignment of an information security program to business objectives is BEST achieved through:

Selecciona una de las siguientes respuestas posibles:

  • A. senior management directing the information security program.

  • B. periodic risk analysis and treatment.

  • C. a security steering committee with representatives from all business functions.

  • D. regular security audits and ongoing monitoring.

Explicación

Pregunta 129 de 151

1

What activity should the information security manager perform FIRST after finding that compliance with a set of standards is weak?

Selecciona una de las siguientes respuestas posibles:

  • A. Initiate the exception process.

  • B. Modify policy to address the risk.

  • C. Increase compliance enforcement.

  • D. Perform a risk assessment.

Explicación

Pregunta 130 de 151

1

What activity needs to be performed for previously accepted risk?

Selecciona una de las siguientes respuestas posibles:

  • A. Risk should be reassessed periodically because risk changes over time.

  • B. Accepted risk should be flagged to avoid future reassessment efforts.

  • C. Risk should be avoided next time to optimize the risk profile.

  • D. Risk should be removed from the risk log after it is accepted.

Explicación

Pregunta 131 de 151

1

Inherent control strength is PRIMARILY a function of which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. Implementation

  • B. Design

  • C. Testing

  • D. Policy

Explicación

Pregunta 132 de 151

1

Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?

Selecciona una de las siguientes respuestas posibles:

  • A. Patch management

  • B. Change management

  • C. Security baselines

  • D. Virus detection

Explicación

Pregunta 133 de 151

1

Which of the following actions should the information security manager take FIRST on finding that current controls are not sufficient to prevent a serious compromise?

Selecciona una de las siguientes respuestas posibles:

  • A. Strengthen existing controls.

  • B. Reassess the risk.

  • C. Set new control objectives.

  • D. Modify security baselines.

Explicación

Pregunta 134 de 151

1

To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOST important item to include?

Selecciona una de las siguientes respuestas posibles:

  • A. Service level agreements (SLAs)

  • B. Right-to-audit clause

  • C. Intrusion detection system (IDS) services

  • D. Spam filtering services

Explicación

Pregunta 135 de 151

1

Which of the following would be the GREATEST challenge when developing a standard awareness training program for a global organization?

Selecciona una de las siguientes respuestas posibles:

  • A. Technical input requirements for IT security staff

  • B. Evaluating training program effectiveness

  • C. A diverse culture and varied technical abilities of end users

  • D. Availability of users either on weekends or after office hours

Explicación

Pregunta 136 de 151

1

Which of the following is the MOST appropriate method of ensuring password strength in a large organization?

Selecciona una de las siguientes respuestas posibles:

  • A. Attempt to reset several passwords to weaker values

  • B. Install code to capture passwords for periodic audit

  • C. Sample a subset of users and request their passwords for review

  • D. Install strong password settings on each platform

Explicación

Pregunta 137 de 151

1

Which of the following is the BEST approach to dealing with inadequate funding of the security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Eliminate low-priority security services.

  • B. Require management to accept the increased risk.

  • C. Prioritize risk mitigation and educate management.

  • D. Reduce monitoring and compliance enforcement activities.

Explicación

Pregunta 138 de 151

1

Which of the following is the MOST critical success factor of an information security program?

Selecciona una de las siguientes respuestas posibles:

  • A. Developing information security policies and procedures

  • B. Senior management commitment

  • C. Conducting security training and awareness for all users

  • D. Establishing an information security management system

Explicación

Pregunta 139 de 151

1

Phishing is BEST mitigated by which of the following?

Selecciona una de las siguientes respuestas posibles:

  • A. Security monitoring software

  • B. Encryption

  • C. Two-factor authentication

  • D. User awareness

Explicación

Pregunta 140 de 151

1

Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?

Selecciona una de las siguientes respuestas posibles:

  • A. Utilize an intrusion detection system.

  • B. Establish minimum security baselines.

  • C. Implement vendor recommended settings.

  • D. Perform periodic penetration testing.

Explicación

Pregunta 141 de 151

1

Which of the following should be included in an annual information security budget that is submitted for management approval?

Selecciona una de las siguientes respuestas posibles:

  • A. A cost-benefit analysis of budgeted resources

  • B. All of the resources that are recommended by the business

  • C. Total cost of ownership (TCO)

  • D. Baseline comparisons

Explicación

Pregunta 142 de 151

1

The MOST important outcome of aligning information security governance with corporate governance is to:

Selecciona una de las siguientes respuestas posibles:

  • A. show that information security understands the rules.

  • B. provide regulatory compliance.

  • C. maximize the cost-effectiveness of controls.

  • D. minimize the number of rules and regulations required.

Explicación

Pregunta 143 de 151

1

Which of the following defines minimum standards for securing the technical infrastructure?

Selecciona una de las siguientes respuestas posibles:

  • A. Information security strategy

  • B. Information security guidelines

  • C. Information security model

  • D. Information security architecture

Explicación

Pregunta 144 de 151

1

Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?

Selecciona una de las siguientes respuestas posibles:

  • A. Annual loss expectancy (ALE) of incidents

  • B. Frequency of incidents

  • C. Total cost of ownership (TCO)

  • D. Approved budget for the project

Explicación

Pregunta 145 de 151

1

In what circumstances should mandatory access controls (MAC) be used?

Selecciona una de las siguientes respuestas posibles:

  • A. When the organization has a high risk tolerance

  • B. When delegation of rights is contrary to policy

  • C. When the control policy specifies continuous oversight

  • D. When access is permitted, unless explicitly denied

Explicación

Pregunta 146 de 151

1

Which one of the following network protocols is secure?

Selecciona una de las siguientes respuestas posibles:

  • A. Simple Mail Transfer Protocol (SMTP)

  • B. File Transfer Protocol (FTP)

  • C. Post Office Protocol (POP3)

  • D. Simple Network Management Protocol (SNMP v3)

Explicación

Pregunta 147 de 151

1

Which of the following choices should be assessed after the likelihood of a loss event has been determined?

Selecciona una de las siguientes respuestas posibles:

  • A. The magnitude of impact

  • B. Risk tolerance

  • C. The replacement cost of assets

  • D. The book value of assets

Explicación

Pregunta 148 de 151

1

An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?

Selecciona una de las siguientes respuestas posibles:

  • A. Security in storage and transmission of sensitive data

  • B. Provider's level of compliance with industry standards

  • C. Security technologies in place at the facility

  • D. Results of the latest independent security review

Explicación

Pregunta 149 de 151

1

What is the result of segmenting a highly sensitive database?

Selecciona una de las siguientes respuestas posibles:

  • A. It reduces threat.

  • B. It reduces criticality.

  • C. It reduces sensitivity.

  • D. It reduces exposure.

Explicación

Pregunta 150 de 151

1

When establishing a new incident management team whose members will serve on a part-time basis, which of the following means of training is MOST effective?

Selecciona una de las siguientes respuestas posibles:

  • A. Formal training

  • B. Mentoring

  • C. On-the-job training

  • D. Induction

Explicación

Pregunta 151 de 151

1

Three employees reported the theft or loss of their laptops while on business trips. The FIRST course of action for the security manager is to:

Selecciona una de las siguientes respuestas posibles:

  • A. assess the impact of the loss and determine mitigating steps.

  • B. communicate the best practices in protecting laptops to all laptop users.

  • C. instruct the erring employees to pay a penalty for the lost laptops.

  • D. recommend that management report the incident to the police and file for insurance.

Explicación