A.  

favorable audit findings

B.  

following the recommendations of consultants and contractors

C.  

development of relationships with organization executives

D.  

raising awareness of security issues with end users

A.  

Internal audit

B.  

All management staff

C.  

Government regulators

D.  

The data owner

A.  

Risk Management

B.  

Risk Assessment

C.  

System Testing

D.  

Vulnerability Assessment

A.  

Risk Tolerance

B.  

Qualitative risk analysis

C.  

Risk Appetite

D.  

Quantitative risk analysis

A.  

Mean Time to Operations (MTO)

B.  

Recovery Base Objective (RBO)

C.  

Maximum Tolerable Downtime (MTD)

D.  

Recovery Point Objective (RPO)

A.  

Communicating the risk to all business units

B.  

Outsourcing data storage operations to a third party

C.  

Procuring cyber insurance

D.  

Changing current processes for data retention

A.  

Distributed

B.  

Sole owner

C.  

Limited liability

D.  

Matrix

A.  

Application logs

B.  

File integrity monitoring

C.  

SNMP traps

D.  

Syslog

A.  

Information Security and Identity Access Management teams perform two distinct functions

B.  

Developers and Network teams both have admin rights on servers

C.  

Finance has access to Human Resources data

D.  

Information Security and Network teams perform two distinct functions

A.  

Create timelines for mitigation

B.  

Develop a cost-benefit analysis

C.  

Calculate annual loss expectancy

D.  

Create a detailed technical executive summary

A.  

Risk assessment

B.  

Security program budget

C.  

Business continuity plan

D.  

Compliance and regulatory analysis

A.  

International Organization for Standardization (ISO) 27003

B.  

Control Objectives for Information and Related Technology (COBIT)

C.  

Payment Card Industry (PCI)

D.  

Health Insurance Portability and Accountability Act (HIPAA)

A.  

ISO 27001

B.  

PRINCE2

C.  

ISO 27004

D.  

ITILv3

A.  

Begin initial gap remediation analyses

B.  

Review the security organization’s charter

C.  

Validate gaps with the Information Technology team

D.  

Create a briefing of the findings for executive management

A.  

Covert government networks

B.  

War driving maps

C.  

Government networks in Tora

D.  

Virtual network tunnels

A.  

Performing

B.  

Norming

C.  

Storming

D.  

Forming

A.  

Risk management

B.  

Stock performance

C.  

Corporate governance

D.  

Audit oversight

A.  

Agreement

B.  

Silos

C.  

Disgruntlement

D.  

Conflict

A.  

Security officer

B.  

Data owner

C.  

Vulnerability engineer

D.  

System administrator

A.  

Common good

B.  

Utilitarian

C.  

Risk based

D.  

Fairness

A.  

Corporate legal counsel

B.  

CISO with reference to the company goals

C.  

CEO and board of director

D.  

Corporate compliance committee

A.  

The asset is more expensive than the remediation

B.  

The audit finding is incorrect

C.  

The asset being protected is less valuable than the remediation costs

D.  

The remediation costs are irrelevant; it must be implemented regardless of cost.

A.  

Detective

B.  

Organizational

C.  

Preemptive

D.  

Proactive

A.  

Well established and defined digital forensics process

B.  

Establishing Enterprise-owned Botnets for preemptive attacks

C.  

Be able to retaliate under the framework of Active Defense

D.  

Collaboration with law enforcement

A.  

Software removal, define requirements, install updates

B.  

Discover software, deploy integrations, apply updates

C.  

Install patches and updates, adjust configurations, remove software

D.  

Install software replacements, remove data, maintain system

A.  

Centralized log management

B.  

Encrypted log files in transit

C.  

Each node set to local time

D.  

Log aggregation agent each node

A.  

Annually

B.  

Semi-annually

C.  

Quarterly

D.  

Never

A.  

When organizational resources are limited

B.  

When the benefits of outsourcing outweigh the inherent risks of outsourcing

C.  

On new, enterprise-wide security initiatives

D.  

On projects not forecasted in the yearly budget

A.  

Ineffective configuration management controls

B.  

Lack of change management controls

C.  

Lack of version/source controls

D.  

High turnover in the application development department

A.  

it communicates management’s commitment to protecting information resources

B.  

it is formally acknowledged by all employees and vendors

C.  

it defines a process to meet compliance requirements

D.  

it establishes a framework to protect confidential information

A.  

Video surveillance

B.  

Mantrap

C.  

Bollards

D.  

Fence

A.  

Organizational objectives and risk tolerance

B.  

Risk assessment criteria

C.  

IT architecture complexity

D.  

Enterprise disaster recovery plans

A.  

Response

B.  

Investigation

C.  

Recovery

D.  

Follow-up

A.  

security threat and vulnerability management process

B.  

risk assessment process

C.  

risk management process

D.  

governance, risk, and compliance tools

A.  

Have internal audit conduct another audit to see what has changed.

B.  

Contract with an external audit company to conduct an unbiased audit

C.  

Review the recommendations and follow up to see if audit implemented the changes

D.  

Meet with audit team to determine a timeline for corrections

A.  

Detective Controls

B.  

Proactive Controls

C.  

Preemptive Controls

D.  

Organizational Controls

A.  

Budgeting for unforeseen data compromises

B.  

Streamlining for efficiency

C.  

Alignment with the business

D.  

Establishing your authority as the Security Executive

A.  

Failed to identify all stakeholders and their needs

B.  

Deployed the encryption solution in an inadequate manner

C.  

Used 1024 bit encryption when 256 bit would have sufficed

D.  

Used hardware encryption instead of software encryption

A.  

Conduct background checks on individuals before hiring them

B.  

Develop an Information Security Awareness program

C.  

Monitor employee browsing and surfing habits

D.  

Set your firewall permissions aggressively and monitor logs regularly.

A.  

The auditors have not followed proper auditing processes

B.  

The CIO of the organization disagrees with the finding

C.  

The risk tolerance of the organization permits this risk

D.  

The organization has purchased cyber insurance

A.  

A risk assessment was performed on the technology

B.  

The technology was not integrated with antivirus

C.  

Data classification was not properly applied

D.  

Sensitive data was not encrypted while at rest

A.  

A substantive test of program library controls

B.  

A compliance test of program library controls

C.  

A compliance test of the program compiler controls

D.  

A substantive test of the program compiler controls

A.  

Reducing the impact of the risk to the business.

B.  

Establishing strategic alignment with bunsiness continuity requirements

C.  

Establishing incident response programs.

D.  

Identifying and implementing the best security solutions.

A.  

ITIL

B.  

Privacy Act

C.  

Sarbanes Oxley

D.  

PCI-DSS

A.  

Classifying an information system as part of a risk assessment

B.  

Installing an appropriate fire suppression system in the data center

C.  

Conducting an audit of the configuration management process

D.  

Establishing procurement standards for cloud vendors

A.  

Risk mitigation

B.  

Risk transfer

C.  

Risk tolerance

D.  

Risk acceptance

A.  

Provide clear communication of security requirements throughout the organization

B.  

Demonstrate executive support with written mandates for security policy adherence

C.  

Create collaborative risk management approaches within the organization

D.  

Perform increased audits of security processes and procedures

A.  

Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data

B.  

Create separate controls for the business units based on the types of business and functions they perform

C.  

Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

D.  

Provide the business units with control mandates and schedules of audits for compliance validation

A.  

Closed circuit television

B.  

Open circuit television

C.  

Blocked video

D.  

Local video

A.  

The organization has focused only on regulatory issues

B.  

The auditors have not followed proper auditing processes

C.  

The business agrees with the finding

D.  

The situation is within the risk tolerance of the organization

A.  

Risk Avoidance

B.  

Risk Acceptance

C.  

Risk Transfer

D.  

Risk Mitigation

A.  

Authentication, Authorize, Validation

B.  

Provision, Administration, Enforcement

C.  

Administration, Validation, Protect

D.  

Provision, Administration, Authentication

A.  

Tell the team to do their best and respond to each alert

B.  

Tune the sensors to help reduce false positives so the team can react better

C.  

Request additional resources to handle the workload

D.  

Tell the team to only respond to the critical and high alerts

A.  

Tokenization combined with hashing is always better than encryption

B.  

Encryption can be mathematically reversed to provide the original information

C.  

The token contains the all original information

D.  

Tokenization can be mathematically reversed to provide the original information

A.  

Preventive actions

B.  

Inspection

C.  

Defect repair

D.  

Corrective actions

A.  

Secure the area and shut-down the computer until investigators arrive

B.  

Secure the area and attempt to maintain power until investigators arrive

C.  

Immediately place hard drive and other components in an anti-static bag

D.  

Secure the area.

A.  

ClOS

B.  

All employees

C.  

Security Managers

D.  

Executives

A.  

Zero-day attack mitigation

B.  

Preventive detection control

C.  

Corrective security control

D.  

Dynamic blocking control

A.  

The CISO should cut other essential programs to ensure the new solution’s continued use

B.  

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

C.  

Defer selection until the market improves and cash flow is positive

D.  

Implement the solution and ask for the increased operating cost budget when it is time

A.  

Account management policy

B.  

Training policy

C.  

Acceptable Use policy

D.  

Remote Access policy

A.  

Number of change orders rejected

B.  

Number and length of planned outages

C.  

Number of unplanned outages

D.  

Number of change orders processed

A.  

security coding

B.  

data security system

C.  

data classification

D.  

privacy protection

A.  

Clearly defined processes to meet compliance requirements

B.  

Formal acknowledgement by most employees and vendors

C.  

An established guideline to protect confidential information

D.  

Communication of management’s commitment to security

A.  

An approach that allows for minimum budget impact if the solution is unsuitable

B.  

A methodology-based approach to ensure authentication mechanism functions

C.  

An approach providing minimum time impact to the implementation schedules

D.  

A risk-based approach to determine if the solution is suitable for investment

A.  

Disgruntlement

B.  

Silos

C.  

Conflict

D.  

Disagreement

A.  

Grant her access, the employee has been adequately warned through the AUP.

B.  

Assist her with the request, but only after her supervisor signs off on the action.

C.  

Reset the employee’s password and give it to the supervisor.

D.  

Deny the request citing national privacy laws.

A.  

Data breach disclosure

B.  

Consumer right disclosure

C.  

Security incident disclosure

D.  

Special circumstance disclosure

A.  

Unable to control physical access to the servers

B.  

Unable to track log on activity

C.  

Unable to run anti-virus scans

D.  

Unable to patch systems as needed

A.  

An administrator with too much time on their hands.

B.  

Putting undue time commitment on the system administrator.

C.  

Supporting the concept of layered security

D.  

Network segmentation.

A.  

Legal, help desk, system and network administrators

B.  

Threat analysts, IT auditors, security operations managers

C.  

Financial analysts, payroll clerks, HR managers

D.  

Human resources, facilities maintenance, and IT support

A.  

Be briefed about new trends and products by a vendor

B.  

Ensure the committee includes members from different departments and employee levels

C.  

Ensure that security policies and procedures have been approved by the Board of Directors

D.  

Review of current audit and compliance reports

A.  

Procedures for litigation

B.  

Procedures for reclamation

C.  

Procedures for classification

D.  

Procedures for charge-back

A.  

Compliance Risk

B.  

Reputation Risk

C.  

Operational Risk

D.  

Strategic Risk

A.  

Shoulder surfing

B.  

Tailgating

C.  

Social engineering

D.  

Mantrap

A.  

Meet regulatory compliance requirements

B.  

Better understand the threats and vulnerabilities affecting the environment

C.  

Better understand strengths and weaknesses of the program

D.  

Meet legal requirements

A.  

Connecting the systems to an Internet Service Provider (ISP) for verification

B.  

Getting authority to operate the system from executive management

C.  

Changing the default passwords within all affected systems

D.  

Conducting a final scan of the production system and mitigating all high-level vulnerabilities

A.  

Business recovery plan

B.  

Business Impact Analysis

C.  

Security process catalogue

D.  

Annual report to shareholders

A.  

Auditor

B.  

Senior leadership

C.  

General Counsel

D.  

Human Resources

A.  

An Information Security audit standard

B.  

An audit guideline for certifying secure systems and controls

C.  

A framework for Information Technology management and governance

D.  

A set of international regulations for Information Technology governance

A.  

Provide logging and analysis for all access points

B.  

Disable SSID broadcast and enable address filtering on access points

C.  

Install firewall software on all access points

D.  

Provide the IP address, MAC address, and other pertinent information

A.  

Creating an inventory of information assets

B.  

Classifying and organizing information assets into meaningful groups

C.  

Assigning value to each information asset

D.  

Calculating the risks to which assets are exposed in their current setting

A.  

Prior audit reports

B.  

Business risk appetite statements

C.  

Audit team contact information

D.  

Executive summary

A.  

Governance and compliance

B.  

Auditing and security

C.  

Budget and risk tolerance

D.  

Threats and vulnerabilities

A.  

Backup to tape

B.  

Maintain separate VM backups

C.  

Backup to a remote location

D.  

Increase VM replication frequency

A.  

Global Regulations Security Architecture

B.  

The Open Group Architecture Framework (TOGAF)

C.  

Federated Enterprise Architecture

D.  

Control Objectives for Information Technology (COBIT)

A.  

Vendor management

B.  

Scope compression

C.  

Scope creep

D.  

Results management

A.  

Internal Audit

B.  

Database Administration

C.  

Information Security

D.  

Compliance

A.  

Public cloud

B.  

Private cloud

C.  

Community cloud

D.  

Hybrid cloud

A.  

Control Objective for Information Technology (COBIT)

B.  

Committee of Sponsoring Organizations (COSO)

C.  

Payment Card Industry (PCI)

D.  

Information Technology Infrastructure Library (ITIL)

A.  

All organizational assets as identified by the Chief Information Officer

B.  

Audit schedules, reports, and remediations

C.  

Critical data, systems, and processes

D.  

Intellectual property and trademarks used by the business

A.  

Ensure that security policies are read.

B.  

Encourage security-conscious employee behavior.

C.  

Meet legal and regulatory requirements.

D.  

Put employees on notice in case follow-up action for noncompliance is necessary

A.  

Wireless Application Protocol (WAP)

B.  

Wifi Protected Access version 2 (WPA2)

C.  

Wireless Equivalence Protocol (WEP)

D.  

Extensible Authentication Protocol (EAP)

A.  

Enforce the existing security standards and do not allow the deployment of the new technology.

B.  

Amend the standard to permit the deployment.

C.  

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

D.  

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

A.  

Persistent risk

B.  

Residual risk

C.  

Accepted risk

D.  

Non-tolerated risk

A.  

Software and hardware license fees

B.  

Utilities and power costs

C.  

Network connectivity costs

D.  

New datacenter to operate from

A.  

At the end of the day once the employee is off site

B.  

During the monthly review cycle

C.  

Immediately so the employee account(s) can be disabled

D.  

Before an audit

A.  

Rights collision

B.  

Excessive privileges

C.  

Privilege creep

D.  

Least privileges

A.  

Need to comply with breach disclosure laws

B.  

Need to transfer the risk associated with hosting PII data

C.  

Need to better understand the risk associated with using PII data

D.  

Fiduciary responsibility to safeguard credit card information

A.  

Only check compliance right before the auditors are scheduled to arrive onsite.

B.  

Outsource compliance to a 3rd party vendor and let them manage the program.

C.  

Have Compliance and Information Security partner to correct issues as they arise.

D.  

Have Compliance direct Information Security to fix issues after the auditors report.

A.  

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.  

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.  

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.  

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

A.  

To remediate half of the findings before the next audit.

B.  

To remediate all of the findings before the next audit.

C.  

To validate that the cost of the remediation is less than the risk of the finding.

D.  

To validate the remediation process with the auditor.

A.  

Risk Avoidance

B.  

Risk Acceptance

C.  

Risk Transfer

D.  

Risk Mitigation

A.  

Inform senior management of the risk involved.

B.  

Agree to work with the security officer on these shifts as a form of preventative control.

C.  

Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

D.  

Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

A.  

type of computer the data s processed on

B.  

Type of data contained in the process and system

C.  

Type of connection and protocol used to transfer the data

D.  

Type of encryption required for the data once it is at rest

A.  

The Security Systems Development Life Cycle

B.  

The Security Project And Management Methodology

C.  

Project Management System Methodology

D.  

Project Management Body of Knowledge

A.  

There is integration between IT security and business staffing.

B.  

There is a clear definition of the IT security mission and vision.

C.  

There is an auditing methodology in place.

D.  

The plan requires return on investment for all security projects.

A.  

Risk Assessment

B.  

Incident Response

C.  

Risk Management

D.  

Network Security administration

A.  

Maintain a log of discovered risks

B.  

Track individual risk assessments

C.  

Develop plans for mitigating identified risks

D.  

Coordinate the timing of scheduled risk assessments

A.  

ISO 22318 Supply Chain Continuity

B.  

ISO 27031 BCM Readiness

C.  

ISO 22301 BCM Requirements

D.  

ISO 22317 BIA

A.  

Determine the risk tolerance

B.  

Perform an asset classification

C.  

Create an architecture gap analysis

D.  

Analyze existing controls on systems

A.  

The percentage of earnings that are retained by the organization for reinvestment in the business

B.  

The details of expenses and revenue over a long period of time

C.  

A summarized statement of all assets and liabilities at a specific point in time

D.  

A review of regulations and requirements impacting the business from a financial perspective

A.  

Simple and easy task because the threats are getting easier to find and correct.

B.  

Training requirement that is met through once every year user training.

C.  

Training requirement that is on-going and always changing.

D.  

Not needed because automation and anti-virus software has eliminated the threats.

A.  

IT security compliance

B.  

lnformation Technology (IT) portfolio management

C.  

Network monitoring

D.  

Cybersecurity policy

A.  

Reduction of liability and overall risk to the organization

B.  

Better vendor management

C.  

Reduction of security breaches

D.  

Senior management participation in the incident response process

A.  

How many credit card records are stored?

B.  

How many servers do you have?

C.  

What is the scope of the certification?

D.  

What is the value of the assets at risk?

A.  

Technical control(s)

B.  

Management control(s)

C.  

Policy control(s)

D.  

Operational control(s)

A.  

monitoring external and internal environment during incident response

B.  

ongoing risk assessments of routine operations

C.  

continuous vulnerability assessment and vulnerability repair

D.  

installation of a new firewall system

A.  

Threat identification

B.  

Risk monitoring

C.  

Risk treatment

D.  

Risk tolerance

A.  

How vulnerabilities can potentially be exploited in systems that impact the organization

B.  

How the security operations team will behave to reported incidents

C.  

How the firewall and other security devices are configured to prevent attacks

D.  

How the incident management team prepares to handle an attack

A.  

Risk metrics

B.  

Management metrics

C.  

Operational metrics

D.  

Compliance metrics

A.  

Risk management

B.  

Security management

C.  

Mitigation management

D.  

Compliance management

A.  

Security Administrators

B.  

Internal/External Audit

C.  

Risk Management

D.  

Security Operations

A.  

Time, quality, and scope

B.  

Cost, quality, and time

C.  

Scope, time, and cost

D.  

Quality, scope, and cost

A.  

Delayed response to security incidents

B.  

Increased regulatory personnel allocation for security oversight

C.  

Penalties incurred due to regulatory violations

D.  

Increased employee morale and satisfaction

A.  

Physical, Technical, Operational

B.  

Technical, Strong Password, Operational

C.  

Operational, Biometric, Physical

D.  

Strong password, Biometric, Common Access Card

A.  

Business Continuity

B.  

Disaster Recovery

C.  

Security Operations

D.  

Legal Advisement

A.  

Deploy a SEIM solution and have current staff review incidents first thing in the morning

B.  

Contract with a managed security provider and have current staff on recall for incident response

C.  

Configure your syslog to send SMS messages to current staff when target events are triggered

D.  

Employ an assumption of breach protocol and defend only essential information resources

A.  

Susceptibility to attack, mitigation response time, and cost

B.  

Attack vectors, controls cost, and investigation staffing needs

C.  

Vulnerability exploitation, attack recovery, and mean time to repair

D.  

Susceptibility to attack, expected duration of attack, and mitigation availability

A.  

Desired results or purpose of implementing specific control procedures.

B.  

The audit control checklist.

C.  

Techniques for securing information.

D.  

Security policy

A.  

Controlled spear phishing campaigns

B.  

Password changes

C.  

Baselining of computer systems

D.  

Scanning for viruses

A.  

Use asymmetric encryption for the automated distribution of the symmetric key

B.  

Use a self-generated key on both ends to eliminate the need for distribution

C.  

Use certificate authority to distribute private keys

D.  

Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

A.  

Board of directors

B.  

Third party vendors

C.  

CISO

D.  

Help Desk

A.  

Ensure all infrastructure and applications are available in the event of a disaster

B.  

Allow all technical first-responders to understand their roles in the event of a disaster

C.  

Provide step by step plans to recover business processes in the event of a disaster

D.  

Assign responsibilities to the technical teams responsible for the recovery of all data.

A.  

Creation of controls and processes to security the organization's data and information resources

B.  

The documentation and qualification of risk be the organization to facilitate better decision making by management

C.  

The confidentiality, integrity, and availability of the organization s data and information resources

D.  

to reduce adverse impacts on the organization to an acceptable level of risk

A.  

War driving

B.  

Operating system attacks

C.  

Social engineering

D.  

Shrink wrap attack

A.  

Negative internal audit findings regarding security controls performance

B.  

Regulatory non-compliance resulting in fines and legal proceedings

C.  

Unmanaged security awareness guidelines

D.  

Increased security budgets due to discovered threats and vulnerabilities

A.  

Auditors will recognize the organization’s commitment to security

B.  

So they will accept ownership for security within the organization

C.  

So that they can be held legally accountable when a severe incident occurs

D.  

To force employees to adhere to security policies

A.  

WBS document

B.  

Scope statement

C.  

Change control document

D.  

Risk management plan

A.  

Third-party emergency repair contract

B.  

Pre-built servers and routers

C.  

Permanent alternative routing

D.  

Full off-site backup of every server

A.  

Identify threats, risks, impacts and vulnerabilities

B.  

Decide how to manage risk

C.  

Define the budget of the Information Security Management System

D.  

Define Information Security Policy

A.  

Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.

B.  

Review the Request for Proposal (RFP) for guidance.

C.  

Withhold the vendor’s payments until the issue is resolved.

D.  

Refer to the contract agreement for direction.

A.  

To decide between multiple vendors

B.  

To decide is the solution costs less than the risk it is mitigating

C.  

To determine the current present value of a project

D.  

To determine the annual rate of loss

A.  

Phishing exercises

B.  

Use immutable data storage

C.  

Blocking use of wireless networks

D.  

Application of multiple endpoint anti-malware solutions

A.  

Protect all information resource assets equally

B.  

Establish active firewall monitoring protocols

C.  

Purchase insurance for your compliance liability

D.  

Focus your security efforts on high value assets

A.  

Transfer financial resources from other critical programs

B.  

Take the system off line until the budget is available

C.  

Deploy countermeasures and compensating controls until the budget is available

D.  

Schedule an emergency meeting and request the funding to fix the issue

A.  

Control Objectives for IT (COBIT)

B.  

Payment Card Industry-Data Security Standard (PCI-DSS)

C.  

International Organization Standard (ISO) 27002

D.  

National Institute of Standards and Technology (NIST) SP 800-30

A.  

Document the process for the stakeholders

B.  

Monitor the effectiveness of the controls

C.  

Update the audit findings report

D.  

Perform a risk assessment

A.  

Confidential/Protected Information

B.  

Bodily Information

C.  

Territorial Information

D.  

Communications Information

A.  

Has a direct correlation with the CISO’s budget

B.  

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.  

Represents the sum of all capital expenditures

D.  

Represents the percentage of earnings that could in part be used to finance future security controls

A.  

Audit validation

B.  

Physical control testing

C.  

Compliance management

D.  

Security awareness training

A.  

Comprehensive Log-Files from all servers and network devices affected during the attack

B.  

Fully trained network forensic experts to analyze all data right after the attack

C.  

Uninterrupted Chain of Custody

D.  

Expert forensics witness

A.  

Implement redundancy

B.  

move operations to another region

C.  

purchase breach insurance

D.  

Alignment with business operations

A.  

Executive summary

B.  

Penetration test agreement

C.  

Names and phone numbers of those who conducted the audit

D.  

Business charter

A.  

The existing IT environment.

B.  

The company business plan.

C.  

The present IT budget.

D.  

Other corporate technology trends.

A.  

International encryption restrictions

B.  

Compliance to Payment Card Industry (PCI) data security standards

C.  

Compliance with local government privacy laws

D.  

Adherence to local data breach notification laws

A.  

Internal audit

B.  

The data owner

C.  

All executive staff

D.  

Government regulators

A.  

Security industry technology trends

B.  

The prior year security budget

C.  

Existing technology diagrams

D.  

The company business plan

A.  

Community cloud

B.  

Public cloud

C.  

Private cloud

D.  

Hybrid cloud

A.  

Security Information and Event Management (SIEM), Intrusion Prevention Systems (IPS), routers, and server alerts

B.  

Intrusion Detection Systems (IDS), firewalls, switches, and system compliance tools

C.  

Virtualized servers, routers, firewalls, and system logs

D.  

Security Information and Event Management (SIEM), Intrusion Detection Systems (IDS), firewalls, and Vulnerability Management Systems (VMS)

A.  

Cost and annual rate of expectance

B.  

Subjective and Objective

C.  

Qualitative and percent of loss realized

D.  

Quantitative and qualitative

A.  

Information Technology Infrastructure Library (ITIL)

B.  

International Organization for Standardization (ISO) standards

C.  

Payment Card Industry Data Security Standards (PCI-DSS)

D.  

National Institute for Standards and Technology (NIST) standard

A.  

Network connectivity costs

B.  

New datacenter to operate from

C.  

Upgrade of mainframe

D.  

Purchase of new mobile devices to improve operations

A.  

Office of the Auditor

B.  

Senior Executives

C.  

Office of the General Counsel

D.  

All employees and users

A.  

Easiest regulation or standard to implement

B.  

Stricter regulation or standard

C.  

Most complex standard to implement

D.  

Recommendations of your Legal Staff

A.  

Improve discovery of valid detected events

B.  

Enhance tuning of automated tools to detect and prevent attacks

C.  

Replace existing threat detection strategies

D.  

Validate patterns of behavior related to an attack

A.  

Quarterly

B.  

Semi-annually

C.  

Annually

D.  

Bi-annually

A.  

In-line hardware keyloggers don’t require physical access

B.  

In-line hardware keyloggers don’t comply to industry regulations

C.  

In-line hardware keyloggers are undetectable by software

D.  

In-line hardware keyloggers are relatively inexpensive

A.  

Threat analyst, IT auditor, forensic analyst

B.  

Network engineer, help desk technician, system administrator

C.  

CIO, CFO, CSO

D.  

Financial analyst, payroll clerk, HR manager

A.  

Procedure

B.  

Standard

C.  

Guideline

D.  

Policy

A.  

Session encryption

B.  

Removing all stored procedures

C.  

Input sanitization

D.  

Library control

A.  

High risk environments 6 months, low risk environments 12 months

B.  

Every 12 months

C.  

Every 18 months

D.  

Every six months

A.  

Determine appetite

B.  

Evaluate risk avoidance criteria

C.  

Perform a risk assessment

D.  

Mitigate risk

A.  

A high threat environment

B.  

A low risk tolerance environment

C.  

I low vulnerability environment

D.  

A high risk tolerance environment

A.  

Cold site

B.  

Hot site

C.  

Warm site

D.  

Mobile backup site

A.  

NIST and Privacy Regulations

B.  

ISO 27000 and Payment Card Industry Data Security Standards

C.  

NIST and data breach notification laws

D.  

ISO 27000 and Human resources best practices

A.  

Incident response plan

B.  

Business Continuity plan

C.  

Disaster recovery plan

D.  

Damage control plan

A.  

The asset owner

B.  

The asset manager

C.  

The data custodian

D.  

The project manager

A.  

Scan a representative sample of systems

B.  

Perform the scans only during off-business hours

C.  

Decrease the vulnerabilities within the scan tool settings

D.  

Filter the scan output so only pertinent data is analyzed

A.  

Maximum Tolerable Downtime (MTD)

B.  

Recovery Point Objective (RPO)

C.  

Mean Time to Del very >MTD)

D.  

Recovery Time Objective (RTO)

A.  

Verify the scope of the project

B.  

Verify the regulatory requirements

C.  

Verify technical resources

D.  

Verify capacity constraints

A.  

Security certification

B.  

Security system analysis

C.  

Security accreditation

D.  

Alignment with business practices and goals.

A.  

Business Continuity Manager

B.  

Board of Directors

C.  

Chief Executive Officer (CEO)

D.  

CISO

A.  

Only IDS is susceptible to false positives

B.  

An IPS examines network traffic flows to detect and actively stop exploits and attacks

C.  

IPS identify potentially malicious traffic based on signature or behavior and IDS does not

D.  

IDS are typically deployed behind the firewall and IPS are deployed in front of the firewall

A.  

Market competition requirements

B.  

International personnel management laws

C.  

Compliance with privacy regulations

D.  

Product development speed

A.  

Business Impact Analysis

B.  

Economic Impact analysis

C.  

Return on Investment

D.  

Cost-benefit analysis

A.  

Systems logs

B.  

Hardware error reports

C.  

Utilization reports

D.  

Availability reports

A.  

The need to change accounting periods on a regular basis.

B.  

The requirement to post entries for a closed accounting period.

C.  

The need to create and modify the chart of accounts and its allocations.

D.  

The lack of policies and procedures for the proper segregation of duties.

A.  

Threat and Vulnerability Management Programs

B.  

Phishing tests

C.  

Anti-malware tools

D.  

Security awareness programs

A.  

Audit and Legal

B.  

Budget and Compliance

C.  

Human Resources and Budget

D.  

Legal and Human Resources

A.  

Tell her to initiate the incident response plan

B.  

Tell her to provide updates as they become available

C.  

Tell her to disconnect the servers connected to the database and call the help desk

D.  

Tell her to perform initial forensics and preserve system integrity

A.  

The controls in place to secure the system

B.  

Name of the connected system

C.  

The results of a third-party audits and recommendations

D.  

Type of information used in the system