QUESTION NO: 51
An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?
A. Instruct I...
QUESTION NO: 51
An information security manager finds that a soon-to-be deployed online application will
increase risk beyond acceptable levels, and necessary controls have not been included. Which
of the following is the BEST course of action for the information security manager?
A. Instruct IT to deploy controls based on urgent business needs.
B. Present a business case for additional controls to senior management.
C. Solicit bids for compensating control products.
D. Recommend a different application. - ANS B. Present a business case for additional
controls to senior management.
QUESTION NO: 52
Which of the following activities MUST be performed by an information security manager for
change requests?
A. Perform penetration testing on affected systems.
B. Scan IT systems for operating system vulnerabilities.
C. Review change in business requirements for information security.
D. Assess impact on information security risk. - ANS D. Assess impact on information
security risk.
QUESTION NO: 53
The effectiveness of an information security governance framework will BEST be enhanced if:
A. consultants review the information security governance framework.
B. a culture of legal and regulatory compliance is promoted by management.
C. risk management is built into operational and strategic activities.
D. IS auditors are empowered to evaluate governance activities - ANS C. risk management
is built into operational and strategic activities.
QUESTION NO: 54
The BEST way to identify the risk associated with a social engineering attack is to:
A. monitor the intrusion detection system (IDS),
B. review single sign-on (SSO) authentication lags.
C. test user knowledge of information security practices.
D. perform a business risk assessment of the email filtering system. - ANS C. test user
knowledge of information security practices.
, QUESTION NO: 55
Which of the following is MOST critical when creating an incident response plan?
A. Identifying vulnerable data assets
B. Identifying what constitutes an incident
C. Decumenting incident notification and escalation processes
D. Aligning with the risk assessment process - ANS C. Decumenting incident notification
and escalation processes
QUESTION NO: 56
Which is the BEST method to evaluate the effectiveness of an alternate processing site when
continuous uptime is required?
A. Parallel test
B. Full interruption test
C. Simulation test
D. Tabletop test - ANS A. Parallel test.
QUESTION NO: 57
How does an incident response team BEST leverage the results of a business impact analysis
(BIA)?
A. Assigning restoration priority during incidents
B. Determining total cost of ownership (TCO)
C. Evaluating vendors critical to business recovery
D. Calculating residual risk after the incident recovery phase - ANS A. Assigning
restoration priority during incidents.
QUESTION NO: 58
Which of the following is MOST important to consider when determining asset valuation?
A. Asset recovery cost
B. Asset classification level
C. Cost of insurance premiums
D. Potential business loss - ANS D. Potential business loss
QUESTION NO: 59
An information security manager learns that IT personnel are not adhering to the information
security policy because it creates process inefficiencies. What should the information security
manager do FIRST?
A. Conduct user awareness training within the IT function.
B. Propose that IT update information security policies and procedures.
C. Determine the risk related to noncompliance with the policy.
D. Request that internal audit conduct a review of the policy development process, - ANS
C. Determine the risk related to noncompliance with the policy.
QUESTION NO: 60
Which of the following is the BEST indication of a successful information security culture?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller DocLaura. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.39. You're not tied to anything after your purchase.
