When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?
Which of the following should an information security manager do FIRST after a new cybersecunty regulation has been introduced?
Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9
Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
Which of the following is MOST important to the effectiveness of an information security program?
After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?
An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?
Which risk is introduced when using only sanitized data for the testing of applications?
Which of the following is the BEST method for determining whether new risks exist in legacy systems?
A penetration test against an organization ' s external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?
Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager ' s FIRST course of action?
The MOST important reason for an organization to establish a social media policy is to:
An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?
An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?
Of the following, who is BEST positioned to approve specific information security risk treatment options?
A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?
An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?