The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:
A. Contacting the Internet Service Provider for an IP scope
B. Getting authority to operate the system from executive management
C. Changing the default passwords
D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure.
What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
A. Scan a representative sample of systems
B. Perform the scans only during off-business hours
C. Decrease the vulnerabilities within the scan tool settings
D. Filter the scan output so only pertinent data is analyzed
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
A. ISO 27001
B. ISO 27002
C. ISO 27004
D. ISO 27005
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
A. ISO 27001
B. PRINCE2
C. ISO 27004
D. ITILv3
What oversight should the information security team have in the change management process for application security?
A. Information security should be informed of changes to applications only
B. Development team should tell the information security team about any application security flaws
C. Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
D. Information security should be aware of all application changes and work with developers before changes are deployed in production
What type of attack requires the least amount of technical equipment and has the highest success rate?
A. War driving
B. Operating system attacks
C. Social engineering
D. Shrink wrap attack
Which of the following is a symmetric encryption algorithm?
A. 3DES
B. MD5
C. ECC
D. RSA
Which technology can provide a computing environment without requiring a dedicated hardware backend?
A. Mainframe server
B. Virtual Desktop
C. Thin client
D. Virtual Local Area Network
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?
A. Compliance centric agenda
B. IT security centric agenda
C. Lack of risk management process
D. Lack of sponsorship from executive management
Which of the following is a primary method of applying consistent configurations to IT systems?
A. Audits
B. Administration
C. Patching
D. Templates