Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
A. More uniformity in quality of service
B. Better adherence to policies
C. Better alignment to business unit needs
D. More savings in total operating costs
A risk profile supports effective security decisions PRIMARILY because it:
A. defines how to best mitigate future risks.
B. identifies priorities for risk reduction.
C. enables comparison with industry best practices.
D. describes security threats.
An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
A. Monitor user activities on the network
B. Publish the standards on the intranet landing page
C. Establish an acceptable use policy
D. Deploy a device management solution
Which of the following is an example of a vulnerability?
A. Natural disasters
B. Defective software
C. Ransomware
D. Unauthorized users
Which of the following BEST facilitates effective strategic alignment of security initiatives?
A. The business strategy is periodically updated
B. Procedures and standards are approved by department heads.
C. Periodic security audits are conducted by a third-party.
D. Organizational units contribute to and agree on priorities
Which of the following BEST describes a buffer overflow?
A. A function is carried out with more data than the function can handle
B. A program contains a hidden and unintended function that presents a security risk
C. Malicious code designed to interfere with normal operations
D. A type of covert channel that captures data
Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?
A. To define security roles and responsibilities
B. To determine return on investment (ROI)
C. To establish incident severity levels
D. To determine the criticality of information assets
Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services.
Which of the following should be the PRIMARY focus of Company A's information security manager?
A. The organizational structure of Company B
B. The cost to align to Company A's security policies
C. Company A's security architecture
D. Company B's security policies
Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?
A. Data owner
B. Business owner
C. Information security manager
D. Compliance manager
Which of the following is the GREATEST benefit of information asset classification?
A. Helping to determine the recovery point objective (RPO)
B. Providing a basis for implementing a need-to-know policy
C. Supporting segregation of duties
D. Defining resource ownership