Which of the following would BEST enable effective IT resource management?

A. Assessing the risk associated with IT resources
B. Outsourcing IT processes and activities
C. Establishing business priorities
D. Automating business processes

The BEST data backup strategy for mobile users is to:

A. synchronize data directories automatically over the network.
B. have them regularly back up data directories onto CD and courier the backups to the head office.
C. mirror all data to a portable storage device.
D. have them regularly go to branch offices to perform backups.

Which of the following controls would BEST decrease the exposure if a password is compromised?

A. Passwords are masked.
B. Passwords are encrypted.
C. Passwords have format restrictions.
D. Password changes are forced periodically.

A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

A. Validity
B. Existence
C. Limit
D. Completeness

Which of the following BEST indicates the effectiveness of an organization’s risk management program?

A. Control risk is minimized.
B. Inherent risk is eliminated.
C. Residual risk is minimized.
D. Overall risk is quantified.

Which of the following is the MOST effective way to assess whether an outsourcer’s controls are following the service level agreement (SLA)?

A. Perform an onsite review of the outsourcer.
B. Review the outsourcer’s monthly service reports.
C. Perform a review of penalty clauses for non-performance.
D. Review an internal audit report from the outsourcer’s auditor.

Which of the following features can be provided only by asymmetric encryption?

A. 128-bit key length
B. Information privacy
C. Data confidentiality
D. Nonrepudiation

An airline’s online booking system uses an automated script that checks whether fares are within the defined threshold of what is reasonable before the fares are displayed on the website. Which type of control is in place?

A. Compensating control
B. Preventive control
C. Detective control
D. Corrective control

Which of the following provides the MOST assurance that a newly developed web application does not have IT security issues?

A. Server hardening
B. Business impact analysis (BIA)
C. Application whitelisting
D. Penetration testing

The control that MOST effectively addresses the risk of piggybacking/tailgating into a restricted area without a dead man door is:

A. using biometric door locks.
B. security awareness training.
C. requiring employees to wear ID badges.
D. using two-factor authentication.