Managing the life cycle of a digital certificate is a role of a(n): A. system administrator. B. security administrator. C. system developer. D. independent trusted source.
Correct Answer: D
Explanation:
Explanation:
Digital certificates must be managed by an independent trusted source in order to maintain trust in their authenticity. The other options are not necessarily entrusted with this capability.
Who is responsible for raising awareness of the need for adequate funding for risk action plans? A. Chief information officer (CIO) B. Chief financial officer (CFO) C. Information security manager D. Business unit management
Correct Answer: C
Explanation:
Explanation:
The information security manager is responsible for raising awareness of the need for adequate funding for risk-related action plans. Even though the chief information officer (CIO), chief financial officer (CFO) and business unit management are involved in the final approval of fund expenditure, it is the information security manager who has the ultimate responsibility for raising awareness.
Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state? A. Security audit reports B. Balanced scorecard C. Capability maturity model (CMM) D. Systems and business security architecture
Correct Answer: C
Explanation:
Explanation:
The capability maturity model (CMM) grades each defined area of security processes on a scale of 0 to 5 based on their maturity, and is commonly used by entities to measure their existing state and then determine the desired one. Security audit reports offer a limited view of the current state of security. Balanced scorecard is a document that enables management to measure the implementation of their strategy and assists in its translation into action. Systems and business security architecture explain the security architecture of an entity in terms of business strategy, objectives, relationships, risks, constraints and enablers, and provides a business-driven and business-focused view of security architecture.
Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization? A. The program's governance oversight mechanisms B. Information security periodicals and manuals C. The program's security architecture and design D. Training and certification of the information security team
Correct Answer: A
Explanation:
Explanation:
While choices B, C and D will all assist the currency and coverage of the program, its governance oversight mechanisms are the best method.
Which of the following would be the MOST significant security risk in a pharmaceutical institution? A. Compromised customer information B. Unavailability of online transactions C. Theft of security tokens D. Theft of a Research and Development laptop
Correct Answer: D
Explanation:
Explanation:
The research and development department is usually the most sensitive area of the pharmaceutical organization, Theft of a laptop from this area could result in the disclosure of sensitive formulas and other intellectual property which could represent the greatest security breach. A pharmaceutical organization does not normally have direct contact with end customers and their transactions are not time critical: therefore, compromised customer information and unavailability of online transactions are not the most significant security risks. Theft of security tokens would not be as significant since a pin would still be required for their use.
Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department? A. Database administrator (DBA) B. Finance department management C. Information security manager D. IT department management
Correct Answer: B
Explanation:
Explanation:
Data owners are responsible for determining data classification; in this case, management of the finance department would be the owners of accounting ledger data. The database administrator (DBA) and IT management are the custodians of the data who would apply the appropriate security levels for the classification, while the security manager would act as an advisor and enforcer.
An information security program should focus on: A. best practices also in place at peer companies. B. solutions codified in international standards. C. key controls identified in risk assessments. D. continued process improvement.
Correct Answer: C
Explanation:
Explanation:
Risk assessment identifies the appropriate controls to mitigate identified business risks that the program should implement to protect the business. Peer industry best practices, international standards and continued process improvement can be used to support the program, but these cannot be blindly implemented without the consideration of business risk.
Which of the following is the MOST effective, positive method to promote security awareness? A. Competitions and rewards for compliance B. Lock-out after three incorrect password attempts C. Strict enforcement of password formats D. Disciplinary action for noncompliance
Correct Answer: A
Explanation:
Explanation:
Competitions and rewards are a positive encouragement to user participation in the security program. Merely locking users out for forgetting their passwords does not enhance user awareness. Enforcement of password formats and disciplinary actions do not positively promote awareness.
The configuration management plan should PRIMARILY be based upon input from: A. business process owners. B. the information security manager. C. the security steering committee. D. IT senior management.
Correct Answer: D
Explanation:
Explanation:
Although business process owners, an information security manager and the security steering committee may provide input regarding a configuration management plan, its final approval is the primary responsibility of IT senior management.
Which of the following events generally has the highest information security impact? A. Opening a new office B. Merging with another organization C. Relocating the data center D. Rewiring the network
Correct Answer: B
Explanation:
Explanation:
Merging with or acquiring another organization causes a major impact on an information security management function because new vulnerabilities and risks are inherited. Opening a new office, moving the data center to a new site, or rewiring a network may have information security risks, but generally comply with corporate security policy and are easier to secure.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.