Which of the following would provide nonrepudiation of electronic transactions?

A. Two-factor authentication
B. Periodic reaccreditations
C. Third-party certificates
D. Receipt acknowledgment

Which of the following would BEST enhance firewall security?

A. Placing the firewall on a screened subnet
B. Logging of security events
C. Implementing change-control practices
D. Providing dynamic address assignment

What is the BEST way for a customer to authenticate an e-commerce vendor?

A. Use a secure communications protocol for the connection.
B. Verify the vendor’s certificate with a certificate authority.
C. Request email verification of the order.
D. Encrypt the order using the vendor’s private key.

Which of the following should be the PRIMARY input when defining the desired state of security within an organization?

A. Acceptable risk level
B. Annual loss expectancy
C. External audit results
D. Level of business impact

An organization will be outsourcing mission-critical processes.
Which of the following is MOST important to verify before signing the service level agreement (SLA)?

A. The provider has implemented the latest technologies.
B. The provider’s technical staff are evaluated annually.
C. The provider is widely known within the organization’s industry.
D. The provider has been audited by a recognized audit firm.

In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?

A. Cross-training
B. Risk avoidance
C. Risk prioritization
D. Threat management

Which of the following is the BEST way to sustain employee interest in information awareness in an organization?

A. Ensuring a common security awareness program for all staff
B. Relating security awareness programs to security policies
C. Ensuring all staff are involved
D. Using a variety of delivery methods

Which of the following is the MOST effective method for assessing the effectiveness of a security awareness program?

A. Post-incident review
B. Social engineering test
C. Vulnerability scan
D. Tabletop test

From a business perspective, the MOST important function of information security is to support:

A. predictable operations.
B. international standards.
C. security awareness.
D. corporate policy.

A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

A. Update risk tolerance levels.
B. Notify senior management and the board.
C. Monitor the environment for changes.
D. Re-evaluate the organization’s risk appetite.