The BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:

A. a sandbox environment.
B. device encryption.
C. two-factor authentication.
D. a strong password policy.

After an information security business case has been approved by senior management, it should be:

A. used to design functional requirements for the solution.
B. used as the foundation for a risk assessment.
C. referenced to build architectural blueprints for the solution.
D. reviewed at key intervals to ensure intended outcomes.

A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

A. The organization uses a decentralized privacy governance structure.
B. Privacy policies are only reviewed annually.
C. The organization does not have a dedicated privacy officer.
D. The privacy program does not include a formal training component.

A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager’s FIRST course of action?

A. Design and document a new process.
B. Update the security policy.
C. Perform a risk assessment.
D. Report the issue to senior management.

The PRIMARY benefit of integrating information security risk into enterprise risk management is to:

A. ensure timely risk mitigation.
B. justify the information security budget.
C. obtain senior management’s commitment.
D. provide a holistic view of risk.

Which of the following is MOST important to evaluate after completing a risk action plan?

A. Threat profile
B. Inherent risk
C. Residual risk
D. Vulnerability landscape

Which of the following is the MOST effective defense against spear phishing attacks?

A. Unified threat management
B. Web filtering
C. Anti-spam solutions
D. User awareness training

Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

A. Business impact analysis (BIA)
B. Risk assessment
C. Asset classification
D. Business process mapping

Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?

A. Link the bring-your-own-device (BYOD) policy to the existing staff disciplinary policy.
B. Require employees to undergo training before permitting access to the corporate email service.
C. Require employees to install a reputable mobile anti-virus solution on their personal devices.
D. Use a mobile device management (MDM) solution to isolate the local corporate email storage.

Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?

A. Security costs
B. Technical vulnerabilities
C. Security technology requirements
D. Implementation tasks