An organization has determined that one of its web servers has been compromised. Which of the following actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?

A. Reboot the server in a secure area to search for digital evidence.
B. Unplug the server from the power.
C. Restrict physical and logical access to the server.
D. Run analysis tools to detect the source of the intrusion.

What is the PRIMARY goal of an incident management program?

A. Minimize impact to the organization.
B. Contain the incident.
C. Identify root cause.
D. Communicate to external entities.

An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:

A. determine appropriate countermeasures.
B. transfer the risk to a third party.
C. report to management.
D. quantify the aggregated risk.

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

A. Corresponding breaches associated with each vendor
B. Compensating controls in place to protect information security
C. Compliance requirements associated with the regulation
D. Criticality of the service to the organization

When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

A. Risk assessments must be conducted by certified staff.
B. The methodology must be approved by the chief executive officer.
C. Risk assessments must be reviewed annually.
D. The methodology used must be consistent across the organization.

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

A. To evaluate how personnel react to the situation
B. To provide metrics to senior management
C. To estimate the recovery time objective (RTO)
D. To assess service level agreements (SLAs)

Which of the following is a PRIMARY security responsibility of an information owner?

A. Deciding what level of classification the information requires
B. Testing information classification controls
C. Maintaining the integrity of data in the information system
D. Determining the controls associated with information classification

Which of the following is a PRIMARY function of an incident response team?

A. To provide a business impact assessment
B. To provide effective incident mitigation
C. To provide a single point of contact for critical incidents
D. To provide a risk assessment for zero-day vulnerabilities

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?

A. Require annual signed agreements of adherence to security policies.
B. Include penalties for noncompliance in the contracting agreement.
C. Perform periodic security assessments of the contractors' activities.
D. Conduct periodic vulnerability scans of the application.

Which of the following would provide the MOST essential input for the development of an information security strategy?

A. Measurement of security performance against IT goals
B. Results of an information security gap analysis
C. Availability of capable information security resources
D. Results of a technology risk assessment